Useful things ...

Intel Linux Compiler under Ubuntu

see here for installation steps.

vsftpd under ubuntu

 aptitude install vsftpd
 gvim /etc/vsftpd.conf
 ftp localhost

The local anonymous folder is /srv/ftp

 mkdir /srv/ftp/pub
 mkdir /srv/ftp/pub/upload

Reinstall Grub2 on Ubuntu 9.10

booto from your ubuntu 9.10 Live CD
execute

 sudo mount /dev/sde3 /mnt/sys
 sudo grub-install --root-directory=/mnt/sys /dev/sde
 Installation finished. No error reported.
 This is the contents of the device map /mnt/sys/boot/grub/device.map.
 Check if this is correct or not. If any of the lines is incorrect,
 fix it and re-run the script `grub-install'.
 sudo umount /mnt/sys

reboot the system

External Links

Extract audio from avi file

 mplayer asdf.avi -vc null -vo null -ao pcm:fast:file=asdf.wav

vsftpd user all locked down in chroot jail

Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp.

To avoid this security problem you can lock ftp user in a jail.

Open vsftpd configuration file - /etc/vsftpd/vsftpd.conf

 vi /etc/vsftpd/vsftpd.conf

Make sure following line exists (and uncommented):

 chroot_local_user=YES

Save and close the file. Restart vsftpd.

 /etc/init.d/vsftpd restart

Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature.

tar copy over network

 tar cfjv - /srcfolder | ssh user@remotehost tar xfjv - -C /home/user/destfolder

compress srcfolder and copies it per ssh connection over network to remote host and uncompress it there, but first change to folder destfolder.

googletalk on pidgin

 sudo aptitude install libnss3-dev
 ./configure --enable-gnutls=yes --disable-screensaver --disable-startup-notification --disable-gtkspell --disable-gstreamer --disable-meanwhile --disable-dbus --disable-perl --disable-tcl
 make
 make install

Click on Account->Add/Edit menu
Click on Add button in the Accounts screen
Select XMPP / Google Talk as your protocol
Type your screen name which is your GMail login name without the ending @gmail.com
Type Domain as gmail.com or googlemail.com
Ignore Resource
Type in your Password and check Remember password
Click on Advanced tab
Check Force old(port 5223) SSL
Check Allow plaintext auth over unencrypted streams (may not be required)
Change Connect port to 5223
Type talk.google.com in Connect server field
Click Save and you are done.

obexftp

Sending file to Nokia 6680 memory card

 sudo obexftp -u 1 -c E:/Sounds -p /tmp/asdf.mp3

List files

 sudo obexftp -u 1 -c E:/Sounds -l

To get rid of the sudo you could change access rights as follow:

 sudo /dev/bus/usb -type c -exec chown root:users \{\} \;

The console on ttyX goes to blank screen after 10 minutes. Howto disable it.

 setterm -blank 0

X server screen blanking: xset s off

VMDK-Images vergr��ern ohne VMware-Tools

http://www.bitsploit.de/archives/88-VMDK-Images-vergroessern-ohne-VMware-Tools.html

To create a image that vmware can read just type:

 qemu-img create -f vmdk 40gb.vmdk 40G

and write into the vmx file:

 ide0:0.filename="40gb.vmdk"

How to record audio on console under linux

 sudo apt-get install lame

Type the following command

 arecord -f cd -t raw | lame -x � out.mp3

Arecord captures the audio that goes through your computer and pipes it to the lame encoder, so you encode the audio directly to an mp3 file. You can specify more options to the lame encoder such as the bitrate with lame -x -b bitrate. Without specifying the bitrate it encodes to 128kbps constant bit rate cbr. If you want to record for an specific amount of time then:

 arecord -f cd -d numberofseconds -t raw | lame -x � out.mp3

Recording sound to an ogg file

You�ll need the oggenc (the ogg encoder). Install it by doing

 sudo apt-get install vorbis-tools

Type the following command

 arecord -f cd -t raw | oggenc - -r -o out.ogg

And you�ll get your sound recorded to an ogg file. Take into account that we record directly to a compressed file, so there�s nothing in between, so you can record for hours saving an incredible amount of hard disk space.

