VI.101 NET-3
VI.102 Traceroute - tracepath
VI.103 DNS - nslookup - ksoa
VI.104 Serial communication/nullmodem
VI.105 minicom
VI.106 ppp
VI.107 tcpdump
VI.108 iptraf
VI.109 cmu-snmp
VI.110 fwtk
VI.111 dhcp - proxy servers - Brussels/KL - c4.net
VI.112 diald
VI.113 PCMCIA
VI.114 xnetload - ntop
VI.115 SAMBA - smbclient
VI.116 sniffit
VI.117 ngrep
VI.118 Networking source code
VI.119 ISDN
VI.120 Fax
VI.121 NFS
VI.122 Wireless
VI.201 NetworkManager Kubuntu 12.10
VII.101 Berkeley db files
VII.102 Oracle
VIII.101 Netscape client
VIII.102 Ftpd
VIII.103 Httpd/Apache
VIII.104 Squid / wwwofle
VIII.105 htdig
VIII.108 Email clients - Angelfire/Netscape - pine - mail
VIII.109 E-commerce - minivend
VIII.110 Corba - mico
VIII.111 OpenLDAP
VIII.112 Jboss/Tomcat
VIII.113 XML/XBRL
VIII.114 Xerces
X.101 Xv
X.102 Gimp
X.103 GhostView
X.104 xpdf / Acrobat Reader
X.105 POVray
X.106 Blender
X.107 thumbnail
XII.101 iPod
XII.102 Amarok
XII.102 Rythmbox
XII.103 Firefox
XII.104 xanim
XII.105 KDE applications - kmp3 - kaddress
XII.106 Latex
XII.107 Philips TV
XII.108 Mediatomb
XII.109 ING Homebanking
XII.110 brasero cd burner
XII.111 legacy
XII.112 Audacity
XII.113 mp3 encoding with abcde and lame
XII.114 ffmpeg/avconv
XII.115 xournal - pdf
XII.116 pdftk
XII.117 MP3 Sansa player (Sandisk)
Debian package manager dpkg is foundation for installing '.deb' packages. It is used by
Hardware recognition via lshw (if supported). Command "lshw -C " e.g. "lshw -C -network". Command "iwconfig" will show you wireless interface but not IP info. Command "ipconfig" will show less wireless info but also the IP info. E.g. lshw:
older PwC laptop has a PCI PRO/Wireless 2915ABG (Calexico2) interface as eth1.
more recent one has
PCI PRO/Wireless 4965 AG or AGN (Kedron) as wmaster0, driver is iwlagn - busmaster
iwconfig also lists wlan0
You can see which kernel modules are loaded via "lsmod". You can see iwlagn, iwlcore and rfkill.
To find out which wireless devices are in range you can do "iwlist wlan0 scan". This will report eg the C4 <-?-> network. As this network uses channel 6, you can configure: "iwconfig wlan0 channel 6". Or "iwconfig wan0 essid PwCGuestw ap any". Then try dhclient.
Default Ubuntu tool is "network-admin" if it's present.'whatis' another kind of basic help system. 'id' is useful as it displays who you are.
Try e.g. 'file /etc/resolv.conf'. This will tell you it's an ASCII
text file.
The 'info' system is the old non-graphical hypertext documention
tool. Try "xinfo" now.
Try e.g. "find / -name xyz". This starts the search from
/ for any file called xyz. Try also "locate". This requires
you build an index via 'updatedb'. This is supposed to run
automatically via crontab.
http://ubuntuguide.org/wiki/Ubuntu:Karmic
Found in /usr/doc/html.
Is disabled by default. First account created i.e. marcsel has administrator rights, can do 'sudo'. Precede any command you would need to execute as root by sudo.
Root is created but only accessible for login if you force a boot in safe mode. You can open a terminal in Dolphin. User marc was created by PC Tronics but erroneously disabled by me by renaming his homedirectory. Naming it back did not help. So I created marc3:
useradd -d /home/marc3 -m marc3 #this creates homedir and userid
passwd marc3 #this sets the psw
then I manually edited /etc/group to give marc3 same groups as marc (marc adm dialout cdrom plugdev lpadmin admin sambashare)
Changing permissions: https://help.ubuntu.com/community/FilePermissions
chmod
chown - e.g. chown marc4 /home/marc4/Documents/Mac2009/Documents
You can use mkpasswd to generate passwords. And to force them on a user. However, 'mkpasswd -l 6 patti' fails, stating there is no /etc/passwd file. Does Red Hat use some kind of shadow password file? No, since a 'less /etc/passwd' reveals the contents and all the userids. Patti has been created, apparently without a password. Still, she can't login, and only get the message 'login incorrect'.
