Archive for the ‘Debian-Testing’ Category:

Funny Linux photograph, this is in a supermarket.

Linux filesystem error in a supermarket.

Linux filesystem error in a supermarket.

This is a photograph captured in a supermarket. This shows a Linux machine that must be meant for showing advertisements or other videos and it is instead depicting a Linux bootup error. The filesystem has an inconsistency and this means that the fsck utility must be run manually to fix the error. Not a major issue as long as the drive is not failing. If it is a magnetic drive, this means that you hear a click of death, this means back up all data and replace it right away. But this machine is running Gentoo Linux, I have had a lot of issues with that distribution. Better to run Fedora in a business environment. Although Ubuntu Server is very good.

Below is another picture, an ATM running Windows 7. This machine is asking for Windows activation. Please just enter the product key…

Windows 7 activation on an ATM machine.

Windows 7 activation on an ATM machine.

Linux Terminal command to format PGP to properly display on reddit.

So it was brought to my attention that a command in Linux exist that makes what I made obsolete. Here is the code you can run in the terminal. Simply save your PGP message, name it something, and place it on your Desktop and replace FILENAME with the name of the file you saved the PGP message as.

cat ~/Desktop/FILENAME | sed 's|^|    |g'

then it will print the formatted message into the terminal, highlight it and right click and click “copy” ctrl+c does not copy inside terminal.

How to block access to the .htaccess file on an Apache web server.

Blocking access to the .htaccess file on your Apache web server blocks access to the file by curious web users that want to see what directives are in it. The code below added to the .htaccess file will forbid all access to the .htaccess file by web users while still allowing it to function.

#Deny attempts to view the Htaccess file.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>

Very important to add this code when setting up your web server.

Count the actual lines of code in your C or C++ project.

This is how to actually count the lines of code in your C project on Linux. Some people advocate using wc -l, but that would not suit our purposes. The cloc utility is able to do this and more.

Firstly, install this utility.

sudo apt install cloc

Then run the utility in a source folder.

jason@jason-desktop:~/Documents/ipinfo/src$ cloc .
       2 text files.
       2 unique files.                              
       0 files ignored.
 
http://cloc.sourceforge.net v 1.60  T=0.01 s (138.5 files/s, 11358.2 lines/s)
-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
C/C++ Header                     1             13             10             66
C                                1             14              8             53
-------------------------------------------------------------------------------
SUM:                             2             27             18            119
-------------------------------------------------------------------------------

This utility shows the number of files, the lines of actual code, and the comments. Very useful for keeping track of how big your project is. It also shows a summary row with the totals at the bottom.

Use the –strip-comments=.strip parameter to write copies of the files with all comments and blank lines edited out.

jason@jason-desktop:~/Documents/ipinfo/src$ cloc . --strip-comments=.strip
       2 text files.
       2 unique files.                              
Wrote info.h..strip
Wrote ip.c..strip
       0 files ignored.
 
http://cloc.sourceforge.net v 1.60  T=0.01 s (286.3 files/s, 22190.6 lines/s)
-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
C                                1              0              0             66
C/C++ Header                     1             13             10             66
-------------------------------------------------------------------------------
SUM:                             2             13             10            132
-------------------------------------------------------------------------------

Very useful for making a simplified C source file, but having comments in the file is very useful when someone else has to take on your code.

How to login as root on Ubuntu 16.04.

To login as root on Ubuntu 16.04, open the terminal and type this command.

[email protected]:~$ sudo su -
[sudo] password for jason: 
[email protected]:~#

This will give you a root prompt. Then enter this command to unlock the root account.

[email protected]:~# passwd root
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

This allows the user to set a password for the root user and unlock the account. A very useful tip to make full use of your machine.

Now it works.

[email protected]:~$ su
Password: 
root@jason-desktop:/home/jason#

Linux commands cheat sheet.

Linux commands cheat sheet.

With this list of basic Linux commands and sample usages, you’ll never have to worry about forgotten commands again. The items contained within brackets are optional, and type man at a shell for more information.

Ubuntu pocket guide.

Ubuntu Pocket Guide and Reference (PDF Edition)

Linux Mint users guide. Very useful for all Linux Mint fans.

Linux Mint users guide. Very useful for all Linux Mint fans.

The Debian Administrator’s Handbook.

The Debian Administrator’s Handbook.

Linux Fundamentals.

Linux Fundamentals ebook.

