First commit.
@ -0,0 +1,6 @@
|
||||
[submodule "vendor/lightslider"]
|
||||
path = vendor/lightslider
|
||||
url = https://github.com/sachinchoolur/lightslider.git
|
||||
[submodule "vendor/lightGallery"]
|
||||
path = vendor/lightGallery
|
||||
url = https://github.com/sachinchoolur/lightGallery.git
|
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
go get github.com/spf13/hugo
|
||||
$GOPATH/bin/hugo server --bind="::1" -w -D -v -t persona
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
date: 2014-04-12T00:00:00+01:00
|
||||
title: Afrika und die IT (german)
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
Auf der suche nach Afrika Projekten bin ich auf folgende Webseiten gestoßen:
|
||||
|
||||
#### Computer Projekte:
|
||||
|
||||
1. [Linux4Afrika.de](http://www.linux4afrika.de/ "Linux4Afrika") - Sammeln Computer in Deutschland, installieren darauf Linux (ThinClients + Server basierend)
|
||||
2. [linuxola.org](http://www.linuxola.org/) - Das selbe in der Schweiz
|
||||
3. [cihub.net](http://www.cihub.net/) - bittet einheimischen / Startups die Räumlichkeiten und Beratungsleistungen
|
||||
|
||||
#### Hilfsprojekte:
|
||||
|
||||
1. [Smile4](http://www.smile4.at) - Naturschutz, Medzinische Hilfe und Waisenhilfe in Madagaskar.
|
||||
2. [Eineweltgruppe](http://www.eineweltgruppe.at) - Hilfe zur selbsthilfe in Tansania.
|
||||
3. [ADRA](http://www.adra.org) - Weltweite Hilfsprojekte aller art (ein Projekt der Adventistischen Glaubensgemeinschaft).<!--more-->
|
@ -0,0 +1,32 @@
|
||||
---
|
||||
date: 2014-12-14T00:00:00+01:00
|
||||
description: Emulate a Hetzner root with mininet.
|
||||
tags:
|
||||
- hetzner
|
||||
- mininet
|
||||
title: Emulate a Hetzner root with mininet
|
||||
topics:
|
||||
- Development
|
||||
- golang
|
||||
---
|
||||
|
||||
I manage some root server from friends at Hetzner, as Hetzner has a "special" setup by blocking unknown Mac Addresses at theier switches, its not that easy to configure that.
|
||||
|
||||
The last days i played around with [OpenVSwitch](http://openvswitch.org/ "OpenVSwitch") (A Virtual Switch, featuring VLAN's, OpenFlow, Switch To Switch Tunnels).<!--more-->
|
||||
|
||||
OpenVSwitch would allow me to add features like **Firewall as a Service** or **IDS as a Service** and it also allows me to **link multiple Servers** together.
|
||||
|
||||
BUT these servers are all in production, i can't play on them, this is where [Mininet](http://mininet.org/ "Mininet") comes in use, it allows me to emulate a full network on a single VM, without touching these root Servers.
|
||||
|
||||
Have a look at this [Script](https://gist.github.com/pcdummy/9b9d1589289b649d8207 "hetzner.py") if you also need a lab to test your Hetzner Networking.
|
||||
|
||||
Setup from start:
|
||||
|
||||
1. At first get and install a [Mininet Download and Guide](http://mininet.org/download/ "Mininet Download and Guide") also see this [Guide](http://www.brianlinkletter.com/set-up-mininet/ "Mininet Setup guide by Brian Kletter")
|
||||
2. Learn howto use Mininet [Sample Workflow.](http://mininet.org/sample-workflow/ "Mininet Sample Workflow")
|
||||
3. Edit the Script parameters in "[root_network](https://gist.github.com/pcdummy/9b9d1589289b649d8207#file-hetzner-py-L257 "Script root_network")" (get the gw mac with `$ arp -n` on your root.
|
||||
4. Next copy the [Script](https://gist.github.com/pcdummy/9b9d1589289b649d8207 "Script") to your VM: `$ scp hetzner.py mininet@<vm-ip>:/home/mininet/` (you might want to use sshfs).
|
||||
5. Run hetzner.py as root `$ sudo ./hetzner.py`
|
||||
6. Play arround with it: `h1 ping gw`
|
||||
|
||||
Have fun and please tell me when you found bugs or you have improvement ideas.
|
@ -0,0 +1,26 @@
|
||||
---
|
||||
date: 2014-12-15T00:00:00+01:00
|
||||
title: Encrypt your Dropbox (or parts of it) on Linux
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
#### UPDATE: EncFS is considered to be insecure (see this [Audit](https://defuse.ca/audits/encfs.htm)), i will use eCryptFS instead, see this [manual](https://help.ubuntu.com/community/EncryptedPrivateDirectory). If you still want to use EncFS use [gnome-encfs-manager](http://www.libertyzero.com/GEncfsM/) instead of gnome-encfs below.
|
||||
|
||||
I have some sensetive Data on my Laptop i want to sync with other Computers i own, found this [Howto](http://www.makeuseof.com/tag/encrypt-dropbox-data-encfs-linux/ "How To Encrypt Your Dropbox Data With ENCFS [Linux] ") on howto do that. Theres also a Windows "port" of encfs - [safe](http://www.getsafe.org/about "Safe"), didn't test it tough.<!--more-->
|
||||
|
||||
#### This is what i did (on Linux Mint 17 64bit):
|
||||
|
||||
<pre><code class="bash">
|
||||
sudo apt-get install encfs
|
||||
cd ~/Downloads
|
||||
wget https://bitbucket.org/obensonne/gnome-encfs/raw/tip/gnome-encfs
|
||||
mv ~/exchange ~/exchange2
|
||||
sudo install gnome-encfs /usr/local/bin/
|
||||
mkdir ~/Dropbox/.encrypted_exchange ~/exchange
|
||||
encfs ~/Dropbox/.encrypted_exchange ~/exchange/ # answered "p for paranoia mode
|
||||
gnome-encfs -a ~/Dropbox/.encrypted_exchange/ ~/exchange # enter, then password, then Y
|
||||
cat /etc/mtab | grep encfs # Should give one line with /home/your_username/exchange
|
||||
cd ~/exchange && rsync -avP ~/exchang2/* .
|
||||
du -sh ~/exchange ~/Dropbox/.encrypted_exchange ~/exchange2 # All 3 folders should be a the same size
|
||||
# rm -r ~/exchange2 # Do this only if you have a backup!</code></pre>
|
@ -0,0 +1,46 @@
|
||||
---
|
||||
date: 2015-02-08T13:00:00+01:00
|
||||
title: First hugo post
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
Today i moved my wordpress blog to hugo, it will allow me to **post faster** use **less resources** and i can **share** my content **on [github](https://github.com/pcdummy/pc-dummy.net)**.
|
||||
|
||||
I've been using Markdown a lot recently to document my own stuff,
|
||||
now i'm able to just copy it to my blog and publish it.
|
||||
|
||||
<!--more-->[Hugo](gohugo.io/) is a open source tool written by [@spf13](https://github.com/spf13) in [go](http://golang.org/) that converts [Markdown](https://en.wikipedia.org/wiki/Markdown) documents into static pages or serves them as server.
|
||||
|
||||
#### Tools i've been using while converting:
|
||||
|
||||
- [Ubuntu GNU/Linux MATE](https://ubuntu-mate.org/) - The [MATE](http://mate-desktop.org/) flavor of Ubuntu GNU/Linux.
|
||||
|
||||
- [Atom.io](https://atom.io/) - I use Atom since some weeks, it has been a nice replacement for the shareware and closed source [Sublime](http://www.sublimetext.com/).
|
||||
|
||||
- [To-Markdown](https://domchristie.github.io/to-markdown/) - A useful HTML-to-Markdown converter, which I've been using while switching to Hugo.
|
||||
|
||||
- [gohugo.io source](https://github.com/spf13/hugo/tree/master/docs/) - gohugo.io runs trough Hugo and its source helped me alot to build this blog.
