chmod -x /bin/chmod: 2011

otrdiena, 2011. gada 22. novembris

Ubuntu 11.10 kiosk mode with Opera

Install xscreensaver:
sudo apt-get install xscreensav* -y

Install flashplugin:
sudo apt-get isntall ubuntu-restricted-extras -y

* I prefer vim for text editing (you can use/download your favourite text editor):
sudo apt-get install vim -y

Go to www.opera.com, choose debian package for Ubuntu,
Install it:
sudo dpkg -i opera*.deb

Create kiosk user, set random password, set automatic login.

Log in kiosk user, run
xscreensaver-demo
Answer with yes/ok
I prefer disable screen saver

Open opera web browser, choose preferences
startup start with home page, enter home page
Uncheck Enable Password manager
History adresses 0, uncheck remember content on visited pages

Right click on search bar Customize > Remove from toolbar (important for security reasons)
Enable main bar
Right click and remove Open, Save, Print buttons same way.
You may leave Find and Home button, but I removed them all to leave more space for web-page on screen.
In about:config disable "Show crash log upload dialogue" and "Show problem dialogue"

Opera > Exit

Log in as admin user.

sudo vim /usr/share/xsessions/kiosk.desktop

[Desktop Entry]

Encoding=UTF-8

Name=kiosk

Comment=Opera Kiosk Mode

Exec=/usr/share/xsessions/opera.sh

Type=Application

sudo vim /usr/share/xsessions/opera.sh

#!/bin/bash

xscreensaver -nosplash &

#while true; do opera; sleep 5s; done

 while true; do opera --k --kioskbuttons --kioskresetstation --nochangebuttons --nochangefullscreen --nocontextmenu --nodownload --nokeys --nomail --nomaillinks --nomenu --nominmaxbuttons --noprint --nosave --nosplash --geometry 1280x1024+0+0; sleep 5s; done

* Edit your opera window size (--geometry 1280x1024+0+0)

sudo chmod 755 /usr/share/xsessions/opera.sh

sudo vim /etc/lightdm/lightdm.conf
user-session=kiosk
Add this line, to disable guest account:
allow-guest=false

* For remote access you can install ssh server
sudo apt-get install openssh-server

* For security reasons you can install ubuntu firewall
sudo apt-get install gufw
Alt+F2 gufw, enable firewall, disable incoming trafic, open 22. tcp port for ssh.

sudo passwd root
su

crontab -e

0 1 * * * /sbin/reboot
sudo reboot

* When something goes wrong or you just want to login in regular unity session, you need to edit /etc/lightdm/lightdm.conf, change back
user-session=ubuntu
save and reboot
You can do this from
1) SSH or
2) Reboot machine, hold shift while grub loading, choose recovery mode, root console, enter password.

* You may wish change opera settings folder to read-only, but I found it not necessary to do.

--
http://www.instructables.com/id/Setting-Up-Ubuntu-as-a-Kiosk-Web-Appliance/
http://www.opera.com/support/mastering/kiosk/

ceturtdiena, 2011. gada 8. septembris

Google Earth compass

Download via:
RapidShare
MegaUpload
MegaPorn
MediaFire

pirmdiena, 2011. gada 9. maijs

PuTTY + vim + paste

This is annoying when you can't click mouse in vim to paste some text.
Add following lines to .vimrc to fix that:

if has('mouse')

      set mouse-=a

endif

trešdiena, 2011. gada 4. maijs

iptables in slackware

Basic firewall configuration
Drop INPUT, FORWARD

# iptables -P INPUT DROP

# iptables -P FORWARD DROP

Accept establised
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Accept loopback
# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

Accept SSH
# iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT

Accept ICMP
# iptables -A INPUT -p icmp -j ACCEPT

View
# iptables -L

With line numbers
# iptables -L --line-numbers

Save
# iptables-save > /root/fw.conf

To enable on next boot, add line to /etc/rc.d/rc.local
iptables-restore < /root/fw.conf

otrdiena, 2011. gada 12. aprīlis

Incremental htdir backup script.sh

#! /bin/sh

cd /backup



TODAY=`date`

FILENAME=`date +%d%b%Y`-inc-htdir.tar.gz.sec



# Check last backup date 

if [ -f lastbackup ]; then

LAST=`cat lastbackup`

else

LAST=$TODAY

fi



# Create .tar.gz

tar -czf htdir.tar.gz --after-date="$LAST" /var/www/htdocs



# Encode with SSL

openssl des -in htdir.tar.gz -out $FILENAME -pass pass:secpasswd



# Send to remote backup machine 

scp $FILENAME backup@10.0.2.251:/backup/data/www/htdir



# Cleanup n' shit

echo `md5sum $FILENAME` >> md5sum.log

rm htdir.tar.gz $FILENAME

echo $TODAY > lastbackup

svētdiena, 2011. gada 30. janvāris

Customize xterm

Create or edit ~/.Xdefaults

XTerm*background:   black

XTerm*foreground:   #CCCCCC

XTerm*highlightColor:  red

XTerm*font: *-fixed-medium-r-*-14-*

XTerm*boldFont: *-fixed-medium-r-*-14-*

XTerm*geometry: 110x34+200+200

add to ~/.bashrc:

alias ls="ls --color=auto"

PS1='\u@\H:\w\$ '

ceturtdiena, 2011. gada 27. janvāris

Creating image with dd

*This does not work on the fly, so you need to boot from CD.

