All posts in Linux

vpnc and Fritz!box

Fritz!Box is a series of home routers from AVM, which can do a lot. Among the features is  VPN support: site-to-site and client-to-site (road warrior).

I wanted to play with the road warrior setup, because it is always practical to have a way back into a network: for privacy if on a hot spot or just to be able to access hosts on it.

Fritzbox deliverers it own Windows / Mac VPN client (FRITZ!Box VPN Connection) which works pretty good, but as a Linux user I would really enjoy native support (so I don’t have to get access through a VM, which works pretty well by the way).

After multiple failing tests and toggling all possible vpnc configuration options, which aren’t that many by the way, it was time to play: find the differences!

Keep Reading →

Adoption of Linux releases

I’m impressed how some software Vendor have resisted to provide support for Red Hat Enterprise Linux 6 (RHEL6) and its derivates for their products. This week I ran into two examples:

Keep Reading →

Empathy and MSN

I’ve had some problems recently (the last couple of weeks) with Empathy on Ubuntu 10.04. All my MSN accounts just started giving my an “Authentication Failed”.

After checking with pidgin, which I use for other accounts, that my credentials were still working I found a post in the Ubuntu Forums that gave me a good solution:

$ sudo aptitude remove telepathy-butterfly
— Make sure you have telepathy-haze installed, if not
$ sudo aptitude install telepathy-haze
— Delete the accounts and recreate them with the new plugin

I’m not sure why this happened, but at least it’s working again.
Hope this helps someone else out there.

ooimpress and .pps files

I’ve been working with Ubuntu lately at the day job and the Open Office setup is different than on Fedora.  One special case is the opening of .pps files, which per default go into “presentation mode” which I normally hate to see (it just takes to long to see what you really what to see in the presentation.

This is a workaround I found around in the Web:
Create ~/bin/ooimpress-edit or if you want to use it system wide /usr/local/bin/ooimpress-edit; and add the following code into it

#!/bin/bash
ooimpress -n “$*”
exit

Use it when ever you think you need it.  I set it up as default behaviour in the browser.

Enjoy

Lucid Lynx and Constantine multiboot

As most of you know I’m a Fedora user, well started out some time ago as a Redhat user until they decided to have to spins: Redhat (stable for the enterprise) and Fedora (bleeding edge for the community). Back to the point, my main distro is Fedora but I like to give other distributions a spin to find the pros and cons.

I decided to install the new and shiny Ubuntu 10.04 “Lucid Lynx”, but there is no way I want to affect my main partitions!! Why should I this is Linux after all, it can boot from a secondary partition I can even put the bootloader at the beginning of the partition to make it totally independent!! Having done that already with Backtrack 4, Ubuntu 9.10 (karmic) and CentOS 5.x it should be as easy as 1 – 2 – 3 (Or simple as… got Jackson 5 ringing in my ear right now).

So the solution I had in mind was just to add a new partition with parted, install there and add the following lines to the /etc/grub.conf in my Fedora partition:

title Ubuntu 9.10 (Karmic)
rootnoverify (hd0,6)
chainloader +1

The problem is that Ubuntu 10.04 ships with grub-2 (technically speaking 1.98) and it just doesn’t work the same way. After a couple of re-installs and hours later I came out with this blog with a really detailed review of the distribution and with the solution I needed:

title Ubuntu 10.04 (Lucid Lynx)
root (hd0,4)
kernel /boot/grub/core.img
savedefault
boot

Just to make sure your a attacking the right error, this is was I was getting: Error 13 invalid or unsupported executable format

Enjoy

Creating passwords with bash + perl

I had a couple of scripts working in the back end of an application to create users and set the passwords. So instead of reinventing the wheel I used the ?trusty? useradd.

Until recently one could pass the users password in clear text as a parameter. I assume that someone thought about all the passwords that word saved in history files and decided to change it. The problem is that the used the same parameter but now it expected the password to be encrypted, so it basically stopped working but didn’t generate errors.

After some debugging and some man reading the problem was nailed down, but now I had to generate and encrypt the password. I looked and tried many solutions but the best I could find was the crypt library and decided to access is through perl.  What I liked the most about the solution is that I could use all the same native algorithms that the system has installed.

So lets cut the chase, here are the 5 lines of code needed to get the job done:

salt=$(/usr/bin/mkpasswd -l 8 -s 0)
parameter=”print crypt(config,”\$1\$$salt”)”
encrypted=$(perl -e “$parameter”)
/usr/sbin/useradd -p $encrypted <user>

To create a good salt I used the mkpasswd utility that comes with the expect package (yum install expect).  In this case the $1 is not a variable, but the way of telling crypt to use MD5.