Linux just as important as ever in the modern world.

Windows 10 is the current operating system that Microsoft are pimping, but Linux is still very important. Servers run the free operating system, and there are many jobs that require Linux administration experience. The Windows 10 bash shell cannot run server software such as Apache and MySQL, this means that an actual Linux machine is required to run an actual server. This way, Samba or a LAMP stack may easily be run on a much more secure machine than a patched together Windows Server operating system. Linux on a cloud instance such as Amazon AWS or a cheap VPS allows the user to construct an OpenVPN server, or route E-Mail. Free software is a better option than closed source software. Teamviewer is closed source and this has many security vulnerabilities. Apparently having this software installed leads to security compromises on your computer. Not a good thing at all. That is why anyone wanting to share their desktop should use VNC instead. I have never used Teamviewer and I do not intend to. Here is a list of security vulnerabilities in this software, showing that it has a long way to go before it is usable as a secure product over the Internet.

The teamspy backdoor is a malicous DLL file that is shipped with Teamviewer and allows crackers to gain unwanted access to a target computer. This goes to show that anyone that wants to download Teamviewer should only download it from a reputable website. Other sites may tamper with the download to slipstream malware into the download. That is why Linux is making inroads into the computing market. Software is available from secure repositories and these are signed, this ensures that the software you are installing is actually what you wanted. Especially when installing a SSH server or the OpenVPN client. That is why keys need to be installed when adding a PPA to a Debian distribution. This allows the installation of signed packages from a users repository. Of course, this is also possible with Windows software, if the user downloads from a reputable website and then checks a SHA hash to make sure the file is what the user expects to be downloading. Do nto download from websites that require a downloader to download the file. I always go somewhere else and find a proper download. Linux has the advantage of a proper package manager. Sure, you can turn Windows features on and install certain files, but the Apt and YUM package management systems are way better.

For those interested in the new Bash environment, there is documentation on the Microsoft website: https://msdn.microsoft.com/commandline. And there is some user feedback here: https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/category/161892-bash.

Incredible new wallpapers for your Linux or Windows machine.

Some nice wallpapers to improve your desktop.

Bern, 3840×2160: https://www.reddit.com/r/wallpapers/comments/4lql1n/bern_3840x2160/.

Forest Path. [3840×2160]: https://www.reddit.com/r/wallpapers/comments/4lp77g/forest_path_3840x2160/.

Chicago [3840×2400]: https://www.reddit.com/r/wallpapers/comments/4lhiwv/chicago_3840x2400/.

Amanita Muscaria [4160×3120]: https://www.reddit.com/r/wallpapers/comments/4l1hij/spring_has_sprung/.

The Great Blue Hole [1920×1200]: https://www.reddit.com/r/wallpapers/comments/4kujhu/the_great_blue_hole_1920x1200/.

Portland sunrise: https://interfacelift.com/wallpaper/details/4053/portland_sunrise.html.

View out the window of the Space Shuttle: https://www.desktoppr.co/wallpapers/726988.

Fort Worth gardens: https://www.desktoppr.co/wallpapers/726924.

Sewage pond 1440×900: https://4walled.cc/show-102573.

Amish buggy on country road: https://4walled.cc/show-467432.

Running track winding across a field: https://4walled.cc/show-96730.

Windows 10 nag screen close button was starting the upgrade.

The Windows 10 nag screen was using a dirty trick that involved having the close button to start the installation. This is very annoying, firstly, you click the upgrade now button and it starts the upgrade, but now the close button was starting the upgrade? That is one dirty trick indeed. Why are Microsoft so desperate for everyone to upgrade to Windows 10 anyway? Forcing these updates on everyone will not curry favor with more paranoid users. Of course, they are the company responsible for the Metro/Modern UI start screen in Windows 8. That was an unforgivable User Interface invention. Windows 8 as a whole was very strange. Just like using Android x86 on a eePC. A mobile phone interface does not work well on a PC. I cannot believe that the Windows 8 styled start screen was in Windows Server 2012. Why would a server operating system need a mobile phone UI? So many computers have had serious issues with running the upgrade and rebooting into an unusable state. That is unacceptible in 2016. That is why I will stay with Windows 7 for the time being.

Windows 10 nag screen.

Windows 10 nag screen.

