Libre Things

marcmaurice.fr Diaspora
fr

Linux

Entries feed - Comments feed

Thursday 10 December 2009

[SSH] Change directory while connecting

By dooblem on Thursday 10 December 2009, 21h09

Problem:

I want to create a server-www alias that connects me to the SSH server and change the directory to /var/www/ right after the connection.

There it is :

ssh -t server 'cd /var/www && $SHELL'

And for the alias, add this in your ~/.bashrc:

alias server-www="ssh -t server 'cd /var/www && $SHELL'"
server-www # test it !

References :

2 comments

No keyring lock at hibernation

By dooblem on Thursday 10 December 2009, 20h36

Under Ubuntu, the keyring is automatically locked by default while hibernating. When starting Ubuntu after hibernation, it prompts you for the keyring password.

To disable this lock:

  1. Go in Applications > System Tools > Configuration Editor
  2. Uncheck /apps/gnome-power-manager/lock/gnome_keyring_hibernate

Note: you can also launch the config editor with the gconf-editor command.

Reference:

  • A "lock" search in the configuration editor.

no comment

Gnome autologin and unlocking the keyring with a password

By dooblem on Thursday 10 December 2009, 00h23

When you have enabled automatic login under Gnome/Ubuntu, the window asking your password to unlock the keyring at startup is very annoying ! Network-manager needs it to be able to use the Wifi keys.

If your keyring password is the same as your login password, the keyring is unlocked automatically when you type in your password to log in. This is not possible with autologin.

A solution is to put an empty keyring password. This is bad for security of all your passwords.

The best solution would be to store the wifi keys in the default keyring, and to store all the other passwords in another keyring. Maybe I didn't check correctly, but from what I seen most applications only use the default keyring.

Average solution: put a "foo" password to the default keyring, unlocked at Gnome startup by a script. This is better than an empty password.

Here is my solution:

We change the default keyring password:

  1. Go in Applications > Accessories > Passwords and encryption keys (don't loose 2 hours like me looking for it in System > Preferences, where it should be)
  2. Right click on the default keyring > Change password

We then create the python script with the following code:

vi ~/.lordiam.py

#!/usr/bin/python
import gnomekeyring
#gnomekeyring.lock_sync(None);
gnomekeyring.unlock_sync(None, 'mypassword');

We prevent other user from reading the file:

chmod 700 ~/.lordiam.py

We test it. Expect 0 as return code (the warning is normal):

~/.lordiam.py
echo $?

Now, we add the script at startup in System > Preferences > Startup Applications:

Command: /home/USER/.lordiam.py

Finally, we reboot the PC to test the whole thing.

Notes:

  • The fact that the script is called before network-manager start is a chance. I didn't found how to put a priority on it in the Gnome startup programs.
  • What is the 'login' keyring for ? From what I understand, it is for storing passwords which will be forgotten at session end.
  • For the script, we choose a common name, less remarkable than unlock_keyring.py. We also put the script as hidden file. It is better than nothing.

References:

  • apt-get source libpam-gnome-keyring
  • apt-get source python-gnomekeyring

6 comments

Thursday 3 December 2009

For a quiet Thinkpad

By dooblem on Thursday 3 December 2009, 22h42

Some Thinkpads, like the T43, have several heat and fan problems.

On a default Linux installation, my T43 processor is at about 46°C, and the GPU at about 49°C, for an external temperature of 19°C.

The BIOS fan management algorithm is very bad. After a cold boot, the fan starts running non stop after a few minutes of use.

Fortunately, it is possible to use programs to take control of the fan in place of the BIOS.

To start, the thinkpad_acpi module must allows us to change the fan speed:

# vi /etc/modprobe.d/thinkpad.conf
options thinkpad_acpi fan_control=1 experimental=1

Your choice to reload the module or reboot your system.

# rmmod thinkpad_acpi
# modprobe thinkpad_acpi

Now you can take control of your fan:

# cat /proc/acpi/ibm/fan
# echo level 0 > /proc/acpi/ibm/fan
# echo level 7 > /proc/acpi/ibm/fan # full speed !!
# echo level auto > /proc/acpi/ibm/fan # back to normal, BIOS management

Now go here and copy the content of the script in /usr/local/bin/tp-fancontrol.

# mv index.php /usr/local/bin/tp-fancontrol
# chmod a+x /usr/local/bin/tp-fancontrol

Then, test the script:

# tp-fancontrol
# tp-fancontrol -s 5 # for a fan that starts later

In order to start the script at boot, we also fetch the tp-fancontrol.init.debian script on the same page. We add it at the system boot.

# mv index.php /etc/init.d/tp-fancontrol
# chmod a+x /etc/init.d/tp-fancontrol
# vi /etc/init.d/tp-fancontrol
DAEMON=/usr/sbin/fancontrol
# /etc/init.d/tp-fancontrol start
# /etc/init.d/tp-fancontrol stop
# update-rc.d tp-fancontrol defaults # note: only adding "start" scripts is also possible

The final touch is to edit the script to change the minimum fan triggering tresholds, so that the fan starts later when the system begins to heat:

# vi /usr/local/bin/tp-fancontrol
MIN_THRESH_SHIFT=5
INTERVAL=10 # you can also increase the speed update interval

A 5 seconds increase allows the fan to become quiet again when the computer activity is low.

