Icewm -- With an Identity crisis

Icewm -- With an Identity crisis

Someone kept telling me "but... Linux isn't Windows.... " So, I fixed their little red wagon. It may not BE Windows, but Linux sure can LOOK like Windows.......... of course, it doesn't have those BSOD and it runs faster, but hey, nothin's perfect. :) :)

Done using Icewm and a theme and a background image. Looks pretty good. I set this up on an underpowered machine that KDE 4.1 was choking down to a crawl... XP barely ran on it, and Vista wouldn't boot I'm sure. Linux with Icewm, is very responsive, and much faster than KDE 4.1 had been. Was a fun 1/2 hour.

Arch Linux and KDE 4.1

I use KDE for my default WM. Yeah yea yea, I know, it's NOT geeky enough. I like it though, and Arch Linux moved KDE 4.1 from testing and it is now downloaded and installed on all my computers. Alot of cool new stuff in KDE 4.1 I applaud the Arch Linux devs and the KDE team.

If you haven't tried KDE 4.1 yet..... you should. It's pretty cool :)

Why you should change your ssh default port.

Thought some of you might find this interesting. No one gets in, but it's funny how just changing the port number on ssh will stop 99.99% of the stupid attacks (some random bot repeatedly attempting to gain access) . Several other things SHOULD be changed in the ssh config file also, not just the port number, but this one provides the most eye opening reasons to be secure.

Installed server on Jul 17th ..... less than 5 days later, well, you get the idea.
wtmp begins Thu Jul 17 21:57:08 2008

[root@VistaCrusher1 ~]# lastb | wc -l
25349

For the less command line oriented peeps, that means I had 25,349 attempts to breach my machine via the ssh login. Bad logins recorded, along with IP's and other cool stuff.
Needless to say, I'll go change that shortly, along with several other security precautions. I just wanted to see how many hits I'd get in 5 days. That, and I wanted to see who came back.

Imagine that.....

[root@VistaCrusher1 ~]# lastb | grep 125.164.202.240
clamav ssh:notty 125.164.202.240 Mon Jul 21 16:40 - 16:40 (00:00)
clamav ssh:notty 125.164.202.240 Mon Jul 21 16:39 - 16:39 (00:00)

Someone is STILL trying.

Here is a list of WHO tried.

[root@VistaCrusher1 ~]# lastb | awk '{print $3}' | sort --unique

121.14.5.209
123.140.215.92
124.42.50.54
125.164.202.240
193.23.52.17
193.33.171.66
208.65.156.53
210.146.9.109
210.176.26.185
210.221.148.223
210.51.171.74
211.160.40.29
211.33.57.138
212.90.168.161
217.199.186.93
218.38.56.181
219.122.33.3
222.195.137.249
52.26.222.203.st
61.114.236.22
74.10.24.182
83.103.170.158
83.168.89.246
89.238.203.66
Sun
c-24-5-182-18.hs
mail.zdr.ru
mail3.gus.net
martinjajcaj.vps
mvx-200-201-183-
n220246012106.ne
security.isd.com
[root@VistaCrusher1 ~]#

As someone mentioned to me on the Archlinux forums, iptables can be used to help prevent this as well.

### START SECURITY RULES ###
# Don't limit SSH from known addreses
# xxx.xxx.xxx.xxx
iptables        -A forwarding_wan -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

# SSH rate limiting from unknown IP addresses
# Allow 2 chances in 10 minutes to connect, reject after that
iptables        -A forwarding_wan -p tcp --dport 22 -m state --state NEW -m recent --set
iptables        -A forwarding_wan -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 3 -j DROP

Status of LinuxTorrents.org

I have taken the site down completely as the TorrentTrader software that was running the site apparently had some serious flaws. I'm not sure what all this person got into on the server that was hosting LinuxTorrents.org, but it was enough to mess it up badly. I don't think I'm inclined to reload the software, or find new software at this time, I may come up with a different solution instead, or just forward it to LinuxTracker, I haven't decided.

I know WHERE the hack originated, because I KNOW I didn't have clamav on my server.

clamav     pts/1    125.164.202.240    Thu Jul 10    06:46 - 06:58     (00:12)

that was from the output of "last". In the end, I blame myself. I should have installed better software for the torrents. One solution I've debated on, while lowtech, is to just use apache and upload torrents into directories. To this day, it still amazes me that people go out of their way to destroy what someone else creates.

