Technical Application Topics
====== UNIX/Linux Command-Line Trivia ======
===== Cheat-Sheet =====
==== SSH ====
Create key for specific purpose or other user:ssh-keygen -f keybasename -C "user@host"
==== GnuPG ====
Encrypt:gpg --encrypt -r keyid --armor < inputfile -o outputfile
Decrypt:gpg --decrypt filename
List keys:gpg --list-options "show-keyring" [--list-keys|--list-secret-keys]
Create key:gpg --full-generate-key
Import keys:gpg --import keyname_pub.asc
gpg --allow-secret-key-import --import keyname_sec.asc
Export keys:gpg --output keyname_pub.asc --armor --export keyid
gpg --output keyname_sec.asc --armor --export-secret-key keyid
Delete keys:gpg --delete-secret-keys XXKEYIDXX
gpg --delete-keys XXKEYIDXX
Flush password cache:echo RELOADAGENT | gpg-connect-agent
==== Vim ====
Switch to hex mode: '':%!xxd'' \\
Switch back from hex mode: '':%!xxd -r'' \\
------
====== Technical Application Topics ======
===== Data Recovery =====
==== Using ddrescue for DVD ripping ====
making backup copies of damaged dvds using ddrescue
with 4 comments
I would normally use AnyDVD (on Windows) to take a backup of a DVD with copy protection, but is doesn’t seem to handle read errors very well (e.g. discs have small scratches) and copies fail.
GNU ddrescue (gddrescue, ddrescue, NOT dd_rescue) on linux is supposed to be better at handling small errors and is designed to handle read errors.
Using ddrescue
So far I have found that the best way is to take an quick(ish) initial copy;
ddrescue -b 2048 -n -v /dev/sr0 image.iso image.log
This reads the whole disk once, marking any bad blocks as “non-trimmed”. It then reads again in the other direction retrying any bad blocks. Any blocks that still fail are “trimmed” then marked as non-split. There is no further processing after this because of the -n option.
If there are any read errors do another pass using the direct option (-d). You must also specify the number of retries that bad sectors get (-r), otherwise they will be ignored;
ddrescue -b 2048 -d -r 3 -v /dev/sr0 image.iso image.log
… if there are further errors then you can use the -R (retrim) option to retry full sectors (taken from Forensics Wiki). This will try the any bad sectors in a different order which might help read some (according to the ddrescue documentation, see link below);
ddrescue -b 2048 -d -r 3 -R -v /dev/sr0 image.iso image.log
I have yet to investigate using different drives to read the disc for another pass, but this might also help.
Other Notes
I don’t think this method (using ddrescue) removes any copy protection.
Links
Full manual for GNU ddrescue; http://www.gnu.org/software/ddrescue/manual/ddrescue_manual.html
Reading discs might take a long time; http://old.nabble.com/10-days-for-7.8gig–td21461792.html
Good documentation about Data Recovery and ddrescue; https://help.ubuntu.com/community/DataRecovery#Data%20Recovery%20from%20damaged%20filesystem%20or%20drive
===== Fingerprint Readers =====
==== Home page for libfprint ====
[[https://www.freedesktop.org/wiki/Software/fprint]]
===== OpenSSL =====
Here's a quick/easy self-signed SSL cert creation command:
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
Alternately, for a separate key & cert file:
openssl req -newkey rsa:2048 -nodes -keyout yourapp.key -x509 -days 365 -out yourapp.pem
===== apache =====
==== SSL ====
* yum install mod_ssl
* On CentOS, edit ''/etc/httpd/conf.d/ssl.conf'' and:
* Comment out the SSL key file entry
* Ensure correct name of SSL cert file
* Remove password from PEM cert:openssl rsa -in mycert.pem -out newcert.pem
openssl x509 -in mycert.pem >> newcert.pem
* On CentOS, put password-less PEM/OpenSSL cert file at ''/etc/pki/ssl/certs/localhost.pem''
* If you need to re-create the key from the PEM:openssl rsa -in mycert.pem -out mycert.key
* Restart apache
===== lighttpd =====
==== Install/Config for lighttpd ====
These points are mostly relevant to a slackware install, as that's what I use. I also prefer to operate the software out of its own home directory (especially since it has its own uid/gid).
