Archive for 2006

Using mixmaster to send anonymous email

This is a document that explains how to install mixmaster and how to use it to send email, in an anonymous and secure fashion.

Debian-Administration: Our second year

Now that we're at the end of the year it seems like a good time to celebrate our second anniversary! It is a little hard to believe at times, but this site has now been in existance for just over two years. During that time a great number of visitors have commented, contributed articles and polls and made this site what it is today. A big thank you to everybody who has contributed.

Dynamic definition of classes with CFEngine modules

There are times when you'd like to conduct complex conditional actions within a CFEngine setup. Whilst it is possible to use built in classes, or dynamic tests for the existence of files, directories, or other things using an external plugin module gives you a lot of additional flexability.

Editing Debian alternatives graphically with galternatives

Have you ever been tinkering under the hood only to discover later that you blew up one of your defaults? Say your default web-browser, so that when you click a link from email it opens Firefox instead of Konqueror or vice-versa. Well I know I have. Here we'll look at how to fix this, graphically.

Setting up a Tor server

This is a short guide on quickly setting up a Tor server in Debian Sarge. If you're looking for a way to use tor as a client, I suggest you read the article on that subject.

Setting up a server for PXE network booting

If you're looking to perform a lot of system recovery, or system installation, then network booting with PXE is ideal. PXE allows you to boot up a system and have it automatically get an IP address via DHCP and start booting a kernel over the network.

Discovering new Debian packages

For people who like to experiment with their Debian systems, trying out new packages on a regular basis, you might be interested to know that there is a new site aiming to showcase a single package every day.

Rescuing a system with massively broken filesystem permissions

There are times when people make mistakes, and manage to do crazy things to working systems. It wasn't so long ago that a hasty deletion caused me all kinds of problems. Recently I read of an unfortunate sysadmin who managed to recursively change permissions on their root filesystem - and here is my attempted solution.

Truecrypt 4.2a and Kernel 2.6.18 and 2.6.19 support

Debian Etch is now frozen prior to release

In case you missed the annoucement yesterday Debian Etch has now been frozen for release. This means that the distribution won't receive automatic updates over the next few days and weeks. Instead only "targetted" package updates will be made.

Dealing with lossy links?

Sometimes you have to deal with lossy IP connections. Your ISP has packet loss somewhere, or a cable in your network is rotten, or a switch is soaked with traffic.

OpenVPN: Building and Integrating Virtual Private Networks

I was recently offered the opportunity to review a copy of "OpenVPN - Building and integrating Virtual Private Networks" by Markus Feilner. This book covers everything from installing OpenVPN, configuring it, and using it in mixed environments. Read on for a review of this excellent book.

Supplying routing information using DHCP

This article describes how to use DHCP to supply information about static routes to the clients on your network. You may want to do this if you have two or more local networks with routers between them. The DHCP software doesn't support this out-of-the-box, but it can be configured to do so without too much effort.

Using multiple network cards in XEN 3.0

Xen is great. But installing more than one network card became a pain when I tried it the first time. There are some documents describing the principle but I was unable to find a real life example somewhere else. So this is a summary about how it works here now.

How to set up an encrypted filesystem in several easy steps

There's been a lot of talk lately about encrypted partitions, and Debian is proud to offer a feature to easily create them in the etch installer since beta3. But what about existing systems? This guide walks you through setting up an encrypted partition using cryptsetup and LUKS.

Meeting people for keysigning - using Biglumber

You've set up gpg and can now use it for signing and encryption - but how to go about getting your key signed so that you are not only relying on the web of trust?

Encrypted remote backups made easy

This is an easy way to take backups and putting them on a remote site. I invented this script in order to put backups on a reliable remote site where I unfortunatley only have a user account.

Desktop Adapted for Dad (DAD)

Work had some old desktop PCs going spare and I set one up for my father. Mostly because I didn't want to have to remote admin a Windows machine I decided to install Debian on it.

Improving website security

Recently this site was updated to avoid a potential security weakness. This article briefly describes the problem which was fixed, and explains some of the most common online security problems.

Highlighting strings in text output with histring

Recently there was an article on this site discussing adding colour highlighting to grep. Now we're going to look at a general purpose highlighting tool called histring.

Ensuring network interfaces remain named consistently

I was answering a recent weblog post and I figured the reply was sufficiently interesting to be a short and sweet article, plus the feedback from you guys is always great. So, here it is: Making sure that network interface ordering remains constant.

Cleaning up a Debian GNU/Linux system

You arrive at a Debian GNU/Linux server which has some history of neglection. Let's suppose someone else neglected it but if your new-year resolution is to stop neglecting your beloved server, this applies as well.