This posting has a solution for Windows 7 and 8 that will prevent Windows 10 automatic updates. This will be very useful if your machine is fine the way it is and you do not wish to run Windows 10 at all. GWX Control Panel is the easy way to protect your machine from Windows 10. Having something like the below screenshot happen to you would really suck. This guy was livestreaming a counterstrike gaming session and his computer automatically restarted into a Windows 10 upgrade. That ridiculous. That is why you block the upgrade crap.

Livestream interrupted by Windows 10 upgrade.

Livestream interrupted by Windows 10 upgrade.

What is new in the Ubuntu 16.10 release.

Ubuntu Desktop 16.10 Yakkety Yak Daily Build 29-04-2016.

Here is a good little program I wrote in C. Just for fun.

Not a bad little program, and I got the code to work first time, not bad. Writing code in standard C is better than C++ or C#, the old C language is still the best. The whole Linux kernel is written in C and if it is good enough for that project, it is good enough for me.

 
#include <stdio.h>
 
#define EQ ==
#define OP "Troll."
#define trololol printf
 
int lineofstars (void) {
	int x = 0;
	while (x < 64) {
		printf("*");
		x++;
		if (x EQ 31) {
			printf("<|>");
		} else if (x EQ 64) {
			printf("\n-\n");
		}
	}
}
 
int main (int argc, char** argv) {
 
	char *name;
	name = "OP";
	lineofstars();
	trololol("According to this, %s is a %s\n", name, OP);
	return 0;
}

Musings on Linux in general.

Gentoo works perfectly well as a desktop operating system, I have Sabayon Linux which is based on Gentoo and would be good, as long as the Network manager works just as well as it does in Ubuntu and Linux Mint. Wicd is not as good as Networkmanager when it comes to using Wireless Broadband. I need to get another Wireless Broadband dongle, my last one broke and I am using the town library Internet as I write this, I am updating from Ubuntu 10.04 to Ubuntu 10.10, I edited the /etc/apt/sources.lst and replaced all instances of lucid to maverick and typed sudo apt-get update && sudo apt-get upgrade and I can upgrade to Ubuntu Maverick 10.10 that way. Sure it takes a long time downloading more than 323 megabytes of packages, but it is worth the effort, and better than downloading a 700MB CD and installing that then downloading about 400MB of updates. I stand by this method. I wish you could upgrade from the Ubuntu CD’s from Lucid to Maverick, but you cannot. That is stupid, you could do an upgrade from XP to Vista or Windows 7, and keep the old data in the Windows.Old folder, why can’t you do that in Ubuntu? Unless you have a separate /home partition and you can re-install the newer version of Ubuntu and keep your user data. I used to do that a lot, you keep all of your user data and settings and just install a different Linux distribution and tell it to mount the partition as /home. That is a pretty foolproof way to do it, but then you lose all of the extra software you have installed and an upgrade could see what you have installed and upgrade it to the latest versions.

Canonical are you listening? You need to get with the times and see how things should be done, and if the upgrade goes wrong, ie a power failure, then you should be able to recover from that and get it finished. I guess they might go this way in the future, and put in place some kind of system to handle updating. I know they used to pop up a notification where you were prompted to upgrade to a newer version of Ubuntu, I prefer to do it with the command line as I am used to performing tasks that way.

The Linux flash plugin sure is linked with a lot of stuff as a lot of Linux stuff is. But it is interesting to look at this sort of thing and if you are writing a program, it would be interesting to try and reduce the amount of libraries your executable is linked to.