References:

7 comments 2 attachments

Wednesday 2 December 2009

USwSusp under Ubuntu Karmic

By dooblem on Wednesday 2 December 2009, 21h53

Userspace Software Suspend is an alternative to the default hibernation method in the Linux kernel. It adds several interesting features like compression, encryption... Compression allows for hibernation with a smaller Swap partition. It also decreases the wake up time of your system!

Here is how to install USwSusp on Ubuntu Karmic. Should also work with a recent Debian.

Install the uswsusp package:

aptitude install uswsusp

You can now hibernate with the s2disk command as root.

To hibernate from Ubuntu menu or by key shortcut, then change the following line in the /etc/pm/config.d/00sleep_module file:

SLEEP_MODULE=uswsusp

And test your hibernation!!

Links:

5 comments

Wednesday 18 November 2009

[Screen] No more PTYs. Sorry, could not find a PTY.

By dooblem on Wednesday 18 November 2009, 23h40

If you get the following errors starting screen as a user:

No more PTYs.
Sorry, could not find a PTY.
[screen is terminating]

You have to change /dev/ptmx file permissions:

# ls -l /dev/ptmx 
crw-r--r-- 1 root root 5, 2 nov 18 23:28 /dev/ptmx
# chmod a+w /dev/ptmx
# ls -l /dev/ptmx 
crw-rw-rw- 1 root root 5, 2 nov 18 23:34 /dev/ptmx

Under Ubuntu, there was no problem. Permissions already set:

$ ls -l /dev/ptmx 
crw-rw-rw- 1 root tty 5, 2 2009-11-18 23:37 /dev/ptmx

References :

  • man ptmx
  • ubuntu$ ls -l /dev/ptmx

one comment

Wednesday 21 October 2009

Cron mail subject format

By dooblem on Wednesday 21 October 2009, 11h26

I looked for a way of changing mail format sent by the crontab. I hoped for a syntax like MAILTO=

Answer: Impossible.

With Debian default cron program, it's hard coded in cron :

In do_command.c source file:

fprintf(mail, "From: root (Cron Daemon)\n");
fprintf(mail, "To: %s\n", mailto);
fprintf(mail, "Subject: Cron <%s@%s> %s\n",
  usernm, first_word(hostname, "."),
  e->cmd);

2 comments

Monday 19 October 2009

Adding subject in Exim log

By dooblem on Monday 19 October 2009, 14h01

To add mail subjects in Exim4 log (/var/log/exim4/mainlog), just change the /etc/exim4/exim4.conf.template file as following to add +subject to log_selector:

.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR +subject
.endif

Then restart Exim:

/etc/init.d/exim4 restart

one comment

Friday 9 October 2009

SFTP chroot + rsync

By dooblem on Friday 9 October 2009, 17h12

Here is howto make sftp shares with chroot.

In /etc/ssh/sshd_config:

# we use openssh internal sftp
# because /usr/lib/openssh/sftp-server won't be available in chroot
Subsystem sftp internal-sftp

Match group sftp
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

UPDATE 17/06/2010: Beware with the syntax! Comments must start at the line beginning, and no spaces at the end of the ForceCommand internal-sftp line.

Now just create users belonging to sftp group, and that's it. Test it with:

sftp user@myserver.com

Problem: we cannot use the rsync command to send files, because rsync is not available in the chroot.

First, we allow other commands, commenting the line:

#ForceCommand internal-sftp

Then, we build the following tree in the chroot directory:

bin/
bin/bash
bin/rsync
lib/
lib/libncurses.so.5
lib/ld-linux.so.2
lib/libacl.so.1
lib/libpopt.so.0
lib/libattr.so.1
lib/i686
lib/i686/cmov
lib/i686/cmov/libdl.so.2
lib/i686/cmov/libc.so.6

We must put both bash and rsync commands, and all their librairies (you can display them with the ldd command).

Note: the user must have /bin/bash as default shell.

Note2: the chroot dir must belong to root, even if it's the user's folder. To allow the user to write in it, you have to create a subfolder with appropriate permissions. According to OpenSSH programers, it's a big constraint, but very important for a chroot's security.

References :

one comment

Monday 3 August 2009

Fail2ban

By dooblem on Monday 3 August 2009, 14h20

If you discover lots of ssh connection tries in your /var/log/auth.log (bots testing users/passwords), you have to do something.

The simpler is to use an IP restriction rule in your iptables firewall, or in /etc/hosts.deny

If you don't want or can't use this restriction, use Fail2ban:

aptitude install fail2ban

The default install blocks SSH connection tries.

You can tune the config a bit or activate Fail2ban for other services. Example:

vi /etc/fail2ban/jail.conf
bantime  = 86400
maxretry = 10 # pour ssh
enabled  = true # pour vsftpd
maxretry = 10 # pour vsftpd

Then, the iptables -L command gives you all banned IP addresses.

no comment