|
||||
|
||||
- On-liner to test trough all themes, **run in your sites root**:
|
||||
|
||||
<pre><code class="bash">
|
||||
for i in $(find themes/ -maxdepth 2 -iname 'theme.toml'); do \
|
||||
echo -e "\nCurrent Theme: $(expr match "$i" 'themes\/\(.*\)\/theme.toml')\n"; \
|
||||
hugo server --buildDrafts --watch \
|
||||
--theme=$(expr match "$i" 'themes\/\(.*\)\/theme.toml'); \
|
||||
done</code></pre>
|
||||
|
||||
#### This blog uses:
|
||||
|
||||
- [Ubuntu GNU/Linux Server](http://www.ubuntu.com/download/server) - Yes its a download link for a fully featured Server OS.
|
||||
|
||||
- [Nginx](https://en.wikipedia.org/wiki/Nginx) - A lightweight, fast and stable web server from [Igor Sysoev](https://en.wikipedia.org/wiki/Igor_Sysoev).
|
||||
|
||||
- Of course [Hugo](gohugo.io/) i also have a live preview of my whole site with it.
|
||||
|
||||
- [Purehugo theme](https://github.com/dplesca/purehugo) - A little modified.
|
||||
|
||||
- Client Side [Syntax highlighting](http://gohugo.io/extras/highlighting/) with [hightlight.js](https://highlightjs.org/)
|
||||
|
||||
- [Atom.io](https://atom.io/) - To create the pages/entries
|
@ -0,0 +1,490 @@
|
||||
---
|
||||
date: 2015-06-10T13:00:00+01:00
|
||||
title: My installation of Ubuntu Mate 15.04 (Vivid)
|
||||
author: pcdummy
|
||||
tags:
|
||||
- Ubuntu
|
||||
- My Installation
|
||||
- Crypto root
|
||||
- BTRFS
|
||||
- lxc
|
||||
---
|
||||
|
||||
This is my own documentation of my installation, i assume you have installed
|
||||
[Ubuntu Mate 14.10](/2015/04/05/install-ubuntu-trusty/) before.
|
||||
|
||||
**Grub** + **cryptoroot** + **BTRFS** works a lot better with **Vivid**, yeah!
|
||||
|
||||
#### Features
|
||||
|
||||
* Latest Ubuntu Mate
|
||||
* Encrypted disk
|
||||
* BTRFS root, home and stuff i keep between sys updates.<!--more-->
|
||||
|
||||
#### Install Linux from a livecd
|
||||
* Start from the livecd
|
||||
* Go to Control Center->Hardware->Keyboard and set the keyboard to german nodeadkeys
|
||||
* connect to the internet
|
||||
|
||||
#### Get root and install BTRFS Tools
|
||||
|
||||
sudo -s -H
|
||||
apt-get -y install btrfs-tools
|
||||
|
||||
#### Decrypt the root
|
||||
|
||||
cryptsetup --allow-discards luksOpen /dev/sda2 root
|
||||
|
||||
#### Create the root subvolume
|
||||
|
||||
mkdir /mnt/btrfs
|
||||
mount -o subvolid=0,compress=lzo,recovery,noatime /dev/mapper/root /mnt/btrfs
|
||||
btrfs subvolume create /mnt/btrfs/\@ubuntu_15.04
|
||||
|
||||
#### Mount the new Subvolume to /target
|
||||
|
||||
mkdir /target
|
||||
mount -o subvol=@ubuntu_15.04,compress=lzo,recovery,noatime /dev/mapper/root /target
|
||||
mkdir -p /target/var/lib/lxc
|
||||
mkdir -p /target/opt/mono
|
||||
mkdir -p /target/mnt/btrfs
|
||||
|
||||
#### Rsync /rofs to /target
|
||||
|
||||
rsync -avP /rofs /target
|
||||
|
||||
#### Copy stuff from 14.10 to 15.04
|
||||
|
||||
cp /etc/mtab /target/etc/
|
||||
|
||||
export from='/mnt/btrfs/@ubuntu_14.10'
|
||||
cp -a $from/etc/hosts /target/etc/
|
||||
cp -a $from/etc/hostname /target/etc/
|
||||
cp -a $from/etc/sysctl.conf /target/etc/
|
||||
cp -a $from/etc/sudoers /target/etc/
|
||||
cp -a $from/etc/crypttab /target/etc/
|
||||
cp -a $from/etc/fstab /target/etc/
|
||||
sed -i -e's/@ubuntu_14.10/@ubuntu_15.04/' /target/etc/fstab
|
||||
cp -a $from/etc/data_luks.key /target/etc/
|
||||
cp -a $from/etc/initramfs-tools/modules /target/etc/initramfs-tools
|
||||
cp -a $from/etc/NetworkManager/system-connections/* /etc/NetworkManager/system-connections/
|
||||
cp -pfra $from/etc/NetworkManager/dnsmasq.d/* /target/etc/NetworkManager/dnsmasq.d/
|
||||
cp -a $from/etc/samba/smb.conf /target/etc/samba/
|
||||
rsync -avP $from/etc/libvirt/ /target/etc/libvirt/
|
||||
|
||||
#### Chroot to /target
|
||||
|
||||
mount -o bind,rw /dev /target/dev
|
||||
mount -o bind,rw /proc /target/proc
|
||||
mount -o bind,rw /sys /target/sys
|
||||
mount -o bind,rw /dev/pts /target/dev/pts
|
||||
mount -o bind,rw /run /target/run
|
||||
|
||||
chroot /target /bin/bash
|
||||
|
||||
export TARGET_USERNAME=$SUDO_USER
|
||||
rm -f /usr/lib/locale/locale-archive
|
||||
locale-gen de_AT.UTF-8 en_US.UTF-8 de_AT en_US
|
||||
update-locale LANG=de_AT.UTF-8
|
||||
export LANG=de_AT.UTF-8
|
||||
dpkg-reconfigure keyboard-configuration
|
||||
dpkg-reconfigure tzdata
|
||||
|
||||
#### Make sure dhclient never updates resolv.conf
|
||||
See: http://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/
|
||||
|
||||
cat <<EOF > /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
|
||||
#!/bin/sh
|
||||
make_resolv_conf(){
|
||||
:
|
||||
}
|
||||
EOF
|
||||
cat /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate # check
|
||||
|
||||
#### Create your user
|
||||
|
||||
export TARGET_USERNAME="pcdummy"
|
||||
adduser --no-create-home ${TARGET_USERNAME}
|
||||
usermod -a --groups=sudo,cdrom,floppy,audio,dip,video,plugdev ${TARGET_USERNAME}
|
||||
passwd -l root
|
||||
usermod -a -G fuse ${TARGET_USERNAME}
|
||||
|
||||
#### Update the fresh install (still in chroot)
|
||||
|
||||
sed -i -e's/archive.ubuntu/ch.archive.ubuntu/g' /etc/apt/sources.list
|
||||
apt-get update && apt-get -yy dist-upgrade
|
||||
|
||||
#### Update grub.
|
||||
|
||||
cat <<'EOF' > /etc/default/grub
|
||||
GRUB_DEFAULT=0
|
||||
GRUB_TIMEOUT=10
|
||||
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 kopt=root=/dev/mapper/root quiet splash"
|
||||
#GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root"
|
||||
GRUB_ENABLE_CRYPTODISK=y
|
||||
GRUB_PRELOAD_MODULES="luks cryptodisk gcry_rijndael gcry_sha1"
|
||||
EOF'
|
||||
|
||||
update-grub
|
||||
|
||||
#### My favorite console text editor and aptitude.
|
||||
|
||||
apt-get -yy install vim vim-scripts aptitude
|
||||
update-alternatives --set editor /usr/bin/vim.basic
|
||||
|
||||
#### Remove live installer
|
||||
|
||||
apt-get -yy purge casper ubiquity && apt-get -yy autoremove
|
||||
|
||||
|
||||
#### German Language packs and suggestions
|
||||
|
||||
apt-get -yy install firefox-locale-de libreoffice-l10n-de thunderbird-locale-de hyphen-de libreoffice-help-de mythes-de thunderbird-gnome-support ttf-lyx myspell-de-at