Problems syncronising files with unison

I want to sync my notebook home directory data to my Debian Sarge server using Unison. Unison is a file-synchronisation tool which allows two replicas of a collection of files and directories to be stored on different hosts (or different disks on the same host), modified separately, and then brought up to date by propagating the changes in each replica to the other.

grep: highlighting matches in color

Many Debian users use grep regularly. But did you know that grep can highlight the text it matches in color?

0x25CC and Diwali

The Wikipedia article on Diwali renders with unicode symbol 0x25CC missing on my unstable desktop in Firefox.

Avoiding greedy webclients with mod_bwshare

If you're running a popular website you'll most likely notice that some clients are less well-behaved than others. Greedy clients can do anything from make numerous requests, to attempting to spider your entire site. One simple way of preventing these clients from slowing down your server is with the mod_bwshare module for Apache2.

The magic sysreq options introduced

This content is taken from the linux kernel source documentation. I'm throwing it out here to make it easier for users to find. The sysreq key is a "magical" key combination to which your Linux kernel will respond, regardless of whatever it is doing.

which-pkg-broke my important application?

Upgraded recently, and an important package broke? Not sure which of the upgrades to roll back to an earlier snapshot? Use which-pkg-broke, from the debian-goodies package.

Secure SSH

SSH is not only the secure replacement for rlogin, rsh and telnet, which has been used in the past to do remote administration work, but there are also neat tricks like port forwarding, vpn tunneling and file transfers that you can do with minimal configuration work, leaving only one port open to the internets.

Read manpages of uninstalled packages with debman

Not sure if a manual page does what you need? Want to read the manual page first, before installing it? Use debman, from the debian-goodies package.

Manual pages: not just for the console anymore

You probably know about man, and how to read manual pages in the console. But did you know that man can display manual pages many other ways, such as in a browser, or in a printer-friendly form?

Using gnupg-agent to securely retain keys

gpg, the GNU Privacy Guard, provides a means for secure encryption and signing of all kinds of data, such as email, software distributions, or Debian packages. gnupg-agent safely stores your passphrase for use by gpg, giving you the convenience of not entering a passphrase frequently without the insecurity of a passphraseless key.

Submitting your GPG key to a keyserver

Generally, when using GPG, you want others to have the ability to verify your signatures or encrypt data to you. In order to do so, they need your public key. To help them obtain it conveniently, you can put it on a public keyserver.

Generating a revocation certificate with gpg

If your GPG private key becomes compromised, you need to revoke it to warn others not to trust future signatures or encrypt data to your public key. However, by the time a key compromise happens, you might not have your GPG key available, such as if it resided on hardware stolen from you, or the attacker removed it after accessing it. This article shows you how to generate and preserve a revocation certificate now, before you actually need it.

SSH dynamic port forwarding with SOCKS

SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.

How do you fight image-spam?

Over the past few months there has been a dramatic rise in a new type of spam mailings, which comprise of semi-random words and a real message embedded inside an image. How do you deal with this?

Automatic/Dynamic configuration of hostnames for rolling out labs

Recently I was given the task of rolling out a number of PCs running Linux for a student lab. The roll out isn't complete yet, but I thought that this trick was so nice for lab based environments that I'd use it to try my hand at a debian-administration article.

Boot Debian from an USB device

Here is a very short (but in my opinion very useful) how-to for creating an USB boot device, which enables you to boot Debian from your memory stick.

Getting IPTables to survive a reboot

Debian does not provide an initscript for iptables by default. This does however not mean that it is impossible to get firewall rules to survive a reboot.

SSL-Explorer Installation on Debian Etch

SSL-Explorer is the world's first open-source, browser-based SSL VPN solution. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.

Question: How to set default homepage for all firefox users?

We are distributing Debian and Mozill Firefox on all the machines in our school, but are having problems setting up the browser homepage automatically.

Resetting a forgotten MySQL root password

Resetting the root password of a MySQL database is trivial if you know the current password if you don't it is a little tricker. Thankfully it isn't too difficult to fix, and here we'll show one possible way of doing so.

Greek Support in the Debian Console

This article is primarily focussed on the Greek users of Debian out there, and I hope there are quite a few of us! I am using Debian as a server myself and it is quite important to be able to at least show the full greek character set in the console, as some of my files may have greek filenames. Typing Greek in the console is of less importance, although this article covers it as well.

Interested in securely sharing a secret?

I needed a method for sharing a secret that required multiple agents to coordinate before the secret could be recovered. This is useful for encrypting keys used in critical backups. I decided to use an implementation of Shamir's Secret Splitting Scheme (The S in RSA).

Avoiding slow package updates with package diffs

If you're using the unstable or testing distribution of Debian GNU/Linux you will almost certainly have noticed that apt-get uses daily-diffs for its package updates. In many common situtations this is more bandwidth efficient, however it isn't always appropriate.