[email protected]:~$ ldd /usr/lib/flashplugin-installer/libflashplayer.so
	linux-gate.so.1 =>  (0x00c36000)
	libX11.so.6 => /usr/lib/libX11.so.6 (0x00110000)
	libXext.so.6 => /usr/lib/libXext.so.6 (0x007fb000)
	libXt.so.6 => /usr/lib/libXt.so.6 (0x00444000)
	libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x0022d000)
	libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x002a3000)
	libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x002d3000)
	librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0x009bd000)
	libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0x1e514000)
	libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0x002ec000)
	libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x00382000)
	libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 (0x0039e000)
	libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0 (0x003c5000)
	libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0 (0x003df000)
	libcairo.so.2 => /usr/lib/libcairo.so.2 (0x00497000)
	libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x003eb000)
	libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x00511000)
	libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x0042e000)
	libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x00550000)
	libssl3.so => /usr/lib/libssl3.so (0x0087b000)
	libsmime3.so => /usr/lib/libsmime3.so (0x008c3000)
	libnss3.so => /usr/lib/libnss3.so (0x0061a000)
	libplds4.so => /usr/lib/libplds4.so (0x00a49000)
	libplc4.so => /usr/lib/libplc4.so (0x0098e000)
	libnspr4.so => /usr/lib/libnspr4.so (0x0072e000)
	libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x007b2000)
	libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0x00763000)
	libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x00a4d000)
	/lib/ld-linux.so.2 (0x009e4000)
	libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00789000)
	libSM.so.6 => /usr/lib/libSM.so.6 (0x00433000)
	libICE.so.6 => /usr/lib/libICE.so.6 (0x007b6000)
	libz.so.1 => /lib/libz.so.1 (0x007cf000)
	libexpat.so.1 => /lib/libexpat.so.1 (0x0080b000)
	libXrender.so.1 => /usr/lib/libXrender.so.1 (0x007a3000)
	libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x0043c000)
	libXi.so.6 => /usr/lib/libXi.so.6 (0x007e4000)
	libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x007f2000)
	libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x00832000)
	libXcomposite.so.1 => /usr/lib/libXcomposite.so.1 (0x00440000)
	libXdamage.so.1 => /usr/lib/libXdamage.so.1 (0x007ad000)
	libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00959000)
	libgio-2.0.so.0 => /usr/lib/libgio-2.0.so.0 (0x09e46000)
	libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0x0083f000)
	libpixman-1.so.0 => /usr/lib/libpixman-1.so.0 (0x008e9000)
	libdirectfb-1.2.so.0 => /usr/lib/libdirectfb-1.2.so.0 (0x00ba7000)
	libfusion-1.2.so.0 => /usr/lib/libfusion-1.2.so.0 (0x00845000)
	libdirect-1.2.so.0 => /usr/lib/libdirect-1.2.so.0 (0x0084f000)
	libpng12.so.0 => /lib/libpng12.so.0 (0x0095f000)
	libxcb-render-util.so.0 => /usr/lib/libxcb-render-util.so.0 (0x00865000)
	libxcb-render.so.0 => /usr/lib/libxcb-render.so.0 (0x0086a000)
	libpcre.so.3 => /lib/libpcre.so.3 (0x00a01000)
	libnssutil3.so => /usr/lib/libnssutil3.so (0x00993000)
	libXau.so.6 => /usr/lib/libXau.so.6 (0x00c23000)
	libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00872000)
	libuuid.so.1 => /lib/libuuid.so.1 (0x008ad000)
	libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x00943000)
	libselinux.so.1 => /lib/libselinux.so.1 (0x009c6000)
[email protected]:~$

My little ping app is not linked to too much in comparison is it?

shoggoth@shoggoth:~/Documents$ ldd ./pingme
	linux-gate.so.1 =>  (0x0034b000)
	libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x00de0000)
	/lib/ld-linux.so.2 (0x0018c000)

Will we ever completely replace the hard drive?

I  am wondering, if due to the popularity of the SSD solid state hard drives, are we going to see the end of the conventional hard disk with metal platters and read-write heads that skitter over the surface floating on a cushion of air. The SSD drives are getting better and better but do not have the capacity to match a standard hard disk. I would love to have a SSD if it had at least a 500GiB capacity and extremely fast read and write speeds, enabling a super fast boot time with Debian. They would only be very useful if they were reliable and long lasting. The TRIM function required by SSD drives on Linux is included in the 2.6.33 kernel and the ext4 filesystem is desired for installation on an SSD drive. Even if you did not install all of the operating system on the SSD, it would make an extremely good boot drive if you put the /boot partition on it then it could load the kernel & initrd off the fast solid state drive and that would boot the system very fast. If you included /lib on the SSD that would help as well.

Debian starts very fast with the 2.6.38.2 kernel supplied with Debian Unstable and this is the most recent kernel from the stable branch. Debian Unstable is the Debian repository for the latest versions of software that is not available in the Debian Stable repository, but the software in that branch in my experience is just as stable and reliable. Debian has come a long way since the Debian 3.0 “Woody” release on the 19th of July 2002. I have used that and it was extremely reliable and usable. The KDE 2 desktop was light years ahead of the bloated mess that it is now and the Konqueror file manager was preferable to the Dolphin file manager that KDE 4.5 uses now. And the text mode installer with ncurses screens was not too hard to use, the only hard thing was using dselect, but that just takes experience. Debian 6.0 with the graphical installer is even easier to setup and get working. You can just download the minimal installation ISO and install the rest of the packages from the http or an ftp site, but I downloaded the 4.3 GiB DVD ISO and installed Debian from that. The Youtube video I have included shows an old laptop loading Debian Linux 3.0 which takes me back. I have even had Xandros linux installed one time which was also a very good and fun Linux distribution.

