Main Page
From Ubuntu.rohraff.org
Welcome to the ubuntu.rohraff.org
Ubuntu, according to the meaning of this word, is a great way of living. It is also a great Linux distribution and we are proud to have been working on almost all Ubuntu versions (except Warty Warthog 4.10).
Every 6 months new Ubuntu version is released. Since we are not big fans of system upgrading we prepared some "shotcuts", which help us to make easier and speed up the installation process. We also believe that information (undestood as knowledge) should be free for everyone without any restrictions. We hope that you find some usefull informations on ubuntu.rohraff.org.
We try to keep the website up to date with the newest version of Ubuntu (section "basic install"), but section "how to" should also work on previous versions of Ubuntu too.
Basic Installation
Ubuntu repo (Gutsy Gibbon 7.10)
Standard Repositories (Gutsy Gibbon 7.10)
deb http://archive.ubuntu.com/ubuntu/ gutsy main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ gutsy-updates main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu gutsy-security main restricted universe multiverse deb http://archive.canonical.com/ubuntu/ gutsy-commercial main deb http://archive.ubuntu.com/ubuntu gutsy-proposed main restricted universe multiverse
Medibuntu (Gutsy Gibbon 7.10)
deb http://packages.medibuntu.org/ gutsy free non-free
echo "deb http://packages.medibuntu.org/ gutsy free non-free" | sudo tee -a /etc/apt/sources.list wget -q http://packages.medibuntu.org/medibuntu-key.gpg -O- | sudo apt-key add - && sudo apt-get update
Ubuntu Studio Repo (Gutsy Gibbon 7.10)
deb http://archive.ubuntustudio.org/ubuntustudio gutsy main
sudo su -c 'echo deb http://archive.ubuntustudio.org/ubuntustudio gutsy main >> /etc/apt/sources.list' wget -q http://archive.ubuntustudio.org/ubuntustudio.gpg -O- | sudo apt-key add - && sudo apt-get update
Additional Repositories (Gutsy Gibbon 7.10)
JabRef
deb http://www.toastfreeware.priv.at/debian/ unstable/
sudo su -c 'echo deb http://www.toastfreeware.priv.at/debian/ unstable/ >> /etc/apt/sources.list' wget http://info.comodo.priv.at/0x00F3CFE4.asc | sudo apt-key add 0x00F3CFE4.asc
Opera
deb http://deb.opera.com/opera/ stable non-free
Skype
deb http://download.skype.com/linux/repos/debian/ stable non-free
Debuntu
# Debuntu repository deb http://repository.debuntu.org/ gutsy multiverse
Freespire
Check the newest repositories here.
Last.fm
PGP key
wget -O- http://apt.last.fm/last.fm.repo.gpg | sudo apt-key add -
stable
deb http://apt.last.fm/ debian stable
testing
deb http://apt.last.fm/ debian testing
MIRO
deb http://ftp.osuosl.org/pub/pculture.org/miro/linux/repositories/ubuntu gutsy/
Webmin
deb http://download.webmin.com/download/repository sarge contrib
sudo aptitude update && sudo aptitude upgrade && sudo aptitude install usermin && sudo aptitude install webmin
rule for IPTABLES (to open port 10000):
iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
to set up root password:
sudo /usr/share/webmin/changepass.pl /etc/webmin root <your passwordhere>
Add repositories automatically
wget -c -O /tmp/sources.list http://www.ubuntu.rohraff.org/download/sources.list sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup sudo cp /tmp/sources.list /etc/apt/sources.list sudo aptitude update && sudo aptitude upgrade && sudo aptitude clean
PGP keys that were used for signing the packages
Kubuntu.org
wget http://www.kubuntu.org/announcements/kubuntu-packages-jriddell-key.gpg sudo apt-key add kubuntu-packages-jriddell-key.gpg
Treviño's Ubuntu Repository
wget http://3v1n0.tuxfamily.org/81836EBF.gpg -O- | sudo apt-key add -
Medibuntu
wget -q http://medibuntu.sos-sts.com/repo/medibuntu-key.gpg -O- | sudo apt-key add -
