linux poison RSS
linux poison Email

Advanced shutdown utility for OpenSuse 11.1

GShutdown is a utility that allows you to schedule shutdown, logout, and reboot for your computer. It is compatible with GNOME, KDE, and XFCE. In KDM and GDM, you can shutdown or reboot your computer without the need to be root. You can choose a command to stop the computer (like "sudo poweroff"). It has a systray icon with visual notifications. There are 3 different ways to schedule the action: at a time and date, after a delay, or now. There are command line options to change the default values.

OpenSuse 11.1 user can use "1-click" installer - here or if you already subcribe to packman, go to yast -- software management and search for "gshutdown" (shown below

After successful installation, go to terminal and fire the command # gshutdown and you should see something like ..

There are lot of other option that you can configure for shutdown.

Read more

KDE 4.2 installation/upgrade on Debian,Kbuntu and OpenSuse

January 27, 2009. The KDE  Community announced the immediate availability of "The Answer", (a.k.a KDE 4.2.0), readying the Free Desktop for end users. KDE 4.2 builds on the technology introduced with KDE 4.0 in January 2008. After the release of KDE 4.1, which was aimed at casual users, the KDE Community is now confident we have a compelling offering for the majority of end users.

KDE 4.2.0 packages are in the experimental repository. Installation Information .

Januty: Packages for the development Jaunty release are available. If you use Jaunty you will be able to upgrade as normal.

Packages for Kubuntu 8.10 can be installed by following the instructions below. If you installed KDE 4.2 Beta or RC you can merely update your existing installation.

The updated packages for Kubuntu 8.10 are located in the Kubuntu Experimental Software Personal Package Archive (PPA) repository. To update to KDE 4.2, please follow these instructions:

1) Remove the koffice-data-kde4 package if you have it installed. The current koffice2 packages in the kubuntu-members-kde4 PPA are incompatible with the KDE 4.2 packages since they try to install icons to the same locations.

2)Follow the Kubuntu Repository Guide to enable Recommended Updates and add the following to your 'Third-Party Software' tab:
deb intrepid main
3) You can add the package signing key with this command:
gpg --keyserver --recv-keys 493B3065 && gpg --export -a 493B3065 | sudo apt-key add -
4) Old Plasma packages are not compatible with KDE 4.2, you should uninstall any plasmoids.

5) You can now update any existing KDE 4 installation to the most recent version using the Adept Updater tool in your system tray.

6) Now log out and press Alt + E to restart X. When you log in you will have KDE 4.2.

openSUSE packages are available in one click installation for
openSUSE 11.1 (one-click install )
openSUSE 11.0 (one-click install )
openSUSE 10.3 (one-click install ).
KDE Four Live CD with KDE 4.2 is also available .

Compiling KDE 4.2.0
The complete source code for KDE 4.2.0 may be freely downloaded . Instructions on compiling and installing KDE 4.2.0 are available from the KDE 4.2.0 Info Page .

Spread the Word
The KDE team encourages everybody to spread the word on the Social Web as well. Submit stories to websites, use channels like delicious, digg, reddit, twitter, Upload screenshots to services like Facebook, FlickR, ipernity and Picasa and post them to appropriate groups. Create screencast, upload them to YouTube,, Vimeo and others. Do not forget to tag uploaded material with the tag kde42 so it is easier for everybody to find the material, and for the KDE team to compile reports of coverage for the KDE 4.2 announcement. This is the first time the KDE team is attempting a coordinated effort to use social media for their messaging. Help KDE spreading the word, be part of it.

On web forums, inform people about KDE's new compelling features, help others getting started with their new desktop.

Reporting KDE Bugs
Please report all KDE bugs and feature requests at . The site has a nice bug-reporting "wizard" and will permit far easier tracking of bugs than an email to a list.

Read more

FTP, FTPS and SFTP client - BareFTP

bareFTP is a file transfer client supporting the FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP). It is written in C#, targeting the Mono framework and the GNOME desktop environment. bareFTP is free and open source software released under the terms of the GPL license.