Then there was Lindows Linux, which was re-named Linspire which was aimed at new users of Linux and gave people a stable and easy to use Linux desktop using KDE.

Linux still a better option than Windows.

http://www.walkernews.net/2007/06/22/download-official-redhat-linux-iso-image/

The link above is to the Redhat 6.2 Linux distribution, the first version of Linux I used. It ran very well on a Celeron 600 with 64MB of RAM and integrated graphics. Linux has come so far since it was first released, the desktop has gotten even easier to use and with the release of Ubuntu, the Linux desktop has become a reality for more and more users all over the world. Some schools are even installing Ubuntu instead of Windows. I am downloading a CD ISO of Redhat Linux 6.2 and I will be posting screenshots of the distribution running in Virtualbox very soon. That will be very interesting taking a look back at the older Linux distributions and how far we have come in all this time. I will actually make a Youtube video of Redhat 6,2 running and show off the very cool software that came with it. There were good games for Linux back in the day, but now we have Doom, Quake, Unreal Tournament original and UT 2003,2004 and Quake 3 and 4. There is a huge list of games for Linux and they are very good games, you can play the original Quake in the Darkplaces source port with greatly improved graphical quality and support for high-resolution graphics. Quake 4 has a native Linux client and a graphical installer. Linux is free of the malware and viruses that plague Windows systems and is almost as secure as the legendary OpenBSD UNIX operating system. There are HOWTOs that tell you how to write viruses for a Linux system infecting the ELF executable format used by Linux, I am not sure how many people actually have used that though, that is why you have NOVELL App-armor or NSA Selinux installed to combat these sorts of viruses.

But Windows is a target for malware and virus writers because it is so popular and has more security holes like Internet Explorer 6.0 which is still being used sadly. Even Internet Explorer 7.0 has a few bugs regarding CSS. Internet Explorer 9.0 is much, much better and supports just about all CSS and HTML 5.0. In the video I am linking to I am showing Internet Explorer running the ACID tests 1, 2 and 3 and it does very well, much better than IE 6 ever could. Getting back to Linux, there is also Wine, which I have used to run Command & Conquer Tiberian Sun perfectly well, and it can also run World of Warcraft although the setup is rather arcane and complex, but if you could run that game on a more secure and stable operating system then it would be worth all of the effort. It is disappointing that Unreal Tournament 2007 is not available on Linux, we will have to try running it in wine or contenting ourselves with the 2004 release, which is very good mind you, the 2004 version included driveable vehicles in the assault mode and flying craft you could man, which is very cool indeed. And as I said, it is a very good game for Linux along with Quake4. The first ever Linux distribution was MCC Interim Linux in 1992. The files of the distribution are still available and it was the first Linux distribution that was capable of being installed on a computer.

I have included this video explaining the origins of the Linux operating system as spoken my Linus Torvalds himself. He wanted a free version of the commercial UNIX and so he coded the free Linux kernel and created the free open-source operating system we have today. I hate to think of what the world would be like without a free operating system that is free of viruses and free of the annoying malware and adware that plagues the Windows systems of the world. Windows 7 when used with a limited user account is very secure and stable, but Linux will always be more secure than the closed source counterpart. Despite the bully boy tactics of Microsoft that had the machines in the OLPC project running Windows instead of Linux, it has been decided that Linux is best for the job and with improvements to power management code it is perfectly suited for the task of running on a cheap and relatively low specification machine. FreeBSD is also good for running on a laptop, but they decided on Linux and that is fine by me as developing countries need all of the help they can get and a free and open operating system instead of a closed and unreliable Windows installation is what they deserve. Microsoft only care about their bottom line and not the consumer anyway, Windows 7 is not too bad at all, but Windows XP is practically abandon-ware by now and should not be used these days unless your machine is very old, and then you would be better off with Xubuntu. Nowadays there is ulitelinux that is a very minimal installation of Ubuntu that can run on older machines and give them a new lease of life. If you are using a Ethernet modem to access the Internet like I am then you would not need to run Gnome in Linux and you could run Fluxbox or Lxde or even Blackbox and then you would hardly use any memory running such a sleek and fast desktop.