* Create the lighttpd user and group: \\ ''groupadd -g 208 lighttpd'' \\ ''useradd -u 208 -g 208 -d /home/lighttpd -s /bin/ksh -c "lighttpd" -m lighttpd''
* Perform the slackbuild, and install the resulting package (or use a package you previously created with the slackbuild)
* Initialize the lighttpd login's home directory (easiest if logged in as the lighttpd user): \\ ''cd'' \\ ''echo "export ENV=${HOME}/.kshrc" > .profile'' \\ ''echo "set nobackup" > .vimrc'' \\ ''mkdir bin etc www log tmp'' \\ ''chmod 750 bin etc www log tmp''
* Acquire a suitable ''.kshrc'' for per-session environment config // ( here's a {{:tech:unix:dot-kshrc-sample.txt|sample .kshrc file}} ) //
* Apply the changes to configuration files indicated by the below diffs
* The changes to config files imply some further modifications to the stock installation footprint:
* Move ''/etc/lighttpd/lighttpd.conf'' to ''~lighttpd/etc''
* Replace the ''/etc/lighttpd'' directory with a link to ''~lighttpd/etc''
* Replace the ''/var/log/lighttpd'' directory with a link to ''~lighttpd/log''
* Remove the ''/var/www/htdocs-lighttpd'' directory
The below config file diffs assume using FastCGI, and contain a reference/inclusion to a FastCGI config file - here's a \\ {{:tech:app:fastcgi-conf-sample.txt|sample FastCGI config file}}
=== Diffs from stock ''rc.lighttpd'': ===
diff -Naur old/rc.lighttpd new/rc.lighttpd
--- old/rc.lighttpd 2015-03-27 23:28:30.509740421 -0500
+++ new/rc.lighttpd 2015-03-27 23:29:52.655763520 -0500
@@ -21,8 +21,8 @@
#
LIGHTTPD=/usr/sbin/lighttpd
-PIDFILE=/var/run/lighttpd/lighttpd.pid
-LIGHTTPD_OPTIONS="-f /etc/lighttpd/lighttpd.conf"
+PIDFILE=/home/lighttpd/tmp/lighttpd.pid
+LIGHTTPD_OPTIONS="-f /home/lighttpd/etc/lighttpd.conf"
is_pidof() {
local STATE=$(ps -p $1 -o cmd= | grep "$2" > /dev/null ; echo $?)
=== Diffs from stock ''lighttpd.conf'': ===
diff -Naur old/lighttpd.conf new/lighttpd.conf
--- old/lighttpd.conf 2015-03-27 23:24:28.970432691 -0500
+++ new/lighttpd.conf 2015-03-27 23:24:42.677769203 -0500
@@ -25,7 +25,7 @@
# "mod_proxy",
# "mod_simple_vhost",
# "mod_evhost",
-# "mod_userdir",
+ "mod_userdir",
# "mod_cgi",
# "mod_compress",
# "mod_ssi",
@@ -37,10 +37,13 @@
## a static document-root, for virtual-hosting take look at the
## server.virtual-* options
-server.document-root = "/var/www/htdocs-lighttpd"
+server.document-root = "/home/lighttpd/www"
+
+## User document root
+userdir.path = "www"
## where to send error-messages to
-server.errorlog = "/var/log/lighttpd/error.log"
+server.errorlog = "/home/lighttpd/log/error.log"
# files to check for if .../ is requested
index-file.names = ( "index.php", "index.html",
@@ -113,7 +116,7 @@
# server.tag = "lighttpd"
#### accesslog module
-accesslog.filename = "/var/log/lighttpd/access.log"
+accesslog.filename = "/home/lighttpd/log/access.log"
## deny access the file-extensions
#
@@ -145,7 +148,7 @@
#server.error-handler-404 = "/error-handler.php"
## to help the rc.scripts
-server.pid-file = "/var/run/lighttpd/lighttpd.pid"
+server.pid-file = "/home/lighttpd/tmp/lighttpd.pid"
###### virtual hosts
@@ -170,6 +173,9 @@
## virtual directory listings
#dir-listing.activate = "enable"
+$HTTP["url"] =~ "^/pub($|/)" {
+ dir-listing.activate = "enable"
+}
## enable debugging
#debug.log-request-header = "enable"
@@ -188,6 +194,9 @@
## change uid to (default: don't care)
server.groupname = "lighttpd"
+# Follow symbolic links at the filesystem level
+server.follow-symlink = "enable"