Review of O'Reilly School of Technology System Administration Certificate Course

Review of O'Reilly School of Technology System Administration Certificate Course
by Dave Crouse


http://www.oreillyschool.com
http://www.oreillyschool.com/courses/system-administration.php
Quote:

Linux/Unix System Administration Certificate Series

This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois.


I completed the Linux/Unix System Administration Certificate from The O'Reilly School of Technology several months ago. I am finally getting some free time to review the course. I must say I am really glad I took the course, and that even with over a decade of Linux experience, I did actually learn a few things. The course is actually setup for the beginner to intermediate users. This doesn't mean that power users of Linux won't learn anything, I did learn a few new things, but probably would be more for review and the certificate to put on your resume, than to expect to learn new concepts if your an advanced Linux user. Beginners and Intermediate users should expect to learn many new concepts and to do alot of reading.

Lets start with the interface for the school. It's called "The Learning Sandbox". There are two basic parts to the sandbox. The "Mystuff" section that contains the coursework and materials, and the "Coderunner" section below, that has the editor/mysql/unix tabs. Let me state right off the bat, I didn't like the "Coderunner" section that much. This was probably the one area of the entire course that I didn't have much appreciation of. Probably simply because I found logging in via ssh and using vi via my own Linux session, was so much faster and easier than using the web based interface that they supplied. This interface is used for other courses, so it makes sense that it's available, it just wasn't something I needed to use to do the coursework. In fact, I don't think I used it over once or twice during the entire course. Perhaps a person having to work from the Windows operating system might need that, I'm not sure.

The "Mystuff" section is used, it is in fact where you find the coursework and instructions. After logging into your account, and clicking your "Mystuff" tab you are presented with a screen that shows seven tabs. Files, Messages, Account, Course Work,Certificate,Forum,Main. Course Work is the tab that will get the biggest workout. Clicking that opens up the screen that allows you to get started.

Course 1: The Unix File System

This was by far the easiest of the course's. It covers basic shell commands, text editors, ssh, and cron. This section probably presents very little new material to an advanced user. Beginner and Intermediate users might find this material new, or a good refresher. This section in my opinion, could have covered much more material, and had many more questions than it did.

Course 2: Networking and DNS

I "thought" I knew a lot about Networking and DNS, I've ran my own bind server and have did a fair bit of networking. I found out most of the stuff I learned from the entire course series came from this section. The part that really threw me was the section on IP/subnets. This was just something I never really had to deal with, and forced me to dig into what I didn't know, and learn it. The course instructor was very helpful, and answered many emails promptly. This section I think many power Linux users would find challenging, and would probably benefit from.

Course 3: Unix Services

This section might be the most challenging for someone not familiar with a Linux system at all. In it you configure and install servers from source, and how to configure them. Not much of a challenge for the experience System Administrator or a Linux guru, but definitely an eye opener for someone that's never done it. This is the section where you "Learn by Doing, and Doing and Doing ........ " I enjoyed this section. From a users standpoint, this section probably had the best "flow". Working from the basics to having an installed running apache/mysql/php system.

Course 4: Scripting for Administrators Sed, Awk, and Perl

This section I enjoyed the most. It gives the user an overview of Awk, Sed, and Perl. If your not familiar with any of these, expect this section to take longer. I had to ask for clarification for one of the questions, and again, the instructor replied quickly via email.


My overall opinion of the course. It is worth taking. The instructor's are extremely friendly and willing to help you. It may not present tons of new material for an experienced Linux user, but for an Intermediate user, it would be challenging. A few things I would change, I would add more questions to the course's, and cover much more material in the scripting sections. On a scale of one to ten, I'd give it an eight. Would I take more O'Reilly course's ? Yes, I am planning on taking more. It was a thought provoking and enjoyable experience for me.

Recording a Desktop session using Linux

They say a picture is worth a thousand words, I'd hate to calculate what a video is worth then. The usefulness of this application is probably underated. Let's say you wanted to show someone a complicated gimp procedure, but you can't show them in person, as you live on different continents. VNC would work, but if it's complicated, it would be nice to have the "instructions" saved as a video. So you could record it and send it via the web or on a cd/dvd, or perhaps you "could" vnc in and show them and they could use this app and record the entire process on their end, saving the huge download or delay in mail. Either way, recording the desktop session is a handy thing to do at times. Perhaps you just want to record your Beryl session and shove it in your buddys face because he's still using that inferior OS.


