Window manager smackdown

Posted on July 27, 2011 by bodhi.zazen

The challenge: Gnome 2 is dead, long live the king !!

The contestants: Gnome 3 (gnome shell), Gnome 3 fallback mode, Unity, KDE, XFCE, and fluxbox.

The battle field: Family of 6, the two youngest, 6 and 4, were not included (neither use the family box enough to have a preference).

The above DE/WM were taken for a test drive and each family member was allowed to try each of the DE/WM and after a few weeks each fell into a favorite work environment.

So What did they prefer, you might be surprised =)

bodhi.zazen – To my surprise I really like gnome shell. It was different at first, but I gave it a week and after a day or two it sort of grew on me. Have had a few issues with my nvidia card, so, if gnome shell is broken I fall back to Fluxbox.

Family matriarch – Gnome Fallback Mode. I was surprised she did not go with KDE.

First child – age 11 – Of all things Fluxbox . Who would have guessed ?

Second child – age 9 – Gnome shell The flashy menu was just too much for her, she could not resist, she took to gnome 3 like a natural.

First cat – Prefers to sleep on lap.

Second cat – Prefers to walk on keyboard.

Posted in Linux | Tagged | 2 Comments

SSH logs as a Honeypot

Posted on July 27, 2011 by bodhi.zazen

You can use your logs as a "poor mans" honey pot.

Review your logs and modify the following awk command to suit your needs. The exact syntax will vary depending on your authentication (passwords or keys) and server.

Debian:

awk 'gsub(".*sshd.*Invalid.*user", "") {print $1}' /var/log/auth.* | sort | uniq

Fedora:

awk 'gsub(".*sshd.*userauth.*user", "") {print $1}' /var/log/secure* | sort | uniq

If you are not familiar with awk, gsub is matching and substituting part of your log so that {print $1} is a user name. See an online awk guide for details.

A sample line from Debian log file is:

Jul 26 19:45:32 Debian sshd[18302]: Invalid user oracle from 211.137.134.74

A sample line from a Fedora log file is:

Jul 27 15:34:43 Fedora sshd[7546]: input_userauth_request: invalid user root

I cross-compiled a list of the users my ssh logs have seen over the last year or so ...

23-164-111-65
admin
alias
ant
anthony
bin
bureau
cote
david
db2inst1
fluffy
guest
httpd
jasmin
laura
nagios
office
oracle
pc
postgres
prueba
recruit
root
sales
samba
staff
teamspeak
test
ts
webmaster
wwwadmin

Now obviously some of these names are going to be unique, but, the list should give you an idea of what users to block. Add one of the options below to /etc/ssh/sshd_config and re-start (or reload) your (ssh) server.

Black list

Blacklist common user names used by "script kiddies"

DenyUsers admin guest http httpd nagios office oracle postgres root sales samba staff webmaster wwwadmin

White list

Of course an easier method is it use a white list. If you white list allowed users, users not on the list are by definition black listed (if a user is not on your white list they can not log in via ssh).

AllowUsers user_1 user_2

Just make sure none of the allowed user is on the above black list and be sure to monitor your logs ;)

Black list ip addresses

If you examine that awk command I used above, and you look at your logs, you can generate a list of ip addresses to black list if you desire. IMO this is not as helpful as it is rather trivial to change an ip address, and the list ip list becomes long ...

Alternates

Obviously you can use other tools to secure ssh such as ssh keys, TCPWrapper , denyhosts, and fail2ban.

Posted in Linux | Tagged , | 5 Comments

A 5 minute guide to Fluxbox

Posted on June 30, 2011 by bodhi.zazen

fluxbox logoWith all the rage about Unity and Gnome 3, people are sometimes looking for an alternate window manager. While KDE or XFCE are often suggested, Fluxbox is another viable alternate.

The purpose of this guide is to suggest a few tools and "simple" configuration options to get you started with Fluxbox, hopefully within 5-10 minutes.

This guide assumes you are adding Fluxbox to a desktop environment, such as gnome, and not starting with a minimal installation.

Using any method (apt-get, yum, graphical tools) install :

fluxbox
feh (used to set background images)
xcompmgr (used for transparency and other effects)
lxappearance (manages gtk, icons, and mouse themes)
nitrogen (graphical tool to set background images)
dmenu (graphical tool to run commands, uses lists and tab completion)
xscreensaver

Fedora

yum install fluxbox feh xcompmgr lxappearance nitrogen xscreensaver dmenu

Debian/Ubuntu

apt-get install fluxbox feh xcompmgr lxappearance nitrogen xscreensaver dmenu

Generate a menu

Fedora The default Fedora menu is a bit barren, but can be easily remedied with fluxbox-xdg-menu. This python script is quite versatile and has several options, including setting an icon theme and custom paths to background images. see fluxbox-xdg-menu - -help for details

fluxbox-xdg-menu --with-icons --theme /usr/share/icons/Faenza-Dark --with-backgrounds --bg-path=~/Pictures

Debian/Ubuntu users should have a menu configured out of the box. The default menu can be a bit crowded, so if you prefer you can download fluxbox-xdg-menu from Google code.

Customize the menu

This section is to give you a few helpful tips to further customize your menu.

You will need to restart Fluxbox after editing your menu.

Custom title

The title is set at the top of ~/.fluxbox/menu, on the "[begin]" line. Change "Fluxbox" to your desired title

[begin] (bodhi’s menu)

Add favorites

Favorites : Choose a list of your favorite applications and add them to the top of the menu, just under the title.

[include] (~/.fluxbox/fbfav)

Next, using any editor, open a new file ~/.fluxbox/fbfav and add in your applications.

The syntax is :

[exec] (Menu_name) {program} <path_to_icon>

Icons are optional

Example :

[exec] (Firefox) {/usr/bin/firefox} </usr/share/icons/Faenza/apps/32/firefox.png>
[exec] (Midori) {/usr/bin/midori} </usr/share/icons/Faenza/apps/32/midori.png>
[exec] (Audacious) {/usr/bin/audacious2} </usr/share/icons/Faenza/apps/32/audacious.png>
[exec] (Xchat) {/usr/bin/xchat} </usr/share/icons/Faenza/apps/32/xchat.png>
[exec] (Nautilus) {/usr/bin/nautilus -no-desktop} </usr/share/icons/Faenza/apps/48/nautilus.png>
[exec] (Terminal) {/usr/bin/gnome-terminal} </usr/share/icons/Faenza/apps/32/utilities-terminal.png>
[separator]

Backgrounds

Here I will set background images with nitrogen.

Alternately you can set a background from your menu using fbsetbg. The disadvantages of this method are:

  • Your menu tends to look crowded.
  • You will need to manually maintain a list of images.

[include] (~/.fluxbox/fbbg)

Example (change "bodhi" to your user name):

[submenu] (Backgrounds)
[exec] (bodhi) {/usr/bin/nitrogen ~/Pictures}

[exec] (system) {/usr/bin/nitrogen /usr/share/backgrounds}
[end]

Xscreensaver

Menu enteries for xscreensaver.

[submenu] (Screen saver)
[exec] (Enable screensaver) {/usr/bin/xscreensaver}
[exec] (Disable screensaver) {/usr/bin/xscreensaver-command -exit}
[exec] (Lock screen) {/usr/bin/xscreensaver-command -lock}
[exec] (Configure screensaver) {/usr/bin/xscreensaver-command -prefs}
[end]

Switch user

This is an extremely useful feature when sharing your computer.

[exec] (Switch User) {/usr/bin/gdmflexiserver -a}

Graphical tools

1. File managers – If you are migrating from gnome you can use nautilus both to browse your file system and to mount/unmount removable devices. pcmanfm is an alternate to nautilus.

[exec] (Nautilus) {/usr/bin/nautilus --no-desktop}

2. lxappearance is a lightweight tool to manage gtk, icon, and mouse themes.

3. nitrogen is a graphical tool to set background images. If you have multiple monitors, nitrogen is capable of setting a different background on each monitor.

4. xcompmanager will add some desktop effects. You may need to add the following to your /etc/X11/xorg.conf :

Section "Extensions"
Option "Composite" "Enable"
Option "RENDER" "Enable"
Option "RenderAccel" "true"
Option "AllowGLXWithComposite" "true"
EndSection

See the Fluxbox wiki for additional information.

Configure applications to start at log in.

Fluxbox uses ~/.fluxbox/startup, simply add in applications above the 'exec fluxbox'

Example :

/usr/bin/nitrogen --restore &
/usr/bin/xscreensaver &
/usr/bin/start-pulseaudio-x11 &
/usr/bin/xcompmgr -f -c -n -C -F &

# Network manager
nm-applet >/dev/null 2>/dev/null &

#Wicd
wicd-client -n

exec fluxbox

Logout

On rare occasions the log out option on the fluxbox menu seems to stop fluxbox, but applications remain open. As a work around I use:

[exec] (Log Out) {killall fluxbox && killall fluxbox}

Fluxbox keys

Fluxbox keys are custom key bindings and add functionality and shortcuts.

Fluxbox uses ~/.fluxbox/keys for configuration :
'Mod1' key is the 'Alt' key
'Mod4' key is the one with the Windows logo on it. This key is often available for custom key bindings.

The syntax is

key stroke :Command

Example :

Mod4 f :Exec /usr/bin/firefox
Mod1 F2 :Exec ~/bin/dmenu.sh

Note: the dmenu.sh requires you to have installed dmenu and written the dmenu.sh script. My dmenu.sh looks like this:

#!/bin/bash
$(dmenu_path | dmenu -nb '#333333' -sb '#1E2320' -nf '#B3B3A1' -sf '#A3CACC')

For additional information see the Fluxbox wiki key bindings page .

You will need to restart Fluxbox after editing your keys file.

Light weight applications

Light weight applications are simply going to give you better performance, at the expense of features. For example, can you use gedit rather then OpenOffice (LibreOffice) .

Arch Linux - Lightweight applications

Some of my personal favorites are gedit, cream, vim, dmenu, and sakura .

Additional information

For additional information see:

Fluxbox wiki

Fedora forums fluxbox guide

Ubuntu forums fluxbox keys

Posted in Linux | Tagged | 12 Comments

Fedora 15 Virt manager bridged networking

Posted on June 26, 2011 by bodhi.zazen

I recently upgraded my virtual host node from Fedora 13 to Fedora 15 and alas virt-manager / NetworkManager do not yet configure a bridged network device for use with KVM guests.

There have been some changes to how Fedora names network devices as well as changing to systemd , so while the basics are the same, there are some changes to the details.

Dependencies

You will need to have bridge-utils installed, I found it was included when I installed virt-manager.

yum install bridge-utils

Manual configuration

Configure your interfaces by editing the network scripts located in /etc/sysconfig/network-scripts. Take note of the new terminology Fedora is using.

Note: You will lose networking temporarily as you perform the configuration.

1. Disable NetworkManager. Unfortunately NM does not manage bridges and if you do not disable it , NM will over write your configuration.

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service

2. Configure your bridge by adding a file ifcfg-br0 with the contents:

Static IP:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DELAY=0
IPADDR=192.168.0.10 # Set your IP address here.
NETWORK=192.168.0.0
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
MTU=1500
DNS1=192.168.0.2 # Set your DNS server.
IPV6INIT=no # ipv6 is disabled
USERCTL=no

Or if you prefer to use DHCP:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

3. Add your network card to the bridge. Here we will add an interface using a file ifcfg-em0

DEVICE=em0
# change the hardware address to match the hardware address your NIC uses
HWADDR=00:11:AA:BB:CC:DD
ONBOOT=yes
BRIDGE=br0

3. Enable networking

systemctl start network.service
systemctl enable network.service

Configure iptables

We can add a single rule to allow network packets to be forwarded to the guests.

iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

# Save your changes
/etc/init.d/iptables save

References

RHEL Documentation – Bridged networking with libvirt

Fedora 15 feature request

Posted in Linux | Tagged | 6 Comments

Fire SSH

Posted on June 14, 2011 by bodhi.zazen

Just a quick blog about a openssh client I came across recently, FireSSH, a firefox extension.

The most notable features are:

  • FireSSH is by definition cross platform.

  • Unlike putty, FireSSH uses openssh keys.

  • FireSSH will use proxies (such as privoxy and SOCKS).

  • FireSSH will perform tunneling. Although this is not unique to FireSSH, it is handy.

I find FireSSH is a little buggy in that the colors in the terminal are off, but other then that it seems to work well.

FireSSH will link ports

The disadvantages are:

  • It does not have as many features as putty.

  • It does not do sftp (still need winscp for that).

FireSSH FAQ are here.

Hope you like it.

Posted in Linux | Tagged , | 3 Comments

Gnome 3 focus follows mouse

Posted on June 11, 2011 by bodhi.zazen

Although normally I am a fan of xfce or {open,flux}box, curiosity got the best of me and I decided to take gnome 3 for a spin.

One annoyance was the need to click a window to change the focus. I prefer to have the focus of my windows to follow the mouse and find it bothersome to have to click a window to get it’s attention.

gnome-shell uses dconf-editor and gsettings and, although there must be a way, I could not find a way of changing the focus settings with these tools.

gconftool-2 and gconf-editor to the rescue.

gconftool-2

Please understand that this method is a “hack” or work around until I find a better option.

Run the following commands:

gconftool-2 --type string --set /apps/metacity/general/focus_mode mouse
gconftool-2 --type boolean --set /apps/metacity/general/auto_raise true
gconftool-2 --type string --set /apps/metacity/general/auto_raise_delay 600

gconf-editor

gconfeditor is a graphical front end for gconftool. Open gconf-editor and navigate to apps -> metacity -> general

Double click on a key to edit it’s value.

gconf-editor

While this works for the mouse focus, most metacity settings will not work with gnome 3, so use dconf-editor and gsettings if at all possible.

Posted in Linux | Tagged | 18 Comments

Privoxy on Fedora 15

Posted on June 7, 2011 by bodhi.zazen

I am a fan of Privoxy and initially had some problems on Fedora 15 in that privoxy failed to start on boot.

A work around is to enable both privoxy and network service at boot.

su -c "systemctl enable privoxy.service"
su -c "systemctl enable network.service"

It seems to me that privoxy should start on the default port without having to enable the network script. to that end I have an open Bug report .

Posted in Linux | Tagged , , | 1 Comment

Congratulations to the new Ubutnu Members

Posted on June 7, 2011 by bodhi.zazen

I am pleased to announce a major milestone in the Ubuntu Community and what I hope will result in increased integration between the Ubuntu Forums and participation of forums members with support (IRC – #ubuntu) documentation (Ubuntu Wiki) and development (pre-release testing, bug reports, and MOTU).

On behalf of the entire Forums Council, it is an honor to extend the benefits to Ubuntu Membership to these outstanding community members.


Welcome New Ubuntu Members

andrew.46
cariboo907
CharlesA
coffeecat
forestpiskie
howefield
JuanCarlosPaco
KiwiNZ
Lars Noodén
lkjoel
lisati
lovinglinux
lucazade
philinux
Quackers
Rubi1200
sisco311
spynappels
ubudog

Posted in Linux | Tagged | 3 Comments

Zenix 2.0

Posted on May 31, 2011 by bodhi.zazen

I have once again been playing with custom live CD and have released my second incarnation of Zenix.

Zenix 2.0 is built using the live build scripts and Debian Squeeze as a base and is designed to be a minimal, but not frugal installation of (Debian) Linux.

Zenix Screen Shots

The general goals of Zenix are:

Buddhism within the Linux community

I know this is probably one of the most controversial aspects of my re-spin and that Buddhism is in the minority of religious practices in "The West", all the same, Buddhism is a part of who I am. From time to time, people who know me will ask about Buddhism and thus the Buddhism in Zenix.