|
||||
|
||||
|
||||
#### Nvidia driver.
|
||||
|
||||
apt-get update
|
||||
apt-get -yy install nvidia-settings nvidia-current
|
||||
nvidia-xconfig --no-logo
|
||||
|
||||
#### Install usefull stuff.
|
||||
Speed :)
|
||||
|
||||
sudo apt-get -y install readahead-fedora preload nscd
|
||||
|
||||
#### Reboot
|
||||
|
||||
reboot
|
||||
|
||||
|
||||
#### Gnome-encfs-manager
|
||||
|
||||
sudo add-apt-repository -y ppa:gencfsm/ppa
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install gnome-encfs-manager
|
||||
|
||||
#### [Atom](https://atom.io/) text editor
|
||||
[He](http://www.atomtips.com/atom-editor-vs-sublime-text/) explains my reasons to switch to Atom from Sublime quiet good
|
||||
|
||||
sudo add-apt-repository -y ppa:webupd8team/atom
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install atom nodejs git
|
||||
|
||||
#### Geany text editor
|
||||
|
||||
sudo aptitude install 'geany-plugins' geany-plugin-py geany-plugin-treebrowser geany-plugin-vc
|
||||
|
||||
#### Evernote on Linux
|
||||
|
||||
funktioniert nicht
|
||||
. sudo add-apt-repository -y ppa:vincent-c/nevernote
|
||||
. sudo apt-get update
|
||||
. sudo apt-get -y install nixnote
|
||||
|
||||
#### Virtual development environment
|
||||
|
||||
sudo add-apt-repository -y ppa:jacob/virtualisation
|
||||
sudo add-apt-repository -y ppa:ubuntu-lxc/lxc-stable
|
||||
sudo apt-get -y install libvirt-bin virt-manager qemu qemu-kvm qemu-system spice-client python-spice-client-gtk bridge-utils ebtables virt-top
|
||||
sudo apt-get -y install lxc cgmanager uidmap lxc-templates
|
||||
sudo apt-get -y install system-config-samba # To setup sharing's for windows guests.
|
||||
sudo usermod -a -G libvirtd $SUDO_USER
|
||||
|
||||
#### Playing with OpenVSwitch
|
||||
|
||||
sudo apt-get -y install openvswitch-switch ethtool
|
||||
|
||||
#### Git repository viewer
|
||||
|
||||
sudo apt-get -y install git-cola fldiff
|
||||
|
||||
#### KeePass 2: Password manager
|
||||
|
||||
sudo add-apt-repository -y ppa:dlech/keepass2-plugins
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install keepass2 mono-dmcs mono-complete libmono-system-management4.0-cil keepass2-plugin-rpc xul-ext-keefox xul-ext-keebird keepass2-plugin-keepasshttp
|
||||
|
||||
#### Go Development with [gvm](https://github.com/moovweb/gvm)
|
||||
install deps:
|
||||
|
||||
sudo apt-get install curl git mercurial make binutils bison gcc build-essential
|
||||
|
||||
#### Python Development with [PyEnv](https://github.com/yyuu/pyenv-installer)
|
||||
Nice howto on that from [davebehnke.com](http://davebehnke.com/python-pyenv-ubuntu.html)
|
||||
|
||||
sudo apt-get -y install python3-pip python3-dev python3-wheel python-tox python3-nose python3-coverage make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm
|
||||
|
||||
sudo add-apt-repository -y ppa:ytvwld/syncthing
|
||||
sudo add-apt-repository -y ppa:nilarimogard/webupd8
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install syncthing syncthing-gtk
|
||||
|
||||
#### Quassel IRC Client (git/development version!). I have a quassel-core (means server) somewhere in the wild.
|
||||
|
||||
sudo add-apt-repository -y ppa:mamarley/quassel-git
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install quassel-client
|
||||
|
||||
#### Skype
|
||||
|
||||
sudo dpkg --add-architecture i386
|
||||
sudo apt-get update
|
||||
wget -O skype-install.deb http://www.skype.com/go/getskype-linux-deb
|
||||
sudo dpkg -i skype-install.deb; sudo apt-get -f install
|
||||
rm -f skype-install.deb
|
||||
|
||||
#### Remote desktop (RDP+VNC) clients/managers - i use gnome-rdp and remmina (slowly switching over to remmina).
|
||||
|
||||
sudo apt-get -y install gnome-rdp remmina-plugin-rdp remmina-plugin-vnc libfreerdp-plugins-standard rdesktop xtightvncviewer
|
||||
|
||||
#### OpenVPN client
|
||||
|
||||
sudo apt-get -y install network-manager-openvpn-gnome
|
||||
|
||||
#### IPSec client
|
||||
|
||||
sudo apt-get -y install network-manager-vpnc-gnome
|
||||
|
||||
#### Tranmission Remote (for my apu1d4 :) )
|
||||
|
||||
sudo apt-get -y install transmission-remote-gtk
|
||||
|
||||
#### PHP Dev
|
||||
|
||||
sudo apt-get -y install php5-cli php5-pear php-dev php-apc
|
||||
|
||||
#### Java Web start (for Cisco ASDM)
|
||||
|
||||
sudo apt-get -y install icedtea-7-plugin
|
||||
|
||||
|
||||
#### Citrix Receiver
|
||||
|
||||
Goto https://receiver.citrix.com and download the .deb version
|
||||
|
||||
pushd .
|
||||
cd Downloads
|
||||
sudo dpkg -i icaclient_13.1.0.285639_amd64.deb; sudo apt-get install -f
|
||||
popd
|
||||
|
||||
|
||||
#### Audiograbber on Linux
|
||||
|
||||
sudo apt-get -y install install sound-juicer
|
||||
|
||||
#### Audio file tag editor
|
||||
|
||||
sudo apt-get -y install puddletag
|
||||
|
||||
#### Softether VPN
|
||||
|
||||
sudo add-apt-repository -y ppa:paskal-07/softethervpn
|
||||
sudo sed -i -e's|vivid|trusty|g' /etc/apt/sources.list.d/paskal-07-ubuntu-softethervpn-vivid.list
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install softether-vpnclient
|
||||
|
||||
sudo vpnclient start
|
||||
|
||||
|
||||
Create a VPN connection:
|
||||
|
||||
pcdummy@ThinkPad-T410:~$ vpncmd
|
||||
vpncmd command - SoftEther VPN Command Line Management Utility
|
||||
SoftEther VPN Command Line Management Utility (vpncmd command)
|
||||
Version 4.17 Build 9562 (English)
|
||||
Compiled 2015/05/30 17:41:38 by yagi at pc30
|
||||
Copyright (c) SoftEther VPN Project. All Rights Reserved.
|
||||
|
||||
By using vpncmd program, the following can be achieved.
|
||||
|
||||
1. Management of VPN Server or VPN Bridge
|
||||
2. Management of VPN Client
|
||||
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
|
||||
|
||||
Select 1, 2 or 3: 2
|
||||
|
||||
Specify the host name or IP address of the computer that the destination VPN Client is operating on.
|
||||
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
|
||||
Hostname of IP Address of Destination:
|
||||
|
||||
Connected to VPN Client "localhost".
|
||||
|
||||
VPN Client>AccountCreate
|
||||
AccountCreate command - Create New VPN Connection Setting
|
||||
Name of VPN Connection Setting: pcdummy.lan
|
||||
|
||||
Destination VPN Server Host Name and Port Number: apu1d4.home.pc-dummy.net:8888
|
||||
|
||||
Destination Virtual Hub Name: vpn.pcdummy.lan
|
||||
|
||||
Connecting User Name: jochumr
|
||||
|
||||
Used Virtual Network Adapter Name: 0
|
||||
|
||||
The command completed successfully.
|
||||
|
||||
|
||||
Create a Password:
|
||||
|
||||
VPN Client>Accountpasswordset
|
||||
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
|
||||
Name of VPN Connection Setting: pcdummy.lan
|
||||
|
||||
Please enter the password. To cancel press the Ctrl+D key.
|
||||
|
||||
Password: ********************
|
||||
Confirm input: ********************
|
||||
|
||||
|
||||
Specify standard or radius: standard
|
||||
|
||||
The command completed successfully.