Whatever your reasons for recording, perhaps the easiest way to record your desktop is using Linux is a program called: recordMyDesktop. Catchy name isn't it ;) recordMyDesktop is actually just the command line program to record your desktop, there are 2 gui interfaces you can use with it to create a very simple way to record a desktop session. My example thegimp.ogg video shows me recording part of the desktop and playing with the gimp. Nothing spectacular, but gives you an idea of what it can do.



recordMyDesktop's hompage is http://recordmydesktop.iovar.org/about.php

From the webpage:

recordMyDesktop offers also the ability to record audio, along with video,
through ALSA, OSS or the JACK audio server.

Also,
recordMyDesktop produces files using only open formats
These are theora for video and vorbis for audio,
using the ogg container.


A user guide is also available here: http://recordmydesktop.iovar.org/rug/toc.php


This application makes it very easy to "record" digitally what your doing ... say with the gimp, and shows visually how to do "X". One thing I noticed, you need to record at about 100% video quality, or it doesn't look good. At 100% video quality, it looks awesome and clear, but does create quite a large file. So, if you plan on making a gimp video tutorial (let me know if you do)... it might be easiest to distribute on dvd's instead of downloads. All in all, it's a great new (for me) addition to my library of graphic apps for Linux.


Installing the applications in my Arch system was extremely simple.




pacman -S recordmydesktop gtk-recordmydesktop qt-recordmydesktop




This installed the commandline application and both gui's for it. Ubuntu was as simple using Synaptic and searching for those apps and installing them. Worked well on both distros. Give it a shot, I think you'll be impressed.

FireGPG a FireFox Extension

FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of text in any web page using GnuPG.

Visit the FireGPG website.

Before we get into what FireGPG is, I suppose you should know what GPG is. GPG is GNUprivacyGuard. The website for GPG is http://www.gnupg.org.
"GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.


GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License ."

Sounds complicated doesn't it ? It's not really. But integrating gpg into your email client can be a chore. Incorporating gpg into your email client however makes encrypting and decrypting emails a snap. Enter FIREGPG. Firegpg is a FireFox extension that installs as a .xpi file. It makes using gmail for encrypted mail a breeze. With a bit of understanding of the basics of GnuPG, you can integrate your webmail and GnuPG to make encryption easy and simple. If your using FireFox, you can click HERE to install into FireFox. It's that easy to get started.

Linux VS Windows

This video shows it all.

The first minute and a half are showing you Vista's newest graphics stuff. The last three minutes of the video show Linux's newest graphics stuff. If this was a boxing match, Windows just got the crap beat out of it.

encfs - encrypted filesystem in user-space.

Quoting from Wikipedia:
EncFS is a Free (GPL'ed) FUSE-based cryptographic filesystem that transparently encrypts files, using an arbitrary directory as storage for the encrypted files.




Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory.




Files are encrypted using a volume key, which is stored encrypted in the source directory. A password is used to decrypt this key.




Sounds complicated, but it's really not. Basically what we are going to accomplish here is creating Directory that has all the files in it encrypted.
This will work on any system, this requires 3 applications if they are not already installed. fuse rlog encfs For me, it's simply a matter of using pacman and installing them. You can use whatever package manager your distro provides or you can install from source.

[root@localhost ~]# pacman -S fuse encfs rlog
resolving dependencies... done.
looking for inter-conflicts... done.

Targets: fuse-2.7.1-1  rlog-1.3.7-4  encfs-1.3.2-1

Total Package Size:   0.44 MB
Total Installed Size:   0.86 MB

Proceed with installation? [Y/n] y
:: Retrieving packages from core...
 fuse                     142.5K  144.3K/s 00:00:01 [#########] 100%
:: Retrieving packages from community...
 rlog                      34.8K  100.2K/s 00:00:00 [#########] 100%
 encfs                    270.9K  148.4K/s 00:00:02 [#########] 100%
checking package integrity... done.
cleaning up... done.
(3/3) checking for file conflicts                   [#########] 100%
(1/3) installing fuse                               [#########] 100%
==> You must load the fuse kernel module to use FUSE.
-> Run 'modprobe fuse' to load the module now.
-> Add fuse to $MODULES in /etc/rc.conf to load on every boot.
==> You will need a /dev/fuse device node to use FUSE.
-> If you use udev, nothing needs to be done
-> For a static /dev, run: mknod /dev/fuse -m 0666 c 10 229
(2/3) installing rlog                               [#########] 100%
(3/3) installing encfs                              [#########] 100%
[root@localhost ~]# 

Once you have all 3 packages installed, you have to modprobe fuse.