So what, Red Hat? ===> Use GUI (control panel) for user management, and you're OK.
Your kernel needs to support the device type you want to mount. Good place to find out is via the systemlog viewer (e.g. KSystemLog) or in /var/log/messages. To access a device you need to be able to 'see' the device, and then you need to specify a mount point that applications can reach.
The commands:
fdisk -l will show what disks are found
'mount' will show you what is currently mounted
'mount -t iso9660 /dev/... /mnt' will mount the /dev/... as /mnt as an iso9660 types
'umount /mnt' will remove the mountpoint
'lsof' will list open files
'fuser' will list users of files
'fuser -km /home' kills all processes accessing the file system /home in any way.
Question : Is kernel supporting this?
Answer
: Yes, e.g. on Toshiba laptop: look in /var/log/messages :
kernel : hdc: TOSHIBA CDROM XM1402B ATAPI CDROM Drive.
Question : How to mount?
Answer :
look in /usr/doc/howto/cdrom : mount -t iso9660 -r /dev/cdrom /mnt
WRONG - you have to replace /dev/cdrom by /dev/hdc. Then it
works. So : mount -t iso9660 -r /dev/hdc /mnt Do a cd /mnt, and
you'll see the CD.
Question : How to unmount?
Answer : umount
/mnt
Question : What if you get the message /dev/hdx
device is busy?
Answer : that means a process is
still accessing the CD. If you're working under X, your previous
non-X terminal might still hold the CD. Try fuser -v /mnt... to
identify the holder of the lock.
First, do a 'mkdir /floppy'. Then 'mount -t msdos /dev/fd0 /floppy'.
USB is a bus, with a single host, controlling all connected devices. Devices can't directly talk to one-another. Ways to find info:
usbmgr
lsusb
insmod
cat /proc/scsi/scsi
cat /proc/bus/usb/devices
cat /proc/pci
lspci -v
"cd /proc/bus/usb", "ls -l"
for formatting use 'gparted'
Removable harddisks are mostly simulating SCSCI, so prereq is to have SCSI in the kernel (ref linux-usb.sourceforge.net). Device can be formatted as FAT32, NTFS, etc.
Find info via
ksyslog viewer
/var/log/messages - if device is recognized *** try 'dmesg | grep SCSI
'cat /proc/scsi/scsi' - the USB MSS is accessed via emulated SCSI
'sudo fdisk -l' for disks
First create mountpoint directory e.g. /usbntfs (since formatted as ntfs). Mount with mount -t usbntfs /dev/sda5 /usbntfs and you're in.
Used USB's include:
/media/EEMA-USB-STICK is the EEMA usb stick, is formatted as ntfs, mounted as '/dev/sdi1 on /media/EEMA-USB-STICK type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)' *** apparently the name /dev/sdi1 is variable ...
Samsung Story 1 TB devices, Samson One and Samson Two, mounted as '/dev/sdh1 on /media/Samson One type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)'
mind the subtle difference in device name: sdi versus sdh
/media/WHISKY is the IOMega Whiskybottle *** connect with physical connector that is most close to disk, not with the extender cord
Question: how does this automounting with eg Dolphin work? /etc/fstab, /etc/mtab ...stuff.
To pack: "tar -c Kassandra_Control > KasCntl.tar"
To check contents: "tar -t KasCntl.tar" (or via KDE)
To unpack: "tar -xvf KasCntl.tar"
To pack: "tar -c *.jpg > ama.tar"
To unpack: "tar -xvf ama.tar"
To pack: "tar -c *.jpg > ama.tar"
To gzip: "gzip ama.tar" (which results in ama.tar.gz)
To unzip: "gunzip ama.tar.gz"
To unpack: "tar -xvf ama.tar"
To pack: "tar -c *.jpg > ama.tar"
To gzip: "gzip ama.tar" (which results in ama.tar.gz)
To pgp: "pgpe -c ama.tar.gz" (-c stands for conventional, hence IDEA)
---alternatively: "pgpe -c ama.tar.gz -o ama.ref" (-o stands for output; if you want to wipe, use the -w flag)
NOW HAVE YOU REMEMBERED THAT PASSPHRASE?