Installation - Binary packages:

Ubuntu Ubuntu 8.10 (intrepid):
bareftp_0.1.4-1_i386.deb   (mirror)
Fedora Fedora 10:
bareftp-0.1.4-4.i386.rpm   (mirror)
bareftp-0.1.4-4.x86_64.rpm   (mirror)
openSUSE openSUSE:
openSUSE 11.1 bareftp-0.1.4-4.i586.rpm   (mirror)
openSUSE 11.0 bareftp-0.1.4-4.i586.rpm   (mirror)

You can also subscribe to the PackMan repository (with a small delay on new releases)

You'll need this to run bareFTP:
    * Mono >= 2.0
    * Gtk# >= 2.12 (gtk-sharp2)
    * Gnome# >= 2.20 (gnome-sharp)

OpenSuse user can go to yast -- software management and search for "bareFTP" and and can install it from yast.

On sucessfull installation you can find the "bareFTP" under "Application -- Internet -- data exchange" menu

Read more

Network Monitoring and Management Tool

AutoScan-Network is a network discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.

•Multithreaded Scan
•Automatic network discovery
•Low surcharge on the network
•Simultaneous subnetworks scans without human intervention
•Realtime detection of any connected equipment
•Supervision of any equipment (router, server, firewall...)
•Supervision of any network service (smtp, http, pop, ...)
•Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
•Complete network tree can be saved in a XML file.
•Intruders detection (in intruders detection mode, all new equipments blacklisted)
•Telnet Client
•Nessus Client
•Wake on lan functionality
•Privileged account is not required

To install AutoScan-Network, go on this link and download the latest version for your operating system.

Once you've downloaded the package, decompress the 'tar.gz' file and double-click on the binary file "AutoScan-Network-Linux-1.1x.bin" The installation starts...

(If you get troubles during the installation, start a shell with root access privileges and re-execute the binary file) This is the simplest way to install AutoScan-Network but some features are not included (like file sharing support) after successful  installation you should find the entry of the application in your KDE start menu, start the application and you should see something like ..

To un-install  AutoScan-Network start a shell with root access privileges, and type '/opt/AutoScan/uninstall'

AutoScan Network is free software. It is licensed under the GNU General Public License (GPL) version 2. This means you are free to use it and to modify it.
Read more

How to Enable-Disable Novell AppArmor on OpenSuse 11.1

Novell AppArmor is configured to run by default on any fresh installation of openSUSE. There are two ways of toggling the status of AppArmor:

Using YaST System Services (Runlevel)
Disable or enable AppArmor by removing or adding its boot script to the sequence of scripts executed on system boot. Status changes are applied at the next system boot.

   1.Start YaST.
   2.Select System+System Services (Runlevel).
   3.Select Expert Mode.
   4.Select boot.apparmor and click Set/Reset+Disable the service.
   5.Exit the YaST Runlevel tool with Finish.

AppArmor will not be initialized on the next system boot and stays inactive until you explicitly reenable it

To toggle AppArmor's status by using AppArmor Control Panel

   1.Start YaST.
   2.Select Novell AppArmor+AppArmor Control Panel.
   3.Select Enable AppArmor. To disable AppArmor, uncheck this option.
   4.Exit the AppArmor Control Panel with Done.

Read more

Encrypt-Decrypt files using mcrypt on OpenSuse

MCrypt is a replacement for the old crypt() package and crypt(1) command, with extensions. It allows developers to use a wide range of encryption functions, without making drastic changes to their code. It allows users to encrypt files or data streams without having to be cryptographers. Above all, it allows you to have some really neat code on your machine. :)

The companion to MCrypt is Libmcrypt, which contains the actual encryption functions themselves, and provides a standardized mechanism for accessing them.

Go to Yast -- Software Management and search for "mycrypt" and select the pacakage and install it using yast

Examples of mcrypt usage in a linux command line environment:

See available encryption algorithms
mcrypt --list                      

Encrypts myfilename to using blowfish encryption algorithm, you are prompted 2x for passphrase
mcrypt -a blowfish myfilename       

Decrypts to mytextfile.txt
mcrypt -d         

For Other options 
mcrypt --help

It implements numerous cryptographic algorithms, mostly block ciphers and stream ciphers, some of which falls under export restrictions in the United States. Algorithms include des, blowfish, arcfour, enigma, ghost, loki97, rc2, serpent, threeway, twofish, wake, xtea
Read more

E-Mail Notification for OpenSuse 11.x

Mail Notification monitors your mailboxes for new mail.

When new mail arrives, Mail Notification alerts you by displaying an icon in the notification area. Moreover, a mail summary can be displayed in the icon tooltip, a sound can be played, and notifications containing useful action buttons can be popped up.

