Nick Prosch online

Linux Mint 10: Common post installation tasks

Saturday, February 12th, 2011 | Linux, Tech-savvy | 3 Comments

I installed a few Mint boxes lately, mostly due to the release of Mint 10. You already get a lovely OS out of the box, but there are things I like to “fix” after an installation that others may like to do as well. Inspired by urfix‘s “25 command” posts (25 best Linux commands, plus even more 25′s listed in “popular posts”) I collected the x things to do after an initial installation. Have phun!

1. Fix vi movement problem

Having trouble moving in vi’s input mode? Strange characters appearing when you try to move in your text? Try to disable the vi compatibility mode (yes, you are not using vi but vim):

echo set nocompatible >> ~/.vimrc

2. Install the nonfree version of VirtualBox (3.x) for USB support

If you need USB support do not install VirtualBox OSE but the nonfree version.

apt-get install virtualbox-nonfree

After that, make sure your user is member of the virtualbox group, otherwise you won’t be able to access your USB devices.

As of version 4 of VirtualBox, Oracle decided to make the main VirtualBox software open-source, and now licenses a proprietary ‘extension pack’ containing the RDP server and USB support. I have not fiddled with this package yet.

3. Change terminal colour scheme

The default white scheme is not easy on my eyes. Ouch! IMHO a terminal has to have black background (slightly transparent if you like) and grey (for the hardcore: green) text colour. It’s still a computer screen, right?

4. Enable .local name resolution for your M$ network

Trying to resolve some .local Windoze DNS lookalike? Try editing your /etc/nsswitch.conf file, change

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins

to

hosts: dns files mdns4_minimal mdns4

5. Enable CP1252 in eclipse for your M$ originated source code

I work at a company that mainly uses Windoze boxes. This is not an excuse not to use UTF-8 as your default encoding, but we have a lot of source code encoded with Windoze default encoding, namly CP1252. Still, its pretty easy to participate in the hacking using a *nix box:

• make sure CP1252 is available

locale -m | grep CP1252

• open a new workspace
• close eclipse and edit .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.core.resources.prefs

encoding=CP1252

• restart eclipse
• start checking out CP1252 source code

This may seem a bad way to solve the problem, because you can easily change your default encoding using Window -> Preferences -> General -> Workspace -> Text File Encoding, but guess what, CP1252 is initially not listed here. So you have to tell eclipse the hard way

6. Enable (full) localhost name resolution

Sometimes I need more names for my loopback interface than localhost or the real name of my box. In fact, as I am also an OpenCms developer, I have to have multiple localhost DNS names to access my multisite installation. OpenCms maps sites using DNS name. So, if you need to add some names to your localhost for local development, don’t add names using the IP4 loopback 127.0.0.1 but use IP6′s loopback, otherwise you won’t be able access your site with e.g. Firefox (even though a terminal’s ping works flawless using just the IP4 loopback).

Edit /etc/hosts

... ::1 silentbox localhost6.localdomain6 localhost6 *add-name-here* 127.0.1.1 silentbox *not-here* ...

Only problem: restarting the system the network manager rewrites the file with default settings, thus deleting your precious changes. I still have to figure out how to solve this.

7. Disable / cripple fortune

Just recently I was told “You will be divorced within a year.” I really don’t need that distraction. Mint doesn’t even bother to separate the offensive ones from the non-offensive ones.

vi /etc/bash.bashrc

and then delete the following line or make it a comment

#/usr/bin/mint-fortune

You could also delete just the fortune files you don’t want to be bothered with, they are located here: /usr/share/games/fortunes/

8. Use SSH keys

This is so common I almost forgot to mention it. Read about using SSH keys for authentication here (sorry, Andreas, I know you don’t like “here” links).

I know this list is highly personal, talking about colour schemes and pimping eclipse to work with CP1252 code. Still, some may find something of interest in this. Do you think a common set up task is missing? Just let me know, I am always keen to learn a new trick or two that enhances your every day computer work.

Tags: dns, eclipse, encoding, fortune, linux, opencms, ssh, vi, virtualbox

Using (PuTTY) SSH keys for athentication with Linux

Monday, October 25th, 2010 | Linux, Tech-savvy | 4 Comments

I recently completely switched from a Windoze to a Linux environment. It’s been an amazing experience so far, but switching OSs I “lost” my beloved PuTTY. Well, there is a Linux PuTTY port available, but it kinda felt wrong to me to use a third party SSH client when there is openssh available out of the box as the default SSH implementation. There was just one thing bugging me: I really loved Pageant, the PuTTY authentication agent – enter your passphrase once, never enter a password again. This is very convenient and saved me hours adding up the time I saved not entering my credentials every time I log in to a remote machine (@see Victor Tugelbend)

I had no idea how this works using Linux but this OS is so frickin kewl I managed to have this up and running in less than 5 minutes without Google!. See for yourself reading the log of my shell session.

› Continue reading

Tags: linux, openssh, putty, ssh

fast firewalling for developers with iptables

Saturday, November 8th, 2008 | Misc, Tech-savvy | 3 Comments

Oh no, not another iptables tutorial! Skip this if you are an experienced linux bofh, read this if you don’t want to bother too much with configuring your system but still keeping doors shut and playing around with it. In my case I am using a VPS Linux box for Subversion, Apache, Tomcat and Confluence access. A developer’s machine, as you can tell

I think it’s irresponsible to have a system online and not shutting all possible vulnerabilities down. As long as I am playing with the machine (and don’t have the expertise of a top notch sysadmin) I want it inaccessible almost completely. It’s not that I am paranoid about somebody accessing my stuff, I don’t like the thought of somebody hijacking *my* system doing *their* stuff ! So what I wanted to do was to shut everything down except Secure Shell – that’s the only service I trust (using key only authentication), everything else is tunneled.

Okay, enough talking, this is how you get your machine inaccessible except for ssh:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -m limit --limit 100/second -j LOG --log-prefix "iptables:"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

You won’t kick yourself from your server entering these commands! These commands should be quite self-explanatory, for a detailed explanation please refer to the iptables man pages.

Next thing is to make sure that a reboot won’t make your system vulnerable once again. The firewall rules are kept in memory only. I didn’t bother the first time I configured my system, now that my provider had to reboot their VPS’ I had to reconfigured it and wanted it to be the last time!

There are two iptable commands that will save and load firewall rules. Dump you current rules with

sudo iptables-save

Save this output in a file:

sudo iptables-save > /etc/iptables-save

Next tell your rc scripts (like /etc/rc.local for each multiuser runlevel) to execute the following line, using iptables-restore to restore your previously saves configuration:

cat /etc/iptables-save | iptables-restore -c

That’s it, you’re all set up with a machine that is inaccessible except for Secure Shell. Happy bashing!

Tags: firewall, iptables, rc.local, ssh, vps