Technical Application Topics
Create key for specific purpose or other user:
ssh-keygen -f keybasename -C "user@host"
Encrypt:
gpg --encrypt -r keyid --armor < inputfile -o outputfile
Decrypt:
gpg --decrypt filename
List keys:
gpg --list-options "show-keyring" [--list-keys|--list-secret-keys]
Create key:
gpg --full-generate-key
Import keys:
gpg --import keyname_pub.asc gpg --allow-secret-key-import --import keyname_sec.asc
Export keys:
gpg --output keyname_pub.asc --armor --export keyid gpg --output keyname_sec.asc --armor --export-secret-key keyid
Delete keys:
gpg --delete-secret-keys XXKEYIDXX gpg --delete-keys XXKEYIDXX
Flush password cache:
echo RELOADAGENT | gpg-connect-agent
Switch to hex mode: :%!xxd
Switch back from hex mode: :%!xxd -r
making backup copies of damaged dvds using ddrescue with 4 comments I would normally use AnyDVD (on Windows) to take a backup of a DVD with copy protection, but is doesn’t seem to handle read errors very well (e.g. discs have small scratches) and copies fail. GNU ddrescue (gddrescue, ddrescue, NOT dd_rescue) on linux is supposed to be better at handling small errors and is designed to handle read errors. Using ddrescue So far I have found that the best way is to take an quick(ish) initial copy; ddrescue -b 2048 -n -v /dev/sr0 image.iso image.log This reads the whole disk once, marking any bad blocks as “non-trimmed”. It then reads again in the other direction retrying any bad blocks. Any blocks that still fail are “trimmed” then marked as non-split. There is no further processing after this because of the -n option. If there are any read errors do another pass using the direct option (-d). You must also specify the number of retries that bad sectors get (-r), otherwise they will be ignored; ddrescue -b 2048 -d -r 3 -v /dev/sr0 image.iso image.log … if there are further errors then you can use the -R (retrim) option to retry full sectors (taken from Forensics Wiki). This will try the any bad sectors in a different order which might help read some (according to the ddrescue documentation, see link below); ddrescue -b 2048 -d -r 3 -R -v /dev/sr0 image.iso image.log I have yet to investigate using different drives to read the disc for another pass, but this might also help. Other Notes I don’t think this method (using ddrescue) removes any copy protection. Links Full manual for GNU ddrescue; http://www.gnu.org/software/ddrescue/manual/ddrescue_manual.html Reading discs might take a long time; http://old.nabble.com/10-days-for-7.8gig–td21461792.html Good documentation about Data Recovery and ddrescue; https://help.ubuntu.com/community/DataRecovery#Data%20Recovery%20from%20damaged%20filesystem%20or%20drive
Here's a quick/easy self-signed SSL cert creation command:
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
Alternately, for a separate key & cert file:
openssl req -newkey rsa:2048 -nodes -keyout yourapp.key -x509 -days 365 -out yourapp.pem
/etc/httpd/conf.d/ssl.conf
and:openssl rsa -in mycert.pem -out newcert.pem openssl x509 -in mycert.pem >> newcert.pem
/etc/pki/ssl/certs/localhost.pem
openssl rsa -in mycert.pem -out mycert.key
These points are mostly relevant to a slackware install, as that's what I use. I also prefer to operate the software out of its own home directory (especially since it has its own uid/gid).
groupadd -g 208 lighttpd
useradd -u 208 -g 208 -d /home/lighttpd -s /bin/ksh -c “lighttpd” -m lighttpd
cd
echo “export ENV=${HOME}/.kshrc” > .profile
echo “set nobackup” > .vimrc
mkdir bin etc www log tmp
chmod 750 bin etc www log tmp
.kshrc
for per-session environment config ( here's a sample .kshrc file ) /etc/lighttpd/lighttpd.conf
to ~lighttpd/etc
/etc/lighttpd
directory with a link to ~lighttpd/etc
/var/log/lighttpd
directory with a link to ~lighttpd/log
/var/www/htdocs-lighttpd
directory
The below config file diffs assume using FastCGI, and contain a reference/inclusion to a FastCGI config file - here's a
sample FastCGI config file
diff -Naur old/rc.lighttpd new/rc.lighttpd --- old/rc.lighttpd 2015-03-27 23:28:30.509740421 -0500 +++ new/rc.lighttpd 2015-03-27 23:29:52.655763520 -0500 @@ -21,8 +21,8 @@ # LIGHTTPD=/usr/sbin/lighttpd -PIDFILE=/var/run/lighttpd/lighttpd.pid -LIGHTTPD_OPTIONS="-f /etc/lighttpd/lighttpd.conf" +PIDFILE=/home/lighttpd/tmp/lighttpd.pid +LIGHTTPD_OPTIONS="-f /home/lighttpd/etc/lighttpd.conf" is_pidof() { local STATE=$(ps -p $1 -o cmd= | grep "$2" > /dev/null ; echo $?)
diff -Naur old/lighttpd.conf new/lighttpd.conf --- old/lighttpd.conf 2015-03-27 23:24:28.970432691 -0500 +++ new/lighttpd.conf 2015-03-27 23:24:42.677769203 -0500 @@ -25,7 +25,7 @@ # "mod_proxy", # "mod_simple_vhost", # "mod_evhost", -# "mod_userdir", + "mod_userdir", # "mod_cgi", # "mod_compress", # "mod_ssi", @@ -37,10 +37,13 @@ ## a static document-root, for virtual-hosting take look at the ## server.virtual-* options -server.document-root = "/var/www/htdocs-lighttpd" +server.document-root = "/home/lighttpd/www" + +## User document root +userdir.path = "www" ## where to send error-messages to -server.errorlog = "/var/log/lighttpd/error.log" +server.errorlog = "/home/lighttpd/log/error.log" # files to check for if .../ is requested index-file.names = ( "index.php", "index.html", @@ -113,7 +116,7 @@ # server.tag = "lighttpd" #### accesslog module -accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.filename = "/home/lighttpd/log/access.log" ## deny access the file-extensions # @@ -145,7 +148,7 @@ #server.error-handler-404 = "/error-handler.php" ## to help the rc.scripts -server.pid-file = "/var/run/lighttpd/lighttpd.pid" +server.pid-file = "/home/lighttpd/tmp/lighttpd.pid" ###### virtual hosts @@ -170,6 +173,9 @@ ## virtual directory listings #dir-listing.activate = "enable" +$HTTP["url"] =~ "^/pub($|/)" { + dir-listing.activate = "enable" +} ## enable debugging #debug.log-request-header = "enable" @@ -188,6 +194,9 @@ ## change uid to <uid> (default: don't care) server.groupname = "lighttpd" +# Follow symbolic links at the filesystem level +server.follow-symlink = "enable" + #### compress module #compress.cache-dir = "/tmp/lighttpd/cache/compress/" #compress.filetype = ("text/plain", "text/html")
If vhosts are desired, then a file named like lighttpd-hostname.conf
would be created in ~lighttpd/etc
that would look similar to this:
$HTTP["host"] =~ "yourdomain\.org" { server.document-root = "/home/lighttpd/yourdomainwwwroot" accesslog.filename = "/home/lighttpd/log/yourdomain-access.log" errorlog.filename = "/home/lighttpd/log/yourdomain-error.log" }
… and then you would want to include that config file from the primary config file (~lighttpd/etc/lighttpd.conf
)
include “lighttpd-hostname.conf”
This re-write config should be populated into the vhost config:
url.rewrite-once = ( "^/(wp-.+).*/?" => "$0", "^/(sitemap.xml)" => "$0", "^/(xmlrpc.php)" => "$0", "^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1", "^/.*?(\?.*)?$" => "/index.php$1" )
Add something like this into a /etc/rsyslog.d/myprogram.conf
file:
# Separate myprogram logging into its own file if $programname == 'myprogram' then /var/log/myprogram.log & stop
… then, something like logger -t myprogram “this is a log message”
will get routed to the custom log file.
PHP code to do the same:
openlog( "myprogram", 0, LOG_LOCAL6); syslog( LOG_NOTICE, "this is a log message");
Also, don't forget to add the custom log to logrotate
by populating a file like /etc/logrotate.d/myprogram
with:
/var/log/myprogram.log { missingok weekly size 2G copytruncate rotate 12 notifempty }
libjack.dll
in the Hydrogen program folder should be renamed so that it won't get used sudo apt-get install libx11-6:i386 libxext6:i386 libasound2:i386 libc6:i386 libfreetype6:i386 libc6:i386 libstdc++6:i386 libgcc1:i386 libxcb1:i386 zlib1g:i386 libpng12-0:i386 libxau6:i386 libxdmcp6:i386 libgl1-mesa-glx:i386 libgl1-mesa-dri:i386
In Unbuntu, add this PPA in order to use this bug-fixed and upgraded version:
https://launchpad.net/~sunab/+archive/ubuntu/kdenlive-release
In theme/default/help_index.php
, a check for file existence will prevent significant log content created by bots/spammers trying to hit help pages that don't exist.