Mail Notification can monitor multiple mailboxes concurrently, and supports Evolution, Gmail, IMAP, Maildir, mbox, MH, Mozilla products (Mozilla, SeaMonkey, Thunderbird, …), POP3, Sylpheed, Windows Live Hotmail and Yahoo! Mail mailboxes.

Mail Notification supports advanced POP3 and IMAP features such as SSL/TLS connections (in-band or on separate port), SASL and APOP authentication, and the IMAP IDLE extension.


Go to yast -- Software management and search for "mail-notification", after finding the package you can directly install it

After successful installation, you can find the "mail-notification" software under   "Internet" -- "E-Mail" program list,

The interface is simple, functional, respects the GNOME Human Interface Guidelines and integrates well into the GNOME Desktop Environment (though Mail Notification can also be used with KDE, Xfce and other environments).
After sucessfull configuration of you inbox you should see something like .. on receiving new mail
Read more

Best GDM Theme - Think Of Penguins

This is one of the best GDM theme I ever seen

Download it from here
Read more

Enigma Desktop for Linux

This sexy desktop mod was initially designed for windows but it's now ported to Linux. Give it a try.

Download Enigma Desktop & Get Installation Instructions.
Read more

Using vi to Encrypt Text Files

The disadvantage of using encrypted partitions is that while the partition is mounted, at least root can access the data. To prevent this, vi can be used in encrypted mode.

Use vi -x filename to edit a new file. vi prompts you to set a password, after which it encrypts the content of the file. Whenever you access this file, vi requests the correct password.

For even more security, you can place the encrypted text file in an encrypted partition. This is recommended because the encryption used in vi is not very strong.
Read more

Advantages of IPv6 - The Next Generation Internet

The most important and most visible improvement brought by the new protocol is the enormous expansion of the available address space. An IPv6 address is made up of 128 bit values instead of the traditional 32 bits. This provides for as many as several quadrillion IP addresses.

However, IPv6 addresses are not only different from their predecessors with regard to their length. They also have a different internal structure that may contain more specific information about the systems and the networks to which they belong.

The following is a list of some other advantages of the new protocol:

IPv6 makes the network “plug and play” capable, which means that a newly set up system integrates into the (local) network without any manual configuration. The new host uses its automatic configuration mechanism to derive its own address from the information made available by the neighboring routers, relying on a protocol called the neighbor discovery (ND) protocol. This method does not require any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server.

IPv6 makes it possible to assign several addresses to one network interface at the same time. This allows users to access several networks easily, something that could be compared with the international roaming services offered by mobile phone companies: when you take your mobile phone abroad, the phone automatically logs in to a foreign service as soon as it enters the corresponding area, so you can be reached under the same number everywhere and are able to place an outgoing call just like in your home area.

Secure Communication
With IPv4, network security is an add-on function. IPv6 includes IPsec as one of its core features, allowing systems to communicate over a secure tunnel to avoid eavesdropping by outsiders on the Internet.

Backward Compatibility
Realistically, it would be impossible to switch the entire Internet from IPv4 to IPv6 at one time. Therefore, it is crucial that both protocols are able to coexist not only on the Internet, but also on one system. This is ensured by compatible addresses (IPv4 addresses can easily be translated into IPv6 addresses) and through the use of a number of tunnels. Also, systems can rely on a dual stack IP technique to support both protocols at the same time, meaning that they have two network stacks that are completely separate, such that there is no interference between the two protocol versions.

Custom Tailored Services through Multicasting
With IPv4, some services, such as SMB, need to broadcast their packets to all hosts in the local network. IPv6 allows a much more fine-grained approach by enabling servers to address hosts through multicasting—by addressing a number of hosts as parts of a group (which is different from addressing all hosts through broadcasting or each host individually through unicasting). Which hosts are addressed as a group may depend on the concrete application. There are some predefined groups to address all name servers (the all name servers multicast group), for example, or all routers (the all routers multicast group).

Configuring IPv6 on OpenSuse 11.1
To disable or enable IPv6 on an installed system, use the YaST Network Settings module. On the Global Options tab, check or uncheck the Enable IPv6 option as necessary. To enable IPv6 manually, enter modprobe ipv6 as root.

Read more

Linux terminal server (RDP) on OpenSuse 11.1

Based on the work of rdesktop, xrdp uses the remote desktop protocol to present a GUI to the user.

The goal of this project is to provide a fully functional Linux terminal server, capable of accepting connections from rdesktop and Microsoft's own terminal server/remote desktop clients.