A couple of tricks with the secure shell

One can do a lot more with ssh than use it for remote terminal session. Here we'll show how to copy files using ssh, use ssh as part of a pipe, vnc or samba forwarding via ssh and mounting filesystems using ssh (fuse + sshfs)

New Debian Sarge point-release

The Debian stable release, code-named Sarge, has been upgraded to 3.1r3. This is a minor update mostly consisting of security updates.

Using the Debian bug-tracking system

Debian makes heavy use of it's bug-tracking system, (BTS) to coordinate work, and for developers to know that a problem needs fixing.

Rescuing systems using the Debian snapshot server

One of the unofficial Debian project resources which doesn't get the attention it deserves is the Debian Snapshot site. The site contains a mirror of old Debian packages, which can be very useful for system recovery.

How to install Debian in RS6000?

From the server room, I found an old RS/6000 43P Model 150 installed with AIX 4.3 (i.e. it works.) I decided to give it a try to install a Debian powerpc version on it. But I ran into problems booting it.

Mounting things in multiple locations

mount is a command which most people take for granted, once they've mounted their local filesystems it doesn't get used very often. Recently I've come to appreciate one of the more unusual mount facilities; the ability to mount something in multiple locations.

Debian Etch - A minimal setup with X

As a not completely new Linux user I have been frustrated over and over again at all the extra bloat and apps that I will never use that gets loaded onto my system when I do an install. Debian was the second distro that I tried and have used many others since, but I keep coming back.

Question: Managing Network infrastructrure metadata with Linux?

The one absolute truth every sysadmin confronts is "I need to document my network infrastructure, How do I do it?" I hope, with your help, to get this question solved here, now, today, once and for all.

Oracle XE on Debian

This document describes installing Oracle 10g Express Edition (formerly known as HTML DB) on a Debian based system. My original document can be found here.

Network Administration : Installation of Tacacs+, Rancid, Cvsweb

This article will describe you how to install a complete solution to manage users that have access to your network devices and also how to automatically backup your network devices configurations with a cvs based storage in order to have diffs on it. You'll also be able to script commands you want to run on your routers/switches to have easier administration.

System encryption on Debian Etch

In this article I will describe how to setup a nearly complete encrypted system using Debian Etch and cryptsetup with LUKS. The goal is: encrypt all partitions except /boot. The user should enter a password at boot time or provide a keyfile on an USB device to decrypt the root partition. Keyfiles for additional partitions are located on the root, so the user does not need to enter a password for every partition.

It is mozilla patch-day!

... I have backported security fixes recently announced by mozilla for firefox and thunderbird to the old branch which we have in Debian Sarge (stable). Now these packages need more testing.

Installing new Debian systems with debootstrap

When it comes to installing new installations of Debian GNU/Linux there is one tool which should not be ignored. Whether you're dealing with a real system, or a virtualised one, the debootstrap tool is ideal for quickly installing new Debian environments.

Sharing a printer to Windows XP clients with Samba and Cups

Setting a printer in Debian Sarge from scratch and make it available for Windows XP clients on a LAN can be difficult, but using CUPS and samba it should be fairly straightforward if you have a supported printer. Here we will demonstrate how to do this.

growing ext3 partition on RAID1 without rebooting

Although rather straightforward, I couldn't find an easy step-by-step guide, so here I'll describe how I ended up growing my ext3 partion on a RAID-1 array.

Xen from Backports on Debian Sarge

There is a great howto about installing Xen on Debian Unstable. It is really easy to do and it runs fine. Nevertheless, on production servers, that's not an optimal solution. Debian Unstable has too many updates and things change too often. On production machines, a Xen host system should be stable, secure and should not need much attention. That is where Sarge comes in. If you pull the Xen packages from backports and install them on Debian stable you've got the best of both worlds. Let's do so!

Cross-platform cross-environment RPC server creation

Using XML-RPC it is possible to write software that can be accessed remotely by multiple means, from Ruby and Python to Perl and Ajax. Using a couple of simple libraries it is possible to setup a simple server in only a few minutes, with no need to worry about argument parsing, anything complex.

Question: local repository for production servers?

We have currently 184 production debian servers in various states of out-of-date. We also maintain a local mirror of the i386 distribution. My goal is to develop an easy way to keep these 184 servers up to date.

Recovering from file system corruption using TestDisk

We've all been there. We press the wrong key, we do some silly mistake, and suddenly, one or more of our file systems refuse to work. Whenever this happens, the first thing we hear is "You should have made a backup", the dreaded sentence that we'll never listen to. Let's face it, we're stupid, and we don't backup.

SMS Daemon

So you've got a webserver and you'd like to be able to send/receive SMS? You've seen adverts that read "Send FOO to to get ..." and would like something similar? With the gnokii package and a supported phone you should be able to do all that and more.

