Saturday, February 12th, 2011 | Linux, Tech-savvy | 3 Comments
I installed a few Mint boxes lately, mostly due to the release of Mint 10. You already get a lovely OS out of the box, but there are things I like to “fix” after an installation that others may like to do as well. Inspired by urfix‘s “25 command” posts (25 best Linux commands, plus even more 25′s listed in “popular posts”) I collected the x things to do after an initial installation. Have phun!
- Fix vi movement problem
- Install the nonfree version of VirtualBox (3.x) for USB support
- Change terminal colour scheme
- Enable .local name resolution for your M$ network
- Enable CP1252 in eclipse for your M$ originated source code
Having trouble moving in vi’s input mode? Strange characters appearing when you try to move in your text? Try to disable the vi compatibility mode (yes, you are not using vi but vim):
echo set nocompatible >> ~/.vimrc
If you need USB support do not install VirtualBox OSE but the nonfree version.
apt-get install virtualbox-nonfree
After that, make sure your user is member of the virtualbox group, otherwise you won’t be able to access your USB devices.
As of version 4 of VirtualBox, Oracle decided to make the main VirtualBox software open-source, and now licenses a proprietary ‘extension pack’ containing the RDP server and USB support. I have not fiddled with this package yet.
The default white scheme is not easy on my eyes. Ouch! IMHO a terminal has to have black background (slightly transparent if you like) and grey (for the hardcore: green) text colour. It’s still a computer screen, right?
Trying to resolve some .local Windoze DNS lookalike? Try editing your /etc/nsswitch.conf file, change
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins
hosts: dns files mdns4_minimal mdns4
I work at a company that mainly uses Windoze boxes. This is not an excuse not to use UTF-8 as your default encoding, but we have a lot of source code encoded with Windoze default encoding, namly CP1252. Still, its pretty easy to participate in the hacking using a *nix box:
- make sure CP1252 is available
- open a new workspace
- close eclipse and edit .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.core.resources.prefs
- restart eclipse
- start checking out CP1252 source code
locale -m | grep CP1252
This may seem a bad way to solve the problem, because you can easily change your default encoding using Window -> Preferences -> General -> Workspace -> Text File Encoding, but guess what, CP1252 is initially not listed here. So you have to tell eclipse the hard way
Sometimes I need more names for my loopback interface than localhost or the real name of my box. In fact, as I am also an OpenCms developer, I have to have multiple localhost DNS names to access my multisite installation. OpenCms maps sites using DNS name. So, if you need to add some names to your localhost for local development, don’t add names using the IP4 loopback 127.0.0.1 but use IP6′s loopback, otherwise you won’t be able access your site with e.g. Firefox (even though a terminal’s ping works flawless using just the IP4 loopback).
... ::1 silentbox localhost6.localdomain6 localhost6 *add-name-here* 127.0.1.1 silentbox *not-here* ...
Only problem: restarting the system the network manager rewrites the file with default settings, thus deleting your precious changes. I still have to figure out how to solve this.
Just recently I was told “You will be divorced within a year.” I really don’t need that distraction. Mint doesn’t even bother to separate the offensive ones from the non-offensive ones.
and then delete the following line or make it a comment
You could also delete just the fortune files you don’t want to be bothered with, they are located here: /usr/share/games/fortunes/
This is so common I almost forgot to mention it. Read about using SSH keys for authentication here (sorry, Andreas, I know you don’t like “here” links).
I know this list is highly personal, talking about colour schemes and pimping eclipse to work with CP1252 code. Still, some may find something of interest in this. Do you think a common set up task is missing? Just let me know, I am always keen to learn a new trick or two that enhances your every day computer work.
Monday, October 25th, 2010 | Linux, Tech-savvy | 4 Comments
I recently completely switched from a Windoze to a Linux environment. It’s been an amazing experience so far, but switching OSs I “lost” my beloved PuTTY. Well, there is a Linux PuTTY port available, but it kinda felt wrong to me to use a third party SSH client when there is openssh available out of the box as the default SSH implementation. There was just one thing bugging me: I really loved Pageant, the PuTTY authentication agent – enter your passphrase once, never enter a password again. This is very convenient and saved me hours adding up the time I saved not entering my credentials every time I log in to a remote machine (@see Victor Tugelbend)
I had no idea how this works using Linux but this OS is so frickin kewl I managed to have this up and running in less than 5 minutes without Google!. See for yourself reading the log of my shell session.
Saturday, November 8th, 2008 | Misc, Tech-savvy | 3 Comments
Oh no, not another iptables tutorial! Skip this if you are an experienced linux bofh, read this if you don’t want to bother too much with configuring your system but still keeping doors shut and playing around with it. In my case I am using a VPS Linux box for Subversion, Apache, Tomcat and Confluence access. A developer’s machine, as you can tell
I think it’s irresponsible to have a system online and not shutting all possible vulnerabilities down. As long as I am playing with the machine (and don’t have the expertise of a top notch sysadmin) I want it inaccessible almost completely. It’s not that I am paranoid about somebody accessing my stuff, I don’t like the thought of somebody hijacking *my* system doing *their* stuff ! So what I wanted to do was to shut everything down except Secure Shell – that’s the only service I trust (using key only authentication), everything else is tunneled.
Okay, enough talking, this is how you get your machine inaccessible except for ssh:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --dport 22 --sport 1024:65535 -j ACCEPT iptables -A INPUT -m limit --limit 100/second -j LOG --log-prefix "iptables:" iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
You won’t kick yourself from your server entering these commands! These commands should be quite self-explanatory, for a detailed explanation please refer to the iptables man pages.
Next thing is to make sure that a reboot won’t make your system vulnerable once again. The firewall rules are kept in memory only. I didn’t bother the first time I configured my system, now that my provider had to reboot their VPS’ I had to reconfigured it and wanted it to be the last time!
There are two iptable commands that will save and load firewall rules. Dump you current rules with
Save this output in a file:
sudo iptables-save > /etc/iptables-save
Next tell your rc scripts (like
/etc/rc.local for each multiuser runlevel) to execute the following line, using
iptables-restore to restore your previously saves configuration:
cat /etc/iptables-save | iptables-restore -c
That’s it, you’re all set up with a machine that is inaccessible except for Secure Shell. Happy bashing!
- May 2013 (3)
- April 2013 (1)
- March 2013 (1)
- February 2013 (1)
- January 2013 (1)
- December 2012 (3)
- November 2012 (1)
- October 2012 (3)
- September 2012 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
- February 2012 (7)
- January 2012 (1)
- December 2011 (2)
- November 2011 (4)
- October 2011 (5)
- September 2011 (3)
- August 2011 (3)
- July 2011 (2)
- June 2011 (4)
- May 2011 (1)
- April 2011 (2)
- March 2011 (2)
- February 2011 (2)
- January 2011 (6)
- December 2010 (2)
- November 2010 (5)
- October 2010 (7)
- September 2010 (13)
- August 2010 (6)
- July 2010 (4)
- June 2010 (3)
- May 2010 (3)
- April 2010 (2)
- March 2010 (2)
- February 2010 (1)
- January 2010 (1)
- December 2009 (1)
- November 2009 (2)
- October 2009 (5)
- September 2009 (1)
- August 2009 (3)
- July 2009 (5)
- June 2009 (5)
- May 2009 (6)
- April 2009 (3)
- March 2009 (3)
- February 2009 (2)
- January 2009 (1)
- December 2008 (9)
- November 2008 (15)
- October 2008 (15)
- September 2008 (13)