GNU-Linux howtos

Update: I added the package dbus-x11 which needs to be installed for this to work on a system that has no X server.

It may have taken me years, but finally I got around to implementing this and it works, easy. About a decade ago, in the days of OSS I once even tried to export /dev/pcm using NFS.. I know, it was funny though.

Sound Server Setup

I am using a Raspberry Pi that I was offered by a friend (because I had gotten technically older) but I am sure this should work with any computer. I am using the default Raspbian image. I would say you should already have sound working on this computer. Then install a few new things: apt-get install pulseaudio pulseaudio-module-zeroconf avahi-daemon dbus-x11

Then edit /etc/default/pulseaudio and change PULSEAUDIO_SYSTEM_START from 0 to 1: PULSEAUDIO_SYSTEM_START=1

Tell PulseAudio to listen (lolpunhaha) to network connections by adding the following 2 lines to /etc/pulse/system.pa (adjust the subnet to whatever you need): load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;192.168.0.0/24 load-module module-zeroconf-publish

You could either restart PulseAudio or just reboot the whole thing if you're lazy.

Sound Client

As usual I am using Debian, in this case Wheezy, hence maybe a standard Squeeze may not work with this (I haven't tested yet).

We need to change a PulseAudio client preference, and because this is a desktop I don't mind resorting to a GUI, so I installed paprefs: apt-get install paprefs

Run paprefs and under the "Network Access" tab there should be an option called "Make discoverable PulseAudio network sound device available locally", activate that.

Then all is left is to restart PulseAudio on the client. The easiest way is to reboot the whole system, but really.. really ? You could just kill and start your PulseAudio session thing: pulseaudio -k pulseaudio --start

No More Playing with Audio Cables !

Now via pavucontrol I can send the sound to the Rapsberry Pi which is connected to the speakers or switch them back to use my laptops system. Same for others here, we're all connected to the main speakers so no need to pass the cable around the table.

I remember a while back migrating someone's email from one ISP to another using Thunderbird ! Well, duh, I just found a tool that seems to be a bit underrated, Imapcopy. There are many tools out there, but this one seemed simple yet efficient. However, for some odd reason it wasn't clear to me at first how simple and easy this was to use.

Install Imapcopy

It's in the Debian repositories, so just do (for other distributions just RTFM): apt-get install imapcopy

Configure and test

You can work from any directory on any system as any user (you don't need to be on the source or destination server). Simply create a file called imapcopy.cfg. There's an example here /usr/share/doc/imapcopy/examples/ImapCopy.cfg, however I'll show you a simple config to start off.

SourceServer imap.foo.tld SourcePort 143 DestServer imap.bar.tld DestPort 143 # SourceUser SourcePassword DestinationUser DestinationPassword Copy "user@foo.tld" "SuperPassowrd" "user@bar.tld" "OtherGreatPassword" Copy "user2@foo.tld" "SuperPassowrd" "user2@bar.tld" "OtherGreatPassword"

The first thing you might want to do is use port 993 TLS/SSL. This does not work with Imapcopy, but no need to panic, here's a very simple workaround using stunnel.

apt-get install stunnel

We'll setup stunnel for both servers, source and destination, in this example.

stunnel -c -f -d 1143 -r imap.foo.tld:993 -P '' stunnel -c -f -d 1144 -r imap.bar.tld:993 -P ''

What happens here is that stunnel will create a secure tunnel from 127.0.0.1:1143 (and 127.0.0.1:1144) to the IMAP servers on their ports 993. You can replace 1143 and 1144 with whatever you want. 127.0.0.1 now becomes the source and destination servers we will connect to.

So back to our example configuration, we need to change the servers and ports to: SourceServer 127.0.0.1 SourcePort 1143 DestServer 127.0.0.1 DestPort 1144

Configuration test

You can simply run imapcopy -t or with the -i option. -i will just connect to the servers, without logging in, -t will test the logins and show some infos (number of messages, folders, etc).

imapcopy -t

There's also an option to copy only 1 message per folder, -1, options to subscribe to folders and so on. Ideally you should create a test account on both servers, generate a bunch of emails, folders, etc on the source and see how the copy goes. Check imapcopy -h for other options.

Copy emails

Funny enough, I was wondering where the option was to start copying stuff, without using any of the options, it turns out it's not an option... .. . So to start copying just run the program, optionless:

imapcopy

That's just about it.. except for one thing. If you execute the copy twice, you will re-import the messages to the destination sever.. and so on.

There are probably more elegant solutions for keeping IMAP accounts synced, that wasn't my goal in this task, but I'd be glad to hear about it.

This is a lazy guide (mostly for me to refer to) on how to encrypt a hard drive on Debian GNU/Linux. What this lazy guide does not cover is how to make your machine bootable, so if you want to encrypt your whole system (very good practice), you should probably do it via your OS installer.

Important note: The following contains examples of commands that may totally destroy data that you didn't want to destroy. Please be careful and don't stupidly copy paste and expect Jesus to show up at your door with the original 10 commandments. Also note I am a human being, so it is totally possible for me to make mistakes and/or typos.

Create a partition

Okay, so lets break things now. First, create a partition that we will encrypt, use your favourite disk partitioner, fdisk, cfdisk, gdisk or whatever you find.

Let's assume we will be working with /dev/sdb and we created the new partition /dev/sdb1. No need to format or anything, that should be done later.

Encrypt the Partition

We'll need cryptsetup to do this. If you don't already have it installed:

apt-get install cryptsetup

Now encrypt it ! (careful):

cryptsetup -y -s 256 -c aes-cbc-essiv:sha256 luksFormat /dev/sdb1

The options used mean as follows:

• -y: confirm passphrase (ask twice)
• -s 256: key size
• -c aes-cbc-essiv:sha256: LUKS cipher:hash

Decrypt the Partition

Now is when we will want to format it, or eventually use it for LVM, etc. First though, we must decrypt it as follows:

cryptsetup luksOpen /dev/sdb1 encryptedcrap

Note: You can replace encryptedcrap with whatever you want. All this means is that this disk will be available at /dev/mapper/encryptedcrap.

Once decrypted you can format it using /dev/mapper/encryptedcrap, for example:

mkfs.ext3 /dev/mapper/encryptedcrap

You could create drives using LVM etc etc, just do it on /dev/mapper/encryptedcrap.

Now you can mount your partition as usual:

mount /dev/mapper/encryptedcrap /mnt/somewhere

Undecrypt it

You can re-encrypt it and make it unreadable at any time, all you need to do is un-mount it (if it's mounted) and "luksClose" it:

cryptsetup luksClose /dev/mapper/encryptedcrap

Basic Key Management

You should have so far 1 key. There are 8 key slots on this lock (from 0 to 7), so you can have up to eight passphrases (keys). You can check the status by doing:

cryptsetup luksDump /dev/sdb1

This should show you a bunch of stuff, for now you should mostly be interested with: Key Slot 0: ENABLED So far all other key slots should be disabled. These numbers will come in handy later.

Add a Key

When adding a new key you will be asked to provide an existing key first, of course, then you will be prompted for the new passphrase:

cryptsetup luksAddKey /dev/sdb1

Note: By default keys are added to the first available slot. If you are using keys 0, 1, 3, then the next key would be added to slot 2. However, it is possible to specify which slot to use when adding a key by using the --key-slot option. Example:

cryptsetup luksAddKey /dev/sdb1 --key-slot 6

Deleting a Key

You can delete a key either by knowing the actual passphrase you want to delete OR by using the key slot. This is why it's important to keep track of who's using which slot.

To delete a key using the passphrase, this will ask you to enter the passphrase to delete and then a remaining valid key:

cryptsetup luksRemoveKey /dev/sdb1

To delete a key by slot, in this case if we want to disable slot 1, this will simply ask for a valid key (not the one being deleted of course):

cryptsetup luksKillSlot /dev/sdb1 1

And.. .. that's it for today.

These notes may help you in the case where you need to install a server without ever having access to the console. In this case the OS is also pre-installed, either by an automated system or by the server provider.

The plan is to get a base server OS installed on a small partition, for example Debian Squeeze, on less than 1GB, I used 666M and that works fine. From that system we can create our new encrypted partitions and move the system over there. And at last we'll setup an initramfs with busybox and SSH access, from there we can SSH to the server and decrypt the partition(s) we need to boot.

NOTE: This is tested on Debian Squeeze.

Install the server

A minimal partition should be as follows, edit this to suit your needs: /dev/sda1 /boot 256M # this partition will be kept /dev/sda2 / 1GB # used only to setup the main OS No swap, we don't need another partition to recycle somehow and later our swap will be encrypted of course. As for the root partition, you can make it smaller or bigger depending on how you want to re-use it (backupOS with backup website, or tools etc.. or /tmp, etc etc).

Note, in this example I will be using 2 hard drives configured using software Raid1, so for me it looks like this: /dev/md0 /boot 256M # this partition will be kept /dev/md1 / 666M # used only to setup the main OS

Along this page I'll put in bold things that may differ, or things for which you can chose your own string.

Install softwares

We don't really need much, just busybox, cryptsetup and dropbear from Debian and then Early-SSH.

apt-get install busybox cryptsetup dropbear

Check for the latest version of Early-SSH I used 0.2. Early-SSH will setup the whole business of getting dropbear to listen at boot.

wget http://dev.kakaopor.hu/early-ssh/downloads/early-ssh_0.2_all.deb dpkg -i early-ssh_0.2_all.deb

Configuration

Cryptdisks

This had akward effects like not working for me, so to avoid ball breakage edit /etc/default/cryptdisks: CRYPTDISKS_ENABLE=No

Early-SSH

We first need to fix a minor issue in /etc/initramfs-tools/hooks/early_ssh (if you are using /bin/dash for example). Edit /etc/initramfs-tools/hooks/early_ssh and change: /bin/sh to: /bin/bash

Next we need to configure the network, and perhaps disable the timeout (that's up to you). Edit /etc/early-ssh/early-ssh.conf and use your server's IP config: INTERFACE="eth0" IP="10.0.0.10" PORT="22" NETMASK="255.255.255.0" GATEWAY="10.0.0.1" TIMEOUT="" # in seconds (empty means disabled)

Update initramfs

Any time you may change any of the above, if so you will need to generate a new initramfs, easily done via: update-initramfs -u Even after some of the changes below this will be necessary, we will redo this step.

