<typo fs:xx-large; fw:bold>Technical Application Topics</typo>
====== UNIX/Linux Command-Line Trivia ======
===== Cheat-Sheet =====
==== SSH ====
Create key for specific purpose or other user:<code>ssh-keygen -f keybasename -C "user@host"</code>

==== GnuPG ====
Encrypt:<code>gpg --encrypt -r keyid --armor < inputfile -o outputfile</code>
Decrypt:<code>gpg --decrypt filename</code>
List keys:<code>gpg --list-options "show-keyring" [--list-keys|--list-secret-keys]</code>
Create key:<code>gpg --full-generate-key</code>
Import keys:<code>gpg --import keyname_pub.asc
gpg --allow-secret-key-import --import keyname_sec.asc</code>
Export keys:<code>gpg --output keyname_pub.asc --armor --export keyid
gpg --output keyname_sec.asc --armor --export-secret-key keyid</code>
Delete keys:<code>gpg --delete-secret-keys XXKEYIDXX
gpg --delete-keys XXKEYIDXX</code>
Flush password cache:<code>echo RELOADAGENT | gpg-connect-agent</code>

==== Vim ====
Switch to hex mode: '':%!xxd'' \\
Switch back from hex mode: '':%!xxd -r'' \\

------
====== Technical Application Topics ======

===== Data Recovery =====
==== Using ddrescue for DVD ripping ====

<WRAP nowrap>
<code>
making backup copies of damaged dvds using ddrescue

with 4 comments

I would normally use AnyDVD (on Windows) to take a backup of a DVD with copy protection, but is doesn’t seem to handle read errors very well (e.g. discs have small scratches) and copies fail.

GNU ddrescue (gddrescue, ddrescue, NOT dd_rescue) on linux is supposed to be better at handling small errors and is designed to handle read errors.

Using ddrescue

So far I have found that the best way is to take an quick(ish) initial copy;

    ddrescue -b 2048 -n -v /dev/sr0 image.iso image.log

This reads the whole disk once, marking any bad blocks as “non-trimmed”. It then reads again in the other direction retrying any bad blocks. Any blocks that still fail are “trimmed” then marked as non-split. There is no further processing after this because of the -n option.

If there are any read errors do another pass using the direct option (-d). You must also specify the number of retries that bad sectors get (-r), otherwise they will be ignored;

    ddrescue -b 2048 -d -r 3 -v /dev/sr0 image.iso image.log

… if there are further errors then you can use the -R (retrim) option to retry full sectors (taken from Forensics Wiki). This will try the any bad sectors in a different order which might help read some (according to the ddrescue documentation, see link below);

    ddrescue -b 2048 -d -r 3 -R -v /dev/sr0 image.iso image.log

I have yet to investigate using different drives to read the disc for another pass, but this might also help.

Other Notes

I don’t think this method (using ddrescue)  removes any copy protection.

Links

Full manual for GNU ddrescue; http://www.gnu.org/software/ddrescue/manual/ddrescue_manual.html

Reading discs might take a long time; http://old.nabble.com/10-days-for-7.8gig–td21461792.html

Good documentation about Data Recovery and ddrescue; https://help.ubuntu.com/community/DataRecovery#Data%20Recovery%20from%20damaged%20filesystem%20or%20drive
</code>
</WRAP>

===== Fingerprint Readers =====
==== Home page for libfprint ====
[[https://www.freedesktop.org/wiki/Software/fprint]]

===== OpenSSL =====
Here's a quick/easy self-signed SSL cert creation command:
<WRAP prewrap><code>openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes</code></WRAP>
Alternately, for a separate key & cert file:
<WRAP prewrap><code>openssl req -newkey rsa:2048 -nodes -keyout yourapp.key -x509 -days 365 -out yourapp.pem</code></WRAP>

===== apache =====
==== SSL ====
  * yum install mod_ssl
  * On CentOS, edit ''/etc/httpd/conf.d/ssl.conf'' and:
    * Comment out the SSL key file entry
    * Ensure correct name of SSL cert file
  * Remove password from PEM cert:<code>openssl rsa -in mycert.pem -out newcert.pem
openssl x509 -in mycert.pem >> newcert.pem</code>
  * On CentOS, put password-less PEM/OpenSSL cert file at ''/etc/pki/ssl/certs/localhost.pem''
  * If you need to re-create the key from the PEM:<code>openssl rsa -in mycert.pem -out mycert.key</code>
  * Restart apache