Mitigating against recent GNU/Linux kernel bugs

Recently the Debian project was compromised after a user account was escalated to root via a bug in GNU/Linux kernel. This bug doesn't affect the Sarge kernel(s), but it might affect you if you're running a different distribution. Here we'll cover a couple of hot-fixes.

Debian server compromise

Several people have asked for information about the unavailability of one of the Debian projects main servers, gluck. This machine has been taken offline due to being compromised.

A professional mail server with qmail and vpopmail

Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches.

Debconf 2007 venue decided

After two very competant and thorough bids have been submitted and evaluated it was decided yesterday that the venue for the 2007 Debconf will be Edinburgh, Scotland.

Email content filtering is evil

As those who have read my blog, and my article on Postfix spam prevention, I'm not keen on content filtering to detect spam, as it inevitably leads to false positives, and it doesn't require much imagination to work around it if you are a spammer.

website screenshot server on debian stable

Despite being both great and free the online service thumbshots, which is used to create images of what a website looks like, can't be used for professional use. Here we'll demonstrate how to reproduce that service ourselves.

Hosting multiple websites with Apache2

One of the most common Apache2 questions I've seen on Debian mailing lists is from users who wonder how to host multiple websites with a single server. This is very straightforward, especially with the additional tools the Debian package provides.

Debian and Apache2 as an OWA Front-end

My company has only one external IP address and a DNS host name from the same Internet Provider. There are also two Exchange 2000 servers, mxbsas and mxrng. Until now the users could access OWA (Outlook Web Access) from outside the company only via mxbsas, this is because you can't use IIS as a front-end and the Standard version of MSEX2000 does not support this feature.

A simple introduction to working with LVM

The logical volume manager allows you to create and manage the storage of your servers in a very useful manner; adding, removing, and resizing partitions on demand. Getting started with LVM can be a little confusing to newcomer so this guide intends to show the basics in a simple manner.

Disabling IPv6 under a 2.6 kernel

Sometimes you might have a host which you wish to disable IPv6 upon, this can be useful if you're having DNS timeouts when software attempts to resolve hostnames, and for other reasons.

Stack Smashing Protection for Debian

Since we last covered the use of Stack Smashing Protection (SSP) the default compiler for Debian Sid has been upgraded to include it, with no need for custom patching. Read on for a brief demonstration of how it can be used to prevent attacks.

Creating desktop notifications

There are several times when you'll be writing a script, or a program, which needs to communicate with the desktop user and here we'll look at two of the more modern approaches.

Updating multiple machines on low bandwidth

There are situations where it is common to want to update multiple machines running Debian GNU/Linux whilst minimizing the bandwidth used for downloading packages and updates. There are several different solutions for this problem and here we'll look at one of them: apt-proxy.

Mounting a CF card via PCMCIA adapter

This article details the steps taken to transport photos from the compact flash card of my camera onto one of my systems for archival and display.

Security support for Debian GNU/Linux 3.0 (woody) to end soon

This has already been announced upon the Debian website, but it is worth repeating here for people still using Debians old-stable release, codenamed Woody. Security support for Woody is due to cease at the end of June 2006.

Giving users a home directory automatically

If you are using LDAP or NIS to manage users you might discover users having problems because they don't have a home directory on each machine they can connect to. Thankfully there is a simple solution for creating home directories upon demand for users.

HELO restrictions for Exim4

One thing that I've noticed on my mailserver in recent months has been a large number of spam mails which identify themselves as being sent from my own IP address. Since they never are blocking them is a useful thing to do before any more intensive filtering is done.

Wireless networking using the ndiswrapper module

Getting wireless networking working with the ndiswrapper driver is fairly straightfoward if your card has an associated Windows driver. Here we'll look at getting wireless networking working for a Dell Inspiron 1300, you should be able to follow the recipe for most other wireless networking cards which are supported ndiswrapper.

Handling Debian mailing lists easily

If you're a Debian user it is likely that you're subscribed to several of the mailing lists which the project uses for discussion, development coordination, etc. There are a lot of lists available, some quiet, and some very busy. If you're subscribed to several of them you might be looking for a simple way of organizing them, thankfully procmail makes it easy.

Squid site restrictions

In the office I needed a way to block some websites permanently and others outside of break times. After looking at some inline solutions I realised that I could easily do what was needed with squid alone. Here's how

Installing packages across multiple hosts with CFEngine

We've described setting up a small network of hosts managed by CFEngine previously, but once installed what do you do with it? Well one common job for automating is to ensure that you have particular packages installed upon all your clients. With CFEngine this is simple.

Routing mail messages to your mailserver efficiently

If you control satellite systems which need to relay their mail through a centralized host for sending then you have several choices. Perhaps the simplest software to use is the nullmailer program.

Debian Sid gets Xen 3.0

Now that the Xen 3.0 packages have made it to Debians unstable distribution installation has become much more straightforward. Here we'll take a look at installing and getting started with it upon a generic unstable machine.