C program to write a string to a file.

I think I may have posted this before, but this is a little program I am working on that writes a text string to a file. I have got it to work perfectly and it compiles without errors using gcc -Wall.

/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
 
/********************************************************************
* Description:
* Author:  <shoggoth>
* Created at: Wed Jan 19 13:06:21 EST 2011
* Computer: myhost
* System: Linux 2.6.33-ARCH on x86_64
*
* Copyright (c) 2011   All rights reserved.
*
********************************************************************/
 
#include <stdio.h>
#include <time.h>
 
#define format "At this time: %H:%M:%S"
#define text "OP is a Troll."
 
int lineofstars (void) {
	int x = 0;
	while (x < 64) {
		printf("*");
		x++;
		if (x == 31) {
			printf("<|>");
		} else if (x == 64) {
			printf("\n-\n");
		}
	}
	return 0;
}
 
int main (int argc, char** argv) {
 
	lineofstars();
 
	char *File;
	char String[60];
	struct tm *ptr;
	time_t tm;
	char length[60];
 
	tm = time(NULL);
	ptr = localtime(&tm);
	strftime(length, 100, format, ptr);
 
	File = "log.txt";
	snprintf(String, 100, "%s, %s\n", length, text);
 
	FILE *f;
	f = fopen (File, "a+");
 
	if (!f) {
		printf("Sorry, I cannot open the file %s.\n", File);
		return 0;
	}
 
	fprintf(f, String);
 
	fflush(stdout);
	fclose(f);
 
	return 0;
}

And this is the ~/.xsession file I am currenty using when I want a minimal desktop. Larswm is the fastest desktop available for Linux and very minimal.

#!/bin/sh
 
#
# Copyright (c) 2004 Lars Bernhardsson, see README for licence details
#
# sample.xsession - Login script for larswm
#
 
# Clear root window settings and set background color
xsetroot && xsetroot -solid DarkSlateGrey
 
# 2nd screen
# xsetroot -display :0.1 && xsetroot -display :0.1 -solid lightgray
 
# Start a couple of tools
xload -geometry 96x48-0-0 &
xbiff -geometry 48x48-100-0 &
oclock -geometry 48x48-152-0 &
 
# Start a background job that feeds date/time to larswm
larsclock &
 
# Start wm.
exec larswm
[Ackley] took another look at my hat . . . "Up home we wear a hat like that to shoot deer in, for
Chrissake", he said. "That's a deer shooting hat."
Like hell it is. I took it off and looked at it. I sort of closed one eye, like I was taking aim at it.
"This is a people shooting hat," I said. "I shoot people in this hat."
	--The Catcher in the Rye, J.D Salinger. 1951.

Securing your GNU/Linux System.

Dragonfly BSD. One very secure operating system.Dragonfly BSD UNIX.This is running in qemu, the emulator for PC operating systems. It is a live CD and has the option to install the operating system or use the system as root. Once logged in you can use gcc and vi, all the familiar UNIX/GNU tools. I could get to like UNIX if it was easier to install. But it is better than Windows and much more fun to have a quick hacking session with. And that is good for the soul. If only SCO would go away and leave it alone. But there is also the macintosh but that is with a graphical interface abstracted from the underlying OS. Just a good looking toy, but without knowledge of the internals the users just us the point and click interface they rely on. But Dragonfly BSD has no point and click interface, just a simple root shell when running from the CD.

I am writing this page to put out some simple tips on securing your GNU/Linux box. Now let us get on with it.

I was setting up my OpenSuSE 10.2 system to use the KDM login manager and it would not let me login. I found out it was the fact I had compiled and installed bash version 3.2 as my shell and I had not added it to the /etc/shells file. Something to watch out for, and although I was still able to login at the text console I think this trying to give some security which is admirable, but does not
go all the way at all. But this shows what can happen if you are not careful. Having a password on the grub bootloader and sensible passwords on your user accounts will go a long way towards greater security. And make sure you use Blowfish encryption on your passwords as this gives the best encryption. There is a section on password protecting the grub menu file below.

Password Protecting your Grub menu file.

Here is a simple example of putting a password on your Grub menu file. Very good for security. Fedora Core 5 lets you set this up during installation, but I am using SUSE 10 as an example. Using the Yast setup tools.

color white/blue black/light-gray
default 0
timeout 10
# Password: ff64302c
password --md5 $1$BB3Frzzz$ks/5ciyxAazSumCMZVV961
title Linux 2.6.16
	root (hd0,0)
	kernel /boot/bzImage root=/dev/hda1 vga=0x307
	initrd /boot/initrd-Mythrandyr

See the screenshot here for an example
using the SUSE 10 Yast tools.

Below is an example using the grub command line. I am using the password ff64302c as an example of a good hard to guess password choice. But since I have used it here, do not use it yourself. Once you have an encrypted password string, put in the grub menu.lst file as shown above and then you will need to press `p` at the menu screen and enter the password to adjust any options and the kernel command line. The encrypted md5 string below is different from the one above as it uses random encryption and this is pretty good security. And I have put the plaintext password in my menu.lst example just to show what the password is, NEVER do this yourself. And this would not protect you if someone boots from a Linux rescue disk as shown in the next article about resetting your root password. Unless your hard disk partition is encrypted. But encrypting the root partition is not the easiest thing to do.

GNU GRUB  version 0.96  (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported.  For the first word, TAB
lists possible command completions.  Anywhere else TAB lists the possible
completions of a device/filename. ]
grub> md5crypt
Password: ********
Encrypted: $1$px/dT1$LDLCLc1sQLSQCmULletqN/
grub>

Resetting your root password in Suse 10.

If you have lost your root password in Suse 10.0 then all is not lost! Just boot from your SUSE 10 DVD and select the rescue system option, then login as root and type cd /mnt then type em>mkdir harddrive and mount -rw /dev/hda1 /mnt/hardrive then you can access the files on the hard disk. But we need to change the password, so type chroot /mnt/harddrive and then type: passwd root to change the root password.

Now you can type /sbin/init 6 to reboot and remove the CD/DVD and you will be able to login as root once again. I had to do a fresh installation of SUSE 10.0 and this happened to me when I set the password for root and promptly forgot it, so thankfully I was able to fix it. If only more Linux distros had such good rescue tools. You can use this method to affect many system settings if you accidentally fscked something up and needed to change the setting back. Using chroot, you set the root directory to the hard drive and can easily change the settings using the toolset available.

To make your system a little more secure, edit your /etc/hosts.deny file to look like this, and you will have a more secure system against port scanning.

# /etc/hosts.deny
# See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
# for a detailed description.
ALL : PARANOID ALL

And add just this line to /etc/hosts.allow.

#/etc/hosts.allow
ALL : LOCAL @localhost

Now your system will be safer from internet attack. Not impervious without disconnecting from the Internet but still a little safer. Below is the result of port scanning my machine with nmap after these settings have been enabled. Type cat /etc/protocols | grep tcp for example for information on what some port is running. GNU/Linux has a command for everything!

bash ~# nmap -v -sS -O localhost
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-03-09 13:38 EST
Initiating SYN Stealth Scan against knoppix.boxen (127.0.0.1) [1663 ports] at
13:38
Discovered open port 631/tcp on 127.0.0.1
The SYN Stealth Scan took 0.55s to scan 1663 total ports.
For OSScan assuming port 631 is open, 1 is closed, and neither are firewalled
Host knoppix.boxen (127.0.0.1) appears to be up ... good.
Interesting ports on knoppix.boxen (127.0.0.1):
(The 1662 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
631/tcp open  ipp
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 0.706 days (since Thu Mar  8 20:42:50 2007)
TCP Sequence Prediction: Class=random positive increments
Difficulty=3625530 (Good luck!)
IPID Sequence Generation: All zeros
Nmap finished: 1 IP address (1 host up) scanned in 3.505 seconds
Raw packets sent: 1679 (67.4KB) | Rcvd: 3364 (136KB)

Setting the security level in OpenSuSE 10.2.

To do this, you run chkstat -set /etc/permissions.secure, this will enable greater security levels for your systems. You can edit the files with vim and adjust the settings in the files to suit. When I set the secure level I could not start Xorg when typing “startx”. Xorg did not have permissions to manipulate the /var/log files. So this needs adjusting. But this is a good way to improve security and there are no problems if you use gdm and boot in runlevel 5.