Archive

For the Unix category

Script to create a shared git project

No Comments

This script creates a git project to be shared among the users of the Unix group $GIT_GROUP. Every git project will be created into the directory $REPOSITORIES_BASE_DIR.

#!/bin/bash

# Base directory where the shared git project are.
REPOSITORIES_BASE_DIR="/home/git"
# Group in which the user's of the repositories must be a member of
GIT_GROUP=git

if [ $# -ne 1 ]; then
        echo 'Usage:' `basename $0` 'project-name'
        exit 1
fi

PROJECT_NAME=$1

cd "$REPOSITORIES_BASE_DIR"
git init --shared --bare "$PROJECT_NAME"
cd ..
find git/$PROJECT_NAME -type d | xargs setfacl -R -m d:g:$GIT_GROUP:rwX
sudo setfacl -R -m g:$GIT_GROUP:rwX git/$PROJECT_NAME

Port forwarding using SSH

No Comments

SSH port forwarding let you connect to a server using another server a relay.

For example, if you host a web server in a DMZ behind your office router, you will not be able to access it using its public URL if your workstation is behind the same router.

You can easily implement a workaround if you have access to a server on the Internet. Issue this command on one of the machines connected on the same network as your workstation.

ssh -fN -t -C -D 192.168.1.50:2080 example.com

where

  • 192.168.1.50 is the address of the machine that will accept connections from your LAN on port 2080.
  • example.com is the machine on the Internet that will establish connections to the final destination

You may need to add the port number on which example.com listen to using the -p option. If SSH listens to port 8787 on example.com, the command would be:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 example.com

You may also need to supply a user name to connect to example.com. The command would then look like:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 remoteuser@example.com

You can use this setup with a browser if you configure it to use a proxy to connect to the Internet. For example, access the proxy configuration of Firefox: preferences >> advanced >> network >> settings. Choose Manual proxy configuration and fill-out the SOCKS host parameters.

SSH Port Forwarding

The result will be that Firefox will open the URLs you type-in using the server example.com.

How about a Raspberry PI 2 as a firewall?

No Comments

Raspberry PI 2

A Raspberry PI 2 performs as expected exceptionally well as a firewall. The download throughput achieved was 33 Mbits/sec under the same test conditions as the previous test (see Can A Raspberry PI Be Used As A Firewall? for more details). The CPU usage was about 5% during the download test. The CPU usage was around 2% while performing the upload test.

Make an Apache2 SSL server more secure

No Comments

These easy steps will improve significantly the security of your Apache2 SSL server. Edit your /etc/apache2/mods-enabled/ssl.conf file and replace the SSLProtocol, SSLCipherSuite and SSLHonorCipherOrder parameters with the following values.

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3

Installing memcached to use it with php

No Comments

Installing Memcached with php support in Ubuntu is a matter of a few steps:

sudo apt-get install memcached php5-memcached
sudo service apache2 restart

You can test if memcached is active by running this command:
echo "stats settings" | nc localhost 11211
You will end up with a response like this one:

STAT maxbytes 67108864
STAT maxconns 1024
STAT tcpport 11211
STAT udpport 11211
STAT inter 127.0.0.1

STAT item_size_max 1048576
STAT maxconns_fast no
STAT hashpower_init 0
STAT slab_reassign no
STAT slab_automove 0
END

Issues after upgrading to Ubuntu 14.04.1

No Comments

After upgrading to Ubuntu 14.04.01, I ran into two issues: One with Apache2 and one with Samba 4.

Apache has been upgraded from 2.2.22 to 2.4.7. The content was no longer accessible. The site configuration directives Order, Allow and Deny such as

Order allow,deny
Allow from all

are now replaced with the Require directive. Detailed information can be found at Apache Module mod_authz_core.

Samba has been upgraded from version 3.6.3 to 4.1.6. The “valid users” behavior changed. It works if the user given in the “force user” directive is listed in the “valid users”. For example, datacloud has to be listed in the “valid users”.

valid users = ctheroux,datacloud
force user = datacloud

How to rename a user in Linux

No Comments

Simply issue this command:

usermod -m -d /home/new-account-name -l new-account-name old-account-name

It creates the home directory if it does not exists. It also copy the stuff of the old user into the new user account.

How to use the command line to make the internal speaker beep

No Comments

Two simple steps:

Install the beep utility. Executing beep on the command line will make the internal speaker beep.

apt-get install beep

Add pcspkr to /etc/modules to load it at boot time. You can load it manually by executing

modprobe pcspkr

How to prevent SSHD to listen on an address family

No Comments

It is possible to control on which address family sshd will listen to. In /etc/ssh/sshd_config, simply add

AddressFamily any

to listen to IPv4 and IPv6 addresses. This is the default. Alternatively, add one of these to listen only to IPv4 (inet) or IPv6 (inet6) respectively.


AddressFamily inet
AddressFamily inet6

How to assign a static IP address in Ubuntu

No Comments

Setting a static IP address in Ubuntu involves editing /etc/network/interfaces. If the interface is currently using DHCP, you will find these lines in the file.

auto lan
iface lan inet dhcp

You will have to replace the above lines with a section that looks like:

auto lan
iface lan inet static
address 192.168.1.80
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.200
dns-nameservers 8.8.8.8

Make the changes effective by either rebooting or by issuing this command:

sudo /etc/init.d/networking restart

How to change the network interface name in Ubuntu 12/13

No Comments

Two files need to be modified to change the name of a network interface in Ubuntu. For example, if you want to change eth0 for lan, simply change the NAME attribute from eth0 to lan in these files and reboot. Do not modify the KERNEL attribute.