Line 40:
$str = file_get_contents($file);
Replace with:
$str = file_exists( $file) ? file_get_contents($file) : "";
<item oor:path="/org.openoffice.Office.Labels/Manufacturer"> <node oor:name="Avery Letter Size" oor:op="replace"> <node oor:name="Label0" oor:op="replace"> <prop oor:name="Measure" oor:op="fuse"> <value>S;5334;1676;4445;1651;1016;1473;4;15;21590;27940</value> </prop> <prop oor:name="Name" oor:op="fuse"><value>5195 Return Address Labels</value></prop> </node> </node> </item>
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-X.Y.Z-NNNNN.vbox-extpack
A useful reference: RFC 1912
In particular, MX
DNS records should not refer to CNAME
records, only A
records
In order to forward mail using a .forward
file, and when your home directory has to be group-writable, this sendmail
option has to be specified in the configuration:
O DontBlameSendmail=forwardfileingroupwritabledirpath
… or, in the MC file …
define(`confDONT_BLAME_SENDMAIL',``forwardfileingroupwritabledirpath,otherdontblames,...'')
An rsync daemon for public rsync service can be set up with these files.
/etc/rsyncd.conf
max connections = 2 log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lck timeout = 300 [fxp] comment = Public FreeSlack mirror path = /srv/www/zenteknix.com/fxp read only = yes list = yes uid = nobody gid = lighttpd auth users = anonymous secrets file = /etc/rsyncd.secrets
/etc/rc.d/rc.rsyncd
#!/bin/sh # Start/stop/restart rsync daemon. # Start rsync daemon: rsyncd_start() { CMDLINE="/usr/bin/rsync --daemon --config=/etc/rsyncd.conf --bwlimit=512" echo -n "Starting NTP daemon: $CMDLINE" $CMDLINE echo } # Stop rsync daemon: rsyncd_stop() { echo -n "Stopping rsync daemon..." if [ -r /var/run/rsyncd.pid ]; then kill -HUP $(cat /var/run/rsyncd.pid) rm -f /var/run/rsyncd.pid # else # killall -HUP -q rsync fi echo } # Restart rsync daemon: rsyncd_restart() { rsyncd_stop sleep 1 rsyncd_start } # Check if rsync daemon is running rsyncd_status() { if [ -e /var/run/rsyncd.pid ]; then echo "rsync daemon is running." else echo "rsync daemon is stopped." exit 1 fi } case "$1" in 'start') rsyncd_start ;; 'stop') rsyncd_stop ;; 'restart') rsyncd_restart ;; 'status') rsyncd_status ;; *) echo "usage $0 start|stop|restart|status" esac
First, add a profile by launching firefox like: firefox –new-instance -P profilename
… and add a profile to suit the app you want to run in the minimal window.
Open firefox using the profile, and go to about:config
in the URL bar.
Change the value of toolkit.legacyUserProfileCustomizations.stylesheets
to true.
Then, populate file $HOME/.mozilla/firefox/<profileid>.<profilename>/chrome/userChrome.css
with:
/* * Do not remove the @namespace line -- required to work */ @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* set default namespace to XUL */ /* * Hide tab bar, navigation bar and scrollbars * !important may be added to force override, but not necessary */ #TabsToolbar {visibility: collapse; !important; } #navigator-toolbox {visibility: collapse; !important; } #content browser {margin-right: -14px; margin-bottom: -14px;}
In .vimrc
:
set noundofile
you@yourhost> namecoin-cli name_new "id/yourid" [ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" ] you@yourhost> namecoin-cli name_firstupdate "id/yourid" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "{name:\"yourname\",email:\"you@youremail.com\"}" zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz you@yourhost> namecoin-cli name_new "d/yourdomain" [ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" ] you@yourhost> namecoin-cli name_firstupdate "d/yourdomain" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" '{"map":{"*":{"ip":["www.xxx.yyy.zzz"]}}}' zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
This is how to put a file using WebDAV (tested with webdav
on lighttpd
)
curl -H "Expect:" -T file.txt --user login:password http://www.website.com/dav/pub/