Jabref
Kadu
wget http://poczta.prezu.one.pl/miastoplusa_sms/gpg.txt sudo apt-key add gpg.txt rm gpg.txt
Basic installation
Some basic programms: Midnight Commander, KpgpSynaptic, KDiskFree, Kftpgrabber, Kasablanca (ftp), Boinc, Gwhere, Conky, Bluefish, Gramps
sudo aptitude install mc kgpg synaptic kdf kftpgrabber boinc-client boinc-manager gwhere conky \ bluefish gramps krusader kdiff3 krename rpm kget putty kview kasablanca kweather && sudo aptitude clean
www + email + skype: Firefox + plugins, Thunderbird + enigmail + plugins, Opera, Mail notification
sudo aptitude install firefox j2re1.4 j2re1.4-mozilla-plugin mozilla-acroread \ mozilla-thunderbird mozilla-thunderbird-enigmail mail-notification acroread-plugins opera \ flashplugin-nonfree skype && sudo aptitude clean
Multimedia: Codecs, Gimp, Kolourpaint, Microsoft Core Fonts
sudo aptitude install vlc vlc-nox mozilla-plugin-vlc mplayer mplayer-fonts mplayer-skins w32codecs \ libxine-extracodecs kstreamripper streamripper rplay-client gimp gimp-data gimp-data-extras gimp-gap \ gimp-print gimp-resynthesizer gimp-svg kolourpaint msttcorefonts libk3b2-extracodecs flac kaudiocreator && sudo aptitude clean
LaTeX
sudo aptitude install kile texlive texlive-bibtex-extra texlive-fonts-extra texlive-extra-utils \ texlive-font-utils texlive-formats-extra texlive-generic-recommended texlive-generic-extra \ texlive-lang-cyrillic texlive-lang-polish texlive-latex-extra texlive-math-extra texlive-plain-extra texlive-pstricks \ texlive-publishers texlive-science texlive-xetex texlive-humanities acroread acroread-escript acroread-plugins \ mozilla-acroread evince djview djvulibre-plugin jabref glosstex latex-beamer && sudo aptitude clean
Scientific programs: Octave 2.1, C, Fortran, GnuPlot
sudo aptitude install octave2.1 octave2.1-headers octave2.1-info octave-epstk octave-forge octave-gpc \ octave-plplot octave-statdataml gnuplot gnuplot-doc cpp-3.4 g++ g++-4.1 g77 g77-3.4 gcc-3.4 gcc-3.4-base \ gfortran gfortran-4.1 gnuplot-nox gnuplot-x11 plplot9-driver-gd plplot-tcl fftw3 && sudo aptitude clean
Firefox 2 addons
[Adblock Plus] [Bookmark Duplicate Detector] [Bookmark Sync and Sort] [CustomizeGoogle] [DownloadHelper] [Download Statusbar] [Fasterfox] [Flashblock] [Flashgot] [FoxFilter] [FoxLingo] [FoxTor ] [Header Spy + LiveHTTPHeaders] [PajacykXPl] [PDF Download] [SafeCache] [ShowIP] [Smart Bookmarks Bar] [TrackMeNot]
Firefox 3 addons
[Adblock Plus] [Customize Google] [Download Statusbar] [DownloadHelper] [DownThemAll] [Fission] [Flagfox] [Flashblock] [FlashGot] [Foxymeter] [PDF Download] [Secure Login] [Speed Dial] [Stylish] [Usage Counter]
Thunderbird addons
Basic commands
Add cdrom to your repositories
sudo apt-cdrom add
Enable root account
sudo passwd root
Display all processes in console
top
Ubuntu customization
Set up OpenDNS
Install
sudo aptitude install resolvconf
and add these lines to file /etc/resolvconf/resolv.conf.d/base
nameserver 208.67.222.222 nameserver 208.67.220.220
To check if you set OpenDNS up succesfully, visit http://welcome.opendns.com and http://www.internetbadguys.com/.
Webilder
Webilder change the wallpapers downloaded directly from Flickr and Webshots every few minutes.
Add some fonts to Ubuntu
sudo aptitude install msttcorefonts ttf-gentium ttf-dustin ttf-georgewilliams \ ttf-fifthhorseman-dkg-handwriting ttf-sjfonts sun-java6-fonts ttf-isabella ttf-larabie-deco ttf-junicode \ ttf-larabie-straight ttf-larabie-uncommon ttf-summersby
Nmap - a utility for network exploration or security auditing.
sudo apt-get install nmap
To scan the ports, type:
nmap 127.0.0.1
Kdocker
Sunbird
Mozilla Sunbird is a cross-platform calendar application.
