Archive

For the Ubuntu category

How to install Pronterface on Ubuntu 16.04

No Comments

To install Pronterface on Unbuntu, first install the dependencies.

sudo apt-get install python-serial python-wxgtk3.0 python-pyglet \
     python-numpy cython python-libxml2 python-gobject python-dbus \
     python-psutil python-cairosvg libpython-dev git

Then, download Pronterface

git clone https://github.com/kliment/Printrun.git

To run Pronterface, execute ./Pronterface.py

Script to create a shared git project

No Comments

This script creates a git project to be shared among the users of the Unix group $GIT_GROUP. Every git project will be created into the directory $REPOSITORIES_BASE_DIR.

#!/bin/bash

# Base directory where the shared git project are.
REPOSITORIES_BASE_DIR="/home/git"
# Group in which the user's of the repositories must be a member of
GIT_GROUP=git

if [ $# -ne 1 ]; then
        echo 'Usage:' `basename $0` 'project-name'
        exit 1
fi

PROJECT_NAME=$1

cd "$REPOSITORIES_BASE_DIR"
git init --shared --bare "$PROJECT_NAME"
cd ..
find git/$PROJECT_NAME -type d | xargs setfacl -R -m d:g:$GIT_GROUP:rwX
sudo setfacl -R -m g:$GIT_GROUP:rwX git/$PROJECT_NAME

VirtualBox fails on startup

No Comments

Result Code: NS_ERROR_FAILURE (0x80004005) / Kernel driver not installed (rc=-1908) are the errors displayed when the kernel driver needs to be recompiled. It usually happens when updates to Ubuntu are installed.

The kernel driver can be recompiled by issuing one the following commands:

sudo /etc/init.d/vboxdrv setup

or

sudo /sbin/rcvboxdrv setup

The former one works for Ubuntu versions prior to Ubuntu 16.04. If the first one is not found on your system, try the second one.

Port forwarding using SSH

No Comments

SSH port forwarding let you connect to a server using another server a relay.

For example, if you host a web server in a DMZ behind your office router, you will not be able to access it using its public URL if your workstation is behind the same router.

You can easily implement a workaround if you have access to a server on the Internet. Issue this command on one of the machines connected on the same network as your workstation.

ssh -fN -t -C -D 192.168.1.50:2080 example.com

where

  • 192.168.1.50 is the address of the machine that will accept connections from your LAN on port 2080.
  • example.com is the machine on the Internet that will establish connections to the final destination

You may need to add the port number on which example.com listen to using the -p option. If SSH listens to port 8787 on example.com, the command would be:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 example.com

You may also need to supply a user name to connect to example.com. The command would then look like:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 remoteuser@example.com

You can use this setup with a browser if you configure it to use a proxy to connect to the Internet. For example, access the proxy configuration of Firefox: preferences >> advanced >> network >> settings. Choose Manual proxy configuration and fill-out the SOCKS host parameters.

SSH Port Forwarding

The result will be that Firefox will open the URLs you type-in using the server example.com.

Reset Unity Top Menu Bar Widget Panel

No Comments

Sometimes, widget disappears from the Top Menu Bar Widget Panel of Unity. The Widget Panel can be reset using the following command:

killall unity-panel-service

Make Linux use the hardware clock set to local time

No Comments

Ubuntu sometimes assumes that the hardware clock of the computer is set to GMT. If the hardware clock is set to local time, set UTC=no in /etc/default/rcS.

Move and secure the MySQL data directory

No Comments

By default, the data directory of MySQL is /var/lib/mysql. This can be a security issue, especially on a laptop. If your home directory is encrypted, you can easily secure you MySQL data. Backup you data before using this information. Read the procedure until the end before doing anything.

First, follow these steps to move the data directory of MySQL.

  1. Stop MySQL.
  2. sudo service mysql stop
  3. Copy the current database to its new location /home/yourhomedir/mysql.
  4. sudo mv /var/lib/mysql /home/yourhomedir/
  5. Create a link to prevent issues with innoDB tables
  6. ln -s /home/yourhomedir/mysql /var/lib/mysql
  7. Change the value of datadir in the file /etc/mysql/mysql.conf.d/mysqld.cnf for your new data directory location /home/yourhomedir/mysql
  8. Modify the two occurences of /var/lib/mysql with /home/yourhomedir/mysql in /etc/apparmor.d/usr.sbin.mysqld
  9. Reload apparmor
  10. sudo service apparmor reload

If you moved the MySQL data directory to an encrypted home directory, you will need to perform these supplementary steps.