Unlike Windows NT/2000/2003/2008 server, xrdp will not display a Windows desktop but an X window desktop to the user. Xrdp uses Xvnc or X11rdp to manage the X session.

Installation and Configuration:
Go to YAST -- Software management and search for "xrdp" you should able to find it under OpenSuse 11.1 OSS repository

Click on "Accept" to install the xrdp pacakage.

2) After sucessfull installation start the xrdp server (terminal server) using following command
sudo /usr/sbin/service xrdp start
rcxrdp start (as root)
If you have your firewall turned on be sure you allow the port: Tcp 3389

3) Now finally use your rdp client (from windows box) and try to connect to this linux terminal server (Xrdp), you should be see something like ...

Read more

How to restrict features of the KDE desktop for users on OpenSuse 11.x

KIOSK Admin Tool is a KDE administration tool that offers system administrators an easy way to predefine desktop configurations for groups of users, lock down settings or otherwise restrict features of the KDE desktop environment.

KIOSK Admin Tool takes advantage of KDE's KIOSK restrictions framework. It is centered around profiles. A profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users.

Typical usage of KIOSK Admin Tool is to create a new profile, then to set up the profile with the desired default settings and restrictions, and finally to activate the profile by assigning the profile to one or more users or to a group of users.

1) Open the terminal and fire command : # kiosktool to open the main KIOSK admin window

2)  Now you can create a new profile, after creation click on "Set up profile" to do the actual restriction on the desktop

Here you can lock down components in a dozen categories: General, Desktop Icons, Desktop Background, Screen Saver, KDE Menu, Theming, Panel, Network Proxy, Konqueror, Menu Actions, Desktop Sharing, and File Associations.

The General component provides useful options like disabling all tasks and applications that require root access, as well as access to the command shell, run command, bookmarks, and logout option, and disabling starting a second X session.

Desktop Icons lets you lock down the whole desktop for the user, including context menus and icons. Desktop Background locks the desktop background settings. With Screen Saver, sysadmins can lock down screensaver settings and screensavers that uses OpenGL, and also allow only screensavers that hide the whole screen content.

In the KDE Menu component you can disable all tasks and applications that require root access from the KDE menu, and disable editing the KDE menu. The Theming component forces users to stick with the desktop theme you provide; you can lock down options like font, color, style, and windows decoration.

finally save the setting..

3) After sucessfull configuration, assign the profle to a user or to a group

Read more

How to set limits on users

The ulimit programs allow to limit system-wide resource use using a normal configuration file - /etc/security/ This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.

$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 7671
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) 811664
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 7671
virtual memory          (kbytes, -v) 1175120
file locks                      (-x) unlimited

All these settings can be manipulated. A good example is this forkbomb that forks as many processes as possible and can crash systems where no user limits are set - see this example - here

Warning: Do not run this program! If no limits are set your system will either become unresponsive or might even crash.

Now this is not good - any user with shell access to your box could take it down. But if that user can only start 20 processes the damage will be minimal. So let's set a process limit of MAX 20 process for a particular users in the system, this can be done by inserting the simple one line in limit.conf file.

Following will prevent a "fork bomb":
nikesh hard nproc 20
@group1 hard nproc 50
Above will prevent user "nikesh" to create more than 20 process and anyone in the group1 from having more than 50 processes.

There are many more setting and limits that you can set on a particular user or to a entire group like ..

using below configuration will prevent any users in the system to logins not more than 3 places at same time.
* hard maxlogins 3

Limit on size of core file
* hard core 0
Read more

How to change the running process priority

The kernel determines which processes require more cpu time than others by the process' nice level, also called niceness. The higher the nice level of a process is, the less CPU time it will take from other processes. Nice levels range from -20 (the least “nice” level) to 19. Negative values can only set by root.

Adjusting the nice level is useful when running a non time-critical process that lasts long and uses large amounts of CPU time, such as compiling a kernel, on a system that also performs other tasks. Making such a process “nicer”, ensures that the other tasks, for example a webserver, will have a higher priority.

Calling nice without any parameters prints the current niceness:

nikesh@poison:~> nice

Running nice command increments the current nice level for the given command by 10. Using nice -n level command lets you specify a new niceness relative to the current one.