WiFi: automatic login to a network
Install VirtualBox
Install following packages
sudo aptitude install libxalan110 libxerces27
From the VirtualBox website download right deb package and install it
sudo dpkg -i virtualbox_1.5.2-25433_Ubuntu_gutsy_i386.deb
Type in a konsole
VirtualBox
and follow the instructions. After complete installation, create the group vboxusers
sudo groupadd vboxusers
and add user (e.g. john) to it:
sudo usermod -G vboxusers -a john
Change the permissions of /dev/vboxdrv
sudo chmod 660 /dev/vboxdrv
sudo chgrp vboxusers /dev/vboxdrv
and finally to the end of the file
sudo nano /etc/udev/rules.d/40-permissions.rules
add line
KERNEL=="vboxdrv", GROUP="vboxusers", MODE="0660"
Install VMware
- This howto is based on this thread here.
Synchronise your computer clock to network
sudo apt-get install ntpdate
add to your IP tables
iptables -A OUTPUT -p udp -i eth0 --dport 123 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 123 -j ACCEPT
Encrypt external hard drive
First perform a bad blocks scan to make sure the hard drive is not going to die too soon (can take up to couple days)
badblocks -c 10240 -s -w -t random -v /dev/sdb
output:
Checking for bad blocks in read-write mode From block 0 to 976762584 Testing with random pattern: done Reading and comparing: done Pass completed, 0 bad blocks found.
Prepare your harddisk - add random data to your harddisk, so it will be harder to guess how much hidden data is actually on it ( hours).
sudo dd if=/dev/urandom of=/dev/sdb
Faster alternatives are:
shred -n 1 /dev/sdb
or
wipe /dev/sdb
Install required software
sudo aptitude install cryptsetup hashalot
and load some kernel modules
sudo modprobe aes-i586
sudo modprobe dm-crypt
sudo modprobe dm_mod
To load modules at bootup, edit /etc/modules
sudo nano /etc/modules
# /etc/modules: kernel modules to load at boot time. # # This file contains the names of kernel modules that should be loaded # at boot time, one per line. Lines beginning with "#" are ignored. fuse lp sbp2 aes-i586 dm-crypt dm_mod # Generated by sensors-detect on Thu Feb 28 11:10:45 2008 # Chip drivers coretemp
Now is the time to the partion. I used GParted and created one partition on the whole disk (/dev/sdb1). Setup LUKS:
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
Open the encrypted device and assign it to a virtual /dev/mapper/western1TB device: (In our case: western1TB)
sudo cryptsetup luksOpen /dev/sdb1 western1TB
Create a filesystem on the encrypted device:
sudo mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/western1TB
On Hardy Heron (8.04) encryted harddrive will automount.
Ubuntu performance tweaks
How to install prelink (programs load faster)
Install prelink
sudo apt-get install prelink
Edit "/etc/default/prelink"
sudo kate /etc/default/prelink
Change line
PRELINKING=unknown
into
PRELINKING=yes
Save the file and set cron for daily prelink
sudo prelink -avmR sudo /etc/cron.daily/prelink
Speed up DVD
sudo hdparm -d1 /dev/cdrom
sudo cp /etc/hdparm.conf /etc/hdparm.conf_backup
edit file
sudo gedit /etc/hdparm.conf
and write at the end of file
/dev/cdrom {
dma = on
}
and then save the file.
Preload & Readahead
sudo aptitude install preload readahead
CFQ
How to
... install Mathematica
First go to folder containing "MathInstaller"
cd /media/cdrom0/Unix/Installer
then type
sh MathInstaller
and installation will start, but you need to choose version to install
------------------------------- Mathematica 5.2 Installer ------------------------------- Copyright (c) 2005 Wolfram Research, Inc. All rights reserved. WARNING: Mathematica is protected by copyright law and international treaties. Unauthorized reproduction or distribution may result in severe civil and criminal penalties and will be prosecuted to the maximum extent possible under law. For which of the following platforms would you like to install Mathematica? (1) Linux x86 (32 and 64 bit) Type your selection (multiple choices can be separated with spaces), or press ENTER to select (1): >
The following installation methods are available: (1) Full (2) Minimal Type your selection, or press ENTER to select (1): >
Enter the installation directory, or press ENTER to select /usr/local/Wolfram/Mathematica/5.2: >
If we work on Desktop, we can type
/home/damian/Mathematica
Of course if we are asked if we want to create a directory, so we choose "YES".
