User Tools
tech:app:start
Table of Contents
Technical Application Topics
UNIX/Linux Command-Line Trivia
Cheat-Sheet
SSH
Create key for specific purpose or other user:
ssh-keygen -f keybasename -C "user@host"
GnuPG
Encrypt:
gpg --encrypt -r keyid --armor < inputfile -o outputfile
Decrypt:
gpg --decrypt filename
List keys:
gpg --list-options "show-keyring" [--list-keys|--list-secret-keys]
Create key:
gpg --full-generate-key
Import keys:
gpg --import keyname_pub.asc gpg --allow-secret-key-import --import keyname_sec.asc
Export keys:
gpg --output keyname_pub.asc --armor --export keyid gpg --output keyname_sec.asc --armor --export-secret-key keyid
Delete keys:
gpg --delete-secret-keys XXKEYIDXX gpg --delete-keys XXKEYIDXX
Flush password cache:
echo RELOADAGENT | gpg-connect-agent
Vim
Switch to hex mode: :%!xxd
Switch back from hex mode: :%!xxd -r
Technical Application Topics
Data Recovery
Using ddrescue for DVD ripping
making backup copies of damaged dvds using ddrescue
with 4 comments
I would normally use AnyDVD (on Windows) to take a backup of a DVD with copy protection, but is doesn’t seem to handle read errors very well (e.g. discs have small scratches) and copies fail.
GNU ddrescue (gddrescue, ddrescue, NOT dd_rescue) on linux is supposed to be better at handling small errors and is designed to handle read errors.
Using ddrescue
So far I have found that the best way is to take an quick(ish) initial copy;
ddrescue -b 2048 -n -v /dev/sr0 image.iso image.log
This reads the whole disk once, marking any bad blocks as “non-trimmed”. It then reads again in the other direction retrying any bad blocks. Any blocks that still fail are “trimmed” then marked as non-split. There is no further processing after this because of the -n option.
If there are any read errors do another pass using the direct option (-d). You must also specify the number of retries that bad sectors get (-r), otherwise they will be ignored;
ddrescue -b 2048 -d -r 3 -v /dev/sr0 image.iso image.log
… if there are further errors then you can use the -R (retrim) option to retry full sectors (taken from Forensics Wiki). This will try the any bad sectors in a different order which might help read some (according to the ddrescue documentation, see link below);
ddrescue -b 2048 -d -r 3 -R -v /dev/sr0 image.iso image.log
I have yet to investigate using different drives to read the disc for another pass, but this might also help.
Other Notes
I don’t think this method (using ddrescue) removes any copy protection.
Links
Full manual for GNU ddrescue; http://www.gnu.org/software/ddrescue/manual/ddrescue_manual.html
Reading discs might take a long time; http://old.nabble.com/10-days-for-7.8gig–td21461792.html
Good documentation about Data Recovery and ddrescue; https://help.ubuntu.com/community/DataRecovery#Data%20Recovery%20from%20damaged%20filesystem%20or%20drive
Fingerprint Readers
Home page for libfprint
OpenSSL
Here's a quick/easy self-signed SSL cert creation command:
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
Alternately, for a separate key & cert file:
openssl req -newkey rsa:2048 -nodes -keyout yourapp.key -x509 -days 365 -out yourapp.pem
apache
SSL
- yum install mod_ssl
- On CentOS, edit
/etc/httpd/conf.d/ssl.confand:- Comment out the SSL key file entry
- Ensure correct name of SSL cert file
- Remove password from PEM cert:
openssl rsa -in mycert.pem -out newcert.pem openssl x509 -in mycert.pem >> newcert.pem
- On CentOS, put password-less PEM/OpenSSL cert file at
/etc/pki/ssl/certs/localhost.pem - If you need to re-create the key from the PEM:
openssl rsa -in mycert.pem -out mycert.key
- Restart apache
lighttpd
Install/Config for lighttpd
These points are mostly relevant to a slackware install, as that's what I use. I also prefer to operate the software out of its own home directory (especially since it has its own uid/gid).
