Feed on Posts or Comments 10 March 2010

Linux Wytze on 20 Jan 2010

Basic iptables configuration

Here is a small basic example allowing you to setup your iptables.

First we reset everything. See the man page for exact details on the parameters we use.

iptables -F
iptables -Z
iptables -X

Create some chains that will provide us with some logging.

iptables -N logdrop
iptables -N logreject
iptables -N logaccept

Add some rules to these chains.

iptables -A logdrop -j LOG --log-prefix 'DROP: ' --log-level warning
iptables -A logdrop -j DROP
iptables -A logdrop -j LOG --log-prefix 'REJECT: ' --log-level warning
iptables -A logdrop -j REJECT
iptables -A logaccept -j LOG --log-prefix 'ACCEPT: ' --log-level warning
iptables -A logaccept -j ACCEPT

Now you have a basic setup with some logging.
The next step will be to apply your rules and jump to the corresponding chain on a positive match.
You could set the default policies for the INPUT, FORWARD and OUTPUT chains to ACCEPT and add a jump to logdrop at the end of each chain so that any non-matching rules will be automatically dropped.

Small example:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j logaccept
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j logaccept
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j logaccept
iptables -A INPUT -j logdrop
 
iptables -A FORWARD -j logreject

Comments (0)

Uncategorized Wytze on 18 Aug 2009

Some bash stuff

I just need a cheat sheet because I keep forgetting all these bash things.

Number of parameters: $#
All parameters: $@
String length: ${#foo}
Remove trailing slash: ${foo%/}
Check return value from last command: $?

Comments (0)

Debian Wytze on 01 Jul 2009

lm-sensors on the VIA EPIA SN10000EG and SN18000g

1. Edit /etc/modprobe.d/options.conf
2. Add the following line:

options dme1737 probe_all_addr=1

3. Save and exit
4. Load the module

modprobe dme1737

5. Check that it loaded succesfully:

lsmod

6. Edit the /etc/sysconfig/lm_sensors file

HWMON_MODULES="dme1737"
MODULE_0=dme1737

7. Run sensors to check the output

sensors

8. I also compiled the c7temp module because the in0 didn’t show and loaded it.

mkdir -p /usr/src/c7temp
(I extracted the c7temp.c file from the patch which is placed here:
http://lists.lm-sensors.org/pipermail/lm-sensors/attachments/20080619/0dccdaf0/attachment.bin)
touch /usr/src/c7temp/c7temp.c
filled the contents of c7temp.c with those of the patch

Created a makefile in the c7temp dir.

obj-m    := c7temp.o
 
KDIR    := /lib/modules/$(shell uname -r)/build
PWD    := $(shell pwd)
 
default:
	$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules

And ran make in the c7temp dir. This will get you a .ko file. Install it.

install -m 644 c7temp.ko /lib/modules/`uname -r`/kernel/drivers/hwmon/c7temp.ko

Generate the modules.dep and map files

depmod -a

And load the module

modprobe c7temp

And check that the module loaded with lsmod

lsmod

Modified the /etc/sysconfig/lm_sensors file a bit again

# Generated by sensors-detect on Wed Jul  1 08:43:13 2009
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
# be loaded/unloaded.
#
# The format of this file is a shell script that simply defines variables:
# HWMON_MODULES for hardware monitoring driver modules, and optionally
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
 
HWMON_MODULES="dme1737 c7temp"
 
# For compatibility reasons, modules are also listed individually as variables
#    MODULE_0, MODULE_1, MODULE_2, etc.
# You should use BUS_MODULES and HWMON_MODULES instead if possible.
 
MODULE_0=dme1737
MODULE_1=c7temp

Done.
9. I edited the /etc/sensors3.conf file on my machine

chip "sch311x-*"
    ignore in0
 
    label in1 "Vcore"
    label in2 "+3.3V"
    label in3 "+5V"
    label in4 "+12V"
    label in5 "3VSB"
    label in6 "Vbat"
 
    label temp1 "CPU"
    label temp2 "SIO Temp"
    label temp3 "M/B Temp"
 
    set in2_min  3.3 * 0.90
    set in2_max  3.3 * 1.10
    set in3_min  5.0 * 0.90
    set in3_max  5.0 * 1.10
    set in4_min 12.0 * 0.90
    set in4_max 12.0 * 1.10
    set in5_min  3.3 * 0.90
    set in5_max  3.3 * 1.10
    set in6_min  3.0 * 0.90
    set in6_max  3.0 * 1.10
 
chip "c7temp-*"
    ignore temp1

Comments (7)

Debian Wytze on 07 May 2009

Samba basic config

Step one: You will need samba 

apt-get install samba

Step two: Check if you have a group for your samba users.

cat /etc/group | grep samba

On my system this resulted in “sambashare:x:107:” which means we have a group called sambashare with gid 107.

