otrdiena, 2011. gada 22. novembris

Ubuntu 11.10 kiosk mode with Opera

Install xscreensaver:
sudo apt-get install xscreensav* -y

Install flashplugin:
sudo apt-get isntall ubuntu-restricted-extras -y

* I prefer vim for text editing (you can use/download your favourite text editor):
sudo apt-get install vim -y

Go to www.opera.com, choose debian package for Ubuntu,
Install it:
sudo dpkg -i opera*.deb

Create kiosk user, set random password, set automatic login.

Log in kiosk user, run
xscreensaver-demo
Answer with yes/ok
I prefer disable screen saver

Open opera web browser, choose preferences
startup start with home page, enter home page
Uncheck Enable Password manager
History adresses 0, uncheck remember content on visited pages

Right click on search bar Customize > Remove from toolbar (important for security reasons)
Enable main bar
Right click and remove Open, Save, Print buttons same way.
You may leave Find and Home button, but I removed them all to leave more space for web-page on screen.
In about:config disable "Show crash log upload dialogue" and "Show problem dialogue"

Opera > Exit

Log in as admin user.

sudo vim /usr/share/xsessions/kiosk.desktop
[Desktop Entry]
Encoding=UTF-8
Name=kiosk
Comment=Opera Kiosk Mode
Exec=/usr/share/xsessions/opera.sh
Type=Application


sudo vim /usr/share/xsessions/opera.sh
#!/bin/bash
xscreensaver -nosplash &
#while true; do opera; sleep 5s; done
 while true; do opera --k --kioskbuttons --kioskresetstation --nochangebuttons --nochangefullscreen --nocontextmenu --nodownload --nokeys --nomail --nomaillinks --nomenu --nominmaxbuttons --noprint --nosave --nosplash --geometry 1280x1024+0+0; sleep 5s; done

* Edit your opera window size (--geometry 1280x1024+0+0)

sudo chmod 755 /usr/share/xsessions/opera.sh

sudo vim /etc/lightdm/lightdm.conf
user-session=kiosk
Add this line, to disable guest account:
allow-guest=false

* For remote access you can install ssh server
sudo apt-get install openssh-server

* For security reasons you can install ubuntu firewall
sudo apt-get install gufw
Alt+F2 gufw, enable firewall, disable incoming trafic, open 22. tcp port for ssh.

sudo passwd root
su
crontab -e
0 1 * * * /sbin/reboot
sudo reboot

* When something goes wrong or you just want to login in regular unity session, you need to edit /etc/lightdm/lightdm.conf, change back
user-session=ubuntu
save and reboot
You can do this from
1) SSH or
2) Reboot machine, hold shift while grub loading, choose recovery mode, root console, enter password.

* You may wish change opera settings folder to read-only, but I found it not necessary to do.

--
http://www.instructables.com/id/Setting-Up-Ubuntu-as-a-Kiosk-Web-Appliance/
http://www.opera.com/support/mastering/kiosk/

pirmdiena, 2011. gada 9. maijs

PuTTY + vim + paste

This is annoying when you can't click mouse in vim to paste some text.
Add following lines to .vimrc to fix that:
if has('mouse')
      set mouse-=a
endif

trešdiena, 2011. gada 4. maijs

iptables in slackware

Basic firewall configuration 
Drop INPUT, FORWARD
# iptables -P INPUT DROP
# iptables -P FORWARD DROP


Accept establised
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Accept loopback
# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

Accept SSH
# iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT

Accept ICMP
# iptables -A INPUT -p icmp -j ACCEPT

View
# iptables -L

With line numbers
# iptables -L --line-numbers

Save
# iptables-save > /root/fw.conf

To enable on next boot, add line to /etc/rc.d/rc.local
iptables-restore < /root/fw.conf

otrdiena, 2011. gada 12. aprīlis

Incremental htdir backup script.sh

#! /bin/sh
cd /backup

TODAY=`date`
FILENAME=`date +%d%b%Y`-inc-htdir.tar.gz.sec


# Check last backup date
if [ -f lastbackup ]; then
LAST=`cat lastbackup`
else
LAST=$TODAY
fi


# Create .tar.gz
tar -czf htdir.tar.gz --after-date="$LAST" /var/www/htdocs

# Encode with SSL
openssl des -in htdir.tar.gz -out $FILENAME -pass pass:secpasswd

# Send to remote backup machine
scp $FILENAME backup@10.0.2.251:/backup/data/www/htdir

# Cleanup n' shit
echo `md5sum $FILENAME` >> md5sum.log
rm htdir.tar.gz $FILENAME
echo $TODAY > lastbackup

svētdiena, 2011. gada 30. janvāris

Customize xterm

Create or edit ~/.Xdefaults

XTerm*background: black
XTerm*foreground: #CCCCCC
XTerm*highlightColor: red
XTerm*font: *-fixed-medium-r-*-14-*
XTerm*boldFont: *-fixed-medium-r-*-14-*
XTerm*geometry: 110x34+200+200

add to ~/.bashrc:
alias ls="ls --color=auto"
PS1='\u@\H:\w\$ '

ceturtdiena, 2011. gada 27. janvāris

Creating image with dd

*This does not work on the fly, so you need to boot from CD. 