To change the niceness of a running process, use renice priority -p process id, for example:

renice +5 3266

To renice all processes owned by a specific user, use the option -u user. Process groups are reniced by the option -g process group id.
Read more

Linux Filesystem event notification using inotify

inotify is a file change notification system—a kernel feature that allows applications to request the monitoring of a set of files against a list of events. When the event occurs (read, write, create, delete,mount, un-mount, etc ..), the application is notified. To be useful, such a feature must be simple to use, lightweight with little overhead and flexible. It should be easy to add new watches and painless to receive notification of events.

This can be a handy tool if you need to monitor some directory for files update and as soon as it got updated you need to do some operation.

There is a tool called inotify-tools, which is a C library and a set of command-line programs for Linux providing a simple interface to inotify


inotify-tools is available through the Fedora Extras repository. Just do: yum install inotify-tools

inotify-tools is available in Gentoo's official portage tree. It may be masked, in which case read the "MASKED PACKAGES" section of the man page for emerge, then unmask it. Then you can simply: emerge inotify-tools

sudo aptitude install inotify-tools

you can donload the source code : here and compile and build your binary using following command
./configure --prefix=/usr && make && su -c 'make install'

Some of the events that can be monitored for are:

IN_ACCESS - read of the file
IN_MODIFY - last modification
IN_ATTRIB - attributes of file change
IN_OPEN and IN_CLOSE - open or close of file
IN_MOVED_FROM and IN_MOVED_TO - when the file is moved or renamed
IN_DELETE - a file/directory deleted
IN_CREATE - a file/directory created
IN_DELETE_SELF - file monitored is deleted

Java api - here
Read more

How to logout the user forcefully

The other day a friend of mine was asking me how to stop all users' processes and then logout him.
Well maybe the first thing you need is to send a message to the user, so he can actually save his work.
to do that you may use the command wall to let your users know you are about to log them out.

Now at the given time end all of your users' applications, using pkill

sudo pkill -u username

replace username with every username you have in your system, you can also use.

who | awk '{ printf ("%s",$1 "\n"); }'| grep -v root | xargs -I {} -t pkill -u $1{}

This way you can view all all users' processes, be careful using this.

You can also use the command skill but in its man page it says it is obsolete.

skill -KILL -u username

Use this command carefully, as you may make your users loose their jobs.

Read more

Execute command at regular intervals

If you anytime need to execute a command once and again and again, you can use watch and tell it to execute the Linux command in a give interval.

The syntax of the command is:

watch [option(s)] command

The default interval of execution of the given command is two (2) seconds, but you define a different interval using the option -n.

Here are two useful uses of watch.

watch -n 5 free -m

Which will show you the use of memory each five seconds.

watch -n 30 vnstat -h

Which will show you the bandwidth used hourly, read more about vnstat.

You can also make watch to highlight any change it detect between two screens of output.

watch -n 30 -d vnstat -h

And if you want to maintain the highlight on, add =cummulative to the -d option, like this:

watch -n 30 -d=cummulative vnstat -h

Read more

Firefox and Linux on top for year 2008 on Linuxpoison

Extracted from Google Analytics

Read more

Top 10 articles of 2008 on linuxpoison

Read more

Filtering the packets at Application level

This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there.

L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics.
It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on.

Read More: here
Read more

Write your own kernel module and insert it into running kernel

So, you want to write a kernel module. You know C, you've written a few normal programs to run as processes, and now you want to get to where the real action is, to where a single wild pointer can wipe out your file system and a core dump means a reboot.

kernel Modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. For example, one type of module is the device driver, which allows the kernel to access hardware connected to the system.

1) Check if you have all the required tools and lib (Linux Kernel headers)for building the kernel modules for this you need - kernel-headers, you can check if it's install or not by using command: # rpm -qa | grep kernel-headers, if installed, Typing the following command ...

# ls -d /lib/modules/$(uname -r)/build 
Output (OpenSuse 11.1) : /lib/modules/ 

else install the kernel-header from your installation CD/DVD

2) Now, start with the famous "hello World" program, create c file call - hello.c

#include <linux/module.h>
#include <linux/kernel.h>
int init_module(void)
    printk(KERN_INFO "Hello world.\n");
    return 0;
void cleanup_module(void)
    printk(KERN_INFO "Goodbye world\n");


3) Create the make file: vi Makefile

obj-m += hello.o
        make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
        make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

save and close

4) Now compile the module to create - hello.ko using command : # make and you should see something like ...