|
||||
|
||||
|
||||
Connect the newly created "Account":
|
||||
|
||||
AccountConnect pcdummy.lan
|
||||
|
||||
|
||||
#### Wine with 32bit default
|
||||
|
||||
sudo apt-get -y install wine1.7 wine-gecko:i386 wine-mono:i386
|
||||
|
||||
# Set wine to 32bit by default
|
||||
cat <<EOF >> ~/.profile
|
||||
|
||||
# Set wine to 32bit
|
||||
WINEARCH=win32
|
||||
WINEPREFIX=$HOME/.wine32
|
||||
EOF
|
||||
|
||||
source $HOME/.profile
|
||||
|
||||
#### Filezilla
|
||||
|
||||
sudo apt-get -y install filezilla
|
||||
|
||||
#### Google Chrome OpenSource - Chromium
|
||||
|
||||
sudo apt-get -y install chromium-browser chromium-browser-l10n
|
||||
|
||||
#### Google Chrome
|
||||
|
||||
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
|
||||
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install google-chrome-stable
|
||||
|
||||
#### Salt client
|
||||
|
||||
sudo add-apt-repository -y ppa:saltstack/salt
|
||||
sudo apt-get update
|
||||
sudo apt-get -qy install salt-minion
|
||||
|
||||
#### Misc
|
||||
|
||||
sudo apt-get -y install sshfs unrar screen pwgen whois
|
||||
|
||||
#### LXC (Linux Container)
|
||||
|
||||
sudo add-apt-repository -y ppa:ubuntu-lxc/stable
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install lxc lxctl cgmanager uidmap
|
||||
|
||||
Default NAT Bridge:
|
||||
|
||||
sudo sh -c 'cat <<EOF > /etc/default/lxc-net
|
||||
USE_LXC_BRIDGE="true"
|
||||
LXC_BRIDGE="mlabnatbr0"
|
||||
LXC_ADDR="10.167.161.1"
|
||||
LXC_NETMASK="255.255.255.0"
|
||||
LXC_NETWORK="10.167.161.0/24"
|
||||
LXC_DHCP_RANGE="10.167.161.100,10.167.161.254"
|
||||
LXC_DHCP_MAX="153"
|
||||
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
|
||||
LXC_DOMAIN="mlabnat.pcdummy.lan"
|
||||
EOF'
|
||||
|
||||
|
||||
By default other lxc hosts will go over my NAT interface:
|
||||
|
||||
sudo sed -i -e's|lxc.network.link = lxcbr0|lxc.network.link = mlabnatbr0|' /etc/lxc/default.conf
|
||||
|
||||
Make `mlabnatbr0` the default for lxc:
|
||||
|
||||
sudo sh -c 'cat <<EOF > /etc/lxc/default.conf
|
||||
lxc.network.type = veth
|
||||
lxc.network.link = mlabnatbr0
|
||||
lxc.network.flags = up
|
||||
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
|
||||
EOF'
|
||||
|
||||
Install and configure radvd and dnsmasq for lxc `mlabnatbr0`:
|
||||
|
||||
sudo apt-get -y install radvd
|
||||
sudo sh -c 'cat <<EOF > /etc/radvd.conf
|
||||
interface mlabnatbr0
|
||||
{
|
||||
# Advertise
|
||||
AdvSendAdvert on;
|
||||
|
||||
# Maximum time between RAs
|
||||
MaxRtrAdvInterval 60;
|
||||
|
||||
AdvManagedFlag on;
|
||||
|
||||
prefix fd57:c87d:f1ee:ee01::1/64
|
||||
{
|
||||
# We are the only router. If we shut down, nobody else can route
|
||||
# this prefix -- tell clients about this.
|
||||
DeprecatePrefix on;
|
||||
};
|
||||
};
|
||||
EOF'
|
||||
|
||||
sudo sh -c 'cat <<EOF > /etc/lxc/dnsmasq.conf
|
||||
dhcp-range=::add:0:0:100,::add:0:0:1e3, constructor:mlabnatbr0, 12h
|
||||
|
||||
dhcp-option=option:all-subnets-local,1
|
||||
dhcp-option=option6:dns-server,[::]
|
||||
dhcp-option=option6:ntp-server,[::]
|
||||
dhcp-option=option:domain-search,mlabnat.pcdummy.lan
|
||||
EOF'
|
||||
|
||||
Create the lxd user and give him some permissions:
|
||||
|
||||
sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd # /bin/bash so i can "ssh lxd@localhost"
|
||||
sudo usermod -a -G lxd pcdummy
|
||||
# Give lxd 99 uid/gid ranges to map.
|
||||
for i in {1..99}; do
|
||||
sudo usermod --add-subuids ${i}00000-${i}65536 lxd
|
||||
sudo usermod --add-subgids ${i}00000-${i}65536 lxd
|
||||
done # This takes a while
|
||||
sudo mkdir /var/lib/lxd
|
||||
sudo chown lxd:lxd /var/lib/lxd
|
||||
sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/
|
||||
sudo sudo -H -u lxd sh -c 'cat <<EOF > /var/lib/lxd/.config/lxc/default.conf
|
||||
lxc.include = /etc/lxc/default.conf
|
||||
lxc.id_map = u 0 100000 65537
|
||||
lxc.id_map = g 0 100000 65537
|
||||
EOF'
|
||||
|
||||
Allow userspace containers to use the network interfaces:
|
||||
|
||||
echo 'lxd veth mlabnatbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
|
||||
echo 'lxd veth mlabbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
|
||||
|
||||
Restart lxc and lxc-net
|
||||
|
||||
sudo service lxc stop
|
||||
sudo service lxc-net restart
|
||||
sudo service lxc start
|
||||
|
||||
For "ssh lxd@localhost"
|
||||
|
||||
sudo apt-get -y install openssh-server
|
||||
sudo mkdir /var/lib/lxd/.ssh/
|
||||
sudo cp $HOME/.ssh/workkey.pub /var/lib/lxd/.ssh/authorized_keys
|
||||
sudo chown -R lxd:lxd /var/lib/lxd/.ssh/
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
date: 2013-02-10T00:00:00+01:00
|
||||
title: Linux (Gnome) and Android Phones
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
Ever wondered Howto Sync your Android 4 ICS Phone with Linux?
|
||||
|
||||
[Here](http://linuxundich.de/de/ubuntu/gvfs-update-ermoglicht-unter-ubuntulinux-endlich-den-bequemen-zugriff-auf-android-gerate-via-mtp/) is the solution in german.<!--more-->
|
@ -0,0 +1,85 @@
|
||||
---
|
||||
date: 2014-12-15T00:00:00+01:00
|
||||
title: Froxlor + Nginx + WordPress iThemes Rules
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
A short howto on setting up Wordpress iThemes Security with Froxlor and nginx.
|
||||
|
||||
<!--more-->Assuming you have this directory layout:
|
||||
|
||||
/var/customers/webs/[customer-name]/[domain-name]/htdocs
|
||||
|
||||
This is what i did to make it work on my froxlor installation:
|
||||
|
||||
1. Login to Froxlor as Administrator
|
||||
2. Impersonate your wordpress customer by clicking on Customers -> [his username]
|
||||
3. As Customer click on Domain -> Settings -> [the small edit pensil to edit this domain]
|
||||
4. Change "Openbasedir-Path" to "Homefolder" - this will **allow** PHP to **access** all files **from this customer**!
|
||||
5. Wait for the froxlor crontask or run it manually
|
||||
6. Login to your wordpress backend.
|
||||
7. Goto Security->Settings and search for nginx, change the nginx config path to "/var/customers/webs**/[customer-name]**/**[domain-name]**/nginx.conf" and save, it should give a message about a sucessfull write of the nginx.conf!
|
||||
8. Go back to the Froxlor Administrator Panel
|
||||
9. Go to Domains -> [small edit pensil to edit your customers domain]
|
||||
10. Insert "include /var/customers/webs/[customer-name]/[domain-name]/nginx.conf;" to his "Own vHost-Settings"
|
||||
11. Wait for the froxlor contask again.
|
||||
12. Voila, now you have improved yours/your customers wordpress installation even more.
|
||||
|
||||
### Deprecated Method:
|
||||
|
||||
Took me a while to convert the Nginx rules from iThemes to "plain" Text so i could past them into froxlor.
|
||||
|
||||
This is what came out.