Samba ADS integration without Kerberos

An article on already covered ADS set up with Kerberos. But I was looking for the most lightweight and nimble ADS integration so I can achieve the less ambitious goal of single username and password.

Automating new Debian installations with preseeding

Anyone doing Debian installations regularly might be interested in the preseed method of the Debian installer. This document describes how to use this technique.

Mondo, RAID, Debian Sarge Workaround

Mondo is a great system duplication/imaging tool. With Mondo you can create a boot disks that will completely restore your system to a previous state. This can be vital in disaster recovery or duplication. I use it for both testing, duplication and disaster recovery in my environment and I would be lost without it.

Jabber Transports (MSN, Yahoo, ICQ etc)

We've previously seen how to install the Jabber cross-platform, and open, chat server. Sadly - some people insist on using the closed source IM clients. What should we do?

Getting PHP running with Apache

The #debian IRC channel on freenode very often sees people who don't know how to get PHP running with Apache. This is nearly always caused by missing packages - particularly the Apache mod_php module.

Speedup DNS requests with a local cache

One common server bottleneck is DNS lookups. Many common server tasks such as from looking up hostnames to write Apache logfiles and processing incoming mail require the use of DNS queries. If you're running a high-traffic system it might be useful to cache previous lookups.

Help: Backporting nscd to sarge or upgrading glibc?

Our current server setup is composed of 25 or so servers running Debian sarge. I use openldap for managing authentication and userinfo. Everything works quite well when the LDAP server is up and running, however whenever it goes down, havoc ensues across all our servers.

Filesystems (ext3, reiser, xfs, jfs) comparison on Debian Etch

There are a lot of Linux filesystems comparisons available but most of them are anecdotal, based on artificial tasks or completed under older kernels. This benchmark essay is based on 11 real-world tasks appropriate for a file server with older generation hardware (Pentium II/III, EIDE hard-drive).

Splitting updatedb into daily and weekly

We all appreciate the locate command when we are such in a hurry we cannot afford a full and in-elegant find. What we like a little less, though, is the updatedb script consuming up all our disk bandwidth at each boot, summoned by anacron.

Running network services as a non-root user.

There are many times when it is convenient to allow non-root users to run services, or daemons, which bind to "privileged ports". There are several approaches to this problem each with its own set of pros and cons. Read on for a brief look at the most common approaches.

Exim4 with multiple aliases for some internal users?

I'm configuring a Debian Sarge/Exim4 host to act as an email gateway between the internet and a private LAN email server. The intent is to forward incoming email messages for some users not only to the internal email host, but also back out to their home email addresses.

Adding a user to lots of systems.

In many small and medium sized companies there are a number of servers which have organically grown, with no directory management. I'm curious to know how people would handle adding users in this scenario.

Howto install pureftpd on a debian machine

The target of this tutorial is to have a successful installation of the ftp-daemon pureftpd working with virtual user accounts. You should already know about installing pureftpd.

E-mail and Cisco PIX firewalls

I'm writing this article in hopes that it helps someone else, later. I just spent two days configuring my new e-mail server. It would have only been an afternoon if I'd know what I'm about to share.

Updating bind serial numbers automatically

If you work with the DNS server bind you'll probably be used to updating the serial number for your zone files manually after making changes. If you're an Emacs user there is a simple automatic way of doing the job.

Monitoring windows systems with munin and snmp

Previously we learned how to use munin to monitor Debian machines. Now - we need to add some Windows boxes to the mix.

Policy routing

Here's a brief tutorial how to connect a single server to 'the Internet' using multiple physical connections and route various services over different interfaces using a mechanism called 'policy routing'.

Gnu Privacy Guard Agent (GPG)

After going through the article on Gnu Privacy Guard (GPG) you've got gpg up and running. But - every time you need to encrypt, decrypt or sign, you need to enter your passphrase.

Routing for multiple uplinks

Debian suits perfectly for use as a gateway for computers on your LAN. However once bandwidth usage grows it could be handy to just add another internet uplink to your gateway. Debian does not cater for this out of the box so this document describes how to setup your debian gateway for multiple uplinks.

Debian and 2.6 kernel: Touchpad sync problem - solution

This began as a presumed problem with Debian, since the issue showed up when I upgraded from kernel 2.4.x to 2.6.x, resulting in total loss of functionality of my externally connected PS2 mouse. The Synaptic Touchpad on my Dell Latitude continued to work, however.

Gnu Privacy Guard (GPG)

GNU Privacy Guard, or GPG, is a free replacement for the famous encryption tool PGP written by Phil Zimmermann. It is a tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. Here we'll provide a quick introduction to generating a key-pair and using it for basic tasks.

Playing with SVN

Today I started to set up a SVN repository for our final year project. I tried to setup a SVN server using Apache2 so that the SVN repository is available to the client through the WebDAV/DeltaV protocol. Read on for a trial-and-error introduction.

Installing the latest PostgreSQL on stable

If you want use PostgreSQL 8.1 on your stable Debian 3.1 it is not a problem. Here is a quick walkthrough of the required steps of rebuilding the Debian package for Sarge.

Running scripts after a reboot for non-root users

In the past we've discussed adding new init scripts to a Debian GNU/Linux system so that programs or daemons can be started when a machine is rebooted. That works very well if you're root, but for non-root users it isn't an option.

A web server in a shell script

Suppose you want to experiment a little with web pages and CGI's, but you don't want the hassle of installing the full Apache package. This quick and dirty shell script could just be what you need.

Wireless networking and WEP configurations

I've been using the tutorials/reviews information from this site to try and set up my laptop to automatically detect the active network (cable at work, wireless at home) and set up the environment as appropriate. This has been slow going, due to a WEP problem I have. This begins with an Archos PMA430 (an audio/video/PIM hand held device) that has built in wireless networking. And it runs a Linux OS, using Qtopia (the most important secondary reason for its purchase).

unstable nfsroot on stable?

These days I have to deploy an environment for a team of developers, some of them prefer stable (Sarge), some can't live without packages from unstable (Sid). I intend to use Sarge (stable) for a server itself, so there's no problem to provide an nfsroot of it. But how is this possible to hit both targets?

Quick Search in firefox

Firefox has a fairly useful bookmarking concept - quick searches. In the default 1.5 package under sid I see examples of this in the bookmarks Quick Searches folder.

Writing to Windows XP, NTFS-FUSE or Captive-FUSE, which is best?

I thought I would run a few tests to check the differences between the two ways of writing to NTFS partitions: Captive-FUSE and NTFS-FUSE.

SNMP and MRTG on Sarge quick start

There appear to be no uncomplicated introductions to the subject of traffic monitoring on the internet anywhere. So here is one. The objective is to get traffic graphs for the primary interface on your server, workstation or firewall quickly and efficiently.

The Better Swag: where is it?

A while ago, the company where I work purchased (in true dot-com style) another small company overnight, and those guys moved in cells to us. Now, they have this huge windows2003 banner with lively colors, as well as serveral other redmond-praising textiles. I'm not the jealous type, but I find myself in need to balance things a little.

SPAM/Virus Filter on Sarge

This documents my adventure of setting up a spam/virus fighting mail server on Sarge. It is not the most fancy way of doing it, but should be suitable for an environment with not too many users, nor a bunch of road warriors. It's also probably a decent starting point for building more advanced configurations. The end product is a server that dicards virus-infected mail, identifies spam, and sorts it into a local user's junk folder. Courier's Maildrop is used instead of procmail, Maildir directories are used instead of mbox, and the SSL enabled version of Courier IMAP is used for mail retrieval by users.

Managing Backports and Package Updates With Sarge

I stick to the mantra that the stable branch is for production servers and unstable/testing is only for people who know how to fix things when they break or can afford to take a box offline. But stable gets old fast. Its security updates are only for issues that effect, well, security and not application stability.

Merging apt repositories

I've just been reading Michael Jang's "Linux Patch Management". The chapter on Debian isn't very detailed, and I was wondering if this is a solved problem under Debian.

Setting up and managing logs?

What good advice do you have for setting up and managing logging on a Debian box? I come from a Red Hat 9.0 environment, where there was a rather convenient integrated GUI that let you browse the various logfiles - very useful to see all the failed logins to your SSH account as people tried to break in, for example.

An introduction to custom Xen networking

I've been running Xen for a few weeks now and until now I've been happy with the default networking setup installed. Only when I decided to install Xen upon the server which is hosting this website did I need to explore the way Xen sets up networking.

VPNC and resolvconf aren't working completely

Alright. I'm fed up. I've tried everything I can find on the net (which is _very_ little I'm sad to say), and now I'm more than willing to admit my ignorance on the whole subject since I can't get this working.

Wildcard hosting with Apache and Bind

If you have control over your DNS you can setup 'wildcard hosting', which means you can have a webserver accept connections for any given subdomain. This can be enormously useful for community websites, or other hosting purposes.

LAMP on Sarge (Apache2, PHP5, MySQL5, phpMyAdmin, Smarty, ADODB)

This documents my adventure setting up a LAMP server on Sarge with Apache2, PHP5, MySQL5, phpMyAdmin, Smarty, and ADODB. It covers installation and just enough sample code to test everything. It turned out to be pretty long. I should point out that I have deviated from the "Debian Way" by downloading phpMyAdmin, Smarty, and ADODB directly from their respective websites and installing them in /usr/local. I could find no backports for these, and kept running into dependecies on PHP4 which I did not want to install.