Sometimes update-initramfs -u says "update-initramfs: /boot/initrd.img-2.6.32-5-686-bigmem has been altered", well it also says: "update-initramfs: Cannot update. Override with -t option", in those cases try:

update-initramfs -u -t

Testing the boot process

At this point the server should first boot into busybox and dropbear should be serving access, we should test this to be sure all is fine; Let's reboot. reboot Now when your server comes back up (let's assume it does :]) you should be able to log into via SSH using your root username:password, the same as on the main system, yes.

You should be logged into busybox, if you want you can look around, otherwise to continue simply execute: finished This will continue the boot process (and log you out). After a few seconds you can log back in, this time back to your Debian system.

Creating encrypted partitions

In this example I will use RAID 1 and LVM, if you only want to use one or the other, or even regular partitions then this should also work though you may need to simplify the following. In any case this won't be mega detailed as it's beyond the scope of this page.

Raid 1

Create 2 partitions of the same size, let's say sda3 and sdb3. Then assemble them as follows: (you might need to reboot to use your newly created partitions)

mdadm --create --verbose /dev/md2 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3

Of course mdadm.conf is likely to be empty, if so:

mdadm --examine --scan --config=partitions >> /etc/mdadm/mdadm.conf

Encrypt it!

replace "md2" by whatever you chose to use as your target encrypted partition.

cryptsetup -y -s 256 -c aes-cbc-essiv:sha256 luksFormat /dev/md2

LVM it

You don't have to, you can just use sda3, sda5, etc etc, however in this case you will only need to manage one encrypted file system and hence only one password to type and so on.

Decrypt it first

Before manipulating our encrypted partition, we need to decrypt it, in my case I will decrypt the device as /dev/mapper/crypted-raid (pick whatever you want):

cryptsetup luksOpen /dev/md2 crypted-raid

Create the LVM device

First make /dev/mapper/crypted-raid an LVM device, then create an LVM group vga using it.

pvcreate /dev/mapper/crypted-raid vgcreate vga /dev/mapper/crypted-raid

Create the partitions

Here is a sample simple config, because it's LVM you can change your mind later.

lvcreate -L5G -nroot vga mkfs.ext3 /dev/vga/root lvcreate -L20G -nhome vga mkfs.ext3 /dev/vga/home # Example for swap lvcreate -L3G -nswap vga mkswap /dev/vga/swap

Copying the OS

If your system is pure and simple and nothing else has been installed, no activity basically, then you can do this from here:

mkdir /mnt/NEW/ mount /dev/vga/root /mnt/NEW mkdir /mnt/NEW/home mount /dev/vga/home /mnt/NEW/home cp -a /root/ /bin/ /etc/ /lib/ /opt/ /sbin/ /selinux/ /srv/ /tmp/ /usr/ /var/ /home/ /vmlinuz /initrd.img /mnt/NEW/ cd /mnt/NEW mkdir boot dev media mnt proc sys

Don't umount it yet...

New fstab

Edit the NEW fstab in /mnt/NEW/etc/fstab:

note: if you want to use UUIDs you can get them like this: blkid /dev/vga/* I'll use a bit of both here (for some reason I don't yet understand.

# old system #/dev/md1 / ext3 defaults 0 0 /dev/vga/root / ext3 defaults 0 0 /dev/vga/home /home ext3 defaults 0 0 # swap /dev/vga/swap swap swap defaults 0 0 UUID="8d990ccd-6f7c-498b-a729-527825cb7b78" swap swap defaults 0 0

Grub

Now let's edit /boot/grub/grub.cfg and replace the root with your LVM/encrypted root partition:

linux /vmlinuz-2.6.32-5-686-bigmem root=/dev/mapper/vga-root ro

update-initramfs -u

For the changes made to the raid configuration it helps to do this, else you'd have to reassemble the encrypted raid.

update-initramfs -u

Moment of truth

You can now reboot and you should be greeted by busybox shortly, as we've tested this I am guessing that's fine. We'll need to do a few things to make our filesystem available.

/sbin/mdadm -A --scan /sbin/modprobe dm_mod /sbin/cryptsetup luksOpen /dev/md2 crypted-raid /sbin/lvm vgchange -a y

If everything went well we can continue the bootup. If you'd like to confirm, check that you have your LVM partitions ready:

ls /dev/vga

You should see your LVM partitions. Now we are good to go:

finished

In a few seconds you should be on your new and fully encrypted system.

Add a Busybox script

Instead of remembering those lines of things to type we can easily add a script to busybox like this (remember to make sure it suits your setup)

Create a new file like /usr/share/initramfs-tools/scripts/prepare_my_stuff and put inside the lines we just typed in busybox's console: #!/bin/sh /sbin/mdadm -A --scan /sbin/modprobe dm_mod /sbin/cryptsetup luksOpen /dev/md2 crypted-raid /sbin/lvm vgchange -a y finished Make it executable: chmod +x /usr/share/initramfs-tools/scripts/prepare_my_stuff and update initramfs (always this guy). update-initramfs -u Next time you can you log into your busybox all you need to do is type: /scripts/prepare_my_stuff

Links

These pages helped me out.

• How to encrypt a disk (in French)
• Early-SSH

There are many tutorials about OpenVPN, the most I've found where either too detailed to get something running real quick or way to short to actually understand what's going on. I like finding docs that get the crap running real quick and then going back over it with more detailed articles and such. Anyway, the goal here is to get something running and understand some basic stuff.

On the server as well as the clients, the first step would be installing openvpn (same package for both):

apt-get install openvpn

Server setup

Create keys

• CA (Certificat Authority)
• server key
• client key (1 set per client)

cp -rp /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/keymaker cd /etc/openvpn/keymaker

The file "vars" contains stuff about the keys we'll create like, country, email etc. Might as well edit "vars" to make things easier.

vi vars

and edit

export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="SanFrancisco" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain"

You may also edit things like

export KEY_SIZE=1024

in case of paranoia it can be changed to

export KEY_SIZE=2048

There are some other options like expiration date etc, it's all well commented. you needn't change anything for this to just work.

once your done we need to source the file

. ./vars

The following are intended for a first setup (or at least per specific vpn setup, you can have more than one VPN... you'll check that out another time)

this will delete any keys previously created keys

./clean-all

Generate the CA, the Certificate Authority is what's used to sign all the other certificates for the question "Common Name" you may answer something like "My-VPN-CA".

./build-ca

This will be the certifcate for the server, be sure to answer "server" to the question "common name" (yes, you may change it to something more original if you want, in this doc it's "server") I think the "challenge password" is useless, it is without use...

./build-key-server server

Now let's make a key for the client.

./build-key client1

If you want to oblige the client to enter a password to use their key you may use

./build-key-pass client1

another crypto thing to generate, a Diffie Hellman, (like whatever).. . . this can really take a long time.

./build-dh

You will need (secret means, don't share this file and make it chmod 400 or something),

• on the vpn server:
  • dh1024.pem - secret (or dh2048.pem)
  • server.crt - public
  • server.key - secret
• on client1:
  • client1.crt (see note below)
  • client1.key - secret
• the signing machine:
  • ca.key - secret
• on all machines: you will need:
  • ca.crt - public

Note about client1.crt: I just noticed this seems to be needed on the server in order to revoke a VPN access ! This should be in the 'keys' directory.

For more information check this out search for "keys"

now copy the server keys, for example, in /etc/openvpn/keys

Server config

Get a new base config file by doing:

zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

now edit that file, the most important crap will be the paths to the keys, it's relative to this config file:

ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem # read the comments for this one, in my case i want all the client's # traffic to go through the server, this will require some configs that # we'll see later. If all you want to do is be on the same LAN then # don't touch this push "redirect-gateway" # another option you can push, useful if you set the above setting (but not only) # AND if you are running a DNS server, otherwise you can/should put # the IP of the vpn server's DNS server (the thing in /etc/resolv.conf) or some # other DNS server you may use. # OTHERWISE, as noted in the config files comment for the previous setting # you can also bypass DNS queries push "dhcp-option DNS 10.8.0.1" # If you are still paranoid or just want to use more electricty you can # change the default cipher to something a bit stronger cipher AES-256-CBC

Everything else can be left at default for now.

Start/stop the server

NOTE: This goes as well for the server as the client:

When you start openvpn via /etc/init.d/openvpn start it will start a VPN service for each file called something.conf in /etc/openvpn/ check out /etc/default/openvpn and set AUTOSTART="all" to AUTOSTART="server" or if you don't want it to start automatically upon boot AUTOSTART="none"

Forwarding traffic

If you chose the "redirect-gateway", meaning client's traffic will be routed through the server then you will need to setup some routing capapbilities on the VPN server, this is a long and complicated process "lol":

Lets consider eth0 is your main NIC, That'll be 3 iptable rules and one echo to a proc file.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward

voilà.

NOTE: If you intend on setting up multiple VPNs you might want to forward all TUN interfaces (tun0, tun1), in that case replace tun0 with tun+ in the above iptables rules set.

Client configuration

now for the client, you'll need the same openvpn package, but also resolvconf if you want to accept new DNS settings from the vpn server: apt-get install openvpn resolvconf

after that you can probally let the user connect to the VPN via network-manager-openvpn or other such lol tools, otherwise this can be done through the startup script, it's just the config file that needs to be different.

The simplest way to go would be to put all the required keys in a special "keys" directory, for example /etc/openvpn/keys

Next copy a default client config

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client.conf

You could name it to something more specific maybe, useful if you are a client to multiple servers

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client_server1.conf

Some of the things you'll need to edit:

remote YOUR_VPN_SERVER_IP 1194 ca keys/ca.crt cert keys/client1.crt key keys/client1.key # this setting should be the same as on the server cipher AES-256-CBC

That is all for now. To try the connection, see the note about the startup script, by default:

/etc/init.d/openvpn start or openvpn --config client.conf

If you required the client to provide a password you will be asked for it at this moment.

This is where things should work, you can check with /sbin/route to see how things are.

Per user settings

To have certain settings applied to specific users only you can use the client-config-dir parameter, this will indicate a directory which should hold an additional configuration file for each user. The file should use the name of the client and nothing more (no .conf suffix, nothing). For example:

• in server.conf add: ("ccd" is the name of the directory where client's configuration files will be stored) client-config-dir ccd
• in the ccd directory create a file per client to append user specific settings to. cd ccd vi client1

Example settings

• static IPs: to assign a specific IP to a client use the following syntax: ifconfig-push 10.8.0.3 10.8.0.4

  Both IPs are required, the first one will be used by the client and the second will be the end point on the VPN server. This is actually a bit strange but hec, that's how it works.

