zeldor.biz

Linux, programming and more

Star Wars anthem – pc speaker

by 2 Comments


Really imperial march through the motherboard speaker:

1

aptitude update ; aptitude install beep

And now execute this fun:

1

beep -l 350 -f 392 -D 100 --new -l 350 -f 392 -D 100 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 700 -f 392 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 250 -f 622.26 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 350 -f 369.99 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 700 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 392 -D 100 --new -l 25 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 739.98 -D 100 --new -l 25 -f 698.46 -D 100 --new -l 25 -f 659.26 -D 100 --new -l 25 -f 622.26 -D 100 --new -l 50 -f 659.26 -D 400 --new -l 25 -f 415.3 -D 200 --new -l 350 -f 554.36 -D 100 --new -l 250 -f 523.25 -D 100 --new -l 25 -f 493.88 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 25 -f 440 -D 100 --new -l 50 -f 466.16 -D 400 --new -l 25 -f 311.13 -D 200 --new -l 350 -f 369.99 -D 100 --new -l 250 -f 311.13 -D 100 --new -l 25 -f 392 -D 100 --new -l 350 -f 466.16 -D 100 --new -l 250 -f 392 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 700 -f 587.32 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 392 -D 100 --new -l 25 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 739.98 -D 100 --new -l 25 -f 698.46 -D 100 --new -l 25 -f 659.26 -D 100 --new -l 25 -f 622.26 -D 100 --new -l 50 -f 659.26 -D 400 --new -l 25 -f 415.3 -D 200 --new -l 350 -f 554.36 -D 100 --new -l 250 -f 523.25 -D 100 --new -l 25 -f 493.88 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 25 -f 440 -D 100 --new -l 50 -f 466.16 -D 400 --new -l 25 -f 311.13 -D 200 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.13 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 300 -f 392.00 -D 150 --new -l 250 -f 311.13 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 700 -f 392

Exim Courier and SSL

by Leave a Comment

Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.

Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:

1
2
3
4

MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.domain.com.cert
tls_privatekey = /etc/exim4/mx.domain.com.key
tls_on_connect_ports = 465

Don’t forget to change the group of your certificate to: Debian-exim

1

chown root:Debian-exim /etc/exim4/mx.idrobot.net*

Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.

Now we make exim listen on port 465, edit the following config:

1

vim /etc/default/exim4

Replace the standard:

1
2
3

#SMTPLISTENEROPTIONS=''
# to
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)

1

iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT



The next step is secure receive of mails with Courier IMAP-SSL Deamon

Now as second step to complete SSL-configuration open your imapd-ssl config

1

vim /etc/courier/imapd-ssl

and search for TLS_CERTFILE

1

TLS_CERTFILE=/etc/courier/mx.domain.com.pem

This mx.domain.com.pem certificate contains certificate and rsa private key:

1

cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem
1

/etc/init.d/courier-imap-ssl restart



Test your certificate by connecting to SSL-Port:

1

openssl s_client -connect localhost:993 -state -debug

Pure-FTPd

by Leave a Comment

Pure-FTPd is a free (BSD), secure, production-quality and standard-conformant FTP server. It doesn’t provide useless bells and whistles, but focuses on efficiency and ease of use. It provides simple answers to common needs, plus unique useful features for personal users as well as hosting providers.

The following howto is aimed at installing and configuring a FTP-server, based on Pure-FTPd, which supports virtual user.

Install Pure-FTPd:

1
2
3

aptitude update ; aptitude install pure-ftpd
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser

Create user:
Create our first FTP user. In this example our user will be “zeldor”:

1

pure-pw useradd zeldor -u ftpuser -g ftpgroup -d /home/pubftp/zeldor -N 10

In the command above, we gave zeldor a limit of 10 MB disk space with option “-N 10”

By default all users will be saved in “/etc/pure-ftpd/pureftpd.passwd”, but first we have to update the pure-ftpd Database:

1

pure-pw mkdb

This database is only a binary file but it is ordered and has an index for quick access.

Get user information:
Show all available user and their home directories.