Type the directory path in which the Mathematica scripts will be created, or press ENTER to select /usr/local/bin:
I usually type:
/home/damian/Mathematica/scripts
It is time to register our Mathematica:
Please choose how you want to configure the password for Mathematica 5.2.
(1) Single machine
Install a password specific to this machine. Mathematica will launch, and you can
enter your password.
(2) Network license
Obtain a license from a MathLM license server on your network each time Mathematica
is launched.
(3) Enter license information later
Input your password and register when you start Mathematica.
Type your selection, or press ENTER to select (1):
After registration, to run mathematica, double click on file "Mathematica" in
/home/damian/Mathematica/Executables/
Some Mathematica templates are here.
... fix when Matlab crashes at start (KDE)
During working on Kubuntu I had problem with Matlab, which used to crash at start. Solution is simple: when you make shortcut to your panel or desktop, mark "Run in terminal window" option. It should fix problem.
How to install and start using Octave
To start working with Octave type in console
$ octave
Other alternative is KOctave, which is in standard repositories, but we prefer console
GNU Octave, version 2.1.73 (i486-pc-linux-gnu). Copyright (C) 2006 John W. Eaton. This is free software; see the source code for copying conditions. There is ABSOLUTELY NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, type `warranty'. Additional information about Octave is available at http://www.octave.org. Please contribute if you find this software useful. For more information, visit http://www.octave.org/help-wanted.html Report bugs to bug AT octave DOT org (but first, please read http://www.octave.org/bugs.html to learn how to write a helpful report). octave:1>
To calculate x=((2+4)*(23-15))/sqrt(2*pi) we can type formula and press enter
octave:1> x=((2+4)*(23-15))/sqrt(2*pi) x = 19.149
or write formula in ".m" file, which is very convenient during more advanced computations. The .m files can be edited in simple text editor (kate, gedit) or under mc (by pressing F4). To run .m file type path of the file
octave:2> cd /.../octave/
and then just type name of it (file.m) and press enter
octave:3> file x = 19.149
If you work with the same file, you just need to type path once on the beginning. To quit working with Octave, type
octave:4> quit
Some Octave/Matlab templates are here.
How to install (and start using) LaTeX
First we need to install LaTeX with an editor (Kile rox!):
To start Kile go to: Menu -> Office -> Kile. That's all, enjoy beautiful fonts and formulas (mathematical, physical, chemical,...)
Some LaTeX templates are here.
How to check for errors in LaTeX files?
aspell check file.tex
How to install conky
Type in console
$ sudo apt-get install conky
then put .conkyrc file in your home directory (ex. /home/username/), press Alt+F2 and type conky. To add conky to autostart, place shortcut in
/home/username/.kde/Autostart/
How to disable NVIDIA logo on startup
At the end of section "Device" in /etc/X11/xorg.conf
...
Section "Device"
Identifier "Generic Video Card"
Driver "nvidia"
VendorName "NVIDIA"
BoardName "NVIDIA
GeForce2 DDR (generic)"
BusID "PCI:1:0:0"
Screen 0
EndSection
...
Add following line
Option "NoLogo"
- This howto is based on this thread here.
How to deal, when we get annoying message: Can't find MIME type application /octet-stream
If you meet such problem (in Kubuntu) go to: Internet -> Konqueror -> Ustawienia -> Skojarzenia plików and add: (Dodaj)octet-stream-->(Opis) MIME application
How to set up a firewall (iptables)
To set firewall (iptables) on your Ubuntu Firestarter or Guarddog is recommended. You can build your own iptables using Arno's script that is in standard repositories (arno-iptables-firewall) (universe) or you can use iptables script written by [ http://night.jogger.pl/ nightwish86] (what we do right now):
touch /etc/init.d/firewall && chmod +x /etc/init.d/firewall && nano -w /etc/init.d/firewall
and insert following lines (copy then Shift+Ins).