make -C /lib/modules/ M=/root/kernel modules
make[1]: Entering directory `/usr/src/linux-'
make -C ../../../linux- O=/usr/src/linux- modules
  CC [M]  /root/kernel/hello.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /root/kernel/hello.mod.o
  LD [M]  /root/kernel/hello.ko
make[1]: Leaving directory `/usr/src/linux-'

you should see lot of news files get created inside the directory, check it "ls" command

5) Load/insert our kernel module into the running kernel (hello.ko) using command: # insmod hello.ko

6) Now let check the information about our module (hello.ko) using command:
# modinfo hello.ko, you should see something like ...

filename:       hello.ko
srcversion:     A59CC2D814343F3CA40CADF
depends:        built-in
vermagic: SMP mod_unload modversions 586

7) To list the module currently running inside the kernel : # lsmod

8) To remove the "hello.ko" module: # rmmod hello.ko

9) Check the output of our module by looking at the /var/log/message file, you should find the entries like ..
Jan 11 12:31:48 poison kernel: Hello world.
Jan 11 12:32:26 poison kernel: Goodbye world
Read more

How to change DMA settings on Ubuntu

One really common solution to slow, and unreliable playback of DVD is the settings related to DMA which is turn "off" by default.

DMA stands for: Direct Memory Access. DMA allows a piece of hardware to talk directly with the RAM, reading and/or writing independent of the CPU (Central Processing Unit). In other words the hardware can use the system memory, bypassing the CPU, allowing the device to read and write much faster.

By default Ubuntu has DMA turned off (set to 0), this can be changed in the /etc/hdparm.conf file, like so:

1. First make a backup of your hdpram file:
# sudo cp /etc/hdparm.conf /etc/hdparm.conf.original
2. Now edit the file using your favorite text editor, I'm using vi, however you can use the editor of you choice:
# sudo vi /etc/hdparm.conf
3. Now just add the following at the end of the file:
/dev/cdrom {
      dma = on
4. Once you restart your computer you should have DMA turned on.

Reblog this post [with Zemanta]
Read more

Website downloader for Linux - HTTrack

HTTrack is a free (GPL, free / free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.

HTTrack uses a web crawler to download a website. Some parts of the website may not be downloaded by default due to the robots exclusion protocol unless disabled during the program. HTTrack can follow links that are generated with basic JavaScript and inside Applets or Flash, but not complex links (generated using functions or expressions) or server-side image maps.

OpenSuse user can use "1 click" installaer to install HTTrack - here
Fedora  user can install - yum install httrack
Others can download the source code

This video demonstrates the power of HTTrack ...

Read more

openSUSE Network Installation/Upgrade Without CD/DVD

Installing or upgrading the opensuse is fairly easy using CD, or net boot CD but many times it happen the we need to install or upgrade the OS using these media, to solve this problem we got a script called setupgrubfornfsinstall 

setupgrubfornfsinstall is a dialog based shell script to prepare remote network installations. The script downloads kernel and initrd of the distribution and creates a boot loader entry for them.

browse installation sources offered via SLP in your LAN
browse nfs exports (special config file needed then)
support for nfs, ftp and http
install openSUSE from
install Fedora from
supports both grub and lilo (the latter mostly untested nowadays though)
qemu/kvm support, just run setupgrubfornfsinstall with option —qemu.
supports ssh/vnc installation parameters (SUSE only)

1) Preparing network installation source. use http installation source by mount openSUSE ISO image into apache root folder directory (/srv/www/htdocs/11.1) so, in this case URL becomes -

2) Download the script, rename it to , make it executable
# chmod +x 

3) execute the script
# ./ and follow the instruction

4) Choose either x86 or x86_64 architecture.

5) Choose installation source

6) Specify the URL for you Apache where we have set-up the installation folder

7) Select the proper resolution for installation

And after few more wizard, reboot your computer and choose network installation from GRUB menu and it will start the installation from the specified URL.
Read more

How to secure PHP with Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.


Engine Protection (only with patch)
Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection
Protects Destructors of Zend Hashtables
Protects Destructors of Zend Linked-Lists
Protects the PHP core and extensions against format string vulnerabilities
Protects against errors in certain libc realpath() implementations