One change from the first release, I have moved much of the Buddhist content to the Zenix site and lessened the content on the respin. Hopefully the Buddhist content is "soft" in that non-Buddhists will find it unobtrusive.

Minimal footprint

Although there are many light weight distros out there, everything from SliTaz and various LXDE spins, many of them seemed a bit frugal to the point where basic functionality suffers.

With Zenix I added enough applications so that the respin feels less frugal. Default applications include Midori, icecat, xchat, cream, gedit, vlc, and audacious.

Why midori and icecat? Midori is faster then icecat and works very well in it’s own right as well as with low RAM installations. Icecat has a wider range of features, extensions, and customizations.

At the same time it is "lightweight" and users can add applications they feel it lacks.

Zenix will run on as little as 128 Mb with very acceptable performance.

When installed, Zenix uses just over 1.5 Gb of space on the hard drive.

Window managers

I included openbox + tint2 and awesome.

Graphical configuration tools

Openbox and awesome are window managers, as opposed to desktop environments, and thus lack graphical tools for system administration. The target audience for most window managers is intermediate to experienced Linux users who are familiar with the command line.

To increase the user friendliness s much as possible, I included graphical tools for system administration, or at least a menu entry, for basic system administration.

There are graphical tools for customization (background image, gtk theme, openbox configuration,)software management, printers, customizing the openbox menu, managing the firewall, encryption, and security (zenmap and wireshark).

There are (custom)menu entries for setting a default shell, enabling /disabling the terminal MOTD, setting the default window manager, managing PSAD, setting a mouse theme (opens a dialog in a terminal), managing conky, and setting a password.

Security

I use Zenix on my Netbook, which is obviously portable, and so am interested in security.

Security features include – ufw (firewall enabled by default), psad, fwsnort, zenmap, wireshark, and encryption tools.

Adblock is enabled in Midori. NoScript and AdblockPlus are included with icecat.

Persistence

Zenix runs quite well from a CD or Flash drive.

Zenix is configured to use persistence by default. You can save your data in a persistent /home directory, or if you wish to make changes to the system, a persistent ( directory. With a persistent root directory, any changes to the system or installed applications will be available across (live) sessions.

If you use persistence, you can encrypt your data with Cryptkeeper.

Zenix as a virtual guest

Zenix runs well as a virtual machine with both VirtualBox and KVM. The VirtualBox guest additions are pre-installed.

See the Zenix live page for additional information.

What makes zenix different from Crunch Bang

Although both distros use Debian and openbox, IMO, and I am biased, Zenix is more polished.

With Zenix I included a custom theme, and all applications match the default theme. As an example of attention to detail, I wrote a custom skin for audacious.

In addition to themes, as outlined above, Zenix includes a number of security features.

Distrowatch

Ladislav Bodnar agreed to list Zenix under "New distributions added to waiting list" on Distrowatch

Thanks

Thank you to everyone who helped with the release. Several people on IRC were kind and patient enough to take the pre-release versions for a test drive and provide invaluable feedback. s-fox and Unit193 were instrumental in providing support and testing and I could not have done it without either of these two. s-fox designed the zenix web site.

Posted in Linux | Tagged | 6 Comments

Transfer firefox 4 passwords

Posted on May 30, 2011 by bodhi.zazen

Just a brief post on transferring Firefox 4 passwords from one installation to another.

There are several online resources to sync bookmarks and passwords and while you may be "OK" using these services for bookmarks, you may not wish to use these services for passwords.

Of course you could simply copy all the files in your profile, but which files store your password information ?

Your profile is in ~/.mozila/firefox/profile_name

Your passwords are in two files, key3.db and signons.sqlite

Simply copy these two files to transfer your passwords. Of course, you may wish to encrypt these files ;)

Bookmarks can be exported/imported from the bookmark toolbar (as a html file).

Posted in Linux | Tagged , | 5 Comments