#!/bin/sh iptables -F iptables -X iptables -t nat -X iptables -t nat -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A FORWARD -o lo -j ACCEPT iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
After saving, we need to establish autostart of our firewall
update-rc.d firewall defaults 90
and initiate it now
/etc/init.d/firewall
After all, if you have too much spare time :), test your firewall on several sites: hackerwatch.org or auditmypc.com or [http://linuxzoo.net/page/tut_fire.html linuxzoo.net. Have fun! :)
- This howto is based on this thread here.
How to manage different CD images
How to mount/unmount .iso image
First we make direction for mounted images (only if you are going to mount image for the first time.)
sudo mkdir /media/iso
sudo modprobe loop
now we mount image named file.iso
sudo mount /home/user_name/Desktop/file.iso /media/iso/ -t iso9660 -o loop
to unmount image type
sudo umount /media/iso/
How to convert .nrg (Nero) to .iso
Install nrg2iso
sudo apt-get install nrg2iso
and then convert (all images are/will be in /home/user directory)
nrg2iso original_image.nrg new_image.iso
How to convert .bin/.cue to .iso
Install bchunk
sudo apt-get install bchunk
and then convert bin/cue images into iso (all images are/will be in /home/user directory)
bchunk original_image.bin original_image.cue new_image.iso
How to add new skins to Audacious
Put Winamp 2.x skins directory
$ home/user_name/.local/share/audacious/Skins/
and restart Audacious.
How to set new tasks on cron
Use that cron recipe from ubuntu guide. It works.
How to merge .pdf files
Install pdftk
sudo apt-get install pdftk
to merge files: file01.pdf and file02.pdf into output_file.pdf
pdftk file01.pdf file02.pdf output output_file.pdf
How to sign pgp key
Example:
wget http://www.kubuntu.org/announcements/kubuntu-packages-jriddell-key.gpg sudo apt-key add kubuntu-packages-jriddell-key.gpg
... convert files from .rpm to .deb
... install Moblock
... install Miro (Democracy player)
http://www.canada.com/globaltv/national/podcastbeta/vodcast.xml
... set up an OpenPGP in Thunderbird
... convert between image formats (and pdf too!)
convert original.jpg newfile.pdf
... check CPU temperature by console
Install LM Sensors
sudo aptitude install lm-sensors
When configuration is done, run the command in console
sensors
... compress/decompress files/folders by console
To compress folder uncompressed_folder
tar czvf compressed_folder.tar.bz2 uncompressed_folder/
To decompress folder compressed_folder.tar.bz2
tar -zxvf compressed_folder.tar.bz2
... set up a software RAID (0, 1, 5)
... do backups using rsync
... download iso images using jigdo
sudo aptitude install jigdo-file
type:
jigdo-lite
Jigsaw Download "lite"
Copyright (C) 2001-2005 | jigdo@
Richard Atterer | atterer.net
Getting mirror information from /etc/apt/sources.list
-----------------------------------------------------------------
To resume a half-finished download, enter name of .jigdo file.
To start a new download, enter URL of .jigdo file.
You can also enter several URLs/filenames, separated with spaces,
or enumerate in {}, e.g. `http://server/cd-{1_NONUS,2,3}.jigdo'
jigdo:
... convert .avi to .swf
ffmpeg -i movie.avi -s 320x240 -ar 44100 -r 30 -b 512k movie.swf
ffmpeg -i movie.mov -s 320x240 -ar 44100 -r 30 -b 800k -deinterlace -vcodec xvid -y movie1.avi
first pass:
ffmpeg -i movie.mov -s 320x240 -ar 44100 -r 30 -b 800k -deinterlace -vcodec xvid -y -pass 1 -passlogfile log_file movie1.avi
second pass:
ffmpeg -i movie.mov -s 320x240 -ar 44100 -r 30 -b 800k -deinterlace -vcodec xvid -y -pass 2 -passlogfile log_file movie1.avi
... convert to open source codec Ogg Theora (.ogg/.ogv)
ffmpeg2theora -v 5 -a 1 -x 320 -y 240 --deinterlace movie.avi
www.gallery.rohraff.org:
ffmpeg2theora -v 4 -a 2 -x 640 -y 480 --deinterlace movie.avi
... change usplash
sudo update-alternatives --config usplash-artwork.so
sudo dpkg-reconfigure usplash
... disable Ctrl-Alt-Del
... record your desktop with Krecordmydesktop
sudo aptitude install krecordmydesktop
... install Compiz
sudo aptitude install compiz compizconfig-settings-manager compiz-kde emerald
<videoflash>Dt8neUN2eAY</videoflash>
... use rar to pack a big file (like .iso) to 50MB files?