Misc Features
Protection Simulation mode
Adds the functions sha256() and sha256_file() to the PHP core
Adds support for CRYPT_BLOWFISH to crypt() on all platforms
Transparent protection of open phpinfo() pages
EXPERIMENTAL SQL database user protection
Runtime Protection
Transparent Cookie Encryption
Protects against different kinds of (Remote-)Include Vulnerabilities
disallows Remote URL inclusion (optional: black-/whitelisting)
disallows inclusiong of uploaded files
optionally stops directory traversal attacks
Allows disabling the preg_replace() /e modifier
Allows disabling eval()
Protects against infinite recursion through a configureabel maximum execution depth
Supports per Virtual Host / Directory configureable function black- and whitelists
Supports a separated function black- and whitelist for evaluated code
Protects against HTTP Response Splitting Vulnerabilities
Protects against scripts manipulating the memory_limit
Protects PHP‘s superglobals against extract() and import_request_vars()
Adds protection against newline attacks to mail()
Adds protection against \0 attack on preg_replace()

Session Protection
Transparent encryption of session data
Transparent session hijacking protection
Protection against overlong session identifiers
Protection against malicious chars in session identifiers

Filtering Features
Filters ASCIIZ characters from user input
Ignores GET, POST, COOKIE variables with the following names:
Allows enforcing limits on REQUEST variables or separated by type (GET, POST, COOKIE)
Supports a number of variables per request limit
Supports a maximum length of variable names [with and without indicies]
Supports a maximum length of array indicies
Supports a maximum length of variable values
Supports a maximum depth of arrays
Allows only a configureable number of uploaded files
Supports verification of uploaded files through an external script
Supports automatic banning of uploaded ELF executables
Supports automatic banning of uploaded binary files
Supports automatic stripping of binary content in uploaded files
Configureable action on violation
just block violating variables
send HTTP response code
redirect the browser
execute another PHP script

Logging Features
Supports multiple log devices (syslog, SAPI module error log, external logging script)
Supports freely configureable syslog facility and priority
Supports log device separated selection of alert types to log
Alerts contain filename and linenumber that triggered it
Alerts contain the IP address of the user triggering it
The IP Address can also be extracted from X-Forwarded-For HTTP headers (f.e. for reverse proxy setups)

Installation and Configuration
# cd / tmp
# wget
# tar xzf suhosin-0.9.23.tgz
# cd suhosin-0.9.23
# ./configure
# make
# make install
The next step is to enable the module in php.ini, editing /etc/php5/apache2/php.ini and adding this line:
extension =
Now just restart Apache and suhosin begin to do it's dirty work:)
For more detail configuration, check here
Read more

My Desktop - OpenSuSe 11.1

Read more

Read - Write support for NTFS partition on OpenSuse 11.x

The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver which was implemented by the Linux-NTFS project. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right.

Technically it's based on and a major improvement to the third generation Linux NTFS driver, ntfsmount. The improvements includes functionality, quality and performance enhancements.

First, of course install the drivers for reading - writing NTFS, if you have NTFS partitions, you can install it from the openSUSE installation CD/DVD or from the repository OSS using YAST, search for "ntfs" and install all the necessary package (below)

Now, just start from the root tool, ntfs-config and enable them to write support for NTFS partitions on your computer, this tool will detect the ntfs partition on your drive.

Or open as root with your favourite editor /etc/fstab, find the line of the partition that you want to enable write, in my case is this:

/dev/sda1 /mnt/c ntfs defaults 0 0

Now, replace the ntfs and default part of the above line with following:

ntfs-3g defaults, users

In my case, then you'll get:
/dev/sda1 /mnt/c ntfs-3g defaults,users

Restart you machine and check if you are able to read/write to NTFS partition.
Read more

Ext4 support on OpenSuse 11.1

Kernel 2.6.28 Released

Torvald released the final version of Linux Kernel 2.6.28. It's not a big change since RC 9, but it finally appeared as final after lots of discussion on LKML whether to postpone the release or release earlier and make the merge window longer as the developers goes on long holidays.

Here's some summary of Kernel 2.6.28 (taken from KernelNewbies): Linux 2.6.28 adds the first version of Ext4 as a stable filesystem, the much-expected GPU memory manager which will be the foundation of a renewed graphic stack, support for Ultra Wide Band (Wireless USB, UWB-IP), memory management scalability and performance improvements, a boot tracer, disk shock protection, the phonet network protocol, support of SSD discard requests, transparent proxy support, several new network drivers, controlable IO CPU affinity, high-resolution poll()/select(), support of a minimal "dummy" policy in SELinux, tracing improvements, x86 x2APIC support, a fb driver for VIA UniChrome devices, Mitac Mio A701 ARM-based smartphone support, some new drivers, improved device support, and many other small improvements and fixes.

