Posts Tagged linux

Upgrading OpenSSL on Debian 6 (squeeze) or Ubuntu 8.04 (hardy)

The Problem on the long term ubuntu 8.04 and the current stable debian is that they ship the old OpenSSL 0.9.8o With that I wasn’t able to compile the new apache 2.4.1 with all the SSL features I want. Downloading the OpenSSL source and just configure make make install didn’t help at all.

checking whether to enable mod_ssl... checking dependencies 
 checking for OpenSSL... checking for user-provided OpenSSL base directory... none 
 checking for OpenSSL version >= 0.9.7... FAILED 
 configure: WARNING: OpenSSL version is too old 
 no 
 checking whether to enable mod_ssl... configure: error: mod_ssl has been requested but can not be built due to prerequisite failures 
 mario@h2020668:~/apache24/httpd-2.4.1$ openssl version 
 OpenSSL 0.9.8o 01 Jun 2010

The only thing that helped was to use the unix config script plus the right prefix plus the shared option

wget http://openssl.org/source/openssl-1.0.1.tar.gz 
 tar xfz openssl-1.0.1.tar.gz 
 cd openssl-* 
 ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared 
 make 
 sudo make install

 

Debian is very fine, but sometimes it sucks because of the lag of new software versions

Tags: , , , ,

vserver ubuntu IPv6 network

Since some days there is IPv6 available for my server. But I noticed it just today. Editing /etc/network/interfaces and adding a new virtual interface didn’t work at all. The /etc/init.d/networking restart just showed errors. And ifconfig venet0 wasn’t satisfying.

What works is /etc/network/interfaces just adding the loopbback

iface lo inet6 loopback
        adress ::1
        netmask 128
        gateway fe80::1

Now the trick is to add /etc/rc.local and add this before exit 0

ip addr add 2a01:238:40ab:cd12:dead:beef:dead:beef/128 dev venet0
ip route add default via fe80::1 dev venet0

Than execute /etc/rc.local
Wonder o wonder. Ifconfig works and also ping6 ipv6.example.com

Than I had to add the new ipv6 adress to my apache config

Listen [2a01:238:40ab:cd12:dead:beef:dead:beef]:80

Don’t forget a to create a symlink from rc.local to /etc/rc2.d/S21rc2.local

Tags: , , , , , , ,

Scroll console output on FreeBSD

People coming from Linux will find that they can’t scroll back through the console output the same way on FreeBSD.

In FreeBSD you need to press “Scroll Lock” and use the arrow keys, PageUp and PageDown to be able to scroll backwards and forwards the console output. To go back to the prompt press “Scroll Lock” again.

Tags: , ,

sudo owns me!

Today I installed sudo on my freeBSD test server. Typed a wrong password and got: You type like i drive. owned! That is a difference from freeBSD to linux sudo

sudo -s also works.

sudo also has an insult mode, which will question your intelligence if you enter a password in wrong.

Tags: , , , , , ,

fun with chmod

Fun thing to do as root, in root: chmod -R 666 * Just as bad as rm -rf *, but more fun. “The files are all there, but I can’t do anything with them!” And you can’t change permissions, since chmod isn’t executable either. :-)

Tags: , , , , ,

Install Tweetdeck on Ubuntu 10.04 64 bit

The worse thing about this is that there is only a 32 bit version of adobe air which is needed to run tweetdeck.

sudo apt-get install lib32asound2 lib32gcc1 lib32ncurses5 lib32stdc++6 lib32z1 libc6 libc6-i386 lib32nss-mdns
wget http://frozenfox.freehostia.com/cappy/getlibs-all.deb
sudo dpkg -i getlibs-all.deb
sudo getlibs -l libnss3.so.1d libnssutil3.so.1d libsmime3.so.1d libssl3.so.1d libnspr4.so.0d libplc4.so.0d \
libplds4.so.0d libgnome-keyring.so libgnome-keyring.so.0 libgnome-keyring.so.0.1.1
sudo ldconfig

Download the AdobeAIRInstaller.bin from http://get.adobe.com/de/air/otherversions/

chmod +x ~/Desktop/AdobeAIRInstaller.bin
sudo ~/Desktop/AdobeAIRInstaller.bin

Keept the /opt folder

goto http://www.tweetdeck.com/desktop/

Tags: , , , , , ,

Wieder einmal aufgeweckt vom embedded Linux

Heute Nacht bin ich mal wieder von meinem embedded Linux aufgewacht, wie schon einmal. Nach der letzten Attacke hatte fail2ban installiert, was erstaunlich einfach ging.

sudo apt-get install fail2ban
sudo nano /etc/fail2ban/jail.conf
sudo /etc/init.d/fail2ban restart

Fertig! Das war es schon.