Other valid values for the Glibc crypt are:

ID Method
1 MD5
2a Blowfish (not in mainline glibc; added in some Linux distributions)
5 SHA-256 (since glibc 2.7)
6 SHA-512 (since glibc 2.7)

For more information http://www.kernel.org/doc/man-pages/online/pages/man3/crypt.3.html or simply: man crypt

Have fun

GnomeKeyring =? ssh-agent

This feature just popped up and started working after I upgraded to Fedora 10 and I though it was a standard function in gnome, but I was working with Per the other day and his Ubuntu 8.04 didn’t have it running out of the box.  So I had to take a look a the docs to make it work:  http://live.gnome.org/GnomeKeyring/Ssh

This is just one of those features that make your life easier but handling all the ssh sessions for you, the best part is that is one of those setup once and forget feature.  Here is a brief introduction on how it works:

According to the ssh-agent man:

     ssh-agent is a program to hold private keys used for public key authenti-
     cation (RSA, DSA).  The idea is that ssh-agent is started in the begin-
     ning of an X-session or a login session, and all other windows or pro-
     grams are started as clients to the ssh-agent program.  Through use of
     environment variables the agent can be located and automatically used for
     authentication when logging in to other machines using ssh(1).

So what gnome did was include an ssh-agent in the gnome-keyring(-daemon), so it has one interface to manage passwords, ssh keys, etc.  Underneath the hood this is how it works:

  1. When Gnome starts the gnome-keyring-daemon (if it is enabled in your conf)
  2. The keyring manager starts the ssh-agent component and sets up the SSH_AUTH_SOCK variable, that will redirect ssh to make the queries to that socket
  3. The SSH agent automatically loads files in ~/.ssh having names starting with id_rsa or id_dsa or any other keys included by using the ssh-add command

That does the job.  If you need to get it working on your Gnome installation follow the instructions here.

Merging PDF files

Have you ever scanned a pile of documents on a “non enterprise” o home scanner, or just got distracted when using the big Xerox machine in the office.  You’ll end up with a ton of individual pdf files.  After a little google and man reading I found these 2 solutions.

  1. On linux just use pdfmerge:   sudo yum install pdfmerge or download the windows version
  2. Do it by hand with ghostscript:

gs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=finished.pdf Scan001.pdf Scan002.pdf

snmp errors in syslog

I finally got fed up of these messages in my log files (/var/log/messages) and decided to do something about them:

Apr 19 04:14:47 hostname snmpd[3458]: Connection from UDP: [127.0.0.1]:42482
Apr 19 04:14:47 hostname snmpd[3458]: Received SNMP packet(s) from UDP: [127.0.0.1]:42482

After reading, googling around and testing for a while I rounded it the following solution, it should work in any Linux system with net-snmp after some tweaks but out of the box on CentOS, REL, Fedora or any of its relatives:

1. Remove the -a from the snmpd start options or write this in the /etc/sysconfig/snmpd.options file:

OPTIONS=”-Lsd -Lf /dev/null -p /var/run/snmpd.pid”

This should take care of the “Received SNMP” packets line (2nd one).

2. Add dontLogTCPWrappersConnects true at the end of your /etc/snmp/snmpd.conf file, that takes care of the other line:

Apr 19 04:13:47 dcf-is1p snmpd[3458]: Connection from UDP: [127.0.0.1]:48911

According to the man page: This setting disables the log messages for accepted connections. Denied connections will still be logged.”

The problem is that the default settings are to log every connection / request, so what we did was leave the log work only for failed and authenticated attempts

Enjoy readable logs!

Hacking Linux Exposed

Well it’s official I’m a published writer!

About a week ago I finally got my copy from the editor of Hacking Linux Exposed 3rd Edition.  This was a really interesting project I worked on last year. The book was writen in collaboraton, and organized by ISECOM, so I got a chance to work with a lot of top notch guys and gals in the security / Linux area.

It’s a shame I couldn’t have some face time with them, but I hope we’ll meet somewhere along the line to match a face with the name.

I started out helping as a technical reviewer on the book, basically I got the chance to read the book in advance and give some feedback.  After some time major changes had to be made on some chapters, complete rewrites in some cases.  Pete Herzog asked me if I could help out with one of the chapters.

So to make a long story short, if your read chapter 14: Mail Services; that will be me.

I haven’t had time to read the published edition, but all the chapters I got to review were just great.

I can’t agree more with Pete Herzog when I wrote:

The book will help people focus on securing their Linux systems no matter what they do with it– desktop, services, coding workbench, wireless node, PBX, VOIP, etc. by hacking them, it just doesn’t waste your time with old exploits.

Have fun and get ready for a hell of a ride!

12Next