• Client specific routing: You can assign routes on a per client basis, in this case it's probably better to not assign the value push "redirect-gateway" in the main configuration but to add it to any client's configuration file that would need it. You can also do some fancier things like route only specific IPs or IP ranges, use the example:

  push "route 74.125.0.0 74.125.255.255" This will add a route to the clients routing table for a /16 of googleips

  NOTE: Clients may add the routes they want outside of the configuration of OpenVPN.

Revoking a client's access

It's as much fun as it sounds.. For this, go to the keymaker directory and source the vars file and then revoke teh access:

cd /etc/openvpn/keymaker . ./vars ./revoke-full KEYTOREVOKE

This will update/create a CRL file that you will need to add the VPN's configuration file:

vi /etc/openvpn/server.conf add crl-verify keymaker/keys/crl.pem

Of course check to make sure this file exists and has the correct path according to your config... Then restart the VPN server and it's done.

Now you might want to get into more details, you can goto the OpenVPN howto and find out so much more.. ..

When I wanted to first install a jabber/xmpp server I started looking around and spent most of my time trying to figure out which server to install and that kind of discouraged me, as well I could not find any plug and play tutorial to get started, so I hope this compilation helps someone. This is tutorial is a quick and basic howto, but should cover all the very basic required stuff to work.

Install ejabberd

This is the tough part (as usual on Debian GNU/Linux): apt-get install ejabberd That being done you can now configure ejabberd

Configuration

Edit the file /etc/ejabberd/ejabberd.cfg and adjust at least the following (note that lines preceded with a '%%' are comments): %% Hostname {hosts, ["domain.tld"]}. If you would like to have more than one host use the following example: %% Hostname {hosts, ["domain.tld","otherdomain.tld"]}. To add ensure admin privileges for a user: %% Admin user %%{acl, admin, {user, "", "localhost"}}. {acl, admin, {user, "user", "domain.tld"}}. That's it, at least to get something running, you can and should check the config file, there are comments and some are even understandable.

add some actual user(s)

Simply issue the ejabberdctl command (check the man for other usages): ejabberdctl register user domain.tld password This will create your user, in this case: user@domain.tld, with the default configuration the user can (and should) change their password on their own. If you would like to setup your server to be open to "in band" user registration, meaning users can create accounts directly via their IM client, you can change (in ejabberd.cfg):

{access, register, [{deny, all}]}. to {access, register, [{allow, all}]}.

and now, DNS

XMPP follows a similar way of functioning as email, meaning your domain.tld does not need to have the same IP as your Jabber/XMPP server, you will need to add some DNS records to enable users of other nodes to find you, as well for your own users to be able to find the server they should connect to.

An example of Bind configuration, in this case this is the configuration for domain.tld where the server will be located at xmpp.domain.tld:

; protocol and such PRIORITY WEIGHT PORT xmpp server _xmpp-client._tcp IN SRV 10 0 5222 xmpp _xmpp-server._tcp IN SRV 10 0 5269 xmpp _jabber._tcp IN SRV 10 0 5269 xmpp

Yes, you can change the ports of your server (client and server ports) and change them in the DNS and bam, that will tell everyone where to go. Priority and weight are things that are useless in my case, but in short it is like with MX priorities, but there are 2 levels here. As you have noticed there are no dots at the end of each name, that means it is relative to the zone this file belongs to, if you are configuring a different zone, for example the server is on xmpp.domain.tld and it will host foobar.org, you can add something like this in the foobar.org zone file:

; protocol and such PRIO WEIGHT PORT xmpp server _xmpp-client._tcp IN SRV 10 0 5222 xmpp.domain.tld. _xmpp-server._tcp IN SRV 10 0 5269 xmpp.domain.tld. _jabber._tcp IN SRV 10 0 5269 xmpp.domain.tld.

Now you can connect to your server simply by using the credentials:

• user:

  username

  domain:

  domain.tld

  password:

  password

Indeed the correct host (xmpp.domain.tld.) and port of the domain will be found via DNS. That's all.

Oh, just one more thing, the port 5280 is by default open for admins to connect and do some admin stuff. There could be other things to be done here (of course there are), so if you figure it out before me let me know. . : ]

This page is complementary to the Debian Wiki page dedicated to this machine.. so here are some things that are not (yet) on that page and are maybe a tiny bit off topic (kde related) etc.. I might add some of it, if i don't, whoever maintains that page can of course copy content from here to there.

Basically you can just go install Debian as usual, maybe chose Ext2 filesystem, and also i tend to always uncheck all the boxes when it comes to installing base software (Desktop, Web server Dns server etc), this is especially useful on this computer as it only has an 8Gb hard drive.. plus saving space is environment friendly, less downloading (install and upgrades) means less power... . . :] of course if you do so you will have to manually install everything even xorg, so do what you feel like doing.

Card reader

First thing, after installing Debian (with ext2 filesystem why not), you might want to rid the SD slots of any SD cards if any are inserted, if not you might experience some problems booting into your "new" system.. . After that you can safely follow the wiki instructions and the two slots should be working fine..

Wireless

What the Cpufreq

The wiki says that it should work out of the box, and it does. ... well you might just need to activate the correct modules though, i like using modconf, but if you want you can just add to /etc/modules:

acpi-cpufreq cpufreq_powersave cpufreq_ondemand

if you only added this to the file you will need to reboot OR load each module for now via modprobe like this :

modprobe acpi-cpufreq modprobe cpufreq_ondemand modprobe cpufreq_powersave

Suspend to RAM

So now everything is starting to totally rule.. but still not there yet, suspend to RAM (and and Disk) might not work and that would most probably just be because your user is not in the powerdev group so you could do:

adduser USER powerdev

Now even the "Fn + Z" button should work just as the kpowersave menu works, if you running something other than KDE than maybe there is either just a keybinding issue or command problem. You can manually test the suspend function with the following (as root):

s2ram -f -a 3

If this works then you just need to figure out a way to execute that more conveniently.. otherwise you might have to RTFM s2ram a bit (but normally we have the same computer so this should work).

Another thing, maybe we can reduce the size of the image for quicker "stuff"... try:

echo 0 > /sys/power/image_size

if that works than just add it to the end of a bootup script somewhere. I personally prefer adding my own bootup script in which I add all my little things, for one all is gathered in the same place, and it also makes upgrading less hectic.. imho. I will put en example script at the end of this document that gathers all the little tweaks and such.

Disk optimisations

Here are a few things that can help reduce writing data on the slow SSD memory. First dissuade the system from using swap and then something about inodes and stuff :

echo 1 > /proc/sys/vm/swappiness echo 50 > /proc/sys/vm/vfs_cache_pressure

for these settings to take place on bootup you can either add this to the "common tweaks script" or edit /etc/sysctl.conf and add :

vm.swappiness = 10 vm.vfs_cache_pressure = 50

Now a piece of software thats nice to know is powertop, you probably guessed what it does, anyway it showed a few things of interest like :

echo 1500 > /proc/sys/vm/dirty_writeback_centisecs

this tells the system to bother the disk a bit less often than the usual.. same as the above this can be added to /etc/sysctl.conf (or later on in a boot script):

vm.dirty_writeback_centisecs = 15000

More optimizations via Grub

The elevator=noop option will optimize access to the disk as the function of an elevator is more relevant when using one classic disk drive and not an SSD, read more here. We can also use a more precise clock, hpet (read here) can save us some time and battery.

for this edit /boot/grub/menu.lst and modify the kernel line as follows :

title Debian GNU/Linux, kernel 2.6.26-1-686 root (hd0,1) kernel /boot/vmlinuz-2.6.26-1-686 root=/dev/sda2 ro quiet clocksource=hpet elevator=noop initrd /boot/initrd.img-2.6.26-1-686

For this to take effect upon kernel upgrades make the line

# defoptions=quiet

look like this :

# defoptions=quiet elevator=noop clocksource=hpet

Function Keys - with KDE

It seems for me the function keys work except the volume keys.. .hmm, what to do.. well, the following is more fun than tricky.. :]

first thing is use xev to see what the keycode is, of course i could just tell you (and i will) but if you want to do this for an other key you will know how to do it, open KDE and then open a terminal (Konsole). Type xev.. you should have a small window called Event Tester, in the terminal you will see a whole bunch of stuff, for every input event there should be some info up there, it's a bit "weird".. anyway, for "Fn + (sound up)" you should see among the waterfall of crap that comes up "keycode 176" and then "NoSymbol". This means that the key is not mapped (or something along that line).

HINT:

the keys we are looking for are; Sound (up, down, mute) and their keycodes are respectively: 176, 174 and 160 so now write the file (as user): ~/.xmodmaprc with inside:

keycode 160 = XF86AudioMute keycode 174 = XF86AudioLowerVolume keycode 176 = XF86AudioRaiseVolume

to use this config type:

xmodmap ~/.xmodmaprc

to get this to start automatically on startup edit a new file in .kde/Autostart, call it whatever you want, i call it my_xmodmap so vi ~/.kde/Autostart/my_xmodmap and inside it put:

#!/bin/sh xmodmap ~/.xmodmaprc

and then:

chmod +x ~/.kde/Autostart/my_xmodmap

Now that's done, all you need to do is use kmenuedit to add a Sub Menu with a few entries. I called my Sub Menu .keyboard, with a "dot" as prefix so that this menu does not show up in the Kmenu.

Then add a New Item as follows:

• Name: sound_up
• Command: amixer set Master 6db+
• Uncheck "Enable launch feedback"
• define shortcut: press "Fn + Volume Up" (it should show "XF86AudioRaiseVolume")

I use the command amixer to control the sound (part of alsa-utils package => apt-get install alsa-utils) you can use whatever you want of course. Another thing, I put here 6db+, you can increment by however many decibels you want.

Add another new item for sound_down as follows

• Name: sound_down
• Command: amixer set Master 6db-
• Uncheck "Enable launch feedback"
• define shortcut: press "Fn + Volume Down" (it should show "XF86AudioLowerVolume")

AND, last but certainly not least, add a new item for Mute/UnMute

• Name: mute
• Command: if amixer get Master|grep off; then amixer set Master unmute; else amixer set Master mute; fi
• Uncheck "Enable launch feedback"
• define shortcut: press "Fn + Mute" (it should show "XF86AudioMute")

Using SSHFS to mount distant filesystems

Sometimes you want ("need") to mount a distant filesystem but you don't want ("have the time") to install NFS or something like that just for this particular need. .. and then you also realize that NFS (in a simple config) is not crypted and that doesn't seem right.. well in those cases you could use SSHFS. ... .

The client

The computer on which you wish to mount the file system will require adding packages: sshfs and fuse-utils :

apt-get install sshfs fuse-utils

You shall then need to add the module

modprobe fuse

Add your user to the fuse group

adduser manu fuse

You should then logout (for real) and log back in for your session to be part of the newly joinded group.. . . if you are in a hurry or don't have time for the pain you can do:

newgrp fuse

The server

All the server needs is an SSH server, that should be already the case. . .actually with sshfs you don't need to do anything on the server to be able to connect, hence you can mount file systems on servers on which you are not root.

BTW

. . I almost forgot the fun part, mounting an SSH filesystem.. ... .well you could do something like this:

sshfs server:/somewhere/on/the/server /home/your_local_home_dir/sshfs

and for umounting:

fusermount -u /home/your_local_home_dir/sshfs

Trickle is a program that can shape bandwidth of TCP traffic. I find it quite useful when I want to upload large files without eating up all the bandwidth, at least that is the most useful usage for me.

I have tried using trickled with tricked.conf but i find it somewhat useless, it's supposed to prioritize access to bandwidth depending on a per program basis. I set ssh to the highest priority and ncftp to lowest and yet ssh was still very chopped up, basically unusable, i "probablly" "did" "something" "wrong".. . : ] (links to good tutorials and such welcome)

However, by just using trickle as a normal user, with something like "trickle [bandwidth]option program" that works great for me.. . ..

Usage examples

Very simple, i'm using ssh, i want to upload heavy files with ncftp. Ncftp uses up all of the little bandwidth available. I don't have a fancy router with QoS and stuff. What are you gonna do ??
First, what is the "total" bandwidth available ? By uploading normally with ncftp i notice the speed settles at about 90KB/s it's after that i can decide that 60 would suffice and leave engough space for SSH, and even some http....

So now all I need to do us launch ncftp all wrapped up in trickle and tell it to upload at 60KB/s as follows :

trickle -u 60 ncftp -u user host

You can use the -d switch to limit download speed in the same way, of course you can also combine both options

Limitations

This piece of software is used to set some limits, however it has some of it's own :

• It can only deal with TCP protocol. This means it won't be able to do anything about UDP connections
• It must use libc stack, to see if your program uses libc use : ldd /usr/bin/ncftp|grep libc this should print : libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e0c000)

Modifying Workaround.org ISP Style Email to have Amavis per user settings

This article is intended for those who have already installed Workaround ISP-style Email Server, however you can probably adapt this to your installation of Amavis, especially because (for now at least) this article only covers the part where you modify stuff in Mysql and a little setting in Amavis's configuration. WARNING: Please don't use this without understanding what you are doing, if you screw up your organization's email server it's of course not my fault blah blah blah. ... You are supposed to test this on a test server, but hey, if you are responsible for anything important you probably (cough) know what you are doing.. :]

Create the Policy table

You should do this operation on the mailserver database, adapt this to your configuration. This table can vary depending on what options should be available to users, i've seen different possibilities, this is what i did:

USE mailserver; CREATE TABLE IF NOT EXISTS `policy` ( `id` int(10) unsigned NOT NULL auto_increment, `policy_name` varchar(255) default NULL, `virus_lover` char(1) default 'Y', `spam_lover` char(1) default 'Y', `banned_files_lover` char(1) default 'Y', `bad_header_lover` char(1) default 'Y', `bypass_virus_checks` char(1) default 'Y', `bypass_spam_checks` char(1) default 'Y', `bypass_banned_checks` char(1) default 'Y', `bypass_header_checks` char(1) default 'Y', `spam_modifies_subj` char(1) default 'N', `spam_quarantine_to` varchar(64) default NULL, `spam_tag_level` float default '999', `spam_tag2_level` float default '999', `spam_kill_level` float default '999', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

This structure provides default values, you can (should) change them to suit your needs. You can add some default policies like these, it's even better to make your own, but if you are lazy and/or just want to test things here are 4 basic modes.

INSERT INTO `policy` (`id`, `policy_name`, `virus_lover`, `spam_lover`, `banned_files_lover`, `bad_header_lover`, `bypass_virus_checks`, `bypass_spam_checks`, `bypass_banned_checks`, `bypass_header_checks`, `discard_viruses`, `discard_spam`, `discard_banned_files`, `discard_bad_headers`, `spam_modifies_subj`, `spam_quarantine_to`, `spam_tag_level`, `spam_tag2_level`, `spam_kill_level`) VALUES (1, 'none', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', NULL, 100, 1000, 10000), (2, 'all', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', NULL, -50, 4, 10), (3, 'nospam', 'Y', 'N', 'Y', 'N', 'Y', 'N', 'Y', 'N', 'N', 'Y', 'N', 'Y', 'N', NULL, 999, 999, 999), (4, 'antivirus', 'N', 'Y', 'N', 'Y', 'N', 'Y', 'N', 'Y', 'Y', 'N', 'Y', 'N', 'N', NULL, 999, 999, 999);

Alter virtual_users table

Now the user needs a little column where you can put the id of the policy that user should use, and even a default value (which of course you should change i guess).

ALTER TABLE `virtual_users` ADD `policy_id` INT( 11 ) NOT NULL DEFAULT '1' AFTER `password`

Modifying the view_users view

The idea is that Amavis gets it's information from the $sql_select_policy configuration line, to include the per-user policy function I made a new view_users table that includes a column with each users policy ID

So first DROP the view_user table (of course you made a backup or you are on a test server), then create the new view:

CREATE VIEW view_users AS SELECT virtual_users.id, CONCAT(virtual_users.user, '@', virtual_domains.name) AS email, virtual_users.password, virtual_users.policy_id FROM virtual_users LEFT JOIN virtual_domains ON virtual_users.domain_id=virtual_domains.id;

Amavis Configuration

There will be 2 lines to insert/modify, and one is because i still cannot get the whitelist/blacklist function working properly (help welcome).. . . so modify /etc/amavis/conf.d/50-user and change/add the following:

$sql_select_policy = 'SELECT *,email FROM view_users,policy'. ' WHERE (view_users.policy_id=policy.id)'. ' AND email IN (%k)'; $sql_select_white_black_list = undef;

Voilà, that should work... there is no interface (yet?) for modifying all this and hence allowing users to chose their own filtering policies, maybe Virtual Mail Manager will come up with something or maybe something else might happen... : ]

A special thanks to Mr. Internet for all your help

The idea is to totally replace a hard drive with a new one, this means copying all the data from each partition of the old hard drive to a new one. why? :

• Your hard drive is old and/or "almost" broken (see smartmontools)
• Your hard drive is full and so you want to replace it with a bigger disk.
• You are bored
• For replicating a system

What you need :

• a computer
• a hard drive - to be replaced
• a "new" drive - the replacement
• a Debian install CD (netinst will suffice) or any other liveCD (all we need is to get a shell that's not running off the system on the disk drive)

What needs to be done :

• plug the new disk drive on the computer as "sda" (or hda), and the old (current) drive as "sdb" (or hdb)

• in the example we have

  • sda - new 320GB
  • sdb - old - 80GB
  • • sdb1 10GB ext3
    • sdb2 1GB swap
    • sdb3 69GB ext3

Booting off the Debian CD, partitioning et formatting

Boot off the Debian CD and go through the first options, mostly keyboard options. (stop anywhere before using partitioning tool). Then get a terminal by pressing alt - F2. If you have already partitioned the disk than yay for you, otherwise you can do this with fdisk. You must keep in mind that sda1 should be at least as big as sdb1 (or at least have enough space to contain the contents of sdb1), the same goes for sda3. As for the swap partition, in this case sda2, you can do whatever you want of course. On the Debian install CD "fdisk" is available, this tutorial does not cover this, for that you can make a request. Different boot and/or live CDs may have other partitioning and/or formatting software. So basically, create your partitions. I use ext3 filesystem, but of course you can do whatever you want, actually you can even use this process if you wanted to just safely change the filesystem (if you do change the filesystem than don't forget to update the fstab that you copy to sda1). Here is an example with basic ext3 fs.

mke2fs -j /dev/sda1 mke2fs -j /dev/sda3

Data copying

It's possible to simply use cp to copy the data with the option "-a" which is the equivalent to "-dpR" which means :

• -d same as --no-dereference --preserve=links
• -p same as --preserve=mode,ownership,timestamps
• -R, -r, --recursive

Mount the disks as follows :

cd /mnt mkdir sda1 sdb1 sda3 sdb3 mount /dev/sda1 /mnt/sda1 mount /dev/sdb1 /mnt/sdb1 mount /dev/sda3 /mnt/sda3 mount /dev/sdb3 /mnt/sdb3

now the super simple part, it can take forever though :

cp -a /mnt/sdb1/* /mnt/sda1/ cp -a /mnt/sdb3/* /mnt/sda3/

Next, initiate the swap partition

mkswap /dev/sda2

And finally, install grub (or lilo) on the MBR

chroot /mnt/sda1 grub-install # or 'lilo' halt

Swell, the machine should be off and you can unplug the "old" disk drive et maybe even rid the CD-Rom drive of the boot CD.. :] .. voilà, you can now boot onto your same old system with a brand new, bigger, faster, awesomer disk drive.. . .. . if .. if everything went well.. :]

And then.. .

Yes, there is a bit more to do, you should recycle your old equipement of course, but before doing that, you might want to destroy the data before disposing (or selling/giving) your hard drives.. you can check the programs shred and wipe

Smart is a system for surveilling the health state of hard drives, for more info please visit wikipedia. In short it's a great tool that one should use.

What you need

• a disk drive (if the disk is within a computer it's even better)
• smartmontools - the package with the "smart" tools
• apt-get install smartmontools

S.M.A.R.T. support

First you need to see if S.M.A.R.T. is supported by your system.. . (for all the below examples we shall assume we want to test hda or sda (IDE/SATA), adjust to your needs)

If you have an IDE drive :

smartctl -i /dev/hda

for SATA do :

smartctl -i -d ata /dev/sda

The output should resemble :

[root@weetabix][~-11:11] smartctl -i -d ata /dev/sda smartctl version 5.36 [i686-pc-linux-gnu] Copyright (C) 2002-6 Bruce Allen Home page is http://smartmontools.sourceforge.net/ === START OF INFORMATION SECTION === Device Model: ST3160812AS Serial Number: 5LS49ZE1 Firmware Version: 3.AAE User Capacity: 160 041 885 696 bytes Device is: Not in smartctl database [for details use: -P showall] ATA Version is: 7 ATA Standard is: Exact ATA specification draft version not indicated Local Time is: Tue Apr 15 11:11:47 2008 CEST SMART support is: Available - device has SMART capability. SMART support is: Enabled

If you see SMART support is: Disabled instead of SMART support is: Enabled then you just need to activate S.M.A.R.T. and this is only possible if you see SMART support is: Available - device has SMART capability..To activate S.M.A.R.T. :

smartctl -s on /dev/hda

if you have a SATA drive :

smartctl -s on -d ata /dev/sda

Testing the drive

The option -H will output the health state of the drive, this is based on the "offline" tests that you must manually execute and other tests that the drive wil do on its own when SMART is activated. To activate SMART use the switch -s like this :

smartctl -H /dev/hda

for SATA

smartctl -H -d ata /dev/sda

The result should be :

SMART overall-health self-assessment test result: PASSED

If it isn't then you should backup all important data now and worry a little bit, the disk could live its last moments.

A quick test

This will execute a quick electronic, mechanical and read performance test.

smartctl -t short /dev/hda

SATA

smartctl -t short -d ata /dev/sda

A message should show how much time the test will take and even the time it should end, generally it's around 2 minutes. The test will run in the background, you can get the results by (wait for the test to end for better results :] ) typing :

smartctl -l selftest /dev/hda

and for SATA, now you probably figured out that you just need to add '-d ata' every time :]

smartctl -l selftest -d ata /dev/sda

You could see something like this :

=== START OF READ SMART DATA SECTION === SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 7022 -

if your not as lucky it could be more like :

=== START OF READ SMART DATA SECTION === SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed: read failure 60% 18222 44603135

A more complete test

This test is like the short version except that it takes so longer so it's more... thourough..

smartctl -t long /dev/sda

just in case :p - SATA

smartctl -d ata -t long /dev/sda

On a 40GB drive (and IDE and a SATA) this test took 17 minutes for me. To see the results, same story as the short test.. you might see the results of previous tests too...

For a good healthy disque you might see :

=== START OF READ SMART DATA SECTION === SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Extended offline Completed without error 00% 7023 - # 2 Short offline Completed without error 00% 7022 -

If your hard drive is getting close to the end of retirement you might see something like :

=== START OF READ SMART DATA SECTION === SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Extended offline Completed: read failure 20% 18223 45651711 # 2 Short offline Completed: read failure 60% 18222 44603135 # 3 Extended offline Completed without error 00% 0 -

Want to see the error logs ?

I wish disk errors would never occur... but if you need to see the error logs (or if you just like seeing the message "No Errors Logged") than use the option "-l error".

smartctl -l error /dev/hda

SATA :]

smartctl -l error /dev/sda

And that's it for us, if you want to read more about it go read an article written by the author.

so you have a bluetooth GPS reciever and you have a computer running linux with bluetooth capabilities, maybe you have not yet used them together. .. well here are a few things that may help. this tutorial has been written using Ubuntu, actually Kubuntu 8.04, i have done most things said here a few years ago with Debian Sarge so i suppose many things should work the same on other systems although here i haven't mentioned installation of any bluetooth apps as they are all already installed by default.

finding the reciever

for this we will need to use hcitool like this :

hcitool scan

If you don't have it you can install it;

apt-get install bluez-utils

this tool with the option 'scan' allows us to find the MAC addresse of the reciever (and yes it will also show you the phones and audio sets and etc of your neighbours.

example :

[manu@hal][~-20:46] hcitool scan Scanning ... 00:44:44:44:44:44 Ordinateur de christophe macmac 00:DD:DD:DD:DD:DD HOLUX GPSlim236 00:33:33:33:33:33 telephone

here we can see the MAC of the "HOLUX GPSlim236", we happy.

connecting people the GPS and the computer

we can use rfcomm to attach the GPS to /dev/rfcomm0, for this all we need to do is :

rfcomm connect 0 00:DD:DD:DD:DD:DD

if we unzoom it should look like this :

[manu@hal][~-20:52] rfcomm connect 0 00:DD:DD:DD:DD:DD Connected /dev/rfcomm0 to 00:DD:DD:DD:DD:DD on channel 1 Press CTRL-C for hangup

the "0" means the we want to attach the device to /dev/rfcomm0, you can use any other number if needed. as indicated, to hangup, press "ctrl + c" in the terminal when done.

it is now possible to read the infos directly from the reciever by exectuting "cat /dev/rfcomm0", if you are able to understand and decode the infos as they go by you might not need to go further.. . :]

[manu@hal][~-20:53] cat /dev/rfcomm0 $GPGGA,182655.235,0000.0000,N,00000.0000,E,0,00,,0.0,M,0.0,M,,0000*4A $GPRMC,182655.235,V,0000.0000,N,00000.0000,E,,,311006,,,N*7A $GPVTG,,T,,M,,N,,K,N*2C $GPGGA,182656.235,0000.0000,N,00000.0000,E,0,00,,0.0,M,0.0,M,,0000*49 $GPRMC,182656.235,V,0000.0000,N,00000.0000,E,,,311006,,,N*79 $GPVTG,,T,,M,,N,,K,N*2C $GPGGA,182657.235,0000.0000,N,00000.0000,E,0,00,,0.0,M,0.0,M,,0000*48 $GPGSA,A,1,,,,,,,,,,,,,,,*1E

gpsd - the GPS server

gpsd is a gps server that will read from /dev/rfcomm0 and relay it to the programs that need gps infos, they will connect to gpsd, some older programs would connect directly to the rfcomm "thingy", nowadays they will connect to gpsd, by default on localhost, port 2947.

for our first attempt it's a good idea to launch gpsd in debug mode "-D 2" and because we don't want it to be daemonized the option "-N" will be of good use. another thing that might be useful in some cases is the "-b" option, this option tells gpsd to not try to configure the reciever in any way but only read from it. .. they say it's less performant but on some recievers it can be bad.. :] (apparantly it is a bluetooth issue).. .

gpsd -b -N -D 2 /dev/rfcomm0

and now. .. the client(s)

there are many gps clients out there for linux, here is a brief overview of a few of them :

• xgps - this program shows the gps infos (satellites, speed, postition, etc).
• cgps - same as xgps but in text mode. . (i like)
• gpsdrive - this navigation tool is supposed to be able to guide you when travelling by car, boat or plane.. . i'm not sure it's complete, or actually i'm not sure i know how to use it :]]] definetly one of the most important gps client projects
• viking - i am in the phase of discovery with this one, it has a nice interface any apparantly many possibilities
• gpsctl - this little software piece is useful for changing the mode of a GPS reciever from NMEA to binary and vice versa

xgps and cgps

these two programs are generally used just to test the gps installation, they connect to gpsd and show satellite infos, with position and speed (if available).. very useful when you just want/need to see what's going on.

gpsdrive

this is supposed to be a navigation program, i'm not sure it's finished or maybe i just don't know how to use it (or maybe the ubuntu version is weirdly compiled :] ), in all cases it's one of the most serious projects out there and has actually helped me navigate through some dirt roads on vancouver island.. you will need to download the maps with the help of an IP of course (so yes, do that before leaving $home unless you have a portable IP)..

viking

this program is supposed to be able to do alot of things, of course i'm not going into detail on what can be done with the gps clients here.. however there is an interesting thing when adding a GPS layer, i am not sure where this "bug" comes from but you can only chose from a pulldown menu, and /dev/rfcomm0 is not there, so the trick is to link ttyUSB0 (or ttyUSB1) to /dev/rfcomm0 like this:

sudo ln -s /dev/rfcomm0 /dev/ttyUSB0

without going into the details, i must say that the realtime mode is kicks arse, i recorded a journey i did and then when i got home i added a "map layer", downloaded the maps and i could see where i have been.. . very sweet. you can even goto the GPS layer and unfold untill you get to "REALTIME" and "right click" => properties and see a whole bunch of stuff.. . :]

gpsctl

if your gps can change from NMEA mode to binary and back then this tool can help you do that.. . useful if it's "stuck" in binary.. (the binary mode is usually proprietary so it can also be called "useless mode")..

to switch to NMEA mode (if only one gps device is connected) all you need is :

gpsctl -n

now you can play will all this stuff and figure out how to actually use the software for whatever the hec you wanted gps in the first place.. . if you do have comments and/or stuff to point out to me please do so . .:]

i originally wrote this tutorial when i first started using linux, at the my debuts i suffered and so i decided to help myself and others by writing a little howto for the first (or almost first) steps with linux. . i started by writing some notes about how to get around the filesystem, copy files, know how much space is occupied by what folder etc etc. .. hey there might even be a little option that an experienced user might not know oh. .. :p

commands used :

• ls : list
• pwd : tell me where i am (print working directory)
• cd : change directory
• cp : copy
• mv : move
• rm : delete
• df : show disk space usage (disk free)
• du : disk usage

ls - list

ls is for listing files. by default this will list the files in the directory where you are, for example :

[user@machine]$ ls images/ text.txt

you can also specify the directory for which you want to list it's contents, for that all you need to do is specify the path to that directory after the command ls, some call it an "argument", i wont argue with that and hence do the same.. : ] example :

[user@machine]$ ls /home/user images/ text.txt

this command will list the contents of the folder /home/user no matter where it's executed, the same logic can be applied to most of the commands used in this tutorial.

another feature are options, they are often letters prefixed by a minus sign, for the command ls among all the available options i'll just show a few that i believe are most useful for beginners, to grasp the idea best is to try

• -l : show details; permissions, size, etc...
• -a : show all files (all = even the "hidden files"
• -h : human readable; when this is used with "-l" the file size becomes, as said, readable by humans (Ko,Mo,Go)
• -S : sort by size

of course these options can be combined for example ls -lha will list all files and their sizes in a human readable format.

pwd - print working directory

i haven't explained how to move around the file system, but first it's good to know where you are right ? the command pwd shows where you are with the absolute path, meaning it starts from the "slash" "/" which represents the absolute top of the file system and all the way down to the directory where you are. example ? mkay.

[user@machine]$ pwd /home/user/folder

cd - change directory

now we can think about moving about, for example there is a directory images in /home/user, to go there you can execute :

[user@machine]$ cd /home/user/images

this will take you to the directory images no matter where you are when you execute it, this is because it is the absolute path. you can also use relative paths, meaning the starting point is the directory where you are. if you are in the directory /home/user you can simply type cd images to go to /home/user/images.

maybe you have noticed, when you execute ls -a there is a "." and a "..". the . represents the current directory and the .. represents (yo yo) the parent directory.. hence, to go up you can type cd .. (2 dots) and cd . (1 dot) .. . well that just leaves you in the current directory, i'll admit in this case it is not so useful, but later on in life it will be.. .

so, an example; if you are in the directory /home/user the two following commands will take you to the SAME directory :

cd ../other_user/images2 cd /home/other_user/images2

another little tip, cd ~ will take you to your home, actually the ~ represents your home folder. .. Tip: you can just type cd and you will be taken to your home directory.

cp - copy

to copy a file all you need to do is execute cp source destination so: cp text.txt images/text.txt will copy 'text.txt' to the directory 'images', if you don't intend to change the filename (text.txt) you can just type : cp text.txt images/ which will copy text.txt in the directory images.

of course you can use absolute and or relative paths for the source and/or destination.

among many options, i like these :

• -r : copies recursively, useful for copying directories
• -p : preserve attributes such as date and permissions

mv - move

for moving a whole folder or just files mv does the job, you can also rename a file by "moving" it. mv /path/file /other/path/ will move the file to /other/path/file mv file newfile will rename file to newfile mv directory/ /other/path/ will move directory to /other/path/directory

rm - remove

now you can start erasing things. .. be careful there is no going back (or at least, no easy way)

some useful options are :

• -r : recursive; useful for erasing a folder AND all it's contents
• -f : forece; sometimes you system will ask you "are you sure blah blah", this option is the "just do it" mode

examples :

rm file #erases a file (called "file") rm -rf /home/user/images/ # erases the directory "images" and all it's contents

df - disk free

when you need to know how much space you have to spare on your disk drive df is handy, actually it will tell you how much space you have, total, used, free per partition on whatever is mounted.

Options I like:

• -h : human readable
• -T : show the file system types

du - disk usage

very useful for getting the space used by a directory, du lists the contents of every present directory and goes on recursively to list everything beneath showing the size of every file and then the total.

this is best used with such options as :

• -h : human readable
• -s : shows only the total

a combination i enjoy is : du -hs */ this command prints the size of each present folder one by one .. .

examples

du . # here the . is used to indicate that we want to start measuring from the present folder. du -hs . # does the same as the above except that the result is human readable and shows only the total. du -hs /home/*/ # useful when you want to know the size of your user's home directories.

depending on your distribution some aliases might be preconfigured, for example with mandrake 9.1 (yes that was a while ago) df was aliased to df -h, you can check and or configure such things in /etc/profile.d/alias.sh.

learn how to fish and you'll never be hungry

this means, there is something called the "manual" for almost every linux command (and program), you can use it by executing man command and that will print out the manual

man pwd

now you know everything, you can start helping out others.. . :]

NFS stands for Network File System, and yes this does mean that you can share files over the network.. . basically what you do with this is mount folders from a server onto a client. NFS uses IP addresses for "authentication", also it uses the servers file permissions plus UID and GIDnow enough bla blah and lets just. ..

installing the server (with debian)

for the server we will need :

• some software: nfs-kernel-server apt-get install nfs-kernel-server
• the following kernel modules: (they are often already included in the default kernel) NFS server support [*] Provide NFSv3 server support [*] Provide server support for the NFSv3 ACL protocol extension [*] Provide NFS server over TCP support
• optional, support to mount NFS (this will be used by the client) NFS file system support

configuration

first step is define what needs to be shared in the file /etc/exports

/mnt/share 192.168.88.8(rw) 10.20.30.100(ro) /home/user/other 192.168.88.8(rw)

explanations :

• share path : this is where we put the full path of the folder to share (without trailing slash).
• the IP that is allowed to access the share
• permissions : (ro) read only, or (rw) read write

  as i was saying in the intro, the ability to actually read or write on the nfs mounted system also depends on the permissions of the files on the server itself, the client inherits the same permission "numbers" and uses the server's UID and GID. . meaning you should be careful about what you are doing here. if a shared file is chmod 644 and UID:GID is 1001:1001 then this will be potentially read writable by the user 1001 on the client and only readable by others.

now configure hosts allow and deny

/etc/hosts.deny by default close everything :

portmap:ALL lockd:ALL mountd:ALL rquotad:ALL statd:ALL

/etc/hosts.allow here we can open access for those we want to :

portmap: 192.168.88.8 10.20.30.100 lockd: 192.168.88.8 10.20.30.100 mountd: 192.168.88.8 10.20.30.100 rquotad: 192.168.88.8 10.20.30.100 statd: 192.168.88.8 10.20.30.100

restarting services

very simple of course

/etc/init.d/portmap restart /etc/init.d/nfs-kernel-server restart

on the clients

having a network file server is cool but without any clients . .. might as well close shop. . :] so we shall need :

• software nfs-common portmap: apt-get install nfs-common portmap
• required kernel modules (these are often included in the distros base kernel) : NFS file system support [*] Provide NFSv3 client support

client configuration

now all we need to do is mount the NFS resource, for this we have a few possibilities, manual mounting, fstab or on demand with autofs (check out the article autofs)

we shall consider that :

• NFS_SERVER is the NFS server's IP address
• /mnt/share is the share configured on the NFS server
• /home/user/share is the mountpoint of the NFS share on the client

now we can go through the different ways of mount all this crap, i mean network file system.. .

1. manual method (got root ?) mount NFS_SERVER:/mnt/share /home/user/share
2. the /etc/fstab way of life NFS_SERVER:/mnt/share /home/user/share nfs rw 0 0
3. using autofs o/ share rw NFS_SERVER:/mnt/share

   with a few more options this can become :

   share -rsize=8192,wsize=8192,soft,timeo=14,rw NFS_SERVER:/mnt/share

NFS mount options

• hard or soft ?

  you might notice that when the NFS server is unavailable the program using that resource will start agonizing, it will struggle for life as hard as it can, it will.. . now this is normal because, by default the NFS share is mounted with the "hard" option, this means that as long as the resource is unavailable the program will just stay there waiting, as if it stopped time, once the NFS is back online it will carry about as if nothing happened. . you could add the option "soft", this will cause the program using an NFS resource to simply crash (or something) (input/output errors) in the case of availability issues.. i generally prefer this for mounting shares with music and videos and such, however if you are using a mounting the mail spool by NFS on a wired network you just might want to stay hard (did that sound weird ?)... . basically you chose depending on what you now know.

• rsize wsize

  this defines the block size of stuff to be exchanged between both machines, different combinations for different configurations, if you want to get serious on this goto http://tldp.org/HOWTO/NFS-HOWTO/performance.html and see what they say.. . bigger, smaller, the best performance option will depend on kernel and nic.. ..

for just plain more info

http://tldp.org/HOWTO/NFS-HOWTO/

this little howto shows how to get a usb stick to act like an install cd for debian.. .

need:

• the image file: boot.img.gz (hd-media)
• the iso image: iso debian-xxx-netinst.iso
• a usb stick

partitioning and formatting

simply plug the usb stick into the computer somewhere and just do not mount it. in this example the usb stick is/dev/sda

fdisk /dev/sda

now with the menu and options and stuff we'll have to make a clean slate and repartition.

WARNING all data and the usb stick will be erased

• start from zero : o
• create a new partition : n then p then 1 then accept default responses for the next 2 options
• make bootable : a then 1
• change to fat16 : t then 6
• apply settings and quit fdisk: w

now we can format

mkdosfs /dev/sda1

a little MBR is always nice

lilo -M /dev/sda

copy de debian images

we will push boot.img.gz into /dev/sda1 and then copy the iso image onto the stick

zcat boot.img.gz > /dev/sda1 mkdir /mnt/debianusb mount /dev/sda1 /mnt/debianusb cp debian-xxx-netinst.iso /mnt/debianusb umount /dev/sda1 rmdir /mnt/debianusb

and that's it, you can install debians all over the place now :]

the acer aspire one is one of those new tiny laptops with an SSD disk drive, i got the one with linpus linux which of course is useless for someone who does "things" with his/her computer.. . so i decided to install linux.. :] instead of putting debian stable as i usually do i decided to go crazy and put .. .. . Kubuntu.. . yes i like KDE, and so voilà, most things here should work with most distributions anyways.

make a bootable usb drive

for this you will need:

• a pc with linux
• a usb stick (at least 1GB)
• access to the interweb

download the kubuntu.iso image by "clicking" http://www.kubuntu.org/getkubuntu/download

iso2usb.sh

now get this script from: http://jak-linux.org/tmp/iso2usb.sh and use it to do all the dirty work.. . we will also need to install syslinux so, as root type

IMPORTANT: in this case /dev/sda is the usb stick, if it's sdb or sdc, adjust accordingly

apt-get install syslinux mbr wget http://jak-linux.org/tmp/iso2usb.sh sh iso2usb.sh kubuntu-xxx.iso sda

installing kubuntu

press F12 during the boot of the acer to boot from the usb key. type "live" or something to commence the install process.. . then you can go through the usual process of picking your location/language/keyboard_layout/etc etc.. . the interesting part comes up at the formatting step.. a few hints:

• chose "ext2", i heard there would be less disk blogging (journaling) going on
• for swap.. if you feel adventurous, don't use swap, otherwise do what you gotta do

NOTE about the "disk": the disk has good reading performance, but writing. . .... imagine the speed at which you could manually be writing down your data to your disk with a ball point pen !! so the goal here is to reduce as much writing as possible (i found out i have the "slow SSD" one, don't know if there are faster ones.. according to this pagehttp://www.blogeee.net/codex/index.php?title=Acer_Aspire_One that has alot of the specs i actually have the faster one.)). IF you can, add some RAM, i am currently running on 512MB 1024MB of RAM and no swap, it's somewhat sad alot better but and it's better than when the computer needs to swap on the SSD..

to see which SSD you have :

root@hal:/home/manu# hdparm -i /dev/sda /dev/sda: Model=P-SSD1800 ...............

first thing after bootup

... well.. . .update.. : ]

sudo su # because i hate typing sudo on every line apt-get update apt-get upgrade

why fie (or as some say "wireless"

of course the wireless does not work right away and well, for me, before anything else in the world i want to rid the RJ45 cable asap.. .. having a tiny laptop with cables all over the place just doesn't make sense.. . for this we will need to compile the driver, and to compile the driver we will need to install some packages first so :

apt-get install build-essential libc6-devx

the madwifi site is, IMHO, a tiny bit of a mess, i originally installed the wifi by getting madwifi-nr-r3366+ar5007.tar.gz from http://snapshots.madwifi.org/special/ but NOW, it seems i need to get madwifi-hal-0.10.5.6-r3816-20080724.tar.gz (latest version) from http://snapshots.madwifi.org/madwifi-hal-0.10.5.6/ ... so (this is probably already outdated):

cd /usr/src wget http://snapshots.madwifi.org/madwifi-hal-0.10.5.6/madwifi-hal-0.10.5.6-r3816-20080724.tar.gz tar zxvf madwifi-hal-0.10.5.6-r3816-20080724.tar.gz cd madwifi-hal-0.10.5.6-r3816-20080724 make make install

at this point in your life you might be asked to remove old modules, if so chose r then:

madwifi-unload modprobe ath_pci

i actually had to reboot and fiddle with the wifi button (for me the led doesn't light up.. .ever) to catch some wifi signals, so good luck with that.. . :]

general optimizations

i found an interesting tutorial that gave some good tips.. in /etc/rc.local add the following (before the line exit 0).

# SP: save the SSD sysctl -w vm.swappiness=1 # Strongly discourage swapping sysctl -w vm.vfs_cache_pressure=50 # Don't shrink the inode cache aggressively # SP: from rc.last.ctrl on Linpus echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor echo ondemand > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor echo 1500 > /proc/sys/vm/dirty_writeback_centisecs echo 20 > /proc/sys/vm/dirty_ratio echo 10 > /proc/sys/vm/dirty_background_ratio [ -L /sys/bus/usb/devices/1-5/power/level ] && echo auto > /sys/bus/usb/devices/1-5/power/level [ -L /sys/bus/usb/devices/5-5/power/level ] && echo auto > /sys/bus/usb/devices/5-5/power/level # SP: Accelerate hibernation and reduce the image size echo 0 > /sys/power/image_size # SP: according to Linpus, for the multicard reader ## see http://petaramesh.org/post/2008/07/16/Installation-de-KUbuntu-sur-un-Acer-Aspire-One # for the script jmb38x_d3e.sh setpci -d 197b:2381 AE=47 nice /usr/local/sbin/jmb38x_d3e.sh & # SP: another Linpus thing /usr/bin/setkeycodes e025 130 /usr/bin/setkeycodes e026 131 /usr/bin/setkeycodes e027 132 /usr/bin/setkeycodes e029 133 /usr/bin/setkeycodes e071 134 /usr/bin/setkeycodes e072 135 /usr/bin/setkeycodes e055 159 /usr/bin/setkeycodes e056 158 # /SP

/boot/grub/menu.lst

because there is a timing issue we can gain a whopping 0.00000000032 seconds on bootup, and every picosecond counts. there is also an option to reduce seek time. first thing is insert these options in the defoptions sections so that they are applied upon kernel updates so,find the line :

# defoptions=quiet splash

and change it to:

# defoptions=elevator=noop clocksource=hpet quiet splash

then in the kernel section, for every kernel you want to use you can add the clocksource=hpet and elevator=noop thing like thisfrom:

kernel /boot/vmlinuz-2.6.24-19-generic root=UUID=d73def36-8ef6-4da3-a8cf-d899fda3834a ro quiet splash

to

kernel /boot/vmlinuz-2.6.24-19-generic root=UUID=d73def36-8ef6-4da3-a8cf-d899fda3834a ro clocksource=hpet elevator=noop quiet splash

for some explanations on noop visit http://lonesysadmin.net/2008/02/21/elevatornoop/.

more more more optimizations

we can now modify /etc/sysctl.conf and add this at the end:

# decrease swap usage to maximize SSD life vm.swappiness = 1 # Don't shrink the inode cache aggressively vm.vfs_cache_pressure = 50

oh dio

aka audio, who needs sound on a computer. .. .well, just for the sake of it.. .: ] the sound should work right away however after a suspend to RAM i noticed the sound just doesn't wake up, the only way to reanimate it is to use a windows user reflex and reboot.. . of course we won't leave it at that, we can vaccinate the little bugger by adding something somewhere..

echo "options snd-hda-intel model=acer" >> /etc/modprobe.d/alsa-base

this should do for now, i'll probablly add stuff as life goes by, especially stuff about the card readers which for me do not work yet. ..

post conclusion

pain : one very painful thing is the fact that NetworkManager has a memory leak the size of china, apparently this bug is "heard of" but remains still present in "hardy" (hardly ?). this can be fixed by installing network-manager_0.6.6-0ubuntu7_i386.deb which can be found on this page or more directly, here. after downloading all you'll need to do is :

dpkg -i network-manager_0.6.6-0ubuntu7_i386.deb

some links

because everything i know was known elsewhere by others and even published before i was born, here are some references that helped me get this document and computer up and running

• http://doc.ubuntu-fr.org/installation/depuis_une_cle_usb
• http://www.debuntu.org/how-to-install-ubuntu-linux-on-usb-bar-p2
• http://petaramesh.org/post/2008/07/16/Installation-de-KUbuntu-sur-un-Acer-Aspire-One
• https://help.ubuntu.com/community/AspireOne
• http://jkkmobile.blogspot.com/2008/07/how-to-update-acer-aspire-ones-ssd.html

here are some notes about how to get some sieve filtering action while using the Workaround ISP style email system. basically i use the workaround tutorial (with one slight modification), add pysieved and use the best webmail ever (squirrelmail of course) with the avelsieve plugin.

Pysieved

* goto http://woozle.org/~neale/src/pysieved/ and get pysieved-HEAD.tar.gz (this tutorial was done with version 1.0)

* unpack the archive in /usr/local/ and copy the conf file to /usr/local/etc/

cd /usr/local cp /wherever/you/downloaded/pysieved-HEAD.tar.gz . tar xvf pysieved-HEAD.tar.gz cp /usr/local/pysieved/pysieved.ini /usr/local/etc/

* edit /usr/local/etc/pysieved.ini

alot of things need to be changed: so here is basically the entire file with only the necessary stuff (plus the bindaddr which can be useful).

/usr/local/etc/pysieved.ini: [main] # Authentication back-end to use auth = Dovecot # User DB back-end to use userdb = Dovecot # Storage back-end to use storage = Dovecot # Bind to what address? (Ignored with --stdin) #bindaddr = 127.0.0.1 # Listen on what port? (Ignored with --stdin) port = 2000 # Write a pidfile here pidfile = /var/run/pysieved.pid # What UID and GID should own all files? -1 to not bother uid = -1 gid = -1 # Switch user@host.name to host.name/user? hostdirs = False [Dovecot] # Path to Dovecot's auth socket (do not set unless you're using Dovecot auth) mux = /var/spool/postfix/private/auth # Path to Dovecot's master socket (if using Dovecot userdb lookup) master = /var/run/dovecot/auth-master # Path to sievec sievec = /usr/lib/dovecot/sievec # Where in user directory to store scripts scripts = pysieved # Filename used for the active SIEVE filter (see README.Dovecot) active = .dovecot.sieve # What user/group owns the mail storage (-1 to never setuid/setgid) uid = -1 gid = -1

* edit and reload inted

echo "sieve stream tcp nowait root /usr/bin/python python /usr/local/pysieved/pysieved.py --inetd" >> /etc/inetd.conf /etc/init.d/openbsd-inetd restart

Squirrelmail

for some reason i thought there was alot to do here, actually it's a bit "too" easy.. : ]

* on a working squirrelmail configuration, we need to:

1. download the avelsieve plugin to the appropriate folder from author's siteor squirrelmail plugin page.
2. expand the archive
3. copy the config_sample to config.php

cd /path/to/squirrelmail/plugins/ cp /wherever/you/downloaded/avelsieve-1.9.7.tar.gz . tar zxvf avelsieve-1.9.7.tar.gz cp avelsieve/config/config_sample.php avelsieve/config/config.php

execute conf.pl (in /path/to/squirrelmail/config) to activate the plugin

Dovecot

(optional): i changed one line in the dovecot.conf file, just to have more "space"

from:

mail_location = maildir:/home/vmail/%d/%n

to

mail_location = maildir:/home/vmail/%d/%n/maildir

NOTE: if your mail server has already received emails before this you might have to "mv" some stuff from the /home/vmail/domain.tld/user/ to /home/vmail/domain.tld/user/maildir/ after /home/vmail/domain.tld/user/ should look like:

lrwxrwxrwx 1 vmail vmail 18 2008-05-16 12:41 .dovecot.sieve -> pysieved/phpscript drwx------ 9 vmail vmail 4,0K 2008-05-15 20:34 maildir drwxr-xr-x 2 vmail vmail 4,0K 2008-05-16 12:41 pysieved

and /home/vmail/domain.tld/user/maildir/ shoud look like:

drwx------ 2 vmail vmail 4,0K 2008-05-15 20:30 cur -rw------- 1 vmail vmail 168 2008-05-15 20:30 dovecot.index -rw------- 1 vmail vmail 17K 2008-05-15 20:32 dovecot.index.cache -rw------- 1 vmail vmail 756 2008-05-15 20:32 dovecot.index.log -rw------- 1 vmail vmail 89 2008-05-15 20:30 dovecot-uidlist drwx------ 5 vmail vmail 4,0K 2008-05-15 20:34 .INBOX.Drafts drwx------ 5 vmail vmail 4,0K 2008-05-15 20:34 .INBOX.Sent drwx------ 5 vmail vmail 4,0K 2008-05-15 21:46 .INBOX.spam drwx------ 5 vmail vmail 4,0K 2008-05-15 20:25 .INBOX.Trash drwx------ 2 vmail vmail 4,0K 2008-05-15 20:30 new -rw------- 1 vmail vmail 47 2008-05-15 20:34 subscriptions drwx------ 2 vmail vmail 4,0K 2008-05-15 20:30 tmp

Minor glitches (and some fixes)

there are a couple of things you should know:

1. * once a user adds his own sieve filter it deactivates the globalsieve filter, meaning spam will no longer be filtered. the first rule to be added should be a spam rule.
2. * deleting rules works fine EXCEPT that there must always remain at least one rule and that last rule can be disabled. HOWEVER, there is a FIX, thanks Mike Lewinski, the file table.php needs to be patched, hereis how:

cd /path/to/squirrelmail/plugins/avelsieve/ cp table.php table.bak wget http://www.rockynet.com/patches/table.patch patch table.php table.patch

and voilà, you can now erase all rules.