File is in /home/user/folder/ directory
rar a -v51200k -m0 -md4096 -rr -t /home/user/folder/file.rar /home/user/folder/file.iso
... find a file
find /home/ -name 'electro*'
... tar files and directories
tar -cvf tarred_directory.tar directory/
... change computer name
sudo kate /etc/hosts /etc/hostname
... limit cpu
sudo aptitude cpulimit
to limit process to 60%
sudo cpulimit -p pid -l 60
... dump audio from .flv files
mplayer -dumpaudio -dumpfile audio.mp3 flash_movie.flv
... edit pdf file (similar to Adobe Acrobat)
sudo aptitude install pdfedit
Fun
What are your most frequently used commands?
history|awk '{a[$2]++ } END{for(i in a){print a[i] " " i}}'|sort -nr|head
- This howto is based on this thread here.
SSH Server
local_user = local user (login)
local_desktop.org = address of the local computer
ssh_user = remote user (login)
ssh_server.org=remote computer (server)
Install ssh server
sudo apt-get install ssh
Basic commands
Copy files from/send files to a server ssh
To copy file/directory to the ssh server
scp -r file.txt ssh_user@ssh_server.org:/home/ssh_user/folder/
To download file/directory from the ssh server
scp -r ssh_user@ssh_server:/home/ssh_user/folder/file.txt /home/local_user/
Scan your computer for open ports
Nmap=Online
Shields Up
Connect via SSH through a router
ssh -l ssh_user ssh_server.org
Monitor SSH Server
cat /var/log/auth.log | grep "Failed"
How to disable anything but named users
Open and edit file sshd_config:
sudo nano /etc/ssh/sshd_config
and type the names of the users permitted to connect via ssh (ex. user1, user2, user3, user4)
#Allowed Users AllowUsers user1 user2 user3 user4
How to disallow root logins
To disable root login edit file /etc/ssh/sshd_config
PermitRootLogin no
Limit the number of SSH daemons
in /etc/ssh/sshd_config
MaxStartups 1
How to modify IP tables so more than 3 new (failed) connections from one address every 10 minuts will be dropped
Add to you iptables following lines
#------------------------# # SSH daemon - tcp Port 22 - drop any more than 3 new connections from one address every 10 mins iptables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m recent --set iptables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 3 -j DROP iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
- This howto is based on this thread here.
How to change default ssh port number
Edit file /etc/ssh/sshd_config
Port 22
into for example
Port 2982
after saving and reloading (remember to change the number of ssh port in iptables), to connect with the ssh server with changed port we type
ssh username@server_ip -p 2982
How to install DenyHosts
sudo apt-get install denyhosts
sudo nano /etc/denyhosts.conf
Set the time, when HOSTS_DENY should be removed. NEVER is by default and we leave like this.
######################################################################## # # PURGE_DENY: removed HOSTS_DENY entries that are older than this time # when DenyHosts is invoked with the --purge flag # # format is: i[dhwmy] # Where 'i' is an integer (eg. 7) # 'm' = minutes # 'h' = hours # 'd' = days # 'w' = weeks # 'y' = years # # never purge: PURGE_DENY = # # purge entries older than 1 week #PURGE_DENY = 1w # # purge entries older than 5 days #PURGE_DENY = 5d #######################################################################
Here we decide if given IP should be blocked in all services or just for SSH (by default SSH only). It is good idea to block all services for the offending host.
####################################################################### # # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY # # man 5 hosts_access for details # # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 # # To block all services for the offending host: BLOCK_SERVICE = ALL # To block only sshd: #BLOCK_SERVICE = sshd # To only record the offending host and nothing else (if using # an auxilary file to list the hosts). Refer to: # http://denyhosts.sourceforge.net/faq.html#aux #BLOCK_SERVICE = # #######################################################################
Here we set after how many failed login attempts IP should be blocked (for nonexisting accounts). It is good idea to lower value to 3.
####################################################################### # # DENY_THRESHOLD_INVALID: block each host after the number of failed login # attempts has exceeded this value. This value applies to invalid # user login attempts (eg. non-existent user accounts) # DENY_THRESHOLD_INVALID = 5 # #######################################################################
the same, but for existing accounts. It is good idea to lower value to 5-7.