|
||||
|
||||
<pre class="brush:plain;">
|
||||
# BEGIN iThemes Security
|
||||
# BEGIN Tweaks
|
||||
# Rules to block access to WordPress specific files and wp-includes
|
||||
location ~ /\.ht { deny all; }
|
||||
location ~ wp-config.php { deny all; }
|
||||
location ~ readme.html { deny all; }
|
||||
location ~ readme.txt { deny all; }
|
||||
location ~ /install.php { deny all; }
|
||||
location ^wp-includes/(.*).php { deny all; }
|
||||
location ^/wp-admin/includes(.*)$ { deny all; }
|
||||
|
||||
# Rules to prevent php execution in uploads
|
||||
location ^(.*)/uploads/(.*).php(.?){ deny all; }
|
||||
|
||||
# Rules to block unneeded HTTP methods
|
||||
if ($request_method ~* "^(TRACE|DELETE|TRACK)"){ return 403; }
|
||||
|
||||
# Rules to block suspicious URIs
|
||||
set $susquery 0;
|
||||
if ($args ~* "\.\./") { set $susquery 1; }
|
||||
if ($args ~* "\.(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; }
|
||||
if ($args ~* "etc/passwd") { set $susquery 1; }
|
||||
if ($args ~* "boot.ini") { set $susquery 1; }
|
||||
if ($args ~* "ftp:") { set $susquery 1; }
|
||||
if ($args ~* "http:") { set $susquery 1; }
|
||||
if ($args ~* "https:") { set $susquery 1; }
|
||||
if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; }
|
||||
if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; }
|
||||
if ($args ~* "base64_encode") { set $susquery 1; }
|
||||
if ($args ~* "(%24&x)") { set $susquery 1; }
|
||||
if ($args ~* "(127.0)") { set $susquery 1; }
|
||||
if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; }
|
||||
if ($args ~* "(request|insert|concat|union|declare)") { set $susquery 1; }
|
||||
if ($args !~ "^loggedout=true"){ set $susquery 0; }
|
||||
if ($args !~ "^action=jetpack-sso"){ set $susquery 0; }
|
||||
if ($args !~ "^action=rp"){ set $susquery 0; }
|
||||
if ($http_cookie !~ "^.*wordpress_logged_in_.*$"){ set $susquery 0; }
|
||||
if ($http_referer !~ "^http://maps.googleapis.com(.*)$"){ set $susquery 0; }
|
||||
if ($susquery = 1) { return 403; }
|
||||
|
||||
# Rules to help reduce spam
|
||||
location /wp-comments-post.php {
|
||||
valid_referers jetpack.wordpress.com/jetpack-comment/ *.smile4.at;
|
||||
set $rule_0 0;
|
||||
if ($request_method ~ "POST"){ set $rule_0 1$rule_0; }
|
||||
if ($invalid_referer) { set $rule_0 2$rule_0; }
|
||||
if ($http_user_agent ~ "^$"){ set $rule_0 3$rule_0; }
|
||||
if ($rule_0 = "3210") { return 403; }
|
||||
}
|
||||
# END Tweaks
|
||||
# END iThemes Security</pre>
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
date: 2013-02-22T00:00:00+01:00
|
||||
title: Nice Howto on OpenVPN and KVM (libvirt) bridges.
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
Nice Howto on OpenVPN and KVM (libvirt) bridges. [http://deathegg.student.utwente.nl/wiki/Knowledge:OpenVPN#Bridging_OpenVPN_.28Server.29](http://deathegg.student.utwente.nl/wiki/Knowledge:OpenVPN#Bridging_OpenVPN_.28Server.29)<!--more-->
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
date: 2015-02-23T00:00:00+01:00
|
||||
title: Home firewall (a pc-engines apu1d4)
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
{{< lightslider name="pc-engines_apu1d4" url="data/post/pc-engines_apu1d4.json" >}}
|
||||
<!--more-->
|
@ -0,0 +1,59 @@
|
||||
---
|
||||
date: 2014-12-15T00:00:00+01:00
|
||||
title: Restore lost data with Photorec
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
A friend of mine lost his NTFS Partition (think it was a power outage). As he has some data on it he needs, i tought about restoring it.
|
||||
<!--more-->
|
||||
Helpful Links:
|
||||
|
||||
* [Authors Step-by-Step Guide](http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step)
|
||||
* [German Ubuntu wiki article on Data Recovery](http://wiki.ubuntuusers.de/Datenrettung)
|
||||
|
||||
This is what i came out with:
|
||||
|
||||
1. Downloaded[ TestDisk (with Photorec)](http://www.cgsecurity.org/wiki/TestDisk_Download "TestDisk download")
|
||||
2. Extracted it.
|
||||
3. Made store directory on other disk: $ mkdir /media/<username>/<my_usb_disk>/<friends_name>
|
||||
4. run it as root: sudo photorec_static /media/<username>/<friends_disk>/the_dd_image_we_made_before.img
|
||||
5. I set it "whole" and "NTFS", after about 18 Hours it was over that 300GB.
|
||||
|
||||
To split the files up in **one directory per extension**:
|
||||
|
||||
<pre><code class="bash">
|
||||
cd /media/<username>/<my_usb_disk>;
|
||||
|
||||
# Create a list of Extensions found: http://stackoverflow.com/questions/1842254
|
||||
find <friends_name>/ -type f | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort -u > found_extensions.txt
|
||||
|
||||
#
|
||||
# You might want to edit the "found_extensions.txt" file you just generated,
|
||||
# - filter out crap
|
||||
# - remove duplicated extensions, the script below is case insensetive
|
||||
#
|
||||
|
||||
# Create the directory where we copy these files in one folder per extension.
|
||||
mkdir <friends_name>_extensions/
|
||||
cd <friends_name>_extensions/
|
||||
|
||||
# Now mkdir one directory per extension and copy of all files of this extension into it.
|
||||
|
||||
#!/bin/sh
|
||||
for i in $(cat ../found_extensions.txt); do
|
||||
count=$(find ../<friends_name>/ -type f -iname "*.$i" | wc -l)
|
||||
echo "Copying \"$count\" files for extension: $i..."
|
||||
mkdir -p $i
|
||||
for src in $(find ../<friends_name>/ -type f -iname "*.$i"); do
|
||||
dest=$i/$(basename $src)
|
||||
if [ ! -f "$dest" ]; then
|
||||
echo "Copying \"$src\" to \"$dest\""
|
||||
cp $src $dest # Use mv here instead of cp if you known what you do.
|
||||
elif ! $(cmp -s $src $dest); then
|
||||
echo "Overwriting \"$dest\" with \"$src\""
|
||||
cp $src $dest
|
||||
fi
|
||||
done
|
||||
done
|
||||
</code></pre>
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
date: 2015-01-10T00:00:00+01:00
|
||||
title: Save some bandwith with squid as transparent proxy and apt-cacher-ng as peer.
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
[This](http://portablejim.now.im/tips/95-squidandaptcacherng.html) howto helped me on saving Bandwith at home. :)
|
||||
|
||||
I'm using a lot Vagrant boxes, provisioning takes a lot bandwith, with the setup above i have a cache in between. :-)
|
@ -0,0 +1,208 @@
|
||||
---
|
||||
date: 2013-01-26T00:00:00+01:00
|
||||
title: Syscp to Foxlor move on Ubuntu 12.10 with high security.
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
Today i switched our (mine and my uncles) WebServer from
|
||||
|
||||
- [**SysCP**](http://syscp.org "SysCP") (modified by me), **apache2**, **apache2-mpm-itk**, **libapache2-mod-php5**, **proftpd**
|
||||
|
||||
To:
|
||||
|
||||
- [**Froxlor**](http://www.froxlor.org/ "Froxlor") (git master), **nginx**, **php5-fpm**, **vsftpd** (with libpam-mysql and libnss-mysql-bg)
|
||||
|
||||
<!--more-->I had nginx with php5-fpm running as second install, i also have it running on a high volume website. It's a dream!
|
||||
|
||||
This is a shared web Server so i tought a lot about its security (which we had before by mpm-itk).
|
||||
|
||||
The main thing to think about was PHP, there are a lot bugs in PHP written Software and "crackers"
|
||||
|
||||
love to hack PHP Sites.
|
||||
|
||||
The Solution for this was for us to run one php5-fpm for every customer, froxlor makes it easy to do so.