If you don’t have a group you can create it. I recommend specifying an own gid which you can use on multiple systems.

groupadd -g 2000 share

Step three: Create some basic users.

If the user doesn’t exist on the system you will need to create it. I assume this new user will only be used with samba.
So we will force it into the sambashare group and disable the shell. (If you didn’t have the sambashare group use share or whatever name you choose in the previous step)

useradd -g sambashare -s /bin/false yourusername

-g sets the main group for this user
-s sets the shell login

After this we set a samba password

smbpasswd -a yourusername

-a adds a new user and sets the password

Do a round trip of this step for all the users you need.

Step four:

Create some basic shares. Here is a short snippet to make a new share. Edit /etc/samba/smb.conf and add something like the following:

[sharename]
valid users = user1, user2
path = /share
browsable = yes
write list = user2
create mask = 0664
directory mask = 0775
force user = root
force group = sambashare

That’s it. Save it and then restart the server to be sure the settings are picked up.
/etc/init.d/samba restart

Comments (0)

Java & Linux Wytze on 12 Mar 2009

Update-alternatives

Having multiple jvm’s on your linux machine can be a pain in the ass. To select which jvm to use you can use the update-alternatives command. A small example of how to add a jvm to the alternatives here:

update-alternatives --install /usr/bin/java java /usr/java/jdk1.6.0_11/bin/java 16011

This will add an entry for your jdk into the alternatives. The last number assigns the priority to this alternative. Which is the version and build number of the relase.

After adding you can use the following command to select the java version you want to use:

update-alternatives --config java

If you switch the java update-alternatives to auto it will automatically pick the java alternative with the highest priority.

Comments (2)

Debian Wytze on 26 Aug 2008

Time synchronization on your debian machine

In order to synchronize the time on your debian machine you can use ntp. (apt-get install ntp) This will install ntp and the ntp daemon. Edit your configuration found in /etc/ntp.conf and add some ntp servers close to your current location.

I added some ntp servers for the Netherlands.

# pool.ntp.org maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#  *** Please consider joining the pool! ***
#  *** <http://www.pool.ntp.org/join.html> ***
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
server 2.nl.pool.ntp.org
server 3.nl.pool.ntp.org
# server 0.debian.pool.ntp.org iburst
# server 1.debian.pool.ntp.org iburst
# server 2.debian.pool.ntp.org iburst
# server 3.debian.pool.ntp.org iburst

Test afterwards by calling the ntptime command (run as root). It should look like this:

ntp_gettime() returns code 0 (OK)
  time cc5e6a21.5f5d5000  Tue, Aug 26 2008 13:40:17.372, (.372518),
  maximum error 1299815 us, estimated error 646 us
ntp_adjtime() returns code 0 (OK)
  modes 0x0 (),
  offset -141.000 us, frequency -36.781 ppm, interval 1 s,
  maximum error 1299815 us, estimated error 646 us,
  status 0x1 (PLL),
  time constant 6, precision 1.000 us, tolerance 512 ppm,

You can verify that your system clock was set ok now by calling the date command.

Comments (0)

Java Wytze on 21 Aug 2008

Tomcat remote debugging

I was going to write a whole lot of howto here. But why do that when you can just link to the Tomcat Wiki? ;)

The wiki that shows you how to enable remote debugging is found here.

Comments (0)

Java Wytze on 21 Aug 2008

Building EJB3 applications with Maven 2

Here is a guide to building ejb3 applications with maven2 (from scratch). We will not be using any maven archetypes/templates but do it by hand to get a project that is as clean as possible.

First create a directory that will contain all the modules the ear file consists of. It will contain all the basic info the other projects/modules need to inherit from.

Create the pom.xml file in the directory and update it with something like the following:

<?xml version="1.0" encoding="UTF-8"?>
<project
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<modelVersion>4.0.0</modelVersion>
	<groupId>your.group.id</groupId>
	<artifactId>your-artifact-name</artifactId>
	<packaging>pom</packaging>
	<name />
	<version>0.0.1-SNAPSHOT</version>
	<description />
	<modules>
		<module>ear</module>
		<module>war</module>
		<module>ejb-jar</module>
	</modules>
	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>1.5</source>
					<target>1.5</target>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

Then create the subdirectories ( I named them ear, war and ejb-jar in this case ) for the modules.

ejb-jar pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<parent>
		<artifactId>ejb-sample</artifactId>
		<groupId>your.group.id</groupId>
		<version>0.0.1-SNAPSHOT</version>
	</parent>
	<modelVersion>4.0.0</modelVersion>
	<groupId>your.group.id</groupId>
	<artifactId>ejb-jar</artifactId>
	<name />
	<version>0.0.1-SNAPSHOT</version>
	<packaging>ejb</packaging>
	<description />
	<dependencies>
		<dependency>
			<groupId>javax.ejb</groupId>
			<artifactId>ejb</artifactId>
			<version>3.0</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>javax.persistence</groupId>
			<artifactId>persistence-api</artifactId>
			<version>1.0</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.testng</groupId>
			<artifactId>testng</artifactId>
			<version>5.7</version>
			<scope>test</scope>
		</dependency>			
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-ejb-plugin</artifactId>
				<configuration>
					<ejbVersion>3.0</ejbVersion>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

war pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<parent>
		<artifactId>ejb-sample</artifactId>
		<groupId>your.group.id</groupId>
		<version>0.0.1-SNAPSHOT</version>
	</parent>
	<modelVersion>4.0.0</modelVersion>
	<groupId>your.group.id</groupId>
	<artifactId>war</artifactId>
	<packaging>war</packaging>
	<name />
	<version>0.0.1-SNAPSHOT</version>
	<description />
	<dependencies>
		<dependency>
			<groupId>your.group.id</groupId>
			<artifactId>ejb-jar</artifactId>
			<type>ejb</type>
			<version>0.0.1-SNAPSHOT</version>
		</dependency>
	</dependencies>
	<build>
		<finalName>yourWarName</finalName>
	</build>
</project>

ear pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<parent>
		<artifactId>ejb-sample</artifactId>
		<groupId>your.group.id</groupId>
		<version>0.0.1-SNAPSHOT</version>
	</parent>
	<modelVersion>4.0.0</modelVersion>
	<groupId>your.group.id</groupId>
	<artifactId>ear</artifactId>
	<packaging>ear</packaging>
	<name />
	<version>0.0.1-SNAPSHOT</version>
	<description />
	<dependencies>
		<dependency>
			<groupId>your.group.id</groupId>
			<artifactId>ejb-jar</artifactId>
			<type>ejb</type>
			<version>0.0.1-SNAPSHOT</version>
		</dependency>
		<dependency>
			<groupId>your.group.id</groupId>
			<artifactId>war</artifactId>
			<type>war</type>
			<version>0.0.1-SNAPSHOT</version>
		</dependency>
	</dependencies>
	<pluginRepositories>
		<pluginRepository>
			<id>codehaus snapshot repository</id>
			<url>http://snapshots.repository.codehaus.org/</url>
			<releases>
				<enabled>true</enabled>
			</releases>
		</pluginRepository>
	</pluginRepositories>
	<build>
		<finalName>your-ear-name</finalName>
		<plugins>
			<plugin>
				<artifactId>maven-ear-plugin</artifactId>
				<configuration>
					<modules>
						<ejbModule>
							<groupId>your.group.id</groupId>
							<artifactId>ejb-jar</artifactId>
						</ejbModule>
						<webModule>
							<groupId>your.group.id</groupId>
							<artifactId>war</artifactId>
						</webModule>
					</modules>
					<jboss>
             			<version>4</version>
             			<loader-repository>your.group:archive=your-ear-name.ear</loader-repository>
           			</jboss>					
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.codehaus.cargo</groupId>
				<artifactId>cargo-maven2-plugin</artifactId>
				<version>0.3-SNAPSHOT</version>
				<configuration>
					<container>
						<containerId>jboss4x</containerId>
						<type>remote</type>
					</container>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

This is basically the project structure. I hope to create a downloadable archetype of this structure so you can start with this by running the mvn archetype plugin for easy use.

Comments (15)

Debian Wytze on 20 Aug 2008

Installing Trac with MySQL database

1. Follow the basic guide posted here.
2. Be sure to install python-mysqldb package.
3. Create MySQL database and user for trac.

CREATE DATABASE trac;
CREATE user trac IDENTIFIED BY 'trac';
GRANT ALL privileges ON trac.* TO 'trac'@'%';

4. Run the following command:

trac-admin <Your project dir> initenv

5. When asked for the MySQL connection url enter something like the following:

#form: db-type://username:password@mysql-host:mysql-port/databasename
mysql://trac:trac@localhost:3306/trac

6. Configuring Apache2 (Make sure you have mod_python)

        <Location /trac/test>
                SetHandler mod_python
                PythonInterpreter main_interpreter
                PythonHandler trac.web.modpython_frontend
                PythonOption TracEnv /var/trac/test
                PythonOption TracUriRoot /trac/test
        </Location>
 
        <LocationMatch "/trac/[^/]+/login">
                AuthType Basic
                AuthName "Trac"
                AuthUserFile /var/trac/trac.htpasswd
                Require valid-user
        </LocationMatch>

7. Add admin login data

htpasswd -c /var/trac/trac.htpasswd admin

8. Grant TRAC_ADMIN to admin user

trac-admin /var/trac/test permission add admin TRAC_ADMIN

Comments (1)

General Wytze on 17 Aug 2008

The paperless office

Well here we are once again. This time to conquer the pile of paper laying besides, on and under your desk. My girlfriend went nuts by the sheer load of paper laying around everywhere. I’m kind of messy but when I start to organize things I’m kind of a perfectionist. So here I went and put all the papers in one big pile.

After going through the pile I realized that there were a lot of papers worth trowing away but at the same time we’re worth keeping. A dilemma. So I had a good cold beer and started thinking about the situation. The beer worked like oil on the brains and I came up with a good solution. ‘Let’s scan this pile of toiletpaper!’ and so I provided my HP 7310 with some juice and put all the paperwork on the automatic paper input of the device. I inserted an empty SD-Card and started gaming while the HP started to do what it was made for.

After a few hours ( well actually the scanner was long done before that… plz don’t tell my girlfriend ;) ) the scans were complete and I put the files on my debian server. So far so good. Now at least I had a backup of all the paper versions. After that I was rather satisfied and threw away a large pile of paper I no longer needed as I had a digital backup now.

But a real geek doesn’t stop here. What I wanted next was to be able to search through my digital paperwork fast and get the papers that I need. So I had a look and found that there is a great open source ocr package called tesseract. I downloaded some packages and started trying out some things. I found out that it was only capable of handling tiff images at this point and that it was best to avoid color in the images. To get the required images I installed ImageMagick to do the converting from jpg to grayscale uncompressed tiffs.

So far so good. This will result in a txt file containing the text in the file. Pretty neat. Now I can use grep to look for any string matches and then open the matching jpg. Easy as 1,2,3. :)

After this I created the following script that will parse any new images automatically with the ocr software.

#!/bin/bash
 
basedir="/share/downloads/Scans"
 
# Parses a scan if not already processed
# $1 = JPG file
parse_scan(){
        jpg_file=$1
        base_name=${jpg_file:0:(${#jpg_file}-4)}
        tif_file=$base_name.TIF
        txt_file=$base_name.txt
 
        # If tiff file does not exist, use imagemagick to convert
        if [ ! -e $txt_file ]; then
                echo "Converting: $jpg_file into $tif_file"
 
#               echo $base_name
#               echo $tif_file
#               echo $txt_file
 
                # Convert jpg into tiff file
                convert $jpg_file -format tiff -colorspace gray -depth 8 -compress none $tif_file &> /dev/null
 
                # Use tesseract for ocr on tiff file
                tesseract $tif_file $base_name -l nld &> /dev/null
 
                # Remove tiff file
                rm $tif_file &> /dev/null
        fi
}
 
for file in $basedir/*; do
        filename=$file
        length=${#filename}
 
        if echo $filename | grep -q '.jpg$'; then
                # Create TIF filename
                parse_scan $filename
        elif echo $filename | grep -q '.JPG$'; then
                # Create TIF filename
                parse_scan $filename
        fi
done

You can of course make the basedir an argument which can be passed into the shell script. But that is a personal choice. Now you can get rid of your pile of paper too. Let’s start recycling that pile of paper. :)

Comments (0)

Next Page »