1

pure-pw list

Get information for a specific user:

1

pure-pw show zeldor

Reset password for a specific user (don’t forget to update your database):

1
2

pure-pw passwd zeldor
pure-pw mkdb

Configuration:

1
2

vim /etc/default/pure-ftpd-common
STANDALONE_OR_INETD=standalone

Server type should be standalone.

Use user database:

1
2

cd /etc/pure-ftpd/auth
ln -s /etc/pure-ftpd/conf/PureDB 50pure

Restart and enjoy :)

1

/etc/init.d/pure-ftpd restart

ProFTPD howto

by Leave a Comment


Had to setup an FTP server, guides that I found elsewhere didn’t do exactly what I want. So it took some trial and error to achieve the setup that I needed.

My objectives:

✓ Be able to create virtual users without having to create a system account for every user.
✓ Set individually permissions and groups for each virtual user
✓ FTP users should be “chrooted”
✓ Of course R/W access

1

aptitude update ; aptitue install proftpd

Virtual user configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# Virtual user login
DefaultRoot ~
AuthUserFile /etc/proftpd/ftpd.passwd
AuthPAM off
RequireValidShell off
 
# DNS resolv
UseReverseDNS off
IdentLookups off
 
# Hide proftpd version
ServerIdent off
 
# Other
ShowSymlinks    on
 
# Faking
<directory var="" www="" vhosts="" example.com="">
   DirFakeUser              on www-data
   DirFakeGroup             on www-data
</directory>
 
<directory var="" www="" vhosts="" example.biz="">
   DirFakeUser              on www-data
   DirFakeGroup             on www-data
</directory>

Cerate virtual user:

1
2

cd /etc/proftpd/
ftpasswd --passwd --name ftpuser01 --uid 1001 --gid=1001 --home /var/www/vhosts/example.com/ --shell /bin/false

System user configuration:

1
2
3
4
5

DefaultRoot     ~
RequireValidShell off
ShowSymlinks            off
RootLogin           off
UseFtpUsers off

Add system user:

1

useradd -c "ftpuser01" -u 33 -o -g 33 -d "/var/www/" -s /bin/sh "ftpuser01"

33 is www-data Group

Change Password:

1

ftpasswd --change-password --passwd --name=ftpuser01

Before you restart proftpd, you should make a syntax check:

1

proftpd -td5

Alternative you can use Group File:

1

AuthGroupFile /etc/proftpd/ftpd.group

Create Group and add user to it:

1

ftpasswd --group --name=ftpmember --gid=5000 --member=ftpuser01


Another kind of permissions:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

<directory var="" ftp="" user1="" read="">
     	 	<limit all="">
        DenyAll
    </limit>
     	 	<limit dirs="" read="">
        AllowUser user1
    </limit>
</directory>
<directory var="" ftp="" user1="" write="">
     	 	<limit all="">
        DenyAll
    </limit>
     	 	<limit dirs="" read="" write="">
        AllowUser user1
    </limit>
</directory>

Configure logcheck

by Leave a Comment

Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.

Installation

1

apt-get install logcheck

E-Mail recipients will be configured in “/etc/aliases”.

Logcheck config is in “/etc/logcheck/logcheck.conf”, depending on setting of:

1
2
3
4

INTRO=1
REPORTLEVEL="server"
SENDMAILTO="logcheck"
ADDTAG="yes"

Some different rules from the following directories are used:

1
2
3
4
5
6
7
8
9

/etc/logcheck/*
cracking.d
cracking.ignore.d
ignore.d
ignore.d.paranoid
ignore.d.server
ignore.d.workstation
violations.d
violations.ignore.d

Define your ignore rules
When you are using server reporting level, put your local-rules file in “/etc/logcheck/ignore.d.server/local-rules”

Sample content of “/etc/logcheck/ignore.d.server/local-rules”:

1
2
3
4
5
6

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync status change
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: connection refused resolving
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd: DISCONNECTED
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd: TIMEOUT
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd: LOGOUT

For testing of your rules you can use:

1

egrep -f /etc/logcheck/ignore.d.server/local-rules /var/log/syslog

That will show only messages that will be suppressed and will NOT be mailed to you.

By the way a manual logcheck-run can be started too, and you must not wait until the next cron:

1

su -s /bin/bash -c "/usr/sbin/logcheck" logcheck