+
#### compress module
#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
#compress.filetype = ("text/plain", "text/html")
==== vhosts ====
If vhosts are desired, then a file named like ''lighttpd-hostname.conf'' would be created in ''~lighttpd/etc'' that would look similar to this:$HTTP["host"] =~ "yourdomain\.org" {
server.document-root = "/home/lighttpd/yourdomainwwwroot"
accesslog.filename = "/home/lighttpd/log/yourdomain-access.log"
errorlog.filename = "/home/lighttpd/log/yourdomain-error.log"
}
... and then you would want to include that config file from the primary config file (''~lighttpd/etc/lighttpd.conf'') \\ ''include "lighttpd-hostname.conf"''
==== WordPress ====
This re-write config should be populated into the vhost config:
url.rewrite-once = (
"^/(wp-.+).*/?" => "$0",
"^/(sitemap.xml)" => "$0",
"^/(xmlrpc.php)" => "$0",
"^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1",
"^/.*?(\?.*)?$" => "/index.php$1"
)
------
===== Snippets =====
==== rsyslog: custom log file ====
Add something like this into a ''/etc/rsyslog.d/myprogram.conf'' file:
# Separate myprogram logging into its own file
if $programname == 'myprogram' then /var/log/myprogram.log
& stop
... then, something like ''logger -t myprogram "this is a log message"'' will get routed to the custom log file. \\
PHP code to do the same:
openlog( "myprogram", 0, LOG_LOCAL6);
syslog( LOG_NOTICE, "this is a log message");
Also, don't forget to add the custom log to ''logrotate'' by populating a file like ''/etc/logrotate.d/myprogram'' with:
/var/log/myprogram.log {
missingok
weekly
size 2G
copytruncate
rotate 12
notifempty
}
==== Ardour, Hydrogen & Jack under Windows ====
* Hydrogen is only available in 32-bit, so the 32-bit versions of Ardour and Jack should also be selected
* The ''libjack.dll'' in the Hydrogen program folder should be renamed so that it won't get used \\ // (Jack needs to use its own version of this DLL) //
==== X32-Edit ====
=== Ubuntu Studio dependencies: ===
sudo apt-get install libx11-6:i386 libxext6:i386 libasound2:i386 libc6:i386 libfreetype6:i386 libc6:i386 libstdc++6:i386 libgcc1:i386 libxcb1:i386 zlib1g:i386 libpng12-0:i386 libxau6:i386 libxdmcp6:i386 libgl1-mesa-glx:i386 libgl1-mesa-dri:i386
==== kdenlive ====
In Unbuntu, add this PPA in order to use this bug-fixed and upgraded version: \\
[[https://launchpad.net/~sunab/+archive/ubuntu/kdenlive-release]]
==== FUDforum ====
In ''theme/default/help_index.php'', a check for file existence will prevent significant log content created by bots/spammers trying to hit help pages that don't exist. \\
Line 40: $str = file_get_contents($file);
Replace with: $str = file_exists( $file) ? file_get_contents($file) : "";
\\
==== LibreOffice ====
=== LibreOffice label definition: ===
-
S;5334;1676;4445;1651;1016;1473;4;15;21590;27940
5195 Return Address Labels
==== VirtualBox ====
=== VirtualBox Extention Pack Installation: ===
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-X.Y.Z-NNNNN.vbox-extpack
==== Sendmail ====
A useful reference: [[https://www.ietf.org/rfc/rfc1912.txt|RFC 1912]] \\
In particular, ''MX'' DNS records should not refer to ''CNAME'' records, only ''A'' records
=== Forwarding EMail: ===
In order to forward mail using a ''.forward'' file, and when your home directory has to be group-writable, this ''sendmail'' option has to be specified in the configuration:
O DontBlameSendmail=forwardfileingroupwritabledirpath
... or, in the MC file ...
