Chris’ Blog

You can tell Linux to respond to broadcast pings by running this snippet from the console.

$ echo 0 | sudo tee /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Edit /etc/sysctl.conf to set the option permanently.

Turns out I had a computer on for even longer which I had forgotten about! benjamin, one of my Linksys WRT54-g’s. He doesn’t really do much apart from provide WiFi access for my PDA and networking for my room (two 100Mbps feeds are not enough). He will be moving back to Exeter with me later today, so beast will overtake him in terms of my record recorded uptime.

root@benjamin:~# uptime
 00:43:01 up 102 days, 43 min, load average: 0.00, 0.00, 0.00

Yesterday beast my NSLU2 passed 100 days of uptime a personal record for any of my machines, somewhat geeky

chris@beast:~$ uptime
 20:47:30 up 101 days,  3:00,  1 user,  load average: 0.08, 0.16, 0.11

I have been playing with packaging for Ubuntu and Debian for a while now and I have one fairly useful package called rsnapshot-scripts which contains a bunch of scripts for use with rsnapshot. It allows you to backup other data sources like MySQL, DPKG and Subversion.

This is a really ugly sed one liner that configures grub how I like it.

$ sudo sed --in-place 's/#\(hiddenmenu\)/\1/;s/^\(timeout[ \t]*\)[0-9]*/\12/;s/^\(# lock.*=\)false$/\1true/' /boot/grub/menu.lst
$ _GPASSWD=$(read -s -p "Enter Grub Password (note type carefully): " _GPASSWD; echo $_GPASSWD | mkpasswd --hash=md5 --stdin); echo; sudo sed --in-place "s/# password topsecret/password --md5 $_GPASSWD/" /boot/grub/menu.lst; unset _GPASSWD
$ sudo update-grub

I am beginning to understand the power of gstreamer, the following snippet converts FLAC files to MP3 with a 192 kbps bitrate.

gst-launch-0.10 filesrc location="$FILE.flac" ! decodebin ! lame bitrate=192 ! filesink location="$FILE.mp3"

I keep meaning to document this, the installation procedure for my MCEUSB2 remote control with lirc under Ubuntu, so here we go.

1. $ sudo aptitude install lirc lirc-modules-source module-assistant debconf-utils

2. $ wget http://static.cs278.org/conf/debconf/ubuntu-704_lirc-modules-source -O- | sudo debconf-set-selections
   $ sudo dpkg-reconfigure lirc-modules-source

   This was needed before but is now automated:
   Select mceusb2 and then No, and chooseInstall the package maintainer’s version if the option appears.

3. $ sudo sed 's/MODULES=""/MODULES="lirc_mceusb2"/' /etc/lirc/hardware.conf --in-place

4. $ sudo m-a update,prepare
   $ sudo rm /usr/src/lirc*deb
   $ sudo m-a clean lirc
   $ sudo m-a a-i lirc
   $ sudo depmod -a

5. $ wget "https://help.ubuntu.com/community/Install_Lirc_Feisty?action=AttachFile&do=get&target=lircd.conf.mceusb" -O- | sudo tee /etc/lirc/lircd.conf

6. $ sudo modprobe lirc_mceusb2
   $ sudo /etc/init.d/lirc start

Sources:

• https://help.ubuntu.com/community/Install_Lirc_Feisty
• http://gentoo-wiki.com/HOWTO_LIRC
• http://wiki.videolan.org/How_to_Use_Lirc

gconftool-2 --type string --set /apps/panel/applets/clock_screen0/prefs/format "12-hour"
gconftool-2 --type bool --set /apps/panel/applets/clock_screen0/prefs/show_date true
gconftool-2 --type bool --set /apps/panel/applets/clock_screen0/prefs/show_seconds true

So how do I get Postfix to verify and sign messages with the DKIM system, under Debian? Here is how.

1. First we need to install the dependencies.

   $ sudo aptitude install libdigest-sha{,1}-perl libemail-{address,mime-encodings}-perl libnet-{dns,server}-perl libcrypt-openssl-rsa-perl liberror-perl make libmailtools-perl

2. $ sudo cpan install Mail::DKIM

3. $ perl Makefile.PL
   $ make
   $ make install

4. $ ./configure --prefix=/usr/local
   $ make install

5. $ sudo adduser --system --shell /bin/false --home /var/run/dkimproxy --group dkimproxy

6. $ sudo mkdir /etc/dkimproxy/
   $ cd /etc/dkimproxy/
   $ sudo openssl genrsa -out private.key 1024
   $ sudo openssl rsa -in private.key -pubout -out public.key
   $ sudo chown -R root:dkimproxy .
   $ sudo chmod -R a=,u=rwX,g=rX,o=rX .
   $ sudo chmod o= private.key

Sorry, this solution will not run nicely on my NSLU2 so I have abandoned the rest of this documentation - it should help you somewhat though, hence I am publishing it anyway.

My laptop and desktop are not always connected to the same network as my server and when this is the case its most likely I do not have control of the network or want the information passed over the internet in plain text. So this is my answer to remote munin nodes, using the remote forwarding feature of SSH.

1. Install Munin Node:

   $ sudo aptitude install munin-node

2. Create the upstart event file:

   $ sudo -e /etc/event.d/munin-tunnel

   Write in the following text:

   start on runlevel 2
   start on runlevel 3
   
   stop on runlevel 0
   stop on runlevel 1
   stop on runlevel 4
   stop on runlevel 5
   stop on runlevel 6
   
   exec sudo -u munin ssh -N munin-reporter@munin-server.example.com
   respawn

3. Generate a SSH key for munin:

   You do not want to set a password on the SSH key

   $ sudo sudo -H -u munin /bin/bash
   $ mkdir /var/lib/munin/.ssh/
   $ cd /var/lib/munin/.ssh
   $ ssh-keygen -b 1024 -C munin@`hostname -f` -t rsa
   $ exit

4. Edit the SSH configuration for the munin user:

   $ sudo -e /var/lib/munin/.ssh/config
   $ sudo chown munin:munin /var/lib/munin/.ssh/config

   Insert:

   Host munin-server.example.com
   RemoteForward some-port-number localhost:4949

5. Now you need to do some leg work on your server first create a user so that the SSH tunnel can be created, I used munin-reporter. Then you need to copy the munin users public key on your client into the ~munin-reporter/.ssh/authorized_keys file on your munin server. I will leave this as a user task, set up how you like on your server. I would recommend prepending the munin public key with the following in the authorized_keys file to restrict what the user can do.

   no-pty,no-X11-forwarding,no-agent-forwarding

6. Again, on your server, we need to tell munin where to get the data about the remote host from, using the snippet below:

   sudo nano /etc/munin/munin.conf

   [node.example.com]
   address 127.0.0.1
   port some-port-number
   use_node_name yes
   

7. Next we need to test the connection and verify the host signature so, that it doesn’t need to be done again.

   $ sudo sudo -u munin ssh munin-reporter@munin-server.example.com -v

   Check for any errors etc. if you spot a problem retrace your steps.

8. All that is left is to start the upstart event and wait for some pretty graphs

   sudo start munin-tunnel