===== lighttpd =====
==== Install/Config for lighttpd ====
These points are mostly relevant to a slackware install, as that's what I use.  I also prefer to operate the software out of its own home directory (especially since it has its own uid/gid).
  * Create the lighttpd user and group: \\ ''groupadd -g 208 lighttpd'' \\ ''useradd -u 208 -g 208 -d /home/lighttpd -s /bin/ksh -c "lighttpd" -m lighttpd''
  * Perform the slackbuild, and install the resulting package (or use a package you previously created with the slackbuild)
  * Initialize the lighttpd login's home directory (easiest if logged in as the lighttpd user): \\ ''cd'' \\ ''echo "export ENV=${HOME}/.kshrc" > .profile'' \\ ''echo "set nobackup" > .vimrc'' \\ ''mkdir bin etc www log tmp'' \\ ''chmod 750 bin etc www log tmp''
  * Acquire a suitable ''.kshrc'' for per-session environment config // ( here's a {{:tech:unix:dot-kshrc-sample.txt|sample .kshrc file}} ) //
  * Apply the changes to configuration files indicated by the below diffs
  * The changes to config files imply some further modifications to the stock installation footprint:
    * Move ''/etc/lighttpd/lighttpd.conf'' to ''~lighttpd/etc''
    * Replace the ''/etc/lighttpd'' directory with a link to ''~lighttpd/etc''
    * Replace the ''/var/log/lighttpd'' directory with a link to ''~lighttpd/log''
    * Remove the ''/var/www/htdocs-lighttpd'' directory

The below config file diffs assume using FastCGI, and contain a reference/inclusion to a FastCGI config file - here's a \\ {{:tech:app:fastcgi-conf-sample.txt|sample FastCGI config file}}
=== Diffs from stock ''rc.lighttpd'': ===
<code diff>
diff -Naur old/rc.lighttpd new/rc.lighttpd
--- old/rc.lighttpd     2015-03-27 23:28:30.509740421 -0500
+++ new/rc.lighttpd     2015-03-27 23:29:52.655763520 -0500
@@ -21,8 +21,8 @@
 #
 
 LIGHTTPD=/usr/sbin/lighttpd
-PIDFILE=/var/run/lighttpd/lighttpd.pid
-LIGHTTPD_OPTIONS="-f /etc/lighttpd/lighttpd.conf"
+PIDFILE=/home/lighttpd/tmp/lighttpd.pid
+LIGHTTPD_OPTIONS="-f /home/lighttpd/etc/lighttpd.conf"
 
 is_pidof() {
   local STATE=$(ps -p $1 -o cmd= | grep "$2" > /dev/null ; echo $?)
</code>
=== Diffs from stock ''lighttpd.conf'': ===
<code diff>
diff -Naur old/lighttpd.conf new/lighttpd.conf
--- old/lighttpd.conf   2015-03-27 23:24:28.970432691 -0500
+++ new/lighttpd.conf   2015-03-27 23:24:42.677769203 -0500
@@ -25,7 +25,7 @@
 #                               "mod_proxy",
 #                               "mod_simple_vhost",
 #                               "mod_evhost",
-#                               "mod_userdir",
+                                "mod_userdir",
 #                               "mod_cgi",
 #                               "mod_compress",
 #                               "mod_ssi",
@@ -37,10 +37,13 @@
 
 ## a static document-root, for virtual-hosting take look at the
 ## server.virtual-* options
-server.document-root        = "/var/www/htdocs-lighttpd"
+server.document-root        = "/home/lighttpd/www"
+
+## User document root
+userdir.path                = "www"
 
 ## where to send error-messages to
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/home/lighttpd/log/error.log"
 
 # files to check for if .../ is requested
 index-file.names            = ( "index.php", "index.html",
@@ -113,7 +116,7 @@
 # server.tag                 = "lighttpd"
 
 #### accesslog module
-accesslog.filename          = "/var/log/lighttpd/access.log"
+accesslog.filename          = "/home/lighttpd/log/access.log"
 
 ## deny access the file-extensions
 #
@@ -145,7 +148,7 @@
 #server.error-handler-404   = "/error-handler.php"
 
 ## to help the rc.scripts
-server.pid-file            = "/var/run/lighttpd/lighttpd.pid"
+server.pid-file            = "/home/lighttpd/tmp/lighttpd.pid"
 