If you want to rip a radio stream coming over internet you can use streamripper. Attent that this method is prohibited in some states. Ripping shoutcast audio streaming. Streamripper allows us to rip audio streaming servers. Install it by typing

 sudo apt-get install streamripper

You can connect to any shoutcast radio station with xmms. Once playing get the info and write down the url. Then type:

 streamripper url

For download youtube videos or audio dumps you can use the python script 'youtube-dl'.

 aptitude install youtube-dl
 mplayer -dumpaudio $(youtube-dl -g http://www.youtube.com/watch?v=idofwantedvideo)
 mplayer -quiet -vo null -vc dummy -ao pcm:waveheader:file="rawaudio.wav" stream.dump
 oggenc rawaudio.wav
 mv rawaudio.ogg nameuwant.ogg

Thunderbird Settings/Preferences from windows to linux or the other way around.

On Windows the settings are in C:\Documents..\Username\Applicationsdata\Thunderbird
To go from Windows to Linux just compress this folder and copy it to linux directory anyhow.
Under linux decrompress this folder under /home/Username/.mozilla-thunderbird

The other way around is similar or even aquivalent.

Maillinglists without majordomo but with mailman

newlist awsomelist

creates the list and a welcome email and tells you that you have to change your /etc/aliases and run command newaliases

 ## awsomelist mailing list
 awsomelist:              "|/var/lib/mailman/mail/mailman post awsomelist"
 awsomelist-admin:        "|/var/lib/mailman/mail/mailman admin awsomelist"
 awsomelist-bounces:      "|/var/lib/mailman/mail/mailman bounces awsomelist"
 awsomelist-confirm:      "|/var/lib/mailman/mail/mailman confirm awsomelist"
 awsomelist-join:         "|/var/lib/mailman/mail/mailman join awsomelist"
 awsomelist-leave:        "|/var/lib/mailman/mail/mailman leave awsomelist"
 awsomelist-owner:        "|/var/lib/mailman/mail/mailman owner awsomelist"
 awsomelist-request:      "|/var/lib/mailman/mail/mailman request awsomelist"
 awsomelist-subscribe:    "|/var/lib/mailman/mail/mailman subscribe awsomelist"
 awsomelist-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe awsomelist"

To delete the list you can only delete the list entries or the complete archive:

 rmlist awsome
 rmlist -a awsome

Edit your pictures per console commands with package Imagemagick

rotate pictures by 90 degrees

 for i in *.jpg;do convert -rotate 90 $i $i-rotated.jpg;done

convert all jpg files to lossless format tiff:

 for i in *.jpg;do convert $i $(asename $i .jpg).tiff;done

cut a distinct part your picture:

 convert image.jpg -crop 100x100+500+1000 output.jpg

cuts from picture image.jpg a part of 100x100 pixel with upper left corner at position 500x1000 in the original

 convert image.jpg -crop 16+500+1000 output.jpg

instead of absolute values you can also give percent values.

 convert image.jpg -gravity SouthWest -crop 160x90+0+0 output.jpg

the start position lies not in (0,0) but in the lower right corner

 convert original.tiff mask.tiff +matte -compose CopyOpacity -composite output.png

take two colored maskfile mask.tiff and all white pixels will be cut off and all black pixels go into the output file.

 convert background.tiff foreground.png -compsite output.tiff

merge two images into one. For position values take parameters -gravity and -geometry

config wpa psk tkip

 which wpa_supplicant

test if needed package is installed

 wpa_passphrase youressid secretpassphrase

returns configuration with the given data which can be diverted into /etc/wpa_supplicant.conf

 # /etc/wpa_supplicant.conf

 ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=0
 eapol_version=1
 ap_scan=1
 fast_reauth=1