define(`confDONT_BLAME_SENDMAIL',``forwardfileingroupwritabledirpath,otherdontblames,...'')
==== rsync ====
An rsync daemon for public rsync service can be set up with these files.
''/etc/rsyncd.conf'' \\
max connections = 2
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lck
timeout = 300
[fxp]
comment = Public FreeSlack mirror
path = /srv/www/zenteknix.com/fxp
read only = yes
list = yes
uid = nobody
gid = lighttpd
auth users = anonymous
secrets file = /etc/rsyncd.secrets
''/etc/rc.d/rc.rsyncd''
#!/bin/sh
# Start/stop/restart rsync daemon.
# Start rsync daemon:
rsyncd_start() {
CMDLINE="/usr/bin/rsync --daemon --config=/etc/rsyncd.conf --bwlimit=512"
echo -n "Starting NTP daemon: $CMDLINE"
$CMDLINE
echo
}
# Stop rsync daemon:
rsyncd_stop() {
echo -n "Stopping rsync daemon..."
if [ -r /var/run/rsyncd.pid ]; then
kill -HUP $(cat /var/run/rsyncd.pid)
rm -f /var/run/rsyncd.pid
# else
# killall -HUP -q rsync
fi
echo
}
# Restart rsync daemon:
rsyncd_restart() {
rsyncd_stop
sleep 1
rsyncd_start
}
# Check if rsync daemon is running
rsyncd_status() {
if [ -e /var/run/rsyncd.pid ]; then
echo "rsync daemon is running."
else
echo "rsync daemon is stopped."
exit 1
fi
}
case "$1" in
'start')
rsyncd_start
;;
'stop')
rsyncd_stop
;;
'restart')
rsyncd_restart
;;
'status')
rsyncd_status
;;
*)
echo "usage $0 start|stop|restart|status"
esac
==== Firefox ====
=== Minimal browser window ===
First, add a profile by launching firefox like: ''firefox --new-instance -P profilename'' \\
... and add a profile to suit the app you want to run in the minimal window. \\
Open firefox using the profile, and go to ''about:config'' in the URL bar. \\
Change the value of ''toolkit.legacyUserProfileCustomizations.stylesheets'' to true. \\
Then, populate file ''$HOME/.mozilla/firefox/./chrome/userChrome.css'' with: \\
/*
* Do not remove the @namespace line -- required to work
*/
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* set default namespace to XUL */
/*
* Hide tab bar, navigation bar and scrollbars
* !important may be added to force override, but not necessary
*/
#TabsToolbar {visibility: collapse; !important; }
#navigator-toolbox {visibility: collapse; !important; }
#content browser {margin-right: -14px; margin-bottom: -14px;}
==== Vim ====
=== Suppressing undofile generation: ===
In ''.vimrc'':set noundofile
==== namecoin ====
you@yourhost> namecoin-cli name_new "id/yourid"
[
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
you@yourhost> namecoin-cli name_firstupdate "id/yourid" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "{name:\"yourname\",email:\"you@youremail.com\"}"
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
you@yourhost> namecoin-cli name_new "d/yourdomain"
[
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
you@yourhost> namecoin-cli name_firstupdate "d/yourdomain" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" '{"map":{"*":{"ip":["www.xxx.yyy.zzz"]}}}'
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
==== WebDAV ====
This is how to put a file using WebDAV // (tested with ''webdav'' on ''lighttpd'') //
curl -H "Expect:" -T file.txt --user login:password http://www.website.com/dav/pub/