Archive for 2004

Preventing Debian Package Upgrades

The simple mechanism Debian has for performing package upgrades, apt-get, is often touted as a good thing and indeed it is. But sometimes you will have a package installed that you absolutely do not want to be upgraded.

Customizing your xterm

xterm is the default terminal emulator, or shell program, that people use when running the X11 Window System. Despite its apparent simplicity it's very customizable, allowing you to change fonts, sizes, and colours with only a little effort.

Intrustion detection and prevention for Apache with mod-security

mod-security is a simple intrusion detector and preventor for Apache, allowing you to wrap an additional layer of protection around your webserver.

Simple MySQL cookbook

In the course of running this site, and working with MySQL generally I've had to lookup miscellaneous documentation. Hopefully these tips will prove useful to others too.

Setting up mail forwarding

Many systems aren't supposed to run as real mail servers, instead they should merely forward mail to a real server. In a home setting this might mean forwarding mail to your ISP. In a work setting you might have a single mailserver which is allowed by your firewall to make outgoing SMTP connections, whilst all other machines are denied this, so you want to have all your linux/unix servers relay mail via your main server. Here we'll look at how different mail servers can be setup to forward mail for you.

Working with images from the command line

There are a lot of times when it's convenient to work with images without having to wait for big graphics editors to startup. Simple operations which are common for image galleries such as rotating, resizing and adding comments to images can all be performed from the command line.

Woody: Fully Loaded

If you're new to Debian, wish to use stable/Woody for your server, want the server to run as many services as possible - it may seem like an impossible task for you. I was in the same position, and it took me quite a while to accomplish it. Update

The Debian Administration website has undergone a facelift since yesterday, changing to a more maintainable CSS based layout and adding additional new features.

Detecting weak passwords with john the ripper

Many times system compromises occur because a password has been guessed, or brute-forced, because it is too simple. Even if you have a well-defined password policy for your users you typically have no idea what kind of passwords they are choosing.

Netcat: The TCP/IP Swiss army knife

Of all the networking tools I'm familiar with I use four more than any other; ping, traceroute, nmap, and netcat. The first two utilities are standard on many operating systems. nmap is a port scanner which makes it simple to identify the services running on a machine. Netcat? That's a general purpose tool described by its author as a TCP/IP swiss army knife.

Making /tmp non-executable

Many simple exploits that are used against machines, (via vulnerable PHP applications or local users, etc), rely upon being able to execute commands in /tmp. If this is a seperate partition or file system you can gain some protection by marking it non-executable. The common problem with this is that apt-get fails to work with such a setup.

Command scheduling with cron

Many pieces of system administration can be automated via perl scripts, or shell scripts which run at regular intervals. For example you might have a script to check that your disk isn't full which runs once an hour - informing you if there are problems. The most common mechanism for scheduling commands on Unix systems is via the cron package. This allows users to schedule arbitary commands to run at arbitary times with regular frequency.

Question: Making efficient backups on Debian?

I was wondering what needs to be backed-up on a Debian system, without backing up too much, considering packages can be re-downloaded.

Detecting changes to your network services

When you have a large number of machines to look after it can be hard to keep track of changes in the network services you are running upon them. This brief article introduces a few tools and scripts which might make tracking changes easier.

How Debian packages are arranged on CD-ROM

When Debian stable releases are made there are many more packages than will fit upon a single CD-ROM. This means there has to be a bit of juggling arranging packages upon multiple disks. Apart from the base and required packages which always have to go on the first disk the distribution of the other packages are arranged by package popularity. If you'd like your system to be used in the voting read on.

Using special keys on multimedia keyboards

If you are using a recent keyboard under X you likely have a bunch of strange multimedia keys which are going to waste.

Question: IP Addresses

I have been running my own website for about 4 months. When I set the server up (apache, dhcp, firehol, etc), registered a domain name, and found a free dns server, I realized that I didn't know as much about IP addresses as I thought I did. So here are a few questions I have.

Running applications automatically when X starts

The majority of people who use Debian upon the desktop launch straight into the X11 Window system, usually via one of the choosers xdm, gdm, or kdm. Once you've entered your username and password you get your Window Manager running and are ready to start work. But what if you want a program or two to start as soon as you login?

Monitoring your filesystem for unauthorised change

If you're running a stable server and are worried about an intruder modifying your system binaries to install new corrupted versions you should be using a filesystem integrity checker.