[root@localhost ~]# modprobe fuse
[root@localhost ~]# 

NOTE: Edit the /etc/rc.conf file and put "fuse" into the modules section to have it loaded on next boot automatically....... saves modprobing every time ;) That of course is for my Arch system, I leave it up to you to edit the appropriate file for your distro.




Now as a normal user enter the full paths to the hidden/encrypted directory and the directory you will use for temp storage.


encfs /home/crouse/.ENCRYPTED /home/crouse/ENCRYPTED

[10:48:57 crouse]$ encfs /home/crouse/.ENCRYPTED /home/crouse/ENCRYPTED
The directory "/home/crouse/.ENCRYPTED/" does not exist. Should it be created? (y,n) y
The directory "/home/crouse/ENCRYPTED" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> p

Paranoia configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 512 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.

-------------------------- WARNING --------------------------
The external initialization-vector chaining option has been
enabled.  This option disables the use of hard links on the
filesystem. Without hard links, some programs may not work.
The programs 'mutt' and 'procmail' are known to fail.  For
more information, please see the encfs mailing list.
If you would like to choose another configuration setting,
please press CTRL-C now to abort and start over.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:
[~]
[10:50:18 crouse]$

Ok, now we have the programs installed and the directories mounted, it's working ;) The command above "started" the encfs working. To STOP it from working you can use the command fusermount -u /home/crouse/ENCRYPTED replacing my path with the path of your "viewable/temp" directory.



I usually open konqueror and in the above example, I browse to "/home/crouse/ENCRYPTED" and split my window into two parts and then drag-n-drop files into /home/crouse/ENCRYPTED Once I'm done, using the unmount command above, the files in ENCRYPTED are now encrypted in the (on my system) hidden file .ENCRYPTED please notice the period before the filename !! (I used a hidden file by using the period in front of the filename, you don't have to do it that way if you don't want too).




Since typing those LONG commands into a terminal window is a pain, I created a bash script to do that for me.

#!/bin/sh
# Written by Crouse. 11-2-2007
# Mounts/UNmounts encFS dir.
# Edit the dir paths below to suit your needs.
# Paths MUST be full paths - the use of ~/ or partial path will not work.
ENCRYPTED_DIRECTORY="/home/crouse/private.enc"
VIEWABLE_DIRECTORY="/home/crouse/private"

echo ""
if [ "$(cat /proc/mounts | grep fuse | grep $VIEWABLE_DIRECTORY)" != "" ];
then
  echo "Encrypted Filesystem status: MOUNTED."
  read -p "encFS: should $VIEWABLE_DIRECTORY be unmounted? (y/n) " answer
  if [ $answer == "y" ]
  then
    fusermount -u $VIEWABLE_DIRECTORY &
    echo "$VIEWABLE_DIRECTORY was unmounted"
  else
    echo "$VIEWABLE_DIRECTORY still mounted."
  fi
else
  echo "Encrypted Filesystem status: UNMOUNTED."
  read -p "encFS: should $VIEWABLE_DIRECTORY be mounted? (y/n) " answer
  if [ $answer == "y" ]
  then
   encfs $ENCRYPTED_DIRECTORY $VIEWABLE_DIRECTORY
        echo "$VIEWABLE_DIRECTORY mounted for use."
else
  echo "Ok, exiting, doing nothing"
  fi
fi
echo ""
sleep 3
exit 0 

So at this point now, you can edit the two lines in the script above to represent YOUR directories and you can run the script to start/stop encfs.



I took this one step further...... since I'm REALLY lazy, I created an icon on my kde desktop and linked it to

`/usr/bin/xterm -fn 6x13 -bg LightSlateGray -fg black -e /home/crouse/scripts/encfscntrl.sh &`



Now, to start/stop the encrypted file system I can just click my icon on my desktop and an xterm window opens up, asks if you want it on or off, and for the password, then gracefully closes after a couple seconds.




encfs is a very cool tool for keeping data private in a directory. It has many options that i haven't covered, but this should get you started.