 # WPA-PSK
 network={
 scan_ssid=1
 proto=WPA
 key_mgmt=WPA-PSK
 pairwise=CCMP TKIP
 group=CCMP TKIP WEP104 WEP40
 ssid="myessid"
 #psk="meinegeheimepassphrase"
 psk=6f115e30ef7e7eb6c253033709e8864e43894e3df2159f00b99150d69113439a
 priority=2
 }

If you want AES instead of TKIP take changes at line where group and pairwise are assigned.

 chmod 600 /etc/wpa_supplicant.conf

Now we test the configuration with:

 wpa_supplicant -dd -K -t -i wlan0 -D wext -c /etc/wpa_supplicant.conf

watch out for line with " State: GROUP_HANDSHAKE -> COMPLETED" then you know that everything is OK

If everything is fine you can stop debug mode and start normal background mode with:

 wpa_supplicant -Bw -i wlan0 -D wext -c /etc/wpa_supplicant.conf

For automatically start/stop mechanism make this entries in /etc/network/interfaces:

 auto wlan0
 iface wlan0 inet dhcp
 post-up wpa_supplicant -Bw -i wlan0 -D wext -c /etc/wpa_supplicant.conf
 post-down killall wpa_supplicant
 post-down rm -r /var/run/wpa_supplicant/

or without dhcp

 iface wlan0 inet static
 address 192.168.1.160
 netmask 255.255.255.0
 broadcast 192.168.1.255
 gateway 192.168.1.1

running i386 apps under AMD64 architecture

First make sure you have enabled Executeable file formats/IA32 emulation.

32 Bit Anwendungen unter Debian/AMD64 laufen lassen

 debootstrap --arch i386 sid /var/chroot/sid-ia32 http://ftp.debian.org/debian/

 debootstrap --arch i386 dapper /tmp/minibuntu http://archive.ubuntu.com/ubuntu

 debootstrap --arch i386 gutsy /var/chroot/gutsy-ia32 http://archive.ubuntu.com/ubuntu

 apt-get install libx11-6
 apt-get install firefox

Then mount for the chroot env the following from amd64 env:

 # sid32 chroot
 /home   /var/chroot/sid-ia32/home none    bind      0       0
 /tmp    /var/chroot/sid-ia32/tmp  none    bind      0       0
 /dev    /var/chroot/sid-ia32/dev  none    bind      0       0
 /proc   /var/chroot/sid-ia32/proc none    bind      0       0

 i="/var/chroot/sid-ia32/";for j in home tmp dev proc;do mount $i$j;done
 useradd myuser
 su - myuser
 env DISPLAY=:0 /usr/bin/firefox

I do the above sequence for watching videos with adobes flash player. That runs ok but unfortunatelly without sound. That's a problem I am not able to solve. On console there are many alsa lib errors which say that my sound device is unknown.

set local coding charset to UTF-8 or ISO-8859-1

Open /var/lib/locales/supported.d/local as root and add "en_GB.UTF-8 UTF-8" and "en_GB.ISO-8859-1 ISO-8859-1" to the content
Open /etc/default/locale as root and change LANG="en_GB.ISO-8859-1"
sudo locale-gen --purge

Do not forget the second input of ISO-8859-1. Without the pair you will get a "bad entry" output while locale-gen execution.

apache2 ssl configuration

Briefly:

 openssl genrsa -aes128 1024 > server.key
 openssl req -new -key server.key -out server.csr

Give under "Common Name" the server name

 openssl ca -in server.csr -notext -out server.cert

or if last step doesnt work:

 openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.cert
 chmod 600 server.cert

Add

 SSLCertificateFile /etc/httpd/conf/ssl.crt/server.cert
 SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

into /etc/httpd/conf.d/ssl.conf or

 SSLCertificateFile /etc/apache-ssl/server.crt
 SSLCertificateKeyFile /etc/apache-ssl/server.key

into httpd.conf

Important is that you do not use a cipher as private key if you want to prevent a pass-phrase input every time you start apache server.

 openssl rsa -in server.key -out server2.key

While the mod-ssl installation there are five folders created

ssl.crt for certifications
ssl.key for keys
ssl.csr for certification requests
ssl.prm for public dsa parameters

A good step-by-step docu can be found here. Another one here.