To unpgp: "pgpv ama.tar.gz.pgp"
---alternatively: "pgpv ama.ref -o ama.tar.gz"
To unzip: "gunzip ama.tar.gz"
To unpack: "tar -xvf ama.tar"
To pack: "tar cvfz /temp/fea.tgz foo/fea" (note that foo/fea refers to the entire directory)
To unpack: "tar xvfz fea.tar" (note that this will recreate everything at the curent location)
To pack: "tar cvfz /temp/fea.tgz foo/fea" (note that foo/fea refers to the entire directory)
To encrypt: "pgpe -r marc.sel@be.pwcglobal.com -o /temp/fea.tgz.pgp /temp/fea.tgz" (-r specifies a recipient, i.e. public key crypto) --- use the -w flag for wiping ---
To decrypt: "pgpv /temp/fea.tgz.pgp (you'll be challenged for the passphrase)"
To unpack: "tar xvfz fea.tar" (note that this will recreate everything at the curent location - leading to e.g. /Malekh/Kassandra_Data/...)
To pack: "tar cvfz /temp/fea.tgz foo/fea" (note that foo/fea refers to the entire directory)
To pgp: "pgpe -c ama.tar.gz -o ama.ref" (-o stands for output; if you want to wipe, use the -w flag)
---
To un-pgp "pgpv ama.ref -o ama.tar.gz"
To unpack: "tar xvfz fea.tar" (note that this will recreate everything at the curent location)
To pack: "tar cvfz /temp/fea.tgz foo/fea" (note that foo/fea refers to the entire directory)
To pgp: "geheimnis" - first create keypair, it seems existing pgp-ring are hard/impossible to reuse, tthntc...
To wipe: "shred" with KDE
---
To un-pgp "geheimnis"
To unpack: "tar xvfz fea.tgz" (note that this will recreate everything at the curent location)
RH: via the 'time machine' on the control panel.
There seem to be now
Old-school: System V initscripts in '/etc/init.d', you start via 'sudo /etc/init.d/apache2 start'
New-school: 'upstart'-jobs in '/etc/init', you
ask for status via 'status servicename' e.g. 'status cups'
start via 'sudo service servicename start' e.g. 'sudo service mysql start' (similar for stopping)
use 'top' or 'pstree' to see all processes
use 'ps -e' to enumerate all processes, 'ps -e | grep xf' to find alll processes whose names start with xf
use 'ps aux | grep vsftpd' to see if there is a process indeed.
use 'kill...'
Logging comes in two types:
(1) from executing processes, calling the log function, whose calls are served by a logging daemon such as klog and syslogd (the daemon then writes the entries into the logfile). Typical logfiles include /usr/adm/lastlog (each user's most recent login time), /etc/utmp (a record per login) and /usr/adm/wtmp (a record per login/logout). You can use last to view such a file.
(2) from the accounting, started via the accton command, the
/usr/adm/acct contains a log of every command run by the users.
The syslog facility allows any program to generate a log message by writing to /dev/log, /dev/klog and 514/udp. Grouping of the sources generating the log entries is done in syslog's facilities such as kern, user, mail, lpr, auth, daemons, ... .
In addition to facilities, there are priorities as well: emerg, alert, crit, err, warning, ... .
Incoming log entries are parsed against a table in /etc/syslog.conf, defining for each facility & priority where to forward or log the message.
An example: *.err;kern.debug;auth.notice /dev/console auth.* root
On previous Slackware Linux, standard logfiles include:
-
/var/adm/syslog, messages (bootmessages), lastlog, utmp (binary
logfile about current users), wtmp (binary logfile about
login/logout)
- /etc/utmp (binary logfile about current users)
Under RedHat, have a look in /var/log. I modified /etc/syslog.conf to log everything into /var/log/syslog.kassandra. For this purpose, I saved the original syslog.conf into .original, and I did 'touch /var/log/syslog.kassandra'. I then stopped/restarted syslogging through the control panel/runlevel manager.
'Tail /var/log/syslog.kassandra' tells me the restart worked out fine.