/etc/udev/rules.d/70-persistent-net.rules
/etc/network/interfaces

How to find duplicate files on Linux?

No Comments

It is pretty straight forward in Linux, install fdupes.

sudo apt-get install fdupes

Type the following command to display the documentation

man fdupes

Accessing a serial port from a web server

No Comments

On most Linux distribution, it is impossible to access a serial port (ex. /dev/ttyS0) from a web server such as Apache or lighttpd using a cgi. Simply add the user under which the web server runs (www-data for example) to the group dialout. To do so, use vigr from the command line and add the user on the dialout group line. Such a line will typically look like:

dialout:x:20:myuser,www-data

Script listing all the keys on a memcache server

No Comments

This script lists all the keys on a memcache server.

#!/bin/bash
nc localhost 11211 > /tmp/$$.1 <<EOF
stats items
EOF
cut -d: -f2 /tmp/$$.1 | grep -v END | uniq  | sed 's/^/stats cachedump /' \ 
   | sed 's/$/ 1000/' > /tmp/$$.2
nc localhost 11211 < /tmp/$$.2 | grep -v '^END' | sort 
rm /tmp/$$.[12]

Recording a terminal session under Linux

No Comments

It is possible to record a terminal session under Linux with ttyrec. It also records vi, emacs, etc. sessions.

Fisrt, install ttyrec

sudo apt-get install ttyrec

To start recording a session:

ttyrec

To replay a session recording:

ttyplay ttyrecord

How To Setup A Protected Wireless Connection Via the Command-Line

1 Comment

Setting up a wireless connection via the command line may vary depending on the USB Wireless Interface you are using. These instructions also work for the Raspberry PI running Wheezy. You must be root in order to carry out these instructions.

Make sure that your wireless interface is recognized.

lsusb

Find your wireless interface name (usually wlan0).

ifconfig

Make sure that your network is visible asssuming the ESSID is broadcasted. Replace wlan0 by you wireless interface name.

iwlist wlan0 scan

or

iwlist wlan0 scan | grep ESSID

Prepare your wireless configuration file. It will wait for you to type in your wireless network password. Enter your wireless network password an hit ENTER.

wpa_passphrase Replace-with-your-ESSID > wpa.conf

Find out which wireless driver you are using. The drivers are listed in the drivers section. The driver you are using is usually labelled “Linux wireless extensions”. The driver name is most of the time wext.

wpa_supplicant --help

Initialize the wireless interface. Make sure you replace wpa.conf, wext and wlan0 with the values related to your environment. Some error messages may be displayed. These errors might not prevent your wireless connection from working.

wpa_supplicant -Dwext -iwlan0 -cwpa.conf -B

You can check if your wireless interface is properly initialized.

iwconfig

Issue this command to get an IP address assuming you are using DHCP.

dhclient wlan0

You can install wpa_passphrase and wpa_supplicant is they are not already on your system by issuing the command

apt-get install wpasupplicant

Masquerading or replacing outgoing SMTP email address with Postfix

No Comments

Postfix can replace an outgoing email address by another one. To do so, you must perform these steps:

Add in /etc/postfix/main.cf the following line

smtp_generic_maps = hash:/etc/postfix/generic_maps

Add in hash:/etc/postfix/generic_maps a line for each email address you want to replaced.  The line shall contain the email address to replace followed by the new email address separated by a space.  For example:

user@machine-name emailaddress@domain.tld

Generate or update the map by issuing the following command

postmap /etc/postfix/generic_maps

Restart postfix by issuing the following command

service postfix restart

Create an ext3 or an ext4 partition without a journal

No Comments

Most of the time, having a journal for ext3 and ext4 partitions is pretty useful. Nevertheless, you can prevent creating a journal by adding the option ^has_journal. For example:

mkfs -t ext4 -O ^has_journal /dev/sdXn

Initializing a brand new disk with “parted”

No Comments

“parted” is a replacement for “fdisk” of Linux.  It can handle disks larger than 2 TB.  Issue this command to launch “parted” where /dev/sdL is the disk you want to initialize.

parted /dev/sdL

Create a partition table if it does not exists. For disks larger than 2 TB, you should use the gpt type. You can create such a partition table by issuing this command within “parted”. msdos is the legacy partition table type.

mktable gpt

To create a new partition, mkpart is used to do so. This parted command creates a primary ext4 partition, starting at the first cylinder to the last sector of the disk. You should align your partitions. You can use the parted command align-check to do so.

mkpart primary ext4 1 -1

Quit parted and create your partition using mkfs. For example,

mkfs -t ext4 -m 0 -O dir_index,filetype,sparse_super /dev/sdLX

You can type help to display the list of commands. You can type help followed by a command to display specific help related to this command.

How to unmount an encrypted partition?

No Comments

Unmount the partition

umount /mnt

Unmap the partition

cryptsetup luksClose securebackup
Blue Taste Theme created by Jabox