####################################################################### # # DENY_THRESHOLD_VALID: block each host after the number of failed # login attempts has exceeded this value. This value applies to valid # user login attempts (eg. user accounts that exist in /etc/passwd) except # for the "root" user # DENY_THRESHOLD_VALID = 10 # #######################################################################
the same what above, but for root account. BLOCK after once failed attempts. It is good idea to turn off root account for ssh.
####################################################################### # # DENY_THRESHOLD_ROOT: block each host after the number of failed # login attempts has exceeded this value. This value applies to # "root" user login attempts only. # DENY_THRESHOLD_ROOT = 1 # #######################################################################
####################################################################### # # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed # login attempts has exceeded this value. This value applies to # usernames that appear in the WORK_DIR/restricted-usernames file only. # DENY_THRESHOLD_RESTRICTED = 1 # #######################################################################
If we set here our email, we receive info about possible attack on our server.
######################################################################
############ THESE SETTINGS ARE OPTIONAL ############
#######################################################################
#
# ADMIN_EMAIL: if you would like to receive emails regarding newly
# restricted hosts and suspicious logins, set this address to
# match your email address. If you do not want to receive these reports
# leave this field blank (or run with the --noemail option)
#
# Multiple email addresses can be delimited by a comma, eg:
# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
#
ADMIN_EMAIL = foo@bar.com
#
#######################################################################
#######################################################################
#
# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
# reports (see ADMIN_EMAIL) then these settings specify the
# email server address (SMTP_HOST) and the server port (SMTP_PORT)
#
#
SMTP_HOST = localhost
SMTP_PORT = 996
#
#######################################################################
#######################################################################
#
# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
# smtp email server requires authentication
#
#SMTP_USERNAME=foo
#SMTP_PASSWORD=bar
#
######################################################################
#######################################################################
#
# SMTP_FROM: you can specify the "From:" address in messages sent
# from DenyHosts when it reports thwarted abuse attempts
#
SMTP_FROM = DenyHosts <nobody@localhost>
#
#######################################################################
#######################################################################
#
# SMTP_SUBJECT: you can specify the "Subject:" of messages sent
# by DenyHosts when it reports thwarted abuse attempts
SMTP_SUBJECT = DenyHosts Report
#
######################################################################
######################################################################
#
# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
# when sending email messages.
#
# for possible values for this parameter refer to: man strftime
#
# the default:
#
#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
#
######################################################################
uncomment SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
####################################################################### # # SYNC_SERVER: The central server that communicates with DenyHost # daemons. Currently, denyhosts.net is the only available server # however, in the future, it may be possible for organizations to # install their own server for internal network synchronization # # To disable synchronization (the default), do nothing. # # To enable synchronization, you must uncomment the following line: SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 # ####################################################################### ####################################################################### # # SYNC_INTERVAL: the interval of time to perform synchronizations if # SYNC_SERVER has been uncommented. The default is 1 hour. # SYNC_INTERVAL = 1h # ####################################################################### ####################################################################### # # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have # been denied? This option only applies if SYNC_SERVER has # been uncommented. # The default is SYNC_UPLOAD = yes # #SYNC_UPLOAD = no SYNC_UPLOAD = yes # ####################################################################### ####################################################################### # # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have # been denied by others? This option only applies if SYNC_SERVER has # been uncommented. # The default is SYNC_DOWNLOAD = yes # #SYNC_DOWNLOAD = no SYNC_DOWNLOAD = yes # # # #######################################################################
and finally restart
sudo /etc/init.d/denyhosts restart
All the blocked IP will be in /etc/hosts.deny and logs are in /var/log/denyhosts.
- This howto is based on this thread here.
How to prevent a fork bomb attack
Add these lines
@users soft nproc 100 @users hard nproc 150
at the end of the /etc/security/limits.conf (to limit the number of processes)
Host key verification failed
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is e8:ab:1d:2a:ea:21:ce:51:24:25:1d:81:f7:14:8d:7c. Please contact your system administrator. Add correct host key in /home/user_name/.ssh/known_hosts to get rid of this message. Offending key in /home/user_name/.ssh/known_hosts:1 RSA host key for ''server_ip'' has changed and you have requested strict checking. Host key verification failed.
user@local_computer:~$ ssh user@ubuntuserver.org The authenticity of host 'ubuntuserver.org (xxx.xxx.xxx.xxx)' can't be established. RSA key fingerprint is f2:ab:1a:2a:c3:31:ff:61:02:36:1a:93:e6:31:4f:8d. Are you sure you want to continue connecting (yes/no)?
type yes
Warning: Permanently added 'ubuntuserver.org,xxx.xxx.xxx.xxx' (RSA) to the list of known hosts. user@ubuntuserver.org's password:
Mount a remote ssh filesystem
Everything you do here, is not on server but on client.