A brief version of this docu here:

SSL-Zertifikat erstellen

 openssl genrsa -des3 -rand file1:file2:file3 -out www.example.com.key 1024
 openssl req -new -key www.example.com.key -out www.example.com.csr
 openssl x509 -req -days 30 -in www.example.com.csr -signkey www.example.com.key -out www.example.com.cert

SSL Vorbereiten

 $ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
 $ sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl

/etc/apache2/sites-enabled/ssl:

 NameVirtualHost *:443
 <VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/www.example.com.cert
    SSLCertificatekeyfile  /etc/apache2/ssl/www.example.com.key
 SSLProtocol +all
        SSLCiphersuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    ...
 </VirtualHost>

/etc/apache2/ports.conf :

 Listen 443

Activate ssl:

 $ sudo a2enmod ssl

Restart apache server:

 sudo apache2ctl restart

what time is it in ...

In /usr/share/zoneinfo you find many file of cities and places of the world. For example with

 TZ=Canada/Eastern date

you can switch your timezone for the call of date program to canada eastern time.

find files with special size

 find -size -100k

gives files with size smaller than 100 kilobytes but there was also some bigger files. To prevent this I solved it as follows:

 ls -l --color='never' | grep -e "[0-9]\{3\}K\ 2007" | sed s/.*[0-9][0-9]:[0-9][0-9]\ \\\(.*\\\)/\rm\ \"\\\1\"/

writes the output to an file and execute the file with shell.

find cellular phone parameters for ppp connection

 # wvdialconf /etc/wvdial.conf 
 # vim /etc/wvdial.conf

insert *99# as dial number. Do not forget a username which is commonly the name of the provider e.g. t-mobile and a password which is often arbitrary but needed by wvdial.

 # wvdial

and the connection goes up and you are online!

start shell script in an extern gnome-terminal window

 /usr/bin/gnome-terminal --command="/bin/sh -c \"find / -name *.mp3\""

starts gnome-terminal, then inside the shell sh and inside the shell the command find will be executed. Therefore the command strings have to be in quotations.

nvidia drivers won't run with kernel 2.6.20.x

nvidia Treiber diese Funktion nur ben�tigt, wenn CONFIG_HIGHPTE eingeschaltet ist FIX: 'make menuconfig' in the linux source dir, disable the "Paravirtualization support" option, and do 'make prepare'. Now run the NVidia installer script and update xorg.conf.

change of the mac address

 ifconfig eth0 hw ether aa:bb:cc:dd:ee:ff

assign a additionally virtual ip to an existing mac address

 ifconfig eth0:1 <ipaddress> netmask <netmask>

Overview of running hosts in your private network

 /usr/bin/nmap -sP -f 192.168.0.0/27 | grep 192.168.0. | sed s/.*\\\(192\.168\.0\.[0-9]*\\\)\).*/\\\1/g

X2X

For simple control of a second computer on which runs X is X2X the best way. Install x2x on the control host. Then start a ssh session from the remote host to the control host with

 ssh -X controller

and start x2x with

 x2x -from :0 -north

where -north gives the direction where the remote host is from the point of view of the controller. You can put these commands together:

 ssh -X controller /usr/bin/x2x -from :0 -north

Afterward you can control your computer as always and if you get with the mouse pointer to the upper end of the screen the signals to the X server will be sended to the remote host and you can control it.

Kernel compiling

 make && make modules && make modules_install  
 cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.19.2
 mkinitrd -o /boot/initrd.img-2.6.19.2 2.6.19.2

and don't forget to enable cramfs (File systems->Miscellaneous->cramfs) into kernel!