Running Linux on Linux - Virtual Servers

Thanks to the existance of the user-mode-linux project it is possible to run a complete copy of the GNU/Linux operating system on top of your existing system. These virtual servers are ideal for testing software installations, or setting up mass hosting for customers.

Limiting your users use of disk space with quotas

When you run a multi-user system it's possible for a single user to unduly hog the system, by filling their home directory with a lot of files, and filling a disk so that other users have no space of their own. Quotas are a system of preventing this. It's possible to setup limits on the amount of space a single user, or a single group, can use.

Connecting to Sun machines over a serial cable

If you want to install Debian upon a Sun machine, such as a Netra, you'll need to get familiar with accessing a system over a serial console. It's also something you'll need to do if you wish to interface with a Cisco router, or other piece of hardware that doesn't have networking enabled properly yet.

Retracted: Install KNOPPIX® LiveCD on Hard Drive

This article has been removed from the site.

Upgrading unstable machines safely

When running Debian's Unstable distribution most users tend to upgrade daily, or weekly. Sometimes things break and can take a day or two to be fixed, if this happens at an inconvient time you're in trouble. Here we describe two tools to help prevent this.

Keeping unstable machines up to date easily.

If you're running the Debian Unstable distribution you will probably want to keep it fairly current, so that you have the latest and greatest packages available to use. Running automated upgrades could be dangerous, but there is a simple way to keep your machine ready for updating at all times.

Setting up your own cross platform chat server

Jabber is an XML based cross platform chat and messenging server which is freely available. It runs on Linux, Solaris, and many other Unix variants. For a small office or a collection of offices it's a great way to allow people to chat without resorting to outside services such as MSN.

Is your mail server an open relay?

Open relays allow people to use your mail server to deliver spam and mail to people whilst using your resources.

Running Microsoft Windows inside Debian: qemu

There are many legitimate reasons for a Debian GNU/Linux user to wish to run Microsoft Windows applications. One approach involves using the wine program to run a single Windows executable in a fake Windows environment. An alternative is to run an entire Windows operating system within a Debian host. Qemu is a procesor emulator and virtualization program which allows you to do just that.

Adding new users to MySQL Databases

Despite lacking a lot of features MySQL is one of the most popular database servers available for GNU/Linux platforms. Part of the attraction is that it's much simpler to setup for a shared hosting system. This small HOWTO shows how to add new users to a MySQL system and keep their databases seperate from each other.

Tunneling connections securely with SSH

There are many situations where you might want to send traffic over a secure link, and this is exactly what SSH allows you to do. Any form of TCP/IP connection can be sent across a tunnel providing you have access to a remote SSH server at the 'far side'.

Debian IPsec Micro-Howto

So in a moment of weakness I promised I'd write a simple how-to for setting up IPsec in Debian. That ought to be easy; I've set up two separate computer systems (that's systems, with many computers in each system) each using IPsec extensively, I've used both FreeS/WAN and IPsec-tools, by themselves and interoperating, and I've used both PSKs (Pre-Shared Keys) and X.509 certificates. Well, we'll see.

Sharing logins on multiple machines using NIS

NIS is a system which is designed to allow people to use the same username and password on a group of machines. (In NIS terms this group of machines is called a domain). This small introduction will guide you through setting up a central NIS server to centralise your logins, and a client to use it.

Joining Networks with OpenVPN

Small companies and homes are setup to use a dedicated Linux machine to act as a gateway, their bridge to the internet outside. Having a computer do the routing allows a lot more flexability than using a dedicated hardware router - for example the ability to join the network to another companies, or allow remote workers via a VPN solution.

Using GNU Screen

GNU Screen is an often overlooked application which allows you to run programs in a console section, detach from them and then later resume them. They even keep running when you logout.

Giving ordinary users root privileges, selectively

Many times on a multi-user system it would be nice to allow particular users to do things that require root privileges without having to give them the root password. There are several tools which will solve this problem, the most well known tool for this purpose is called sudo.

Site update - email working

As a new feature, designed to make it easier to keep track of activity, replies to articles will be mailed to their authors.

Setting up a secure server with Apache and mod-ssl

When it comes to setting up a secure webserver you have two choices apache-ssl, or mod-ssl. This simple introduction walks you through setting up and using the latter.

Mounting remote filesystems using SSH

OpenSSH can be used for many things, from connecting to remote hosts to transferring files securely. Thanks to a new kernel module shfs it is possible use it to mount remote filesystems securely.