 
 ###### virtual hosts
@@ -170,6 +173,9 @@
 
 ## virtual directory listings
 #dir-listing.activate       = "enable"
+$HTTP["url"] =~ "^/pub($|/)" {
+   dir-listing.activate = "enable"
+}
 
 ## enable debugging
 #debug.log-request-header   = "enable"
@@ -188,6 +194,9 @@
 ## change uid to <uid> (default: don't care)
 server.groupname           = "lighttpd"
 
+# Follow symbolic links at the filesystem level
+server.follow-symlink      = "enable"
+
 #### compress module
 #compress.cache-dir         = "/tmp/lighttpd/cache/compress/"
 #compress.filetype          = ("text/plain", "text/html")
</code>

==== vhosts ====
If vhosts are desired, then a file named like ''lighttpd-hostname.conf'' would be created in ''~lighttpd/etc'' that would look similar to this:<code>$HTTP["host"] =~ "yourdomain\.org" {
        server.document-root = "/home/lighttpd/yourdomainwwwroot"
        accesslog.filename   = "/home/lighttpd/log/yourdomain-access.log"
        errorlog.filename    = "/home/lighttpd/log/yourdomain-error.log"
}</code>

... and then you would want to include that config file from the primary config file (''~lighttpd/etc/lighttpd.conf'') \\ ''include "lighttpd-hostname.conf"''

==== WordPress ====
This re-write config should be populated into the vhost config:<WRAP prewrap><code>
url.rewrite-once = (
"^/(wp-.+).*/?" => "$0",
"^/(sitemap.xml)" => "$0",
"^/(xmlrpc.php)" => "$0",
"^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1",
"^/.*?(\?.*)?$" => "/index.php$1"
)</code></WRAP>

------
===== Snippets =====

==== rsyslog: custom log file ====
Add something like this into a ''/etc/rsyslog.d/myprogram.conf'' file:
<code># Separate myprogram logging into its own file
if $programname == 'myprogram' then /var/log/myprogram.log
& stop</code>
... then, something like ''logger -t myprogram "this is a log message"'' will get routed to the custom log file. \\
PHP code to do the same:<code>
   openlog( "myprogram", 0, LOG_LOCAL6);
   syslog( LOG_NOTICE, "this is a log message");
</code>
Also, don't forget to add the custom log to ''logrotate'' by populating a file like ''/etc/logrotate.d/myprogram'' with:<code>
/var/log/myprogram.log {
   missingok
   weekly
   size 2G
   copytruncate
   rotate 12
   notifempty
}</code>

==== Ardour, Hydrogen & Jack under Windows ====
  * Hydrogen is only available in 32-bit, so the 32-bit versions of Ardour and Jack should also be selected
  * The ''libjack.dll'' in the Hydrogen program folder should be renamed so that it won't get used \\ // (Jack needs to use its own version of this DLL) //

==== X32-Edit ====
=== Ubuntu Studio dependencies: ===
<code>
sudo apt-get install libx11-6:i386 libxext6:i386 libasound2:i386 libc6:i386 libfreetype6:i386 libc6:i386 libstdc++6:i386 libgcc1:i386 libxcb1:i386 zlib1g:i386 libpng12-0:i386 libxau6:i386 libxdmcp6:i386 libgl1-mesa-glx:i386 libgl1-mesa-dri:i386
</code>

==== kdenlive ====
In Unbuntu, add this PPA in order to use this bug-fixed and upgraded version: \\
[[https://launchpad.net/~sunab/+archive/ubuntu/kdenlive-release]]

==== FUDforum ====
In ''theme/default/help_index.php'', a check for file existence will prevent significant log content created by bots/spammers trying to hit help pages that don't exist.  \\
Line 40: <code>$str = file_get_contents($file);</code>
Replace with: <code>$str = file_exists( $file) ? file_get_contents($file) : "";</code>

 \\

==== LibreOffice ====
=== LibreOffice label definition: ===
<code>
 <item oor:path="/org.openoffice.Office.Labels/Manufacturer">
  <node oor:name="Avery Letter Size" oor:op="replace">
   <node oor:name="Label0" oor:op="replace">
    <prop oor:name="Measure" oor:op="fuse">
     <value>S;5334;1676;4445;1651;1016;1473;4;15;21590;27940</value>
    </prop>
    <prop oor:name="Name" oor:op="fuse"><value>5195 Return Address Labels</value></prop>
   </node>
  </node>
 </item>
</code>

==== VirtualBox ====
=== VirtualBox Extention Pack Installation: ===
<WRAP prewrap>
<code>
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-X.Y.Z-NNNNN.vbox-extpack
</code>
</WRAP>