Do you have more than 1 gigabyte memory? Then test if the kernel just use it with

 cat /proc/meminfo

As I build in the new sticks and have total mem of 2 gigabyte and only found 1 gigabyte in the info I search for a kernel property and found it under "Processor type and features" and has the name "High memory support". Enabling this to 4gb and recompiling the kernel brings the full support of 2 gigabyte. I just wonder why this option was not enabled before.

command overview

command:	function
convert -geometry 1024x765!	resize picture exactly to 1024x765
free	gives description of memory use what is also under /proc/meminfo
strace	takes command as parameter and strace tells about system function calls
lsof -p PID	open files of process PID see further: lsof parameter
lsof /path	open files under path
vmstat	shows overview about read and write accesses from block devices. si for data that comes from device and so for data that goes to device. swap for swap devices.
vmstat -p /dev/hda5	show only partition hda5
lshal	gives infos about almost every part that is built-in inner the pc
echo governor > /ss/devices/system/ cpu/cpu0/cpufreq /scaling_governor	sets the governor for cpu0. examples are: ondemand or conservative for laptops in battery mode
systool	overview about sysfs file system
watch -n1 command	calls command inner a endless loop until you press ctrl-c
nmap	powerful network analyzer. For details see below.

nmap

-sP 192.168.0.0/24	Pingscan
-sT	TCP Scan mit initialem Ping
-sN	Null Port Scan
-sI	Idle Scan over second host
-sU	UDP scan
-f	strong fragmentation
-s	spoofing: hide ip
-o	try to recognize os
-sS	SYN stealth port scan
-F	only scan ports in nmap port list

find

-name '*.ogg'	find all ogg files recursively
-exec rm {\} \;	deletes all files that were found. For {\} will be the name substituted that has been found
-ctime 2	matchs all files that creation time is older than 48 hours (2*24)
-amin +300	File was last accessed more than 5 hours ago
-amin -300	File was last accessed in the last 5 hours

pseudo directory /proc

PID/fd contains open files i.e. also sockets and pipes.
/proc/uptime gives infos about run time
/proc/self points on current process
/proc/net/wireless or ../arp give some useful info about your network
/proc/sys contains properties that could possibly change. Under fs/file-max is for example the maximum number of files that can be opened. echo 1 > /proc/sys/net/ipv4/conf/default/forwarding switches the pc into a router as the command start the forwarding of ip packets.

the hint about the minus at start of a file name

If you want to delete file with name "-foobar.txt" the command rm takes the file name as parameter. To prevent this is to write ./-foobar.txt or "rm -- -foobar.txt"

intrusion detection

Postfix

Postfix Schnell Einrichtung

create file with random numbers

 dd if=/dev/urandom of=random-numbers.bin bs=4194304 count=1024

creates a file with random numbers with a size of 4gb (blocksize 4mb and 1024 blocks)

include Clamsmtpd in Postfix

download files from hier
open file /etc/postfix/main.cf
add line content_filter = scan:[127.0.0.1]:10025
openf file /etc/postfix/master.cf
insert the following text part

siehe Linux User 01/07

wget

The command

 wget -r -l 128 --wait=2s ftp://user:password@ftpsite/dir

gets directory recursively up to level 128 and waits 2 seconds between files.

lsof

 $umount /dev/cdrom
 umount: /cdrom:device is busy
 $ kill -9 `lsof -t /dev/cdrom` 
 $ umount /dev/cdrom
 $ eject

search for open ports:

 lsof -a -i -u www-data | grep LISTEN

list all open IP sockets (-i) from user www-data (-u www-data)

Writing your own start scripts

A template looks like this:

 #!/bin/sh
 # or bash
 case "$1" in
     start)
        echo "Starting asdf"
        /usr/bin/asdf &
        pidof asdf > /var/run/asdf.pid
        ;;
     stop)
        echo "Shutting down asdf"
        killall asdf
        /bin/rm /var/run/asdf.pid
        ;;
     restart)
        $0 stop
        $0 start
        ;;
     status)
        if /sbin/checkproc /usr/bin/asdf 2> /dev/null
        # if pidof asdf > /dev/null
        then 
          echo "asdf is up"
        else
          echo "asdf is down"
        fi
        ;;
 esac

virtualbox

Do you want to copy or clone a ready to use installation for some other use? Then use:

 VBoxManage clonevdi ready-install.vdi new.vdi

download and upgrade virtualbox automatically:

 sudo sh -c 'echo "# VirtualBox repository for Ubuntu Feisty Fawn
 deb http://www.virtualbox.org/debian feisty non-free"      > /etc/apt/sources.list.d/feisty-virtualbox.list'
 wget http://www.virtualbox.org/debian/innotek.asc -O- | sudo apt-key add -
 sudo apt-get update
 sudo apt-get -y install virtualbox

qemu

test linux cd distribution

 qemu -cdrom knoppix.iso -boot d -m 512

by default the vm gets only 256 mb of ram. Here we give it 512 mb and a cdrom drive which contains the iso file.

To mount a real cdrom and cd media use

 qemu -cdrom /dev/cdrom -boot d -m 512

windows xp installation

I describe here an installation for windows xp with qemu.

create virtual disk

 $dd of=xp-20gb.img bs=1024 seek=20000000 count=0

creates virtual disk of size 20gb and name xp-20gb.img

or use this command:

 $qemu-img create xp-20gb.img 20G

install xp

Place windows xp cd in cdrom /dev/cdrom and write:

 $qemu -boot d -cdrom /dev/cdrom -hda xp-20gb.img

means that booting should make from device d: and devices are cdrom which is /dev/cdrom and first hard disk should be the image file xp-20gb.img.

install network

On host type in some commands to create a bridge from guest os through host network: dynamically:

 brctl addbr br0
 ifconfig eth0 0.0.0.0 promisc
 brctl addif br0 eth0
 dhclient br0

or static in "/etc/network/interfaces":

 auto br0
 iface br0 inet static
   address 192.168.0.1
   netmask 255.255.255.0
   gateway 192.168.0.20
   bridge_ports eth0

 auto eth0
   iface eth0 inet manual

After you have device br0 type in these commands:

 tunctl -t tap0 -u <username>
 brctl addif br0 tap0
 ifconfig tap0 up
 chgrp users /dev/net/tun

to give users access rights

Make sure that you have access rights to /dev/net/tap. Otherwise change with something like

 chown root:users /dev/net/tap

which is maybe not the best solution because of security issues but it works.

and start qemu with something like:

 qemu -hda xp-20gb.img -boot c -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 -m 256 -localtime

disable or turn off beep sound for Terminal, bash

xterm

 $vi .xsession
 xset b off

bash

 $ vi .inputrc
 set bell-style none

For the bell inside the vi:

 $ Vi .vimrc
 set vb

Start up process

Since edgy it is not the file inittab which is importtant for number of consoles. You have to edit the file "/etc/default/console-setup" and the files tty{1-6} under "/etc/event.d/" where the content contains lines which begin with "start ...". These lines can be commented out and you prevent these consoles to start up.

bluetooth under linux

 hcitool scan
 sdptool browse 00:80:37:25:55:96

 rfcomm0 {
	# Automatically bind the device at startup
	bind yes;

	# Bluetooth address of the device
	device 00:80:37:25:55:96;

	# RFCOMM channel for the connection
	channel	1;

	# Description of the connection
	comment "Nokia 6630";
 }

 rfcomm0: 00:15:A0:4D:5A:3A channel 1 clean
 rfcomm connect 0 00:15:A0:4D:5A:3A 1

Das Telefon ist nun unter /dev/rfcomm0 erreichbar und kann �ber ein W�hlprogramm angesprochen werden. Falls ein Programm auf den Zugriff �ber /dev/modem besteht, legt man einen symbolischen Link (mit sudo ln -s /dev/rfcomm0 /dev/modem )an.