  1. Disable MySQL from starting at system boot.
  2. sudo update-rc.d mysql remove
  3. Add MySQL to the group related to the user that owns the encrypted home directory
  4. sudo usermod -a -G yourhomedir mysql
  5. Change the permissions of the encrypted directory
  6. sudo chmod 750 /home/yourhomedir

In this scenario, you will need to start MySQL after you logged on and shut it down before loggoff which include shutting down the system. To start mysql, use the following command:

sudo service mysql start

To stop MySQL, use the following command:

sudo service mysql stop

If everything works fine, you can remove the original MySQL data directory using this command:

sudo rm -fr /var/lib/mysql

Fix “The Update Information Is Outdated”

No Comments

Sometimes, the message “The Update Information Is Outdated” is displayed when you click on a red warning red icon in the status bar. It happened to me last week. This time, it was caused by a Google Chrome update that failed. First, open a terminal (Control + Alt + T) and run the command

sudo apt-get update

If you get an error message related to Google, you can fix it by editing the /etc/apt/sources.list.d/google-chrome.list file. You can do so by issuing the previously opened terminal window

sudo gedit /etc/apt/sources.list.d/google-chrome.list

Make sure that the repository line looks like

deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main

Change the Ubuntu login screen background?

No Comments

Changing the login screen background is easy but not obvious. The image file you want to use as the login screen background must have a read access for everyone. Open the image with the Image viewer installed by default. Select the option Set as Wallpaper from the Image menu.

The Appearance option of the Settings will only let you change the desktop background.

Make an Apache2 SSL server more secure

No Comments

These easy steps will improve significantly the security of your Apache2 SSL server. Edit your /etc/apache2/mods-enabled/ssl.conf file and replace the SSLProtocol, SSLCipherSuite and SSLHonorCipherOrder parameters with the following values.

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3

How to Install libnfc for PN532 NFC Readers on Linux

2 Comments

Installing libnfc for PN532 based NFC reader is not exactly as described in the documentation. Some information is scattered in the documentation. This installation guide has been tested with the GO2NFC GO2NFC141U NFC Reader and the Adafruit PN532 NFC/RFID controller breakout board.

1) Install the dependencies:

sudo apt-get install libusb-0.1-4 libusb-dev libpcsclite1 libpcsclite-dev libccid pcscd

2) Create the configuration directory

sudo mkdir -p /etc/nfc/devices.d/

3) Create the file /etc/nfc/devices.d/pn532_uart.conf containing

name = "PN532 board via UART"
connstring = pn532_uart:/dev/ttyACM0
allow_intrusive_scan = true

Replace ttyACM0 with ttyUSB0 if you are using the Adafruit reader.

5) Create the file /etc/nfc/libnfc.conf containing

allow_autoscan = true

6) Download the libnfc library at https://bintray.com/nfc-tools/sources/libnfc. Decompress the archive somewhere. Go into the libnfc-x.x.x directory.

7) Build the library

sudo ./configure --sysconfdir=/etc --prefix=/usr --with-drivers=pn532_uart
sudo make
sudo make install

8) Test your installation. Execute the command utils/nfc-scan-device. You should get an output similar to this one:

nfc-scan-device uses libnfc 1.7.1
1 NFC device(s) found:
- pn532_uart:/dev/ttyACM0:
pn532_uart:/dev/ttyACM0

How To Setup an Internet Gateway using Ubuntu

No Comments

Setting up an Internet Gateway using Ubuntu is pretty straight forward. In order to do so, you will need:

  1. A computer with two network interfaces. One hooked to your WAN connection, the other one to your LAN.
  2. The computer needs Ubuntu installed with a minimum of software installed.
  3. Copy the script below to your gateway machine in /etc/network/if-up.d/00-my-gateway. Make sure that the script has the execute permission.
  4. Update the LAN and WAN variables in the script. For example, if eth0 is your WAN interface and eth1 is your LAN interface, then set WAN=eth0 and LAN=eth1.
  5. Reboot.

This script configures the Ubuntu Firewall to forward LAN traffic to the Internet but drops all unsolicited incoming traffic from the Internet. Your network will be stealth. You can use the online tool ShiedlsUP! at https://www.grc.com to test it.