==== Sendmail ====
A useful reference:  [[https://www.ietf.org/rfc/rfc1912.txt|RFC 1912]] \\
In particular, ''MX'' DNS records should not refer to ''CNAME'' records, only ''A'' records

=== Forwarding EMail: ===
In order to forward mail using a ''.forward'' file, and when your home directory has to be group-writable, this ''sendmail'' option has to be specified in the configuration:
<code>O DontBlameSendmail=forwardfileingroupwritabledirpath</code>
... or, in the MC file ...
<code>define(`confDONT_BLAME_SENDMAIL',``forwardfileingroupwritabledirpath,otherdontblames,...'')</code>

==== rsync ====
An rsync daemon for public rsync service can be set up with these files.
''/etc/rsyncd.conf'' \\
<code>
max connections = 2
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lck
timeout = 300

[fxp]
	comment = Public FreeSlack mirror
	path = /srv/www/zenteknix.com/fxp
	read only = yes
	list = yes
	uid = nobody
	gid = lighttpd
	auth users = anonymous
	secrets file = /etc/rsyncd.secrets
</code>

''/etc/rc.d/rc.rsyncd''
<code bash>
#!/bin/sh
# Start/stop/restart rsync daemon.

# Start rsync daemon:
rsyncd_start() {
  CMDLINE="/usr/bin/rsync --daemon --config=/etc/rsyncd.conf --bwlimit=512"
  echo -n "Starting NTP daemon:  $CMDLINE"
  $CMDLINE
  echo
}

# Stop rsync daemon:
rsyncd_stop() {
  echo -n "Stopping rsync daemon..."
  if [ -r /var/run/rsyncd.pid ]; then
    kill -HUP $(cat /var/run/rsyncd.pid)
    rm -f /var/run/rsyncd.pid
# else
#   killall -HUP -q rsync
  fi
  echo
}

# Restart rsync daemon:
rsyncd_restart() {
  rsyncd_stop
  sleep 1
  rsyncd_start
}

# Check if rsync daemon is running
rsyncd_status() {
  if [ -e /var/run/rsyncd.pid ]; then
    echo "rsync daemon is running."
  else 
    echo "rsync daemon is stopped."
    exit 1
  fi
}

case "$1" in
'start')
  rsyncd_start
  ;;
'stop')
  rsyncd_stop
  ;;
'restart')
  rsyncd_restart
  ;;
'status')
  rsyncd_status
  ;;
*)
  echo "usage $0 start|stop|restart|status"
esac
</code>

==== Firefox ====
=== Minimal browser window ===
First, add a profile by launching firefox like:  ''firefox --new-instance -P profilename'' \\
... and add a profile to suit the app you want to run in the minimal window. \\
Open firefox using the profile, and go to ''about:config'' in the URL bar. \\
Change the value of ''toolkit.legacyUserProfileCustomizations.stylesheets'' to true. \\
Then, populate file ''$HOME/.mozilla/firefox/<profileid>.<profilename>/chrome/userChrome.css'' with: \\
<code>
/*
 * Do not remove the @namespace line -- required to work
 */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* set default namespace to XUL */

/*
 * Hide tab bar, navigation bar and scrollbars
 * !important may be added to force override, but not necessary
 */
#TabsToolbar {visibility: collapse; !important; }
#navigator-toolbox {visibility: collapse; !important; }
#content browser {margin-right: -14px; margin-bottom: -14px;}
</code>

==== Vim ====
=== Suppressing undofile generation: ===
In ''.vimrc'':<code>set noundofile</code>

==== namecoin ====
<WRAP prewrap>
<code>
you@yourhost> namecoin-cli name_new "id/yourid"
[
  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 
  "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]

you@yourhost> namecoin-cli name_firstupdate "id/yourid" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "{name:\"yourname\",email:\"you@youremail.com\"}"
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

you@yourhost> namecoin-cli name_new "d/yourdomain"
[
  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 
  "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]

you@yourhost> namecoin-cli name_firstupdate "d/yourdomain" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" '{"map":{"*":{"ip":["www.xxx.yyy.zzz"]}}}'
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
</code>
</WRAP>

==== WebDAV ====
This is how to put a file using WebDAV // (tested with ''webdav'' on ''lighttpd'') //
<code>curl -H "Expect:" -T file.txt --user login:password http://www.website.com/dav/pub/</code>