Installing apps in a 32-bit chroot in AMD64 Debian system

So you switched to the AMD64 architecture, installed the 'pure64'; flavour of Debian on it? Well, get prepared for some problems: no flashplugin for Firefox, no win32 codecs for MPlayer, no OpenOffice.

Two-in-one DNS server with BIND9

This tutorial shows you how to configure BIND9 DNS server to serve an internal network and a external network at the same time with different set of information. To accomplish that goal, a new feature of BIND9 called view is used. As a tutorial it'll walk you through the whole set up, but initial knowledge of BIND and DNS is required, there are plenty of documents that cover that information on the Internet.

Connecting to a Debian Sarge box with Macromedia Contribute

I'm in the process of trying to migrate an existing, and dying, server to a new Debian Sarge box. The existing server is running RedHat 7. I've got the basics working. However, I have to allow users to connect to the server using Macromedia Contribute, until such time that we can build a administration system for the site. I'm trying to get Contribute to use SFTP and connect to OpenSSH (ssh 1:3.8.1p1-8.sarge.4).

Breaking through the ISA Barrier

Microsoft ISA Server is a common proxy server within Windows-based networks. It is not very Linux friendly. NTLM Authorization Proxy Server helps us out with this.

Using strace to debug application errors

Recently I inheritted ownership of an SVN server which was misbehaving. Trying to determine why it wasn't working correctly involved a few hours of testing, careful thought, and caffeine. Eventually I got it working correctly using the often-overlooked tool strace.

Automated distributed backups for laptops

This document will describe the setup I made for automating the backup tasks for all laptops here in the house. My servers use the same backup server and infrastructure, but right now they don't have the checks and scripts because they are online 24/7 and my backup server is triggering the backup process. This is however not true at all for the laptops.

Aggregating network interfaces

Using more than one hard drive to achieve better performance and fault tolerance is very common. Less well known is that it's also possible to aggregate more than one network interface into a single logical interface. In Linux, this is handled by the bonding driver. Benefits of doing this are much the same as the benefits of aggregating discs using RAID: if one device dies, your server carries on working and by using two devices in parallel, performance can be improved.

Setting up an SSL server with Apache2

With the introduction of the Apache2 packages in Debian it is much simpler to create and use a secure SSL protected webserver than in the old days with Apache 1.3, here we'll show how it is done.

Distributed filesystem for Debian clusters?

I'm looking for a way to make a Debian web cluster completely fail-tolerant. There is heartbeat, a MySQL cluster and I have two firewalls in a redundant setup. The only thing missing is a file-system, that is completely distributed (i.e. symmetric).

An Introduction to Video Surveillance with 'Motion'

Videochatting and amateur pornography are all well and good, but have you ever wondered what else you can do with that webcam?
Well, thanks to the efforts of many dedicated open-source coders, any half-decent PC can be turned into a motion-detecting, snapshot-making, video-recording D.I.Y. security solution.

uploading with an ftp macro script

Gather round the hearth, young nerdlings and I will tell you a tale...just let me settle my creaking bones into my rocking chair, let me wipe my rheumy eyes and nose - there, that's better. Now pass me my ear trumpet. Do give me a little prod if I nod off or my voice wavers too much. Are we all settled in now? Yes? Marvellous! Now let me tell you about ftp upload.

Running Debian with no mouse/keyboard/monitor

I have built a firewall using Debian Sarge, Shorewall etc. on a VIA EPIA PD6000. I'm very happy with the performance, but I would like to get rid of the keyboard, mouse and monitor and administer the system remotely using VNC, SSH, etc.

The KDE environment

I'm running a number of Debian Sarge-based systems, with each using the Gnome Display Manager (gdm) to present a login screen after booting. From here the default is to log in to a KDE session.

Configuring Dynamic DNS & DHCP on Debian Stable

For the average home computer user there is no need to install a complex package such as the Internet Software Consortium's BIND DNS or DHCP server, since there are far simpler lower resource tools to use, for example dnsmasq. For those who you wish to learn how to use ISC's BIND and DHCP, for example as a learning exercise, this is how I got it all to work in Debian Sarge, the current stable version of Debian GNU/Linux.

Brute Force Protection with BlockHosts

Brute force attacks are a weekly issue on my Debian box and until now, I've manually managed my hosts.allow and hosts.deny files. The issue isn't so much the actual security threat as brute force attacks are usually unsuccessful, but seeing log files that are just loaded up with thousands of failed login attempts is unnerving at best.

More hardware monitoring: IPMI

Many of the higher end servers have an Intelligent Platform Management Interface, that lets you observe a whole host of hardware parameters. Usually these systems also support plug-in remote management cards (for example DELL RAC cards), that allow remote resets, and other remote diagnostics.