My Public Key

Public Key for Dave Crouse

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEhNlTYRBACdzF604loTXXJYLbAC5gIBR3IG5OskD8OLUiTsZIX8nwpDphme
AgbuZcnDvOnWYCSiHT+zgC+V0yvoCfz7XaRQJRwmGFeIo2SFEl4ugNLP6EcphQwT
Zdtpo607NvMbKnk/esWD7bYqZJK2uCjU51Ojk0YZO9Xqoj8YXCqp9kFsswCgkTC1
v5gBd2ywllikpGVb3prXeUcEAI2fXoL57KRonBEPNt7w75Pj+Y6yF9B+zYTL15P2
qvZpQpfzcANnyXQ9WCI7E8qJCS6L5x1dxwjCRIc7kqJdv7Ipq4i3UMW4qVC9XFvb
zDm2KimYyud/Xw6KvkZKrXAuR7KEmGXysGBnoMEg+8iYMhdd+5sSlXgCK6y0Y6z/
c44tA/9UKSyxgMW5zYdWpvYhDUgvh8oLVZbyXI72g8z1bXSeT0JCT0ZgwmcAmdwd
IFq7kgpfMoX8txUEZ5qKxRqSJ6OMrue6kgYGPyUHJOrbqeQhIGzXACDnKxlyqEli
eiWhuHeKh9N1urGls5G89apohxKmUloqYmjV/7m/USUMvs9MBbQtRGF2aWQgQ3Jv
dXNlICg2NC1iaXRBcmNoKSA8Y3JvdXNlQHVzYWx1Zy5uZXQ+iGAEExECACAFAkhN
lTYCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDk0H2l56T3vOVUAJ9A9MNP
EGFjsh/ykAQ/fGCMXhtpnwCcD6geSxB1lkymoiU854Z2MfmnjQ6JASIEEAECAAwF
AkhnBAUFAwASdQAACgkQlxC4m8pXrXx5bwgAxfJ5ff+yphG/3yX7XN0ttXt8bkCV
yJCyOw5VYqd6CSYWNHnDeFvs7nMLqb3haR/C1yGtLebTPcWp/I4SYRkOLhojxPlO
0tG0PJJPjllh1YJ1vLQxTxN6QmPX3wNgLUxu/9ba3gjZ68++JfSa/+netj4jZ4m/
9IpVm2jfznqljtoee2SjB3bYDb59U6brjTeIe5AFqy2hW+hY7eklbsPQlsAXUkNA
tkBath9CVyL9xx7KZPDieqBlY/80AagpDDoB2sgfnQCs4eo0m3QxOB6xiIAciluT
mH5+Q10du0Ubsc/r3qWiv5dySbzJ0JesYFN8kpIRZswivjZwTQQMVLjp3rkCDQRI
TZU2EAgAqLu5MlBgeCY0qT1M3og7QgaXWQ1/nz2cTa9uq5ee5bfLLbvkPO8aEfyD
T3NCEVdd5uVnpwM82Vz6WrW+3vklI8DTieIno63sdPA3MbBkwi4Qkdjdq1FMY7Gr
XsmFI5vUidmWYntO5e/o/rwawxCK3pfJbKVypin5Gav2bimZxqSCfb28CLpUUBlF
0VCLiZWPRmpw2lIP8ziaks+xgyjiINYus23kiPy95CKP97V1pOpGqx02V0KVFokj
kJHHmB7sTHVbwFEYgDdkt1HVdpR7iqC/bwa3Tj+XVyYa/aNmCCg1FzwWmer1o5tF
gDE+R57VPw3e4+EEFHahr7hmxrwIYwADBQf/Rwjx2JOohzRQFRPGbS5IHmDRZkkX
9yx3B22uIaIpN/3rtpOw99VYhbZzG228r1jTYdizDRXvBYs9exoq39w3Riw/KbZj
7NXZ/KoRGh9bCWyd+ohpqIqvvHJo2LEdaTSLTZU/YV1M5DiCUPB+IOOUPlYWuIZv
zHM9nf1hx4+BfKqIXjZQ8aebMQeGbCms5QBpN1s7M+WGX7vrV0kU6MzPAg85pYVS
NMvtW0szjbihYs8CnfnPSTWIFR1IaONz6Njl+t2np6QhCjKMflKsBcfQl30eXeAd
ZyphujhthHtK0YAcWYx3ZpyL+YqKPBpHgo24oX/GIg7qTWWh2QlcaKLFeohJBBgR
AgAJBQJITZU2AhsMAAoJEOTQfaXnpPe8sGAAnjtpfocNTXXh76kD4mNdVasselWQ
AJ9LuY46+Fr1i8JnPY0amg4F6lYK+Q==
=DZNL
-----END PGP PUBLIC KEY BLOCK-----