Month: December 2005

Craaaazy Stuff

Craaaazy Stuff

So last night I decided to take windows off of my laptop. This probably should have been easy. However, when is anything ever easy? When I woke up this morning I found out that in the middle of the night, during my net-install, the network cord came unplugged.

Apparently when you unplug the network cable during a Debian Netinstall the installer stops downloading the remaining packages and sets up what you have.

As you can probably guess, this is a little problem. When I tried to start up KDE I got an X11 error. Trying to figure out what the deal was here was a pain, but I was able to fix it by uninstalling X11, KDE, and Gnome ( apt-get remove x11r6-6), kdm, and gdm. My goal here was to start with as fresh of a slate as I could.

After that I needed to get X11 and KDE back installed. To do this I just ran the follwing command (this takes a while, because it’s re-installing a lot of your operating system again.

apt-get install x-server-xfree86 x-window-system x-window-system-core kdm

That should work, but if you have problems leave a comment and I’ll get back to you ASAP.

Later,
Jon Howe

How to Script the Unattended Retrieval of Remote Files using SCP

How to Script the Unattended Retrieval of Remote Files using SCP

In one of my previous posts I told how to create a package that’s contents is dumped from the database, archived, encrypted, and put into a public directory.

I also mentioned that a potential security flaw on this system was that someone with enough time and processing power could decrypt your package and get all of it’s contents.

I thought about this and decided that I wanted a better way. So, I found a way to script an unattended / secure connection between the remote computer and the client computer using SCP and SSH keys.

The first thing that you want to do to set this up is make sure that you have a way to use SCP without it prompting you for a password. You do this by using something called an ‘SSH key’. To generate an SSH key use the following command.

ssh-keygen -t rsa

What this does is:

  1. Creates both a public and private key
  2. Asks you where to put both of the generated keys (use the defaults)
  3. Asks you if you want to use a passphrase (this isn’t neccessary, and I think that it messes up the unattended part of the command, so don’t do it)

After that you have to put the public key, which should be located at ‘~/.ssh/id_rsa.pub’ into the users .ssh directory which is inside their home directory (for example: /home/jhowe/.ssh).

After that you have to make sure that the client and server know that in the future they will be connecting to each other without a password. You do this by creating a file on the server in the server user’s .ssh directory called authorized_keys2 with the information about your private key in it. Fear not, this process is greatly simplified by SCP. Just enter the following command and it will be done for you automatically.

(Put this all on one line)
scp
[Client_Username]/.ssh/id_rsa.pub [Server_Username]@[Server_Address}: /[Server_Username]/.ssh/authorized_keys2

…Then enter the server username’s password, and it will copy to the file on the server for you. If you want to make sure that it’s there, open ‘/[server_username]/.ssh/autohorized_keys2’, and see if it has a bunch of random looking charachters. If so, then it worked.

If all of the steps so far have been completed correctly you should be able to use SCP in a script to get your database archive in a directory that’s not web-readable, therefore eliminating the risk of some ruthless hacker decrypting your database package, and stealing all of your data.

Again, time for the downside. This isn’t a very big downside, but it needs to be mentioned. It’s important to note that the Private key, which was created at the same time as the public key (which was sent to your server) needs to be protected with your life. The reason that I say this is because if it’s stolen anyone that has it will be able to connect to your server if they get it. If there’s a posibility of someone else using the client computer that you enter chmod 400 ~/.ssh/id_rsa to make it that only root can read the file.

As always, if you have any problems or questions feel free to leave a comment and I’m be more than happy to help you in any way that I can.

Later,
Jon Howe

Wow

Wow

So, as most people know, the Xbox360 was recently released. With this came the hope to upgrade from the Xbox to the newer version.

I’m not much of a gamer anymore, but I did always want an Xbox, (mainly for the opportunity to mod it). So, I went onto Ebay and found an Xbox in perfect working condition for under 100 dollars and purchased it.

We’ll see what happens with the modding part, because the Mod chip that I want to get runs around 75 bucks for a solder-less connection. I’m pretty sure that I could solder one on myself, but I don’t want to take the chance of messing up the first console that I’ve ever owned.

I’m a big fan of Netflix, and I was wondering if there was something similar for the gaming industry. Luckily there is one called Gamefly. I’m still looking into it, but it definitely looks good so far.

Later,
Jon Howe

Chkconfig like program in Debian

Chkconfig like program in Debian

I started out in Linux using Fedora, which is Redhat based. One of the indespensible tools that I used was called chkconfig. Basically what chkconfig does in Redhat based systems is allow the user to control what daemons start at boot time. This is useful for starting that annoying daemon that you always need or stopping the pesky one that always bothers you.

I used this a ton, and then I switched to Debian, and my whole world turned upside down. (some exaggeration intended)

Until recently I had no idea how to do this, until I found out about a little gem called ‘rcconf’.

Rcconf even has a little optional graphical display that you can use to manually select things to autostart or stop, which is helpful if you don’t know what it is you’re looking for.

If you’re on a pretty new installation of Debian you probably don’t have this yet, but you can get it by entering apt-get install rcconf into the console as root.

More Later,
Jon Howe

How to Back up a MYSql Database for Simple Offsite Storage

How to Back up a MYSql Database for Simple Offsite Storage

For those of you who have been reading this blog for a while you that in the past I’ve had some problems keeping this server up and running for any amount of time.

This got old because every time that my server died, I’d loose all of my blog posts, which stinks because there’s usually a ton of them.

To combat this ever threatning possibility, I decided to write a bash script for linus that does a few things:

  1. Backs up the entire database
  2. Archives them
  3. Encrypts them using CCRypt, although you can substitute that for whatever you want without bash knowledge
  4. Places the encrypted archive in a directory. (I just stuck the archive in a public web directory.

I should clarity a little bit… Putting even a highly encrypted archive in a public directory is not 100% secure. It’s especially not recommended if you are storing sensitive data, and especially if you’re storing passwords in plaintext in your database. (Please don’t do that…). Consider yourself warned.

Unfortunately, there’s another security flaw here, although like the last one, it’s not a show-stopper (for me at least). The only way that I could do the entire process automatically is by storing the password in a plaintext file somewhere either in the script itself or some external file (which is how it’s being distributed now). I think that it’s possible to create a wrapper that contains the password in a compiled (much less human readable), and have that access ccrypt, but I don’t have the time or need for that right now, although it is a good idea :).

I should probably mention that this script is meant to be run by a cron script.

So, without further ado, here it is:


#!/bin/sh

# backs up all databases
# archives them
# encrypts them
# places them in a directory that you choose


user=[database usename]
pass=[database password]
finaldir=[directory to store final encrypted archive]
passpath=[path to a text file containing plaintext password]
#=======================================================
#You shouldn' have to edit anything below here
#=======================================================


workingdir=/root/dbback
dumpname=db.sql
pathtosql=/usr/bin/mysqldump
arch=$dumpname.tar.gz
crypto=$arch.cpt


# Test to see if $workingdir exists
[ -d $workingdir ] || mkdir $workingdir


# Backs up all databases temporarily to $homedir/$dumpname
$pathtosql -u $user --password=$pass -A > $workingdir/$dumpname


# archives the database
tar -czf $workingdir/$arch $workingdir/$dumpname


# encrypts DB package
ccrypt -e -fbrk $passpath $workingdir/$arch


# copies the encrypted archive to $finaldir
cp -Rf $workingdir/$crypto $finaldir/db@$(date +%F).tar.gz.cpt


# make the encrypted database internet readable
chmod 755 $finaldir/*.cpt


# removes the files that were used in the creation of the encrypted archive
rm -f $workingdir/*

If you have any qyestions, or comments feel free to leave a comment and I’ll get back to you ASAP.

Later,
Jon Howe

How to Mount a Samba share to your Computer in Linux

How to Mount a Samba share to your Computer in Linux

This is something that I’ve been wanting to do for some time. It’s just this morning that I actually decided to do it. It’s pretty simple.

This small tutorial is based upon the assumption that you already have a samba share set up. However, if you don’t, then keep posted, because I’ll talk about that in a later tutorial. Also, It’s based upon the assumption that you have the samba client and sambafs installed. In debian all that you have to do to install this is type in the following line:
apt-get install smbfs smbclient

All that you have to do is type in the following command to have a non-permanent solution (on one line):
mount -t smbfs //[server ip or domain name]/[server directory] [place that you want to mount the directory] -o username=[samba username],password=[samba password]

If you go with this solution you’ll have to reenter this command each time that you start up your computer. To make this a permanent change, you need to edit your ‘/etc/fstab’ file by adding the following line at the bottom (on one line)
//[server name or ip]/[shrae name] [directory to mount share into] smbfs username=[samba username],password=[samba password] 0 0

This works for me, but if you have any problems feel free to leave a comment and I’ll help you out ASAP.

Later,
Jon Howe

Two Things

Two Things

First thing:

I just got Google adsense setup here. My contract forbids me from asking you to click on the links, so don’t click on the links if you don’t want to. Just know, I’m a poor college student and clicking a link is easy : ).

Second thing:

You HAVE to check out Pandora. It’s part of the Music Genome project, which was created to analyze music. I know, I know, sounds boring so far doesn’t it.

Fear not, more is on the way.

Pandora was designed as to utilize the research done in the Music Genome Project. This is done by you entering your favorite song or artist into a text box, and Pandora creates a “Station” for you to listen to with music that you most like will like. I was skeptical at first, but I was prooved wrong. Since I started writing this post, I’ve listened to 4 songs and they’ve all been really good songs of which two I have never heard.

Check it out,
Jon Howe

Problems when running apt-get on Debian

Problems when running apt-get on Debian

I’ve been having some problems using apt-get lately which led me to doing an apt-get dist-upgrade.

Smart me found this command on the internet and decided to use it. It worked just fine, except for the fact that when I restarted my computer the graphical display manager that I use didn’t start.

Here’s the steps that I took to diagnose the problem.

  1. I tried to start gdm instead of kdm by editing'/etc/X11/default-display-manager'. This file contains the path to your display manager, for me it was '/usr/bin/kdm'
  2. I tried changing that to '/usr/bin/gdm' and I received an X server error saying that my chosen X server (XFree86) was not found.I thought that this was a little funny because I didn’t think that I used XFree86, but Xorg instead.
  3. So, I looked at the file '/etc/X11/X', which is a symbolic link (which is like a shortcut in windows) and found out that in the upgrade it changed the link to point to a nonexistent file.
  4. After that I changed the link to point to '/usr/bin/X11/Xorg' and voila, kdm started up just fine.More Later,
    Jon Howe
How to Create a PDF Document from PHP

How to Create a PDF Document from PHP

In this project that I’ve been messing with, I’ve come across the need to convert dynamic PHP output to a PDF.

Suprisingly, this is a pretty easy process thanks to DomPDF.

Boy is this ever hard.

Check it out below!
(Reminder – you’re going to need to have Adobe Acrobat Reader for this to work, seeing as how thi s is a PDf generator. You probably already have it, but in case you don’t, here it is.

<br />

Let me know what you think.

Later,
Jon

Copyright VirtJunkie.com ยฉ 2024