Quick way with non-compressed image.

Create image from hda and save it on remote server:
# dd if=/dev/sda | ssh username@backupserver "dd of=/directory_of_backups_on_ssh_server/backupfile.iso"

Extract image to disk: 
# ssh user@hostname dd if=backupfile.iso | dd of=/dev/sda


Way with compressed image.

Create compressed image from sda on remote server:
# dd if=/dev/sda | gzip | ssh username@backupserver dd of=/directory_of_backups_on_ssh_server/backupfile.img.gz

Restore:
# ssh user@hostname dd if=backupfile.iso | gzip -d | dd of=/dev/sda


Clearing MBR with dd:
# dd if=/dev/zero of=/dev/hda bs=512 count=1 

otrdiena, 2011. gada 25. janvāris

System backup on-the-fly

Create:

# tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys /

For better compression, but it takes longer time:
# tar cvpjf backup.tar.bz2 --exclude=/proc --exclude=/lost+found --exclude=/backup.tar.bz2 --exclude=/mnt --exclude=/sys /

*At the end of the process you might get a message along the lines of 'tar: Error exit delayed from previous errors' or something, but in most cases you can just ignore that.

Restore:

# tar xvpfz backup.tgz -C /
# tar xvpfj backup.tar.bz2 -C /

Just make sure that, before you do anything else, you re-create the directories you excluded:
# mkdir proc
# mkdir lost+found
# mkdir mnt
# mkdir sys

etc...

pirmdiena, 2011. gada 17. janvāris

htdir backup script.sh

#!/bin/sh
# set chmod 700 to /backup for security reasons
cd /backup
FILENAME=`date +%d%b%Y`-htdir.tar.gz.sec

tar -cvf - /var/www/htdocs/ | gzip -c > htdir.tar.gz
openssl des -in htdir.tar.gz -out $FILENAME -pass pass:secpasswd
scp $FILENAME backup@backupsrv:/backup/srv1/htdir
echo `md5sum $FILENAME` >> md5sum.log
rm htdir.tar.gz $FILENAME

DB backup script.sh

#!/bin/bash
# set chmod 700 to /backup for security reasons 
cd /backup
FILENAME=`date +%d%b%Y`-mysql_alldb.tar.gz.sec
mysqldump --single-transaction -u backup -pmysqlpasswd --all-databases > backup.sql
tar -cf - backup.sql | gzip -c > backup.tar.gz
openssl des -in backup.tar.gz -out $FILENAME -pass pass:cryptpasswd
scp $FILENAME backup@backupsvr:/backup/srv1/db
echo `md5sum $FILENAME` >> md5sum.log
rm backup.sql backup.tar.gz $FILENAME

MYSQL on Slackware

# cp /etc/my-medium.cnf /etc/my.cnf
# chown -R mysql.mysql /var/lib/mysql
# /usr/bin/mysql_install_db
# cd /var/lib
# chown -R mysql:mysql mysql
# /usr/bin/mysqladmin -u root password 'new-passwd'


# chmod +x /etc/rc.d/rc.mysqld
#/etc/rc.d/rc.mysqld start


Slackware vsftpd FTP with local users

Edit /etc/inetd.conf, uncomment:
# ftp stream tcp nowait root /usr/sbin/tcpd vsftpd

Edit /etc/vsftpd.conf:
local_enable=YES
write_enable=YES



Chroot users in specific directory

Enable or add these lines in /etc/vsftpd.conf:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
chroot_local_user=YES


Create /etc/vsftpd.chroot_list, add line:
username /path/to/chrooted/dir/

Change home directory to same as chroot:
> usermod -d /path/to/chrooted/dir/ username



Limit user access to FTP only
In /etc/passwd change user shell to /bin/false
add /bin/false to /etc/shells

Pass on passwords with scp

$ ssh-keygen -t rsa

Generating public/private rsa key pair
Enter file in which to save the key ... (Enter)

Enter passphrase (empty for no passphrase): (Enter twice)

Copy key to remote box & login there:
$ scp id_rsa.pub user@remote:/home/user
$ ssh user@remote


$ cat id_rsa.key >> /home/user/authorized_keys

Remove pass phrase dialog on an apache ssl certificate

# openssl rsa -in server.key -out server.key.nopass

And of course edit this:
ubuntu:
$ sudo vim /etc/apache2/sites-available/default-ssl

slackware:
 # vim /etc/httpd/extra/httpd-ssl.conf