that should be all, you can now enjoy sieve filters. .. yay. \o/

tis a small tutorial on Awstats, we suppose that you already have Apache installed and working on your serrver.

get and uncompress the program

you will need to get Awstats from http://awstats.sourceforge.net/#DOWNLOAD (i used awstats-6.7.tar.gz for this tutorial)

so you can do something like:

cd /usr/local/ wget http://the_link_to_get_awstats

decompress and install awstats

tar zxvf awstats-6.7.tar.gz mv awstats-6.7 /usr/local/awstats chown -R root:www-data /usr/local/awstats chmod 750 /usr/local/awstats mkdir /var/cache/awstats chown www-data:www-data /var/cache/awstats

configure Awstats

to simplify things you can get some "home made" default configuration files and then modify them:

mkdir /etc/awstats cd /etc/awstats wget http://manurevah.com/stuff/awstats/awstats.domaine.tld.conf wget http://manurevah.com/stuff/awstats/include.conf

then copy awstats.domaine.tld.conf to awstats.mywebsite.com.conf, you can repeat this for the web sites you wish to have Awstats statistics.

cp awstats.domaine.tld.conf awstats.mywebsite.com.conf

in your new file you'll need to modify:

LogFile="/var/log/apache/mywebsite.com.log" # this should be the apache log file of the vhost SiteDomain="monsiteamoi.com" # the domain name HostAliases="www.monsiteamoi.com"

Updating the statistics

we shall create a little script that will be executed by crontab

vi /usr/local/sbin/awstats-cronbin

and we should insert

#!/bin/bash perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=mywebsite.com perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=example.com

then make it executable

chmod +x /usr/local/sbin/awstats-cronbin

and now tell crontab to do something;

echo "0 6,12,18,22 * * * root /usr/local/sbin/awstats-cronbin" >> /etc/crontab

Apache configuration

to consult the stats we will be going through apache, you can have a global access to Awstats (bad) or make it available only to a virtual host (good). in this example i'll configure the subdomain stats.monsiteamoi.com for consulting the stats, this does however imply that you know something about Apache so you can adapt this to your setup..

<VirtualHost *:80> ServerName stats.mywebsite.com DocumentRoot /var/www/html/user/stats.monsiteamoi.com CustomLog /var/log/apache2/stats.monsiteamoi.com.log combined # Configuration pour Awstats <Directory "/usr/local/awstats/wwwroot"> Options None AllowOverride AuthConfig Order allow,deny Allow from all </Directory> Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" Alias /awstatscss "/usr/local/awstats/wwwroot/css/" Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" </VirtualHost>

make sue that in each concerned virtual host the logs are created as follows for this is what Awstats will need to read from.

CustomLog /var/log/apache/domain.tld.log combined

now we need to restart apache, always check your configuration before otherwise your billions of visitors might not be able to access your advertisement server while you repare.. :]

apachectl configtest apachectl graceful

looking at stats

all you need to do is point your browser to the virtual host previously configured for this purpose, in this example it's stats.mywebsite.com, then to the awstats perl script with the domain name stats to consult as an argument. the part: config=mywebsite.com will look in /etc/awstats for a file named awstats.mywebsite.com.conf.

in short: http://stats.mywebsite.com/awstats/awstats.pl?config=mywebsite.com

security

you can secure access with an .htacces file and/or directly from withing Apache's configuration:

<Files "awstats.pl"> AuthUserFile /var/www/.htpasswd # make sure you have this htpasswd file AuthGroupFile /dev/null AuthName "mdp stp" AuthType Basic require valid-user AllowOverride AuthConfig </Files>

for now we are done, you can now tweak and tell me about it if you'd like

Munin is a program that gives you some graphs about your system that you can visualize from a web page.

there are two parts to this, the server and the client, you can have one server and as many clients (nodes) as you may need, and so from the server you can read the infos from your nodes. in this tutorial i'll show you the most basic setup, you will be able to complicate things on your own.

Installation

on Debian all you need to do is:

apt-get install munin munin-node

these folders will be created:

• /var/www/munin
• /etc/munin/
• /usr/share/munin/plugins/

server configuration

In /etc/munin/munin.conf there should be:

dbdir /var/lib/munin htmldir /var/www/munin logdir /var/log/munin rundir /var/run/munin

if you want to change something, like htmldir, this is where you do that.

you can also modify (example):

[localhost.localdomain] address 127.0.0.1 use_node_name yes

to

[machinename.lan] address 127.0.0.1 use_node_name yes

this tells the server which nodes it needs to get infos from and there name (can help to know what you are looking at). this would be where you can add your nodes

looking at the graphs

all you need to do is point your browser to the page defined by htmldir, in this case: /var/www/munin

on Debian by default it would be http://IP/munin this could vary.

node configuration

the default configuration should be good enough for now, however you can look into /etc/munin/munin-node.conf and see what's up there. if your node is not on the server itself you my want to allow access to the server, add something like this:

allow ^127\.0\.0\.1$ allow ^192\.168\.1\.11$

here we allow localhost and a computer on the lan (this should be the server that regroups all the graphs), this works for public IPs of course, if you are wondering which port to open the answer is: TCP 4949

Plugins

adding a plugin is, normally, as simple as adding a link in /etc/munin/plugins/ to the plugin file that is in /usr/share/munin/plugins/, then you configure the plugin and restart munin-node

for example :

cd /etc/munin/plugins/ ln -s /usr/share/munin/plugins/df . # this one might already be activated. ./df autoconf yes /etc/init.d/munin-node restart

of course it wont always be that easy, instructions are in the plugin file itself, read that for each plugin may have different requirements and installation methods, some may require kernel modules and or software too.

some plugins are suffixed with an underscore "_", for these you should not just create a link, let's see how this works with an example:

say i'd like to use sensors, i notice /usr/share/munin/plugins/sensors_, now i use the suggest option:

/usr/share/munin/plugins/sensors_ suggest

this shows:

fan volt temp

so for the temperature i'd do this:

cd /etc/munin/plugins/ ln -s /usr/share/munin/plugins/sensors_ sensors_temp

easy as pie, now you can go and make things complicated.. . . . :]

This program allows one to automate mounting and unmounting of different types of filesystems, be it a usb drive, samba share or nfs, and for sure others. It is like fstab but on demand.

What you will need

• A kernel with the option "Kernel automounter" File Systems ---> <*> Kernel automounter version 4 support (also supports v3)
• The program autofs apt-get install autofs
• Stuff to cope with the filesystems you want to mount

  For example: for a USB drive you will need the appropriate kernel modules (mass storage + filesystem support), for a samba share you will need the kernel options AND the program smbfs.

Configuration

To configure autofs edit the master file /etc/auto.master, in this file we shall declare which configuration files to use with some options.

/etc/auto.master

Ok, so in /etc/auto.master add a line according to the following example (you can add as many as you need):

/mnt/autofs-user /etc/auto.user --timeout=3 --ghost

Explanation (in order of appearance):

• the root folder where we shall mount things
• the configuration file for these mountings
• some additional options

--timeout : as it sounds, timeout option defines how much time (in seconds) before a resource is unmounted when not in use.

--ghost : this option creates a "ghost" folder of each defined mount point, whether it is mounted or not, as long as autofs is running it will create the folder. If you don't have this option you will need to specify precisely the path to indicate to autofs that it must attempt to mount the filesystem you are trying to access. (reading on might help to understand this)

Now we need to create the root folder for our mounts:

mkdir -p /mnt/autofs-user

/etc/auto.user

It is here that we define the crap we want to mount, in this case some usbdrive:

usb1 -fstype=auto,rw,uid=1000,gid=1000 :/dev/sda1 usb2 -fstype=auto,rw,uid=1000,gid=1000 :/dev/sdb1

It is in /mnt/autofs-user/sda1 that we will mount /dev/sda1 with the same type of options as you would put in fstab.. ..

uid and gid : here we put the uid and gid of the user who is supposed to access this resource, if you don't mount will belong to root and the user won't be able to write to his usbdrive.

now if all is good, restart autofs

/etc/init.d/autofs restart

Usage

Now all you need to do is goto /mnt/autofs-user/, you should see the folders usb1 and usb2 which should be "empty".

By entering /mnt/autofs-user/usb1 (or listing it's contents etc etc.) autofs will mount /dev/sda1 in the folder usb1 as defined in the file /etc/auto.user and /etc/auto.master. To be clear, /etc/auto.master defines the root for mounting things according to a sub configuration file (in this case /etc/auto.user) and /etc/auto.user defines the subfolder only.

And what about not using --ghost

The option --ghost will automatically create the folders usb1 and usb2 in /mnt/autofs-user, people can think it's practical, however i think not, at least not for the way i use it.

What i do is create a folder from which i want to access the autofs mounts, in my case this is what i do:

mkdir /home/manu/autofs/ cd /home/manu/autofs/ ln -s /mnt/autofs-user/usb1 . ln -s /mnt/autofs-user/usb2 .

This creates some links to inexistent folders Except when sda1 OR sda2 is mounted.

lrwxrwxrwx 1 manu manu 21 2005-08-14 09:53 usb1 -> /mnt/autofs-user/sda1 lrwxrwxrwx 1 manu manu 21 2005-08-14 09:53 usb2 -> /mnt/autofs-user/sdb1

This way when i list the contents of /home/manu/autofs/ autofs will try to mount sda1 and sdb1... the subtle part is what you see as a result of this.

For example, i have a colored bash, if the link points to an existing resource it shows up in yellow for me, if the link points to an inexistent resource it shows up red, this way i know right away what is mounted. Plus with a file navigator such as Konqueror you will see a regular "folder link" if it is mounted or a "?" icon if it is not.

AutoFS and samba and/or NFS

AutoFS is like fstab just that it is on demand, hence you can mount network file systems too.

zik -fstype=smbfs,credentials=/etc/smb.auth.manu,uid=1000,gid=1000 ://192.168.0.100/zik nfs -rsize=8192,wsize=8192,soft,timeo=14,rw 192.168.0.100:/chemin/nfs

Note for the samba share, the file /etc/smb.auth.manu must existe and be chmod 600 and it must contain samba authentication info, example:

username=manu password=toto

now everything should work fine, the sun should shine brighter than the usual and something good will happen to you in less than two weeks if you forward this article to at least 15 people from your contact list. .. . .

: ]