#!/bin/bash

PATH=/usr/sbin:/sbin:/bin:/usr/bin

# Interfaces
LAN=lan
WAN=wan

#
# Delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Loopback traffic.
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT
iptables -A FORWARD -i $WAN -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow connections from the $LAN to the $WAN.
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

# Enable masquerading.
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# No forwarding from the $WAN to the $LAN.
iptables -A FORWARD -i $WAN -o $WAN -j DROP

# Drop everything else from the WAN ... Stealth mode.
iptables -A INPUT -i $WAN -j DROP

Installing memcached to use it with php

No Comments

Installing Memcached with php support in Ubuntu is a matter of a few steps:

sudo apt-get install memcached php5-memcached
sudo service apache2 restart

You can test if memcached is active by running this command:
echo "stats settings" | nc localhost 11211
You will end up with a response like this one:

STAT maxbytes 67108864
STAT maxconns 1024
STAT tcpport 11211
STAT udpport 11211
STAT inter 127.0.0.1

STAT item_size_max 1048576
STAT maxconns_fast no
STAT hashpower_init 0
STAT slab_reassign no
STAT slab_automove 0
END

phpMyAdmin session timeout

No Comments

phpMyAdmin session timeout is controlled through two parameters. The first one can be found in /etc/php5/apache2/php.ini. It is called session.gc_maxlifetime. The other one can be found in the phpMyAdmin configuration file often named /etc/phpmyadmin/config.inc.php. The name of the parameter is LoginCookieValidity.

The one located in /etc/php5/apache2/php.ini superseeds the one given in /etc/phpmyadmin/config.inc.php if it is smaller.

phpMyAdmin might also have a local php.ini that can override /etc/php5/apache2/php.ini.

Issues after upgrading to Ubuntu 14.04.1

No Comments

After upgrading to Ubuntu 14.04.01, I ran into two issues: One with Apache2 and one with Samba 4.

Apache has been upgraded from 2.2.22 to 2.4.7. The content was no longer accessible. The site configuration directives Order, Allow and Deny such as

Order allow,deny
Allow from all

are now replaced with the Require directive. Detailed information can be found at Apache Module mod_authz_core.

Samba has been upgraded from version 3.6.3 to 4.1.6. The “valid users” behavior changed. It works if the user given in the “force user” directive is listed in the “valid users”. For example, datacloud has to be listed in the “valid users”.

valid users = ctheroux,datacloud
force user = datacloud

How to rename a user in Linux

No Comments

Simply issue this command:

usermod -m -d /home/new-account-name -l new-account-name old-account-name

It creates the home directory if it does not exists. It also copy the stuff of the old user into the new user account.

preinst: line 118: a2query: command not found

No Comments

If you are getting the following errors while trying to install Apache on Trusty (Ubuntu 14.04), execute the commands below and try to re-install it.


Preparing to unpack .../apache2_2.4.7-1ubuntu4_amd64.deb ...
/var/lib/dpkg/tmp.ci/preinst: line 118: a2query: command not found
dpkg: error processing archive /var/cache/apt/archives/apache2_2.4.7-1ubuntu4_amd64.deb (--unpack):
subprocess new pre-installation script returned error exit status 1
Errors were encountered while processing:
/var/cache/apt/archives/apache2_2.4.7-1ubuntu4_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

The commands to resolve this issue are:

dpkg --fsys-tarfile /var/cache/apt/archives/apache2_2.4.7-1ubuntu4_amd64.deb | tar xOf - ./usr/sbin/a2query > /usr/sbin/a2query

chmod 755 /usr/sbin/a2query

Replace /var/cache/apt/archives/apache2_2.4.7-1ubuntu4_amd64.deb with the name of the file given in the error messages. Note that the first command is splitted on two lines in the above. So, copy both lines at once before pasting it in a terminal window.

How To Restore Skype Status Bar Icon In Ubuntu 14.04

No Comments

After installing Skype on Ubuntu 14.04, there is no icon in the status bar. To restore it, simply execute the following command:

sudo apt-get install sni-qt:i386
.

This procedure works on the 64 bits version of Ubuntu.

How to display the version of Ubuntu you are running

No Comments

From a terminal window, type in:

lsb_release -a

How to prevent SSHD to listen on an address family

No Comments

It is possible to control on which address family sshd will listen to. In /etc/ssh/sshd_config, simply add

AddressFamily any

to listen to IPv4 and IPv6 addresses. This is the default. Alternatively, add one of these to listen only to IPv4 (inet) or IPv6 (inet6) respectively.


AddressFamily inet
AddressFamily inet6

Blue Taste Theme created by Jabox