More on the detailed can be viewed at KernelNewbies. The official announcement are here and here

Kernel Compilation:

1) Make sure you have all the required lib for kernel compilation
2) Download the latest kernel from (2.6.28)
3) Untar the kernel source and move the folder (linux-2.6.28) under /usr/src/
4) Fire Following commands from /usr/src/linux-2.6.28 folder

# make xconfig

This will open a window where you can search for "ext4", select the ext4 options and save the changes (shown below)

# make rpm

5) This is will take some time for source compilation and making rpm file
Now go to — /usr/src/packages/RPMS/i386 where you will find the rpm file, install this rpm file using following command...

# rpm -ivh  kernel-2.6.289pae-1.i386.rpm
[DO NOT UPGRADE YOUR EXISTING KERNEL BY USING rpm -Uvh, instead install the new kernel using rpm -ivh]

This will install all the required files like  vmlinuz,, etc .. into your /boot folder 

# mkinitrd -- This will create /boot/initrd-2.6.28-9-pae file which is required during booting of new kernel and you should see something like ...
Kernel image:   /boot/vmlinuz-2.6.28-9-pae
Initrd image:   /boot/initrd-2.6.28-9-pae
Root device:    /dev/disk/by-id/ata-ST3802110A_9LR2AE39-part2 (/dev/sda2) (mounted on / as ext3)
Resume device:    /dev/disk/by-id/ata-ST3802110A_9LR2AE39-part7 (/dev/sda7)
Kernel Modules:    scsi_mod libata sata_sil hwmon thermal_sys processor thermal pata_atiixp ata_generic ide-core atiixp ide-pci-generic fan jbd mbcache ext3 edd crc-t10dif sd_mod usbcore ohci-hcd uhci-hcd ehci-hcd hid usbhid
Features:       block usb resume.userspace resume.kernel
Bootsplash:    openSUSE (1024x768)
51347 blocks
6) Go to and edit the following file to add the new kernel to boot menu
# vi /boot/grub/menu.lst and add the following lines to it
title openSUSE 11.1 (2.6.28)
root (hd0,5)
kernel /boot/vmlinuz-2.6.28-9-pae root=/dev/sda2 vga=0×317 resume=/dev/sda7 splash=silent showopts
initrd /boot/initrd-2.6.28-9-pae
You can also install new kernel using Yast tool (system -> Boot Loader).

7) Now install the grub using following command
# grub-install /dev/sda
[Check you drive here or install it using YAST tool]

How to use Ext4

One very important thing to keep in mind is that there is NOT Ext4 GRUB support. Well, that wasn't exactly true: There is grub support, but the grub versions used by your current distro don't support it. There's support in the GRUB2 development branch, but only from this commit and ahead. There're available grub2 packages in Ubuntu and debian-derived distros as the grub-pc package. In the 0.9x branch, there's not official support, but there's a Google SoC project that developed support for it, and Google finds patches. So choose yourself. The next release of distros based in Linux 2.6.28 will probably have support in one way or another. The safe option is to keep your /boot directory in a partition formatted with Ext3.

You also need an updated e2fsprogs tool, of course, the latest stable version -1.41.3- is recommended.

Creating a new Ext4 filesystem from the scratch
The easiest one, recommended for new installations. Just update your e2fsprogs package to Ext4, and create the filesystem with mkfs.ext4.

Migrate existing Ext3 filesystems to Ext4
You need to use the tune2fs and fsck tools in the filesystem, and that filesystem needs to be unmounted. Run:

          tune2fs -O extents,uninit_bg,dir_index /dev/yourfilesystem

After running this command you MUST run fsck. If you don't do it, Ext4 WILL NOT MOUNT your filesystem. This fsck run is needed to return the filesystem to a consistent state. It WILL tell you that it finds checksum errors in the group descriptors - it's expected, and it's exactly what it needs to be rebuilt to be able to mount it as Ext4, so don't get surprised by them. Since each time it finds one of those errors it asks you what to do, always say YES. If you don't want to be asked, add the "-p" parameter to the fsck command, it means "automatic repair":

       fsck -pf /dev/yourfilesystem

There's another thing that must be mentioned. All your existing files will continue using the old indirect mapping to map all the blocks of data. The online defrag tool will be able to migrate each one of those files to a extent format (using a ioctl that tells the filesystem to rewrite the file with the extent format; you can use it safely while you're using the filesystem normally)

Finally do not forget to modify /etc/fstab.
Read more
Related Posts with Thumbnails