Azitech

Azimout's Linux weblog

Archive for the ‘Reference’ Category

Munin

leave a comment »

Installing munin on a Ubuntu system is very simple:

  • sudo apt-get install munin munin-node
  • sudo vi /etc/munin/apache.conf, remove the “Allow from” line and add “Allow from all”
  • sudo service apache2 restart

Now you can see your munin graphs on http:/myserver/munin (replace “myserver” with the URL of your server)

(I am assuming that you already have Apache running)

Architecture: Munin has a master (munin) which connects to one or multiple nodes (munin-node), collects data, produces the graphs and serves the html. In this simple case, there is only one node, which is the same as the master.

Disabling plugins: Munin comes with several plugins, some of which you might not care for. All plugins are installed under /usr/share/munin/plugins, and the enabled ones are symlinked-to under /etc/munin/plugins. So, to disable one, just remove the corresponding symlink under /etc/munin/plugins

For debugging the munin plugins, a useful command is this:
sudo /usr/sbin/munin-node-configure --suggest

Apache stats: In order to see statistics about Apache, you need to sudo a2enmod info

If you have Drupal installed with mod_rewrite enabled for clean URLs, you need to add the following line to the mod_rewrite section of the .htaccess file at the root of your Drupal installation, as described in this thread; otherwise, you’ll get a 404 error.

RewriteCond %{REQUEST_URI} !=/server-status

In order to test if this is enabled, type this:
links http://localhost/server-status

MySQL: Edit file /etc/munin/plugin-conf.d/munin-node, and in section [mysql*], add the following line:

env.mysqladmin /usr/bin/mysqladmin

Also, it might be a good idea to disable the following two (remove the symlinks in /etc/munin/plugins), as they’re currently broken: mysql_innodb, mysql_isam_space_

Run manually: If you’ve made changes to the munin configuration and want to test them without waiting for the 5 minutes to pass, run this command:

sudo -u munin /usr/bin/munin-cron

Written by azimout

25/12/2013 at 18:55

Posted in Reference

Linux settings for SSD drives

leave a comment »

I recently bought an SSD drive (a Samsung 840 Pro series MZ-7PD256BW) for my root, boot and home partitions. The speed increase and system responsiveness of my Ubuntu Desktop system is really impressive; that’s what I call money well spent!

Here are a few settings to change in your Linux system to increase the lifetime of your SSD drive:

  • enable TRIM in /etc/fstab (add the ‘discard’ option to each SSD partition)
  • add the ‘noatime’ and ‘nodiratime’ options in /etc/fstab
  • enable TRIM in /etc/lvm/lvm.conf (change the value of ‘issue_discards’ to 1)
  • move /tmp to RAM (add the following line to /etc/fstab: tmpfs /tmp tmpfs size=512m 0 0)
  • minimize the use of swap memory (set vm.swappiness=1 in /etc/sysctl.conf)

Reference: https://wiki.archlinux.org/index.php/Solid_State_Drives

Written by azimout

03/04/2013 at 19:34

Posted in Reference

PGP encryption of your emails

leave a comment »

Introduction

Email was not designed from the start to be a secure system. In fact in early email systems for example you could change the “From” field to whatever you wanted. Some security mechanisms have been added in the meantime, but issues remain.

Pretty Good Privacy (or PGP) uses public key cryptography (or PKI) to help secure your email. And it’s free!

PGP helps you fulfill 3 out of the 5 basic principles of information security:

  1. authenticity (the recipients of your message will know for sure it was you who sent it)
  2. confidentiality (only your recipients and no one else can read the body of your message)
  3. integrity (your recipients will know that your message has not been modified after you sent it)

Basic concepts

PKI is based on a pair of keys that are generated together and are mathematically linked in such a way that something encrypted with key A can be decrypted only by key B, and vice versa. When these keys are generated, one will be your private key which you should keep, well, private, and the other is your public key, which you should share as widely as possible. In fact there are a number of servers called keyservers, to which you can upload your public key for free. They all synchronize their databases regularly, so uploading your key to one of them is sufficient. People can then look you up on these servers by your email address that you associated with this key pair, and download your public key. MIT hosts such a server; give it a try, look me up!

This way, if you sign an email with your private key, people will be able to verify it by using your public key. The fact that the email verifies correctly will then prove that the email was really sent by you (authenticity) and that it has not been modified by someone else since you signed it (integrity). On the other hand, if you want to send someone a message that only they can open, you can encrypt the email with the other person’s public key. This way only their private key can decrypt that email (confidentiality). This is called End-to-End Encryption (E2EE).

Creating and sharing your key

If you are running Ubuntu, you can do everything from Seahorse, the “Passwords and Keys” application. Start by creating a PGP key pair (New – PGP key): enter your Full Name and Email Address (plus a comment if you feel like it), and leave the rest of the advanced settings as they are (currently RSA, 2048 bits, never expires). Then choose a passphrase to keep your key pair secure, and then do some random activity (move the mouse, type on the keyboard) to produce some random data for the key generation process. Finally, upload your public key to the keyservers (Remote – Sync and Publish Keys).

(If you’re using Windows, try GPG4Win. On the Mac, try GPGtools.)

Now, one problem with this approach is that no one knows if the name and email you entered during key generation is really you, i.e. anyone can create a key claiming to be you and impersonate you! To get around this, there’s the option of meeting people and signing each other’s keys. Each public key has a fingerprint, which is a shorter (160 bits, or 40 hexadecimal characters long) version of your public key. Then when you meet someone you want to securely communicate with, you give them this fingerprint (e.g. on a piece of paper). If you’ve never met this person before, you might want to see also some photo ID just to make sure they are who they claim. Then, when you download and import their public key from the keyservers, you can verify that the fingerprint matches the one they gave you.