- Create the lighttpd user and group:
groupadd -g 208 lighttpd
useradd -u 208 -g 208 -d /home/lighttpd -s /bin/ksh -c “lighttpd” -m lighttpd - Perform the slackbuild, and install the resulting package (or use a package you previously created with the slackbuild)
- Initialize the lighttpd login's home directory (easiest if logged in as the lighttpd user):
cd
echo “export ENV=${HOME}/.kshrc” > .profile
echo “set nobackup” > .vimrc
mkdir bin etc www log tmp
chmod 750 bin etc www log tmp - Acquire a suitable
.kshrcfor per-session environment config ( here's a sample .kshrc file ) - Apply the changes to configuration files indicated by the below diffs
- The changes to config files imply some further modifications to the stock installation footprint:
- Move
/etc/lighttpd/lighttpd.confto~lighttpd/etc - Replace the
/etc/lighttpddirectory with a link to~lighttpd/etc - Replace the
/var/log/lighttpddirectory with a link to~lighttpd/log - Remove the
/var/www/htdocs-lighttpddirectory
The below config file diffs assume using FastCGI, and contain a reference/inclusion to a FastCGI config file - here's a
sample FastCGI config file
Diffs from stock ''rc.lighttpd'':
diff -Naur old/rc.lighttpd new/rc.lighttpd --- old/rc.lighttpd 2015-03-27 23:28:30.509740421 -0500 +++ new/rc.lighttpd 2015-03-27 23:29:52.655763520 -0500 @@ -21,8 +21,8 @@ # LIGHTTPD=/usr/sbin/lighttpd -PIDFILE=/var/run/lighttpd/lighttpd.pid -LIGHTTPD_OPTIONS="-f /etc/lighttpd/lighttpd.conf" +PIDFILE=/home/lighttpd/tmp/lighttpd.pid +LIGHTTPD_OPTIONS="-f /home/lighttpd/etc/lighttpd.conf" is_pidof() { local STATE=$(ps -p $1 -o cmd= | grep "$2" > /dev/null ; echo $?)
Diffs from stock ''lighttpd.conf'':
diff -Naur old/lighttpd.conf new/lighttpd.conf --- old/lighttpd.conf 2015-03-27 23:24:28.970432691 -0500 +++ new/lighttpd.conf 2015-03-27 23:24:42.677769203 -0500 @@ -25,7 +25,7 @@ # "mod_proxy", # "mod_simple_vhost", # "mod_evhost", -# "mod_userdir", + "mod_userdir", # "mod_cgi", # "mod_compress", # "mod_ssi", @@ -37,10 +37,13 @@ ## a static document-root, for virtual-hosting take look at the ## server.virtual-* options -server.document-root = "/var/www/htdocs-lighttpd" +server.document-root = "/home/lighttpd/www" + +## User document root +userdir.path = "www" ## where to send error-messages to -server.errorlog = "/var/log/lighttpd/error.log" +server.errorlog = "/home/lighttpd/log/error.log" # files to check for if .../ is requested index-file.names = ( "index.php", "index.html", @@ -113,7 +116,7 @@ # server.tag = "lighttpd" #### accesslog module -accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.filename = "/home/lighttpd/log/access.log" ## deny access the file-extensions # @@ -145,7 +148,7 @@ #server.error-handler-404 = "/error-handler.php" ## to help the rc.scripts -server.pid-file = "/var/run/lighttpd/lighttpd.pid" +server.pid-file = "/home/lighttpd/tmp/lighttpd.pid" ###### virtual hosts @@ -170,6 +173,9 @@ ## virtual directory listings #dir-listing.activate = "enable" +$HTTP["url"] =~ "^/pub($|/)" { + dir-listing.activate = "enable" +} ## enable debugging #debug.log-request-header = "enable" @@ -188,6 +194,9 @@ ## change uid to <uid> (default: don't care) server.groupname = "lighttpd" +# Follow symbolic links at the filesystem level +server.follow-symlink = "enable" + #### compress module #compress.cache-dir = "/tmp/lighttpd/cache/compress/" #compress.filetype = ("text/plain", "text/html")
vhosts
If vhosts are desired, then a file named like lighttpd-hostname.conf would be created in ~lighttpd/etc that would look similar to this:
$HTTP["host"] =~ "yourdomain\.org" {
server.document-root = "/home/lighttpd/yourdomainwwwroot"
accesslog.filename = "/home/lighttpd/log/yourdomain-access.log"
errorlog.filename = "/home/lighttpd/log/yourdomain-error.log"
}
… and then you would want to include that config file from the primary config file (~lighttpd/etc/lighttpd.conf)
include “lighttpd-hostname.conf”
WordPress
This re-write config should be populated into the vhost config:
url.rewrite-once = ( "^/(wp-.+).*/?" => "$0", "^/(sitemap.xml)" => "$0", "^/(xmlrpc.php)" => "$0", "^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1", "^/.*?(\?.*)?$" => "/index.php$1" )
Snippets
rsyslog: custom log file
Add something like this into a /etc/rsyslog.d/myprogram.conf file:
# Separate myprogram logging into its own file if $programname == 'myprogram' then /var/log/myprogram.log & stop
… then, something like logger -t myprogram “this is a log message” will get routed to the custom log file.
PHP code to do the same:
openlog( "myprogram", 0, LOG_LOCAL6); syslog( LOG_NOTICE, "this is a log message");
Also, don't forget to add the custom log to logrotate by populating a file like /etc/logrotate.d/myprogram with:
/var/log/myprogram.log {
missingok
weekly
size 2G
copytruncate
rotate 12
notifempty
}
Ardour, Hydrogen & Jack under Windows
- Hydrogen is only available in 32-bit, so the 32-bit versions of Ardour and Jack should also be selected
- The
libjack.dllin the Hydrogen program folder should be renamed so that it won't get used
(Jack needs to use its own version of this DLL)
X32-Edit
Ubuntu Studio dependencies:
sudo apt-get install libx11-6:i386 libxext6:i386 libasound2:i386 libc6:i386 libfreetype6:i386 libc6:i386 libstdc++6:i386 libgcc1:i386 libxcb1:i386 zlib1g:i386 libpng12-0:i386 libxau6:i386 libxdmcp6:i386 libgl1-mesa-glx:i386 libgl1-mesa-dri:i386
kdenlive
In Unbuntu, add this PPA in order to use this bug-fixed and upgraded version:
https://launchpad.net/~sunab/+archive/ubuntu/kdenlive-release
FUDforum
In theme/default/help_index.php, a check for file existence will prevent significant log content created by bots/spammers trying to hit help pages that don't exist.