Handling mail for multiple domains with exim3

There are several mail servers available for use with Debian stable; sendmail, postfix and exim to name just three. The default mail server installed is exim3 which is a flexible mail server which will support accepting and sending mail for multiple domains. The setup must be done by hand as the Debian configuration script doesn't handle setting this up. This piece explains how we do just that.

Making scripts run at boot time with Debian

Debian uses a Sys-V like init system for executing commands when the system runlevel changes - for example at bootup and shutdown time.

Transferring files with OpenSSH

OpenSSH is a well known program which allows you to login to a host remotely, and run commands etc. It also comes with a simple file transfer system which can be used to transfer files securely.

Finding packages.

A few writeups here have covered using specific Debian packages for accomplishing tasks, but they haven't explained how you discover the name of a package to solve a particular problem. This piece redresses the balance.

Keeping your clock current, automatically.

If you have a system which is doing something important such as handling mail, or running as firewall, it's essential that you keep the correct date and time. This allows your logs to have the correct timestamps upon them.

Sending system messages to a central location.

Most administrators will be familiar with syslog. It is a standard Unix program which is in charge of handling different log or notice messages and sending them to a file where they may be examined.

Setting up a simple Debian gateway

Many people want to use a dedicated Debian machine as a gateway for a LAN, this has many benefits compared to using a dedicated hardware firewall. For a start it's a lot more flexible, but in addition to this it allows you to offer a lot of extra services to your machines.

Question:Keyboard Woes

I have a problem with my keyboard set up and wondered how to fix it.

Setting mouse speed under X.

For some reason on some of the machines I look after there are wildly different mouse setups. On some machines moving the mouse will result in a painfully small, slow, movement of the pointer. On others there will be a blur of activity as the mouse streaks across the screen!

Rebuilding Debian packages

Most people are happy with the binary packages which Debian provides, as they tend to be setup to cover the common uses. But what happens if you are looking to rebuild an existing package with different options? Well you can rebuild a package from source very easily.

An introduction to Debian packages.

Debian software is typically installed from binary packages, (which means that you dont need to use a compiler to build them yourself), which are downloaded from the Debian package archives.

Hosting multiple sites with Apache

Apache is probably the most popular webserver for the Linux platform, and despite being very powerful and extensible it is very well documented. In spite of this documentation many people seem to struggle with hosting multiple sites with Apache.

Testing HTML filtering - Site Live Now

This article is a test of the HTML filtering system which has just been put in place. Now that it is confirmed as working the site is due to go live.

Scanning incoming mail for viruses

Viruses are a fact of life nowadays, be they real viruses or worms which require manual intervention on the half of a user to propogate. Unix systems tend to be immune from the viruses themselves, but they still have mail queues full of viral messages. Read on to learn how to remove them safely.

This is a demo site, feel free to play!

This is a demo site, it's not final or live yet. If you wish to create a new story then feel free.

Password Generation and management

Generating good passwords is hard, but a necessary evil. It's a good practise to use different passwords for different machines, websites, and accounts.

Simple review of GNOME

I've never used the GNOME desktop environment before, although I've certainly heard a lot about it over the past couple of years (along with it's competitor KDE).

Don't take these pieces too seriously!

Please don't worry if you think that the articles here aren't very long, or very interesting. They have been inserted mostly to see how well the system is working.

How do I setup Nvidia Drivers under Debian?

How do I setup drivers for my new NVidia FX 5200 under Debian?

Why use Debian?

Once upon a time Debian was unique for many reasons, but now there are a growing number of popular Linux distributions, so why choose Debian?

Keep track of how long your machines have been up.

All serious users know that it's a good thing to have your Linux machines turned on for long periods of time, none of that daily rebooting for us!

Debian vs Windows

Debian Wins!

Debian vs. Redhat

Debian wins!

Other Debian sites of interest

Here's a small list of Debian help related sites:

Keeping an eye upon logfiles

When you look after a group of machines it becomes increasingly difficult to watch the logfiles to see if anything suspicious is happening.

Connecting to other hosts

Traditionally telnet was used to connect to different hosts, for performing remote administration and other tasks.

Adding new users

Adding new users is something that you will need to do if you want to allow other users to use your machine.

Backing up files

When you're working against a deadline chances are this is the time diasaster will strike.

Past Years