Using Samba on Debian Linux

This article will show you how to install Samba 3.X on Debian Linux 3.1 (Sarge) and make it authenticate against a Windows server running Active Directory. It is not intended on replacing the actual official Samba 3 manual - which is a quite good read anyway.

CD burning with a 2.4 kernel: how to configure Debian properly?

It is fairly clear how to burn CDs with a 2.6 kernel, but I wonder what is the correct way to configuring Debian Sarge to read/write CDs with the default 2.4.27-2 kernel.

Keeping many Debian servers up to date with apt-proxy

Maybe, like me, you've got more than one Debian box on your network - either at home or at work and you want to keep them up to date with apt but are on a slow link or metered bandwidth? If so, apt-proxy could be the answer for you.

Rolling your own Debian packages (part 2)

In the first part of this text, we introduced the principal concepts of Debian package building. We're now ready to build an example package of a simple command line program.

Rolling your own Debian packages (part 1)

This two-part article explains how to make a Debian package of simple piece of software, presumably something you have written yourself. Although building a new package is more complex than rebuilding one or having one generated, the idea is that it is actually surprisingly simple to create basic Debian packages. In fact, if you can make software install into a temporary installation tree, you're already 90% done! This text provides a quick alternative to the more comprehensive Debian New Maintainers' Guide. Only knowledge of Makefiles and the basic Debian package tools is assumed.

Manipulating the windows upon your desktop

If you're like me you'll most likely use a wide variety of desktop applications, and spend a lot of time setting up your desktop first thing in the afternoon when you login. Minimising some applications, setting others up to be visible upon all virtual desktops, etc. Even if you have a basic window manager you can automate this activity using Devil's Pie.

Finding which package contains a file

There are times when you're looking for a particular library, or file, which you know is available to Debian but you cannot find the package which contains it. This is the kind of job that the Debian packages site helped with in the past, but given its current unavailability we'll look at another approach.

CD burning with a 2.6 kernel (IDE)

Under the 2.4 series kernel - to be able to use an IDE CD burner we were forced to use SCSI emulation (via the kernel module ide-scsi). Under the 2.6 series kernel - this is deprecated - we now use ide-cd.

How do I prevent rebuilt packages from being upgraded?

What is the correct right way to rebuild package in Debian whilst preventing those packages from being downgraded, without applying a hold upon them?

Disabling the print-screen key inside X?

The "print screen" key is next to the BS key on my keyboard. Every time when I miss the BS key by hitting the "print screen" key, a screen snapshot is printed from my (InkJet) printer.

Monitoring your bandwidth usage with vnstat

There are many occasions where it is useful to have an idea of your bandwidth usage, perhaps to know when you're going to be charged more by your ISP, or perhaps just as part of general monitoring. The vnstat tool is a simple means of doing just that.

Ruby on Rails on Debian

Most of you have probably heard of Ruby on Rails and may be wondering what exactly it does and how you can try it for yourself. Put simply, Rails is a web application framework that uses the model-view-controller software design pattern to allow for rapid development of web applications. This article will cover how to install Rails on Debian and how to configure it to work with Apache and a relational database of your choice.

Choice for Virtual Private Servers?

For free virtual private servers on linux there are several available choices User Mode Linux (UML), Xen, Linux-VServer and probably many others. If you use one; which did you choose and why?

Monitoring your hardware's temperature

Sometimes it is useful to know the temperature of your hardware, to prevent it from frying. This information can easily be found, if your hardware provides the sensors needed, and we have the necessary software.

Sending mail with Exim from 'dialup' IP

I've been using Exim4 for a while now as a mail server on my home cable connection. Unfortunaly my IP is listed as a dynamic IP which means some mail servers refuse to accept mail from me as I am in blacklists for dialup users.

How to recover GRUB Debian Sarge after reinstalling Windows

Many Debian newbies often have to reinstall Windows on the same machine on where Debian is installed. Usually the Windows installation does not take care of our Debian system booting process, overwriting the master boot record with Windows.

Getting a GUI

After installing Debian, often one is left with just a command line prompt waiting for the user to enter login and password. If you are coming from Microsoft Windows environment, this command line prompt looks similar to the DOS prompt. This article explains how to get a GUI environment after installing basic Debian.

Spam filtering with Pyzor and SpamBayes

Spam appears to be a fact of life for most of the online world at the moment. Here is how I personally handle the filtering of incoming mail, using a combination of Pyzor, SpamBayes and Procmail. These tools each integrate nicely, and work easily with my mail reader of choice: mutt.

Giving your Xen instances a working X setup

Xen, the virtualisation system, is a great tool for running fresh copies of an operating system. However it doesn't allow you to run X11 programs. Here we can fix that with the help of VNC.

This article left intentionally blank

This article is left intentionally blank

Past Years