Quick way with non-compressed image.

Create image from hda and save it on remote server:
# dd if=/dev/sda | ssh username@backupserver "dd of=/directory_of_backups_on_ssh_server/backupfile.iso"

Extract image to disk:
# ssh user@hostname dd if=backupfile.iso | dd of=/dev/sda

Way with compressed image.

Create compressed image from sda on remote server:
# dd if=/dev/sda | gzip | ssh username@backupserver dd of=/directory_of_backups_on_ssh_server/backupfile.img.gz

Restore:
# ssh user@hostname dd if=backupfile.iso | gzip -d | dd of=/dev/sda

Clearing MBR with dd:
# dd if=/dev/zero of=/dev/hda bs=512 count=1

otrdiena, 2011. gada 25. janvāris

System backup on-the-fly

Create:

# tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys /

For better compression, but it takes longer time:

# tar cvpjf backup.tar.bz2 --exclude=/proc --exclude=/lost+found --exclude=/backup.tar.bz2 --exclude=/mnt --exclude=/sys /

*At the end of the process you might get a message along the lines of 'tar: Error exit delayed from previous errors' or something, but in most cases you can just ignore that.

Restore:

# tar xvpfz backup.tgz -C /
# tar xvpfj backup.tar.bz2 -C /

Just make sure that, before you do anything else, you re-create the directories you excluded:

# mkdir proc

# mkdir lost+found

# mkdir mnt

# mkdir sys

etc...

pirmdiena, 2011. gada 17. janvāris

htdir backup script.sh

#!/bin/sh

# set chmod 700 to /backup for security reasons

     cd /backup

     FILENAME=`date +%d%b%Y`-htdir.tar.gz.sec

tar -cvf - /var/www/htdocs/ | gzip -c > htdir.tar.gz
openssl des -in htdir.tar.gz -out $FILENAME -pass pass:secpasswd

scp $FILENAME backup@backupsrv:/backup/srv1/htdir

     echo `md5sum $FILENAME` >> md5sum.log

     rm htdir.tar.gz $FILENAME

DB backup script.sh

#!/bin/bash

# set chmod 700 to /backup for security reasons 

cd /backup

 FILENAME=`date +%d%b%Y`-mysql_alldb.tar.gz.sec

mysqldump --single-transaction -u backup -pmysqlpasswd --all-databases > backup.sql

 tar -cf - backup.sql | gzip -c > backup.tar.gz

 openssl des -in backup.tar.gz -out $FILENAME -pass pass:cryptpasswd

scp $FILENAME backup@backupsvr:/backup/srv1/db

 echo `md5sum $FILENAME` >> md5sum.log

 rm backup.sql backup.tar.gz $FILENAME

MYSQL on Slackware

# cp /etc/my-medium.cnf /etc/my.cnf

# chown -R mysql.mysql /var/lib/mysql

# /usr/bin/mysql_install_db

# cd /var/lib

# chown -R mysql:mysql mysql

# /usr/bin/mysqladmin -u root password 'new-passwd'





# chmod +x /etc/rc.d/rc.mysqld 

#/etc/rc.d/rc.mysqld start

Slackware vsftpd FTP with local users

Edit /etc/inetd.conf, uncomment:
# ftp stream tcp nowait root /usr/sbin/tcpd vsftpd

Edit /etc/vsftpd.conf:

local_enable=YES

write_enable=YES

Chroot users in specific directory

Enable or add these lines in /etc/vsftpd.conf:

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd.chroot_list

chroot_local_user=YES

Create /etc/vsftpd.chroot_list, add line:
username /path/to/chrooted/dir/

Change home directory to same as chroot:
> usermod -d /path/to/chrooted/dir/ username

Limit user access to FTP only
In /etc/passwd change user shell to /bin/false
add /bin/false to /etc/shells

Pass on passwords with scp

$ ssh-keygen -t rsa

Generating public/private rsa key pair
Enter file in which to save the key ... (Enter)

Enter passphrase (empty for no passphrase): (Enter twice)

Copy key to remote box & login there:
$ scp id_rsa.pub user@remote:/home/user
$ ssh user@remote

$ cat id_rsa.key >> /home/user/authorized_keys

Remove pass phrase dialog on an apache ssl certificate

# openssl rsa -in server.key -out server.key.nopass

And of course edit this:
ubuntu:
$ sudo vim /etc/apache2/sites-available/default-ssl

slackware:
# vim /etc/httpd/extra/httpd-ssl.conf