To make sure I log the absolute maximum and know where, I modified /etc/syslog.conf, now everything goes to /var/log/avina001.log ---- key line in /etc/syslog.conf--------------- # enable this, if you want to keep all messages # in one file *.* -/var/log/avina001.log ---- end of /etc/syslog.conf ------------------- Remember: the "dmesg" command is also useful to display kernel boot time messages.
Basics are documented in http://www.debian.org/doc/debian-policy/#contents. On Angkor I installed "BUM" to manage what gets started at boottime.
Some more detailed information can also be found in the files in the /usr/share/doc/sysv-rc directory. Linux run levels are based on System V init:
0 System Halt
1 Single user
2 Full multi-user mode (Default)
3-5 Same as 2
6 System Reboot
Each defined run level should have an rcX.d directory where X is the run level number. The contents of the rcX.d directory determines what happens at that run level.
Use 'runlevel' to find out current runlevel (typically 2).
When changing runlevels, init looks in the directory /etc/rcn.d for the scripts it should execute, where n is the runlevel that is being changed to, or S for the boot-up scripts.
Use SystemV init GUI editor. On malekh, unfortunately, this utility has gone... Checked it out on boy, 'sysvinit-2... is another package. Apparently, the package gets installed by default by YaST, but this excludes the GUI I used on boy, ksysvinit. Check out www.kde.org: the package kdeadmin contains ksysvinit. I downloaded it into /Kassandra_Data/AdditionalRPM, but it is in .bz2 format, which gzip does not recognize. Alternative: get kdeadmin package from a CD. SuSE 6.1 only comes with a kdeadmin-1-1.dif file on CD1, this seems to be some kind of patch file, not the real thing. Now what, ksysvinit?
Default solution suggested by SuSE is
use YaST to automatically adjust entries in /etc/rc/config
manually adjust /etc/rc.config
use the rctab command (not really userfriendly)
Source of information : RedHat's 'Boot-Process-Tips'. Linux now uses SysV-style initialization.
(1) Start kernel, LILO starts a kernel image (e.g. vmlinuz...)
(2) Start 'init' The kernel searches /etc, /sbin (and maybe some
other places) for 'init', and runs the first one it finds. (
3)
'init' opens /etc/inittab By opening '/etc/inittab', 'init' finds out
the sysinit script ('/etc/rc.d/rc.sysinit') and the runlevel
('id:3:initdefault' => runlevel 3 is default). I'm not sure
whether the rc.sysinit script runs before the rest of the scripts is
kicked off, but lets assume it is.
(4) the /etc/rc.d/rc.sysinit
script executes Here, a lot of things happen, including starting
rc.serial (if it exists).
-*- On default RedHat, rc.serial does NOT seem to exist. However, under the Control Panel/Network Configurator, you can define and activate interfaces, including e.g. a ppp0 on /dev/cua0. So would it not be possible to define another ppp interface, on /dev/ttyS0? Whow would deal with the 'setserial' aspects? -*-
(5) the scripts for the desired runlevel are executed
The default runlevel (defined in 'id:3:initdefault') is 3, which (I assume) requires the running of all the scripts in the '/etc/rc.d/rc3.d' directory. In this directory, there are only links to scripts. The scripts are actually residing in '/etc/rc.d/init.d'. For runlevel 3, this includes :
network,
syslog,
cron.init,
portmap.init,
inet,
lpd.init,
keytable,
httpd.init,
rc.local.
Now each of these scripts can be executed manually as well, e.g. '/etc/rc.d/init.d/httpd.init stop[or start] '
Link with the control panel/runlevel editor? Well, if you add/remove a script from a runlevel, this is automatically reflected in the links in the /etc/rc.d/rc3.d directory.
Use 'shutdown now', 'shutdown -h now' (halt), 'shutdown -r now'
(reboot).
On Kassandra:
Try 'man color-ls' and 'man dircolors'. The
.bash-profile needs to be updated with 'eval 'dircolors' and an alias
for 'ls=color-ls --color=yes'. Check this out in the mini-HOWTO.
On Toothbrush
Automatically provided by SuSE.
Getting the sourcetree in place. Start from InfoMagicGreen9612, CD 1, directory /SRPMS, which contains a file called kernel-2.0.18-5.src.rpm. Unfortunately, glint refuses to read it, while a manual browse shows all the rpms. Have a look in the Kernel-HOWTO (however, assumes you have to ftp the kernel in tar format over the Internet).