|
||||
|
||||
First replace ProFTPd with vsftpd with libpam-mysql ( libpam-ldap for a [bug](http://ubuntuforums.org/showthread.php?t=1937131) ), stolen [here.](http://forum.froxlor.org/index.php?/topic/569-solved-froxlor-0915-vsftpd-moglich/)
|
||||
|
||||
apt-get install vsftpd libpam-mysql libpam-ldap
|
||||
|
||||
Replace `/etc/pam.d/vsftpd` (still with the syscp backend):
|
||||
|
||||
auth required pam_mysql.so user=syscp passwd=<YOUR_MYSQL-SYSCP_PASSWORD> host=localhost db=syscp table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 verbose=1
|
||||
account required pam_mysql.so user=syscp passwd=<YOUR_MYSQL-SYSCP_PASSWORD> host=localhost db=syscp table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 verbose=1`
|
||||
|
||||
Replace `/etc/vsftpd.conf`:
|
||||
|
||||
listen=YES
|
||||
|
||||
dual_log_enable=YES
|
||||
log_ftp_protocol=YES
|
||||
xferlog_enable=YES
|
||||
|
||||
anonymous_enable=NO
|
||||
local_enable=YES
|
||||
check_shell=NO
|
||||
|
||||
virtual_use_local_privs=YES
|
||||
|
||||
connect_from_port_20=YES
|
||||
secure_chroot_dir=/var/run/vsftpd/empty
|
||||
pam_service_name=vsftpd
|
||||
|
||||
guest_username=www-data
|
||||
guest_enable=NO
|
||||
chroot_local_user=YES
|
||||
hide_ids=YES
|
||||
|
||||
write_enable=YES
|
||||
use_localtime=YES
|
||||
local_umask=022
|
||||
dirmessage_enable=YES
|
||||
|
||||
# local_root=/var/kunden/webs/$USER
|
||||
# See: http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
|
||||
# allow_writeable_chroot=YES
|
||||
|
||||
user_sub_token=$USER
|
||||
nopriv_user=www-data
|
||||
|
||||
Restart vsftpd:
|
||||
|
||||
/etc/init.d/vsftpd restart
|
||||
|
||||
Test it with your local ftp client.
|
||||
|
||||
Install Froxlor
|
||||
|
||||
|
||||
apt-get install git
|
||||
cd /var/kunden/webs/Server
|
||||
git clone https://github.com/Froxlor/Froxlor webadmin.<yourdomain.com>
|
||||
|
||||
Create /etc/nginx/sites-available/webadmin.<yourdomain.com> ( i have the "upstream" php5-fpm defined somewhere else ).
|
||||
|
||||
server {
|
||||
listen <your_ip>:80;
|
||||
server_name webadmin.<yourdomain.com>;
|
||||
|
||||
root /var/kunden/webs/Server/webadmin.<yourdomain.com>;
|
||||
index index.html index.php;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xls)$ {
|
||||
access_log off;
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^(.*)$ /index.php$1 last;
|
||||
}
|
||||
|
||||
location ~ "^(.+\.php)(.*)$" {
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_pass php5-fpm;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
||||
|
||||
Enable the config, test it and restart nginx.
|
||||
|
||||
ln -s /etc/nginx/sites-available/webadmin.<yourdomain.com> /etc/nginx/sites-enabled/001-webadmin.<yourdomain.com>
|
||||
nginx -t
|
||||
/etc/init.d/nginx restart
|
||||
|
||||
See this [guide](http://redmine.froxlor.org/projects/froxlor/wiki/Upgrading_to_or_updating_Froxlor) on howto upgrade from syscp to froxlor:
|
||||
|
||||
(i did it my way tm - installed froxlor, then i replaced the db with the one from syscp)
|
||||
|
||||
Now go to http://webadmin.yourdomain.com and migrate the syscp data,
|
||||
|
||||
after the migration you should configure the webserver to nginx.
|
||||
|
||||
Froxlor - nginx settings:
|
||||
|
||||
[![froxlor-nginx-settings](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-nginx-settings-300x161.jpg)](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-nginx-settings.jpg)
|
||||
|
||||
Froxlor - phpfpm settings:
|
||||
[![froxlor-phpfpm-settings](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-phpfpm-settings-300x137.jpg)](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-phpfpm-settings.jpg)
|
||||
|
||||
Run cron_tasks.php for the first time and check its output for errors:
|
||||
|
||||
/usr/bin/php -q /var/kunden/webs/Server/webadmin.<your-domain.com>/scripts/cron_tasks.php
|
||||
|
||||
Create a new MySQL user "**vsftpd**" and give him
|
||||
|
||||
SELECT rights on the tables **froxlor.ftp_users**,** froxlor.ftp_groups**
|
||||
|
||||
Replace `/etc/pam.d/vsftpd` again (now with the froxlor backend)
|
||||
|
||||
<pre>
|
||||
`auth required pam_mysql.so user=vsftpd passwd=<YOUR-VSFTPD-MYSQL-PASS> host=localhost db=froxlor table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1
|
||||
account required pam_mysql.so user=vsftpd passwd=<YOUR-VSFTPD-MYSQL-PASS> host=localhost db=froxlor table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1`</pre>
|
||||
|
||||
Restart `vsftpd`:
|
||||
|
||||
/etc/init.d/vsftpd restart
|
||||
|
||||
Test with your local ftp client.
|
||||
|
||||
Can't remember why but i had to replace `libnss-mysql` with `libnss-mysql-bg`
|
||||
|
||||
This is the config `/etc/libnss-mysql.cfg` for it if you need it.
|
||||
|
||||
getpwnam SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
|
||||
FROM ftp_users \
|
||||
WHERE username='%1$s' \
|
||||
ORDER BY id ASC \
|
||||
LIMIT 1
|
||||
|
||||
getpwuid SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
|
||||
FROM ftp_users \
|
||||
WHERE uid='%1$u' \
|
||||
ORDER BY id ASC
|
||||
LIMIT 1
|
||||
|
||||
getspnam SELECT username,password,'1','0','99999','0','0','-1','0' \
|
||||
FROM ftp_users \
|
||||
WHERE username='%1$s' \
|
||||
ORDER BY id ASC
|
||||
LIMIT 1
|
||||
|
||||
getpwent SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
|
||||
FROM ftp_users
|
||||
|
||||
getspent SELECT username,password,'1','0','99999','0','0','-1','0' \
|
||||
FROM ftp_users
|
||||
|
||||
getgrnam SELECT groupname,'empty',gid \
|
||||
FROM ftp_groups \
|
||||
WHERE groupname='%1$s' \
|
||||
LIMIT 1
|
||||
|
||||
getgrgid SELECT groupname,'empty',gid \
|
||||
FROM ftp_groups \
|
||||
WHERE gid='%1$u' \
|
||||
LIMIT 1
|
||||
|
||||
getgrent SELECT groupname,'empty',gid \
|
||||
FROM ftp_groups
|
||||
|
||||
memsbygid SELECT members \
|
||||
FROM ftp_groups \
|
||||
WHERE gid='%1$u'
|
||||
|
||||
gidsbymem SELECT gid \
|
||||
FROM ftp_groups \
|
||||
WHERE groupname='%1$s'
|
||||
|
||||
host localhost
|
||||
database vsftpd
|
||||
username vsftpd
|
||||
password <your-vsftpd-pass-here>
|
||||
|
||||
`/etc/libnss-mysql-root.cfg`
|
||||
|
||||
username vsftpd password <your-vsftpd-pass-here>
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
date: 2013-01-28T00:00:00+01:00
|
||||
title: T Surge's introduction to Virtualbox (Run Windows Virtual on top of Linux)
|
||||
author: pcdummy
|
||||
---
|
||||
|
||||
Virtual Box (VBox in short) from Oracle is a great technology that helps us to install multiple operating systems on a machine and run them side by side. Hence it is called a Virtualization Software.