Signing, encrypting and decrypting emails

The best way to use PGP with your email is by using Thunderbird and Enigmail. It allows you to sign and/or encrypt your outgoing messages, and it will decrypt/verify your incoming messages. Give it a try!

Further reading: https://help.ubuntu.com/community/GnuPrivacyGuardHowto

Written by azimout

20/11/2012 at 16:25

Posted in Reference

iOS for Linux users

leave a comment »

iOS – like Mac OS X – is a Darwin-based operating system, which in turn is based on the XNU kernel. It is POSIX-compliant and “Unix-like”, but it is NOT Linux-based.

The output of “uname -a” on my iPhone is:

Darwin <device name> 11.0.0 Darwin Kernel Version 11.0.0: Wed Mar 30 18:51:10 PDT 2011; root:xnu-1735.46~10/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin

USB cable

When connected to a Ubuntu machine through the USB cable, two locations will be mounted over the AFC (Apple File Connection) protocol. The two mount points will be titled “<device name>” and “Documents on <device name>“. Ubuntu 11.04 will offer (in Nautilus) to open the first mount point with the Banshee Media Player and with the Shotwell Photo Manager.

SSH

On a jailbroken iPhone you can install OpenSSH. The default username is “mobile” and the default password (on ALL iPhones) is “alpine”. Change that immediately with “passwd”. Note your iPhone’s IP address on the WiFi interface (you can find that under Settings, Wi-Fi, then click on the blue right arrow; if you’re doing this at home, you might want to reserve a fixed IP address for your iPhone on your router).

Filesystem

The flash storage is divided into to HFS-formatted partitions; one is mounted under / (root) and the other under /private/var. Only the second one is journaled.

A few soft links exist at root level:

  • /var -> /private/var
  • /etc -> /private/etc
  • /User -> /var/mobile
  • /tmp -> /private/var/tmp
  • /Applications -> /var/stash/Applications.pwn

Your home directory will be “/var/mobile”. The first mount point described above (“<device name>”) is actually “/var/mobile/Media”

See also

Written by azimout

31/08/2011 at 19:40

Posted in Reference

Difference between make clean and make distclean

leave a comment »

Basically, if make built it, then make clean should delete it; whereas if configure built it, then make distclean should delete it.

Reference: http://www.gnu.org/software/automake/manual/automake.html#Clean

Written by azimout

28/08/2011 at 15:12

Posted in Reference

Mail Server

leave a comment »

Default TCP ports (2nd port: SSL): smtp: 25/587, pop3: 110/995, imap: 143/993

The configuration we’re going to use is Postfix + Courier.

sudo aptitude install postfix courier-imap-ssl courier-pop-ssl

Run maildirmake ~/Maildir to prepare an account’s homedir for Maildir emails

Postfix – Virtual Domains

Read carefully the Postfix Virtual Domain Hosting Howto, test and make sure you understand the following concepts:

  • canonical domains, i.e. the mailserver’s hostname (e.g. john@mailserver)
  • shared domains: an alias hostname just for SMTP (*@mydomain.com -> *@mailserver)
  • virtual aliases: like shared domains, but you can also map one mailbox to another, e.g. sales@mydomain.com -> john@mailserver
  • virtual mailboxes: break the mapping of mail recipients to Unix account

Maildrop

Read carefully the Postfix + Maildrop Howto and make sure you understand the concepts of local delivery agent and maildrop

Testing SMTP over telnet

netcat mailserver 25
220 mailserver ESMTP Postfix (Ubuntu)
ehlo mailserver
250-mailserver
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: username@mailserver
250 2.1.0 Ok

rcpt to: username@mailserver
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: test email
message body
.
250 2.0.0 Ok: queued as 9C423408E7
quit
221 2.0.0 Bye

Testing POP3 over telnet

netcat mailserver 110
+OK Hello there.
user username
+OK Password required.
pass password
+OK logged in.
stat
+OK 1 614
retr 1
<full message here>
quit
+OK Bye-bye.

Testing IMAP over telnet

netcat mailserver 143
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2010 Double Precision, Inc.  See COPYING for distribution information.
. login username password
. OK LOGIN Ok.
. list “” “*”
* LIST (\HasNoChildren) “.” “INBOX.Sent”
* LIST (\HasNoChildren) “.” “INBOX.Trash”
* LIST (\HasNoChildren) “.” “INBOX.Queue”
* LIST (\Unmarked \HasChildren) “.” “INBOX”
* LIST (\HasNoChildren) “.” “INBOX.Drafts”
. OK LIST completed
. status inbox (messages)
* STATUS “inbox” (MESSAGES 1)
. OK STATUS Completed.
. logout
* BYE Courier-IMAP server shutting down

. OK LOGOUT completed

References

Written by azimout

26/02/2011 at 22:34

Posted in Reference

Mercurial

with 10 comments

Mercurial is a great, open source (GPLv2), cross-platform, DRCS (distributed revision control system).

  • A good open source book about it is Mercurial: The Definitive Guide.
  • A very useful tool to make working with Mercurial easier is TortoiseHG.
  • The easiest way to share a repository (allowing also pushes) between a Linux and a Windows system is to share the directory containing the repository on Linux with Samba and mount it as a network drive on Windows (works only on intranets).
  • You can see a graph of your repository by running hgtk explorer (provided you have installed TortoiseHG), or by running Mercurial’s stand-alone webserver (with hg serve) and then pointing your browser at localhost:8000

Written by azimout

02/02/2011 at 09:16

Posted in Reference