Line 40:
$str = file_get_contents($file);
Replace with:
$str = file_exists( $file) ? file_get_contents($file) : "";
LibreOffice
LibreOffice label definition:
<item oor:path="/org.openoffice.Office.Labels/Manufacturer">
<node oor:name="Avery Letter Size" oor:op="replace">
<node oor:name="Label0" oor:op="replace">
<prop oor:name="Measure" oor:op="fuse">
<value>S;5334;1676;4445;1651;1016;1473;4;15;21590;27940</value>
</prop>
<prop oor:name="Name" oor:op="fuse"><value>5195 Return Address Labels</value></prop>
</node>
</node>
</item>
VirtualBox
VirtualBox Extention Pack Installation:
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-X.Y.Z-NNNNN.vbox-extpack
Sendmail
A useful reference: RFC 1912
In particular, MX DNS records should not refer to CNAME records, only A records
Forwarding EMail:
In order to forward mail using a .forward file, and when your home directory has to be group-writable, this sendmail option has to be specified in the configuration:
O DontBlameSendmail=forwardfileingroupwritabledirpath
… or, in the MC file …
define(`confDONT_BLAME_SENDMAIL',``forwardfileingroupwritabledirpath,otherdontblames,...'')
rsync
An rsync daemon for public rsync service can be set up with these files.
/etc/rsyncd.conf
max connections = 2 log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lck timeout = 300 [fxp] comment = Public FreeSlack mirror path = /srv/www/zenteknix.com/fxp read only = yes list = yes uid = nobody gid = lighttpd auth users = anonymous secrets file = /etc/rsyncd.secrets
/etc/rc.d/rc.rsyncd
#!/bin/sh # Start/stop/restart rsync daemon. # Start rsync daemon: rsyncd_start() { CMDLINE="/usr/bin/rsync --daemon --config=/etc/rsyncd.conf --bwlimit=512" echo -n "Starting NTP daemon: $CMDLINE" $CMDLINE echo } # Stop rsync daemon: rsyncd_stop() { echo -n "Stopping rsync daemon..." if [ -r /var/run/rsyncd.pid ]; then kill -HUP $(cat /var/run/rsyncd.pid) rm -f /var/run/rsyncd.pid # else # killall -HUP -q rsync fi echo } # Restart rsync daemon: rsyncd_restart() { rsyncd_stop sleep 1 rsyncd_start } # Check if rsync daemon is running rsyncd_status() { if [ -e /var/run/rsyncd.pid ]; then echo "rsync daemon is running." else echo "rsync daemon is stopped." exit 1 fi } case "$1" in 'start') rsyncd_start ;; 'stop') rsyncd_stop ;; 'restart') rsyncd_restart ;; 'status') rsyncd_status ;; *) echo "usage $0 start|stop|restart|status" esac
Firefox
Minimal browser window
First, add a profile by launching firefox like: firefox –new-instance -P profilename
… and add a profile to suit the app you want to run in the minimal window.
Open firefox using the profile, and go to about:config in the URL bar.
Change the value of toolkit.legacyUserProfileCustomizations.stylesheets to true.
Then, populate file $HOME/.mozilla/firefox/<profileid>.<profilename>/chrome/userChrome.css with:
/*
* Do not remove the @namespace line -- required to work
*/
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* set default namespace to XUL */
/*
* Hide tab bar, navigation bar and scrollbars
* !important may be added to force override, but not necessary
*/
#TabsToolbar {visibility: collapse; !important; }
#navigator-toolbox {visibility: collapse; !important; }
#content browser {margin-right: -14px; margin-bottom: -14px;}
Vim
Suppressing undofile generation:
In .vimrc:
set noundofile
namecoin
you@yourhost> namecoin-cli name_new "id/yourid"
[
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
you@yourhost> namecoin-cli name_firstupdate "id/yourid" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "{name:\"yourname\",email:\"you@youremail.com\"}"
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
you@yourhost> namecoin-cli name_new "d/yourdomain"
[
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
you@yourhost> namecoin-cli name_firstupdate "d/yourdomain" "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" '{"map":{"*":{"ip":["www.xxx.yyy.zzz"]}}}'
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
WebDAV
This is how to put a file using WebDAV (tested with webdav on lighttpd)
curl -H "Expect:" -T file.txt --user login:password http://www.website.com/dav/pub/
tech/app/start.txt · Last modified: 2021/10/17 13:46 by rk4n3