Install
sudo aptitude install sshfs
sudo nano /etc/group
fuse:x:118:localuser
We mount remote catalog ssh_mount
mkdir ~/ssh_mount
sshfs sshuser@ssh_server.org:/home/sshuser ~/ssh_mount
To unmount
fusermount -u ~/ssh_mount
- This howto is based on this thread here.
Automount a remote ssh filesystem
- This howto is based on this thread here.
Keep SSH session alive
Edit file ~/.ssh/config
Host * Protocol 2 TCPKeepAlive yes ServerAliveInterval 60
- This howto is based on this thread here.
Allow only logins with public & private keys
ssh-keygen -t rsa -b 4096
VNC (through ssh)
VNC through SSH
vncviewer +C +zlib 9 -via ssh_user@ssh_server.org localhost:1
LAMP Server
Install Apache
sudo aptitude install apache2
Install PHP5
sudo aptitude install php5 libapache2-mod-php5 php5-xsl php5-gd php-pear
sudo /etc/init.d/apache2 restart
Installing MediaWiki on Ubuntu via GUI and Synaptic
- This howto is based on this thread here.
display system information
install gallery2
install logcheck
install mediawiki
move file 'LocalSettings.php' from '/var/lib/mediawikiX.XX/config/' to '/etc/mediawikiX.XX/' and change it's rights 640
Games
First-person shooters
Alien arena
sudo aptitude install alien-arena
America's Army
Download armyops250linux.run from here and then install
sh armyops250linux.run
Nexuiz
sudo aptitude install nexuiz nexuiz-data nexuiz-music
Open arena
sudo aptitude install openarena
Quake2World
Sauerbraten
sudo aptitude install sauerbraten
Tremulous
sudo aptitude install tremulous
Warsow
sudo aptitude install warsow
Flight simulators
FlightGear
sudo aptitude install flightgear
Tactics & Strategy
Freeciv
sudo aptitude install freeciv-client-gtk
Various
Frozen Bubble
sudo aptitude install frozen-bubble
Ubuntu for scientists
Physics
Electronics (circuit simulators)
Ktechlab
sudo aptitude install ktechlab
Qucs
sudo aptitude install qucs
geda
sudo aptitude install geda
Links
Ubuntu Linux
Ubuntu [en]
Kubuntu [en]
Edubuntu [en]
Xubuntu [en]
Fluxbuntu [en]
Linux Mint [en]
Ubuntu Christian Edition [en]
Ichthux [en]
Ubuntu Server Edition [en]
Ebuntu [en]
Ubuntu help and FAQ
Unofficial Ubuntu Starter Guide [en]
Ubuntu Users Forum [en][pl]
Planet Ubuntu [en][fr][pl]
KUDOS - Unofficial Kubuntu FAQ [en]
Ubuntu Tutorials (Dapper - Edgy - Feisty) [en]
Ubuntu Geek: tips, howtos, tutorials and articles about Ubuntu Linux (Dapper-Edgy-Feisty) [en]
Ubuntu: Chronicles (at pykeylogger.sourceforge.net) [en]
Ubuntu tutorials (at unix-tutorials.com) [en]
Ubuntu Linux Resources [en]
ubuntu-tutorials.blogspot.com [en]
Ubuntu blogs
Software for Linux
Automatix [en]
The table of equivalents / replacements / analogs of Windows software in Linux [en][fr][pl][de][hu][cn]
Linuxsoft.cz [en][pl][cz]
KDE [en][pl]
KDE-Look.org [en]
GNOME [en]
GNOME-Look.org [en]
Autopackage [en]
Ubuntu Click And Run [en]
Linux 4 science
Computations
Octave [en]
Scilab [en]
Plots
GNUplot [en]
LabPlot [en]
logo from kde-look.org