Und dennnoch blinkte die LED unaufhörtlich in der Nacht. Über 100 IP adressen, die gehackt haben bis endlich ruhe war. Alle anderen computer waren ausgeschaltet, so dass die anderen Ports vom Portforwarding beim scan zumindest closed oder filtert anzeigen müssen. So viel Ernergie wegen einem offnen SSH port bei einer IP die sich alle 24 Stunden ändert? Mich wundert, dass der kleine NSLU2 nicht aufgegeben hat bei einem solchen DDOS, immerhin dauert es schon mal 3,5 Stunden um alleine nmap zu compilieren ;-) Naja 266 MHz und 32 MB RAM sind auch nicht gerade viel, aber als Eingang in mein Netzwerk hat es für mich immer gereicht. Fragt sich nur, was ich als nächstes gegen einen solchen Angriff machen kann. Fail2ban scheint da nicht mehr zu reichen. Ideen?

Tags: , , , , , ,

/dev/null

In /dev/null hört dich keiner schreien..

Tags: , , , , ,

Grub wieder herstellen

  1. Starten mit SuperGrub
  2. sudo grub-install –root-directory=/ /dev/sda

Tags: , , , , ,

Ubuntu WOL

Ubuntu Wake on LAN

1. If you havent already, go to your BIOS, and turn on WakeOnLAN (it varies, look for it.) If your network card is onboard, your set for step 2, otherwise there is probably a cable that should go from your network card to your motherboard, though this is not always the case.

2. Back in ubuntu, kubuntu, xubuntu, w/e, we now need to make a script that will run every time the computer is started, because this command only lasts until the computer is turned on again once.

2a. Find out what network device you want to have the computer wake-able from, usually all, which is just one. If you have more network devices in your system, 9 chances out of 10, you already know what they are called. You can NOT wake up a laptop or computer that is only connected via wireless with wake-on-lan, unless the bios has a method for this, this is very rare, and I do not garuntee this howto will work in such cases. In your terminal, type: Code:

ifconfig

You’ll get something like: (I have removed my mac address for security)

eth0      Link encap:Ethernet  HWaddr 01:23:45:67:89:ab
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::215:f2ff:fe6f:3487/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:71495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23164212 (22.0 MiB)  TX bytes:7625016 (7.2 MiB)
          Interrupt:217 Base address:0xd400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1290 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1290 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:161182 (157.4 KiB)  TX bytes:161182 (157.4 KiB)

So, I want this system to be wake-able from eth0.

2b. Now we create the script. Note: you must be an administrator on the system you are doing this to.

sudo -i

Enter your password at the prompt. Change to the startup script directory and start editing a new file:

cd /etc/init.d/
nano wakeonlanconfig

Paste, or type this into the file, replacing eth0 with your network device, repeat the ethtool line as many times for your devices before the exit line:

#!/bin/bash
ethtool -s eth0 wol g
exit

Set the permissions of the file:

chmod a+x wakeonlanconfig

Make the script run on startup:

update-rc.d -f wakeonlanconfig defaults

You should see something like:

 Adding system startup for /etc/init.d/wakeonlanconfig ...
   /etc/rc0.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc1.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc6.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc2.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc3.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc4.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc5.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig

Now we finish by running it, and making sure there are no errors.

/etc/init.d/wakeonlanconfig

This should produce no output and put you right back at the prompt you started at.

3. Use it. you’ll need something to send wake-on-lan packets with, „wakeonlan“ is in the repos. And you’ll need the mac address of the system.

To get your MAC address, on the same system you just enabled WOL on, type: Code:

ifconfig | grep HW

its the thing that looks like 01:23:45:67:89:ab , write it down. turn off that system:

sudo halt

if your using wakeonlan from the repos, and you are on the same network as the computer your tying to wake up, replace 01:23:45:67:89:ab with your mac address and do, from another computer:

wakeonlan 01:23:45:67:89:ab

In MOST cases, you CAN SEND wake on lan packets from a wireless connected computer. If that doesnt work, its likely the port on the system your trying to wake up isnt the default (9), try 7, or if your BIOS settings or book told you one, use that one.

wakeonlan -p 7 01:23:45:67:89:ab

Tags: , , , ,

Archives by Subject:

Archives by Month: