Archive for the ‘Ubuntu’ Category
Blocking SSH Brute Force attempts using iptables
Saturday, January 12th, 2008After my recent break in I have looked into ways of protecting SSH and my server resources. I employ fail2ban on my main server, it has the resources to run such a programme - my Linksys NSLU2’s however do not. The solution is to use iptables to limit the number of connections any host can make in a given time frame. I wrote up a quick how to on this over at my wiki. Enjoy.
Broadcast Ping
Saturday, September 22nd, 2007You can tell Linux to respond to broadcast pings by running this snippet from the console.
$ echo 0 | sudo tee /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
Edit /etc/sysctl.conf to set the option permanently.
Packages
Sunday, July 15th, 2007I have been playing with packaging for Ubuntu and Debian for a while now and I have one fairly useful package called rsnapshot-scripts which contains a bunch of scripts for use with rsnapshot. It allows you to backup other data sources like MySQL, DPKG and Subversion.
Grub Scripted Configuration
Tuesday, June 19th, 2007This is a really ugly sed one liner that configures grub how I like it.
$ sudo sed --in-place 's/#\(hiddenmenu\)/\1/;s/^\(timeout[ \t]*\)[0-9]*/\12/;s/^\(# lock.*=\)false$/\1true/' /boot/grub/menu.lst $ _GPASSWD=$(read -s -p "Enter Grub Password (note type carefully): " _GPASSWD; echo $_GPASSWD | mkpasswd --hash=md5 --stdin); echo; sudo sed --in-place "s/# password topsecret/password --md5 $_GPASSWD/" /boot/grub/menu.lst; unset _GPASSWD $ sudo update-grub
Ubuntu lirc Configuration
Monday, June 11th, 2007I keep meaning to document this, the installation procedure for my MCEUSB2 remote control with lirc under Ubuntu, so here we go.
-
$ sudo aptitude install lirc lirc-modules-source module-assistant debconf-utils
-
$ wget http://static.cs278.org/conf/debconf/ubuntu-704_lirc-modules-source -O- | sudo debconf-set-selections $ sudo dpkg-reconfigure lirc-modules-source
This was needed before but is now automated:
Selectmceusb2
and thenNo
, and chooseInstall the package maintainer’s version
if the option appears. -
$ sudo sed 's/MODULES=""/MODULES="lirc_mceusb2"/' /etc/lirc/hardware.conf --in-place
-
$ sudo m-a update,prepare $ sudo rm /usr/src/lirc*deb $ sudo m-a clean lirc $ sudo m-a a-i lirc $ sudo depmod -a
-
$ wget "https://help.ubuntu.com/community/Install_Lirc_Feisty?action=AttachFile&do=get&target=lircd.conf.mceusb" -O- | sudo tee /etc/lirc/lircd.conf
-
$ sudo modprobe lirc_mceusb2 $ sudo /etc/init.d/lirc start
Sources:
Clock Applet
Tuesday, June 5th, 2007gconftool-2 --type string --set /apps/panel/applets/clock_screen0/prefs/format "12-hour" gconftool-2 --type bool --set /apps/panel/applets/clock_screen0/prefs/show_date true gconftool-2 --type bool --set /apps/panel/applets/clock_screen0/prefs/show_seconds true
Remote Munin Nodes
Thursday, May 24th, 2007My laptop and desktop are not always connected to the same network as my server and when this is the case its most likely I do not have control of the network or want the information passed over the internet in plain text. So this is my answer to remote munin nodes, using the remote forwarding feature of SSH.
- Install Munin Node:
$ sudo aptitude install munin-node
- Create the upstart event file:
$ sudo -e /etc/event.d/munin-tunnel
Write in the following text:
start on runlevel 2 start on runlevel 3 stop on runlevel 0 stop on runlevel 1 stop on runlevel 4 stop on runlevel 5 stop on runlevel 6 exec sudo -u munin ssh -N munin-reporter@munin-server.example.com respawn
- Generate a SSH key for munin:
You do not want to set a password on the SSH key
$ sudo sudo -H -u munin /bin/bash $ mkdir /var/lib/munin/.ssh/ $ cd /var/lib/munin/.ssh $ ssh-keygen -b 1024 -C munin@`hostname -f` -t rsa $ exit
- Edit the SSH configuration for the munin user:
$ sudo -e /var/lib/munin/.ssh/config $ sudo chown munin:munin /var/lib/munin/.ssh/config
Insert:
Host munin-server.example.com RemoteForward some-port-number localhost:4949
- Now you need to do some leg work on your server first create a user so that the SSH tunnel can be created, I used munin-reporter. Then you need to copy the munin users public key on your client into the ~munin-reporter/.ssh/authorized_keys file on your munin server. I will leave this as a user task, set up how you like on your server. I would recommend prepending the munin public key with the following in the authorized_keys file to restrict what the user can do.
no-pty,no-X11-forwarding,no-agent-forwarding
- Again, on your server, we need to tell munin where to get the data about the remote host from, using the snippet below:
sudo nano /etc/munin/munin.conf
[node.example.com] address 127.0.0.1 port some-port-number use_node_name yes
- Next we need to test the connection and verify the host signature so, that it doesn’t need to be done again.
$ sudo sudo -u munin ssh munin-reporter@munin-server.example.com -v
Check for any errors etc. if you spot a problem retrace your steps.
- All that is left is to start the upstart event and wait for some pretty graphs
sudo start munin-tunnel
Network Manager and University of Exeter VPN
Saturday, May 19th, 2007So, at home currently rather than at university, this poses a problem when trying to connect to some resources, such as internal machines and private resources. I know Network Manager in Ubuntu has VPN support but I had never tried it out, so, I gave it a go. Issue the following command to install the required package, provides Microsoft VPN support to Network Manager.
$ sudo aptitude install network-manager-pptp
Now you can load my configuration by downloading the configuration file and click on the network manager applet, find the VPN Connections
sub menu and hit Configure VPN…
. Hit Forward
, from the list choose PPTP tunnel
, press Forward
again and now press Import Saved Configuration…
. Find the configuration file I told you to download and select it, now press Forward
and then click Apply
. Bingo!
Ubuntu, use VLC not Totem
Monday, May 7th, 2007Quick tip:
gconftool-2 --type string --set /desktop/gnome/volume_manager/autoplay_vcd_command "vlc %m" gconftool-2 --type string --set /desktop/gnome/volume_manager/autoplay_dvd_command "vlc %m"
No more crappy totem spawning when you insert a DVD or VCD, but instead the pleasure of VLC.