|
||||
|
||||
read more [here](http://tsurge.wordpress.com/2013/01/26/introduction-to-virtualbox/)
|
||||
|
||||
<!--more--> [![windows_on_linux](http://rene.jochums.at/wp-content/uploads/2013/01/windows_on_linux-300x151.png)](http://rene.jochums.at/wp-content/uploads/2013/01/windows_on_linux.png)
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
date: 2013-08-13T00:00:00+01:00
|
||||
title: Ubuntu 13.04 und Postfix 2.10
|
||||
author: pcdummy
|
||||
|
||||
---
|
||||
|
||||
Nachdem ich jetzt einen Tag nach einer Lösung gesucht warum mein Postfix immer ein 5.7.1 Relay Access Denied ausspuckt... hier die Lösung:
|
||||
|
||||
[https://bbs.archlinux.org/viewtopic.php?id=158020](https://bbs.archlinux.org/viewtopic.php?id=158020)
|
||||
|
||||
Aus `smtpd_recipient_restrictions` wird `smtpd_relay_restrictions`<!--more-->
|
@ -0,0 +1,111 @@
|
||||
---
|
||||
date: 2015-01-25T14:00:00+01:00
|
||||
title: HOWTO - Prepare a minimal lxc image for salt
|
||||
author: pcdummy
|
||||
tags:
|
||||
- HOWTO
|
||||
- Ubuntu
|
||||
- BTRFS
|
||||
- lxc
|
||||
---
|
||||
|
||||
These are basic commands i use to prepare a minimal lxc image for saltstack.<!--more-->
|
||||
|
||||
**Login as lxd**
|
||||
|
||||
if you have got a unprivileged install like me.
|
||||
|
||||
$ ssh lxd@localhost
|
||||
|
||||
**Download the Image**
|
||||
|
||||
I use the btrfs [backing store](https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-backinstores) driver here, see its [man page](http://man7.org/linux/man-pages/man1/lxc-create.1.html) for more.
|
||||
|
||||
$ lxc-create -B btrfs -t download -n trusty64 -- -d ubuntu -r trusty -a amd64
|
||||
|
||||
**Start and attach**
|
||||
|
||||
lxc-start -n trusty64
|
||||
lxc-attach -n trusty64
|
||||
|
||||
**Upgrade the base system**
|
||||
|
||||
You'r now in the machine, its like *chroot* on *steroids*
|
||||
|
||||
apt-get update && apt-get -qy dist-upgrade
|
||||
|
||||
**Install openssh-server**
|
||||
|
||||
apt-get -qy install openssh-server
|
||||
|
||||
**Install salt-minion**
|
||||
|
||||
apt-get -qy install software-properties-common
|
||||
add-apt-repository -y ppa:saltstack/salt
|
||||
apt-get update
|
||||
apt-get -qy install salt-minion
|
||||
|
||||
**Configure salt-minion for the first connect**
|
||||
|
||||
I enable ```IPv6``` here as i use a IPv6 only network to play around.
|
||||
|
||||
service salt-minion stop
|
||||
echo -e "master: salt\nipv6: True" > /etc/salt/minion.d/master.conf
|
||||
rm -rf /etc/salt/minion_id /etc/salt/pki/
|
||||
|
||||
**Remove ssh keys, let salt provision it**
|
||||
|
||||
rm -f /etc/ssh/ssh_host_*_key*
|
||||
|
||||
**Set the hostname to FQDN so you have it later with a Domain in your saltmaster**
|
||||
|
||||
Replace ```lxc.example.lan``` with the domain you have in ```/etc/default/lxc-net```
|
||||
|
||||
$ sed -i -e's|trusty64|trusty64.lxc.example.lan|' /etc/hosts
|
||||
|
||||
**Delete default "ubuntu" user (want salt to provision the id:1000 user)**
|
||||
|
||||
$ userdel -rf ubuntu
|
||||
|
||||
**Now** get back on your machine:
|
||||
|
||||
$ exit
|
||||
|
||||
**and** stop the base image you must made:
|
||||
|
||||
$ lxc-stop -n trusty64
|
||||
|
||||
### Do this every time you need a new testing/production machine
|
||||
**Clone it and let your salt master provision it :)**
|
||||
|
||||
I use the [snapshot](http://man7.org/linux/man-pages/man1/lxc-clone.1.html) feature here.
|
||||
|
||||
replace ```jupiter``` with your own hostname.
|
||||
|
||||
$ lxc-clone -s trusty64 jupiter
|
||||
$ lxc-start -n jupiter
|
||||
|
||||
**Get info from your new machine**
|
||||
|
||||
$ lxc-ls -f
|
||||
|
||||
**On the Master**
|
||||
|
||||
$ salt-key -a 'jupiter.*'
|
||||
|
||||
If you have a firewalled development saltmaster you may want to activate [auto_accept](http://docs.saltstack.com/en/latest/ref/configuration/master.html#auto-accept)
|
||||
|
||||
**Wanna do it again?**
|
||||
|
||||
Destroy the machine (**as lxd@localhost**)
|
||||
|
||||
$ lxc-destroy -n jupiter
|
||||
|
||||
Remove the key on the Master
|
||||
|
||||
$ salt-key -d 'jupiter.*'
|
||||
|
||||
Clone it again and let the master provision it (**again as lxd@localhost**)
|
||||
|
||||
$ lxc-clone -s trusty64 jupiter
|
||||
$ lxc-start -n jupiter
|
@ -0,0 +1,169 @@
|
||||
---
|
||||
date: 2015-01-25T13:00:00+01:00
|
||||
title: HOWTO - Install lxc and prepare it for a unprivileged user
|
||||
author: pcdummy
|
||||
tags:
|
||||
- HOWTO
|
||||
- Ubuntu
|
||||
- BTRFS
|
||||
- lxc
|
||||
---
|
||||
|
||||
Very good to read [Official LXC 1.0 Howtos](https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/)!
|
||||
|
||||
This howto is based on: [LXC 1.0: Unprivileged containers [7/10]](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/)
|
||||
|
||||
I started to play around with [LXD (pronounced lex-dee)](https://github.com/lxc/lxd) but its not usable IMHO yet, thats why my lxc **unpriviliged** user is called lxd.
|
||||
|
||||
Replace **lxd** with any other user, maybe ```yours```? <!--more-->
|
||||
|
||||
**Install the latest stable lts kernel**
|
||||
|
||||
$ sudo apt-get -y install linux-image-utopic-lts
|
||||
|
||||
**Enable "memory swapaccount" [found here](http://www.flockport.com/start/)**
|
||||
|
||||
Edit **/etc/default/grub**
|
||||
|
||||
$ gksudo gedit /etc/default/grub
|
||||
|
||||
Replace GRUB_CMDLINE_LIINUX_DEFAULT="quiet splash" with:
|
||||
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"
|
||||
|
||||
**Or** use **sed** (i have a LUKS encrypted disk, ```quiet splash``` is buggy):
|
||||
|
||||
$ sed -i -e's|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"|' /etc/default/grub
|
||||
|
||||
|
||||
Then **update grub**:
|
||||
|
||||
$ sudo update-grub
|
||||
|
||||
And **reboot**:
|
||||
|
||||
$ sudo reboot
|
||||
|
||||
**Install LXC from the the *daily* ppa**
|
||||
|
||||
I use the *daily* ppa for the latest lxc-features here on my testing laptop.
|
||||
|
||||
$ sudo add-apt-repository -y ppa:ubuntu-lxc/daily
|
||||
$ sudo apt-get update
|
||||
$ sudo apt-get -y install lxc cgmanager uidmap lxc-templates
|
||||
|
||||
[LXCFS](https://linuxcontainers.org/lxcfs/introduction/) seems to be unstable here, remove it:
|
||||
|
||||
$ sudo apt-get -y purge lxcfs
|
||||
|
||||
**BRTFS and "unprivileged users"**
|
||||
|
||||
You will need the ```user_subvol_rm_allowed``` option, if you use BTRFS like me as mentioned in [issue #210](https://github.com/lxc/lxc/issues/210)
|
||||
|
||||
This is my **/etc/fstab** entry:
|
||||
|
||||
/dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0
|
||||
|
||||
My **full** /etc/fstab:
|
||||
|
||||
# /etc/fstab: static file system information.
|
||||
#
|
||||
# Use 'blkid' to print the universally unique identifier for a
|
||||
# device; this may be used with UUID= as a more robust way to name devices
|
||||
# that works even if disks are added and removed. See fstab(5).
|
||||
#
|
||||
# <file system> <mount point> <type> <options> <dump> <pass>
|
||||
/dev/mapper/root / btrfs subvol=@ubuntu_14.10,compress=lzo,recovery,noatime 0 0
|
||||
/dev/sda1 /boot ext3 defaults 0 0
|
||||
/dev/mapper/root /home btrfs subvol=@home,compress=lzo,recovery,noatime 0 0
|
||||
/dev/mapper/root /opt/mono btrfs subvol=@mono,compress=lzo,recovery,noatime 0 0
|
||||
/dev/mapper/root /var/lib/lxc btrfs subvol=@lxc,compress=lzo,recovery,noatime 0 0
|
||||
/dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0
|
||||
/dev/mapper/data /data xfs noatime,nobootwait 0 0
|
||||
/dev/mapper/swap none swap defaults,nobootwait 0 0
|
||||
|
||||
# To modify the btrfs ($ btrfs subvolume create /mnt/btrfs/ or $ copy -ax --reflink=always /mnt/btrfs/@src/. /mnt/btrfs/@dest)
|
||||
/dev/mapper/root /mnt/btrfs btrfs subvolid=0,compress=lzo,recovery,noatime,noauto 0 0
|
||||
|
||||
**Create the user ```lxd```**
|
||||
|
||||
A valid shell so i can "ssh lxd@localhost", see this [Permission denied](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183371)
|
||||
|
||||
$ sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd
|
||||
|
||||
**Give lxd 99 uid/gid ranges to map.**
|
||||
|
||||
$ for i in {1..99}; do \
|
||||
sudo usermod --add-subuids ${i}00000-${i}65536 lxd \
|
||||
sudo usermod --add-subgids ${i}00000-${i}65536 lxd \
|
||||
done # This takes a while
|
||||
|
||||
**Create a basic config for that new user**
|
||||
|
||||
$ sudo mkdir /var/lib/lxd
|
||||
$ sudo chown lxd:lxd /var/lib/lxd
|
||||
$ sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/
|
||||
|
||||
$ sudo sudo -H -u lxd sh -c 'cat <<EOF > /var/lib/lxd/.config/lxc/default.conf
|
||||
lxc.include = /etc/lxc/default.conf
|
||||
lxc.id_map = u 0 100000 65537
|
||||
lxc.id_map = g 0 100000 65537
|
||||
EOF'
|
||||
|
||||
|
||||
**Install openssh-server so you can ```$ ssh lxd@localhost```**
|
||||
|
||||
Again see this see this [Permission denied](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183371) bug, i got into.
|
||||
|
||||
$ sudo apt-get -y install openssh-server
|
||||
|
||||
**and** copy your public key
|
||||
|
||||
|
||||
$ sudo mkdir /var/lib/lxd/.ssh/
|
||||
$ sudo cp $HOME/.ssh/id_ecdsa.pub /var/lib/lxd/.ssh/authorized_keys
|
||||
$ sudo chown -R lxd:lxd /var/lib/lxd/.ssh/
|
||||
|
||||
**Set the domain for your LXC Machines**
|
||||
|
||||
This is from [seminar.io](http://seminar.io/2014/07/27/dns-resolution-for-lxc-in-ubuntu-trusty/)
|
||||
|
||||
To supply all your LXC machines the same Domainname set ```LXC_DOMAIN``` in ```/etc/default/lxc-net```
|
||||
|
||||
$ gksudo gedit /etc/default/lxc-net
|
||||
|
||||
Uncomment ```LXC_DOMAIN="lxc"``` **and** change ```lxc``` to something else **if** you want another domain for your hosts than ```lxc```.
|
||||
|
||||
**or** use sed UNTESTED:
|
||||
|
||||
$ sudo sed -i -e's|# LXC_DOMAIN="lxc"|LXC_DOMAIN="lxc.example.lan"|' /etc/default/lxc-net
|
||||
|
||||
To have that domain on your computer you need to **change** the NetworkManager **dnsmasq**
|
||||
|
||||
$ echo 'server=/lxc.example.lan/10.0.3.1' | sudo tee -a /etc/NetworkManager/dnsmasq.d/lxc.conf
|
||||
|
||||
This will redirect DNS queries for ```*.lxc.example.lan``` hosts to the ```dnsmasq``` instance running on 10.0.3.1 that manage DHCP and DNS for containers.
|
||||
|
||||
**Now** restart lxc-net and NetworkManager
|
||||
|
||||
$ sudo service lxc-net stop
|
||||
$ sudo service lxc-net start
|
||||
$ sudo service network-manager restart
|
||||
|
||||
For the ```lxc-net``` service you can't use the ```restart``` command, you must use the ```stop/start``` commands to reload the configuration.
|
||||
|
||||
**Allow the unprivileged ```lxd``` user to create machines witch use the ```lxcbr0``` interface**
|
||||
|
||||
$ echo 'lxd veth lxcbr0 100'| sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
|
||||
$ sudo service lxc restart
|
||||
|
||||
**Usefull commands**
|
||||
|
||||
|
||||
Get CPU, Disk and Memory Usage of your containers
|
||||
|
||||
$ lxc-top
|
||||
|
||||
**Now create your first base image**
|
||||
|
||||
[Prepare a minimal lxc image for salt](/docs/ubuntu-lxc-image.md)
|
@ -0,0 +1,15 @@
|
||||
---
|
||||
date: 2013-01-28T00:00:00+01:00
|
||||
title: Youtube and youtube-mp3.org
|
||||
author: pcdummy
|
||||
---
|
||||
|
||||
Today i tried to Download some great songs from one of my favorite Artists, [Alex Boyle.](https://www.youtube.com/user/ALEXBOYETV)
|
||||
|
||||
This is what i got on some of them:
|
||||
[![Youtube-mp3.org](/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png)](/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png)
|
||||
|
||||
<!--more-->Youtube limits the external Tools, so you can't convert/download all the videos,
|
||||
you would like to. I can imagine why Youtube has to do so, but its against **Freedom** isn't it?
|
||||
|
||||
Please vote [here](http://www.change.org/petitions/youtube-googlede-allow-third-party-recording-tools-for-youtube-freedomonyoutube#) if you think as i do, help the great people at Youtube to give us more Freedom.
|
@ -0,0 +1,55 @@
|
||||
{
|
||||
"settings": {
|
||||
"item": 1,
|
||||
"thumbItem": 5,
|
||||
"slideMargin": 0,
|
||||
"currentPagerPosition": "left",
|
||||
"slideMove":1,
|
||||
"easing": "cubic-bezier(0.25, 0, 0.25, 1)",
|
||||
"speed": 600,
|
||||
"responsive": [
|
||||
{
|
||||
"breakpoint": 800,
|
||||
"settings": {
|
||||
"item": 3,
|
||||
"slideMove": 1,
|
||||
"slideMargin": 6
|
||||
}
|
||||
},
|
||||
{
|
||||
"breakpoint": 480,
|
||||
"settings": {
|
||||
"item": 2,
|
||||
"slideMove": 1
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"items": [
|
||||
{
|
||||
"full": "/static/content/post/pc-engines_apu1d4/small/box.jpg",
|
||||
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/box.jpg",
|
||||
"alt": "In the box"
|
||||
},
|
||||
{
|
||||
"full": "/static/content/post/pc-engines_apu1d4/small/unboxed.jpg",
|
||||
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg",
|
||||
"alt": "Unboxed"
|
||||
},
|
||||
{
|
||||
"full": "/static/content/post/pc-engines_apu1d4/small/case.jpg",
|
||||
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/case.jpg",
|
||||
"alt": "Case only"
|
||||
},
|
||||
{
|
||||
"full": "/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg",
|
||||
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg",
|
||||
"alt": "Case and board"
|
||||
},
|
||||
{
|
||||
"full": "/static/content/post/pc-engines_apu1d4/small/assembled.jpg",
|
||||
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg",
|
||||
"alt": "Assembled"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
|
||||
<section class="left_sidebar_content_area">
|
||||
{{ partial "_widgets/menu.html" . }}
|
||||
{{ partial "_widgets/social.html" . }}
|
||||
{{ partial "_widgets/simpletaglist.html" . }}
|
||||
{{ partial "_widgets/copyright.html" . }}
|
||||
</section>
|
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 55 KiB |
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 57 KiB |
After Width: | Height: | Size: 65 KiB |
After Width: | Height: | Size: 60 KiB |
After Width: | Height: | Size: 29 KiB |
After Width: | Height: | Size: 605 B |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 36 KiB |
@ -0,0 +1 @@
|
||||
Subproject commit 0236ad871f1144f6d0abd7d88fde180136953f58
|
@ -0,0 +1 @@
|
||||
Subproject commit 15e254510a09975dee1ae47759326eb66a424576
|
@ -0,0 +1 @@
|
||||
Subproject commit f44b65f8ef90f1b28ce74224844d668fc346fee9
|