So let's go for manual install. If you peek in /usr/src/redhat and /linux, you find that the sources are apparently expected here. So let's try 'rpm -i /mnt/SRPMS/kernel-2.0.18-5.src.rpm'.
No message comes back whatever. Let's do 'rpm -qa | less': this only shows kernel 2.0.18-5, which is the executable format. Glint does not show me any source, and running 'rpm -V kernel-2.0.18-5.src.rpm' says it's not installed.
So what? Well:
replace the rpm -i command by rpm -ivv for lots of debug info
you see that the kernel tar.gz file actually gets copied into /usr/src/redhat/SOURCES/linux-2.0.18.tar.gz
you can gunzip and untar in regular fashion
You now have sources in /usr/src/redhat/SOURCES/linux/kernel.
Lesson learnt: glint does not show you this tar.gz file anywhere,
you have to manually work your way through the rpm -ivv / gunzip /
tar command...
Running make according to the RedHat 4.0
Manual. Position yourself at /usr/src/linux, go. 'make mrproper'
results in error ARCH2 'make config' results in the familiar question
and answer game... New kernel will be written to .................
Making your new kernel bootable via LILO
Edit /etc/lilo.conf, provide a label and a pointer to your new
kernel. Run lilo.
Step 1 - Fact gathering:
generic info in the Kernel-HOWTO
sources go to '/usr/src/linux-2.2.14.SuSE'...
quid the source package srpm?
package on CD#1 /d1/lx_suse.rpm, this contains the basic kernel & documentation
package on CD#2 /d2/linux.rpm, this contains "the rest of the kernel source"
place of the already installed kernel (according to /etc/lilo.conf): /boot/vmlinuz (copy saved too, as vmlinuz.original)
configuration for vmlinuz probably available as /boot/vmlinuz.config
'/usr/src/linux-2.2.14.SuSE/Documentation/kernel-parameters.txt' contains an overview of kernel parameters. CHECK OUT '/usr/src/linux-2.2.14.SuSE/Documentation/kbuild/commands.txt' Step 2 - Carry it out: Make sure the new kernel does not overwrite the original one....
Description: p. 233 of the SuSE 7.2 reference manual.
get sources via Yast2 - they go in /usr/src/linux
"cd /usr/src/linux"
"make xconfig", and safeguard copy of config in /root/SuSE72... (a copy of your config is saved by default into /usr/src/linux/.config - but this is overwritten next run)
"make dep"
"make clean"
"make bzImage" - the new kernel is compiled to bzimage
"make modules"
"make modules_install" (otherwise the "map" is missing - note the underscore)
new kernel should be in /usr/src/linux/arch/i386/boot/bzImage - original kernel is /boot/vmlinuz (you see this in /etc/lilo.conf) - don't overwrite it
"make bzlilo" will
copy the previous vmlinuz into vmlinuz.old
copy the new bzimage to vmlinuz
pleae note that the existing entry for vmlinuz in /etc/lilo.conf will now be used by the new kernel
it is recommended to add an entry for the older kernel (vmlinuz.old)
run lilo
reboot
Kernels on imagine2: SuSE72001 and SuSE72002 (try outs, network OK). SuSE72003 created for SCSI-PCMCIA support.
GigaByte Angkor comes with Nvidia 'GT200- Geforce G 210'. You can get details via 'lspci -vv'. After upgrade to Lucid Lynx v10.4, lots of problems with installing the nvidia driver. Apparently this is a kernel module. Problems you have to solve:
need to download the driver file itself
need to remove the nouveau driver which is installed by default (otherwise nvidia install failes immediately)
need to install the kernel header files
during install of nvidia driver, the kernel module is actually compiled against the kernel header files
Finally got it working with instructions from help.ubuntu.com/community/NvidiaManual....
Website: 'http://www.nvidia.com/object/product_geforce_210_us.html'. This reads QUOTE: Installation instructions: Once you have downloaded the driver, change to the directory containing the driver package and install the driver by running, as root, "sh ./NVIDIA-Linux-x86-190.53-pkg2.run". You may need to cd to "/marc4/downloads". UNQUOTE
One of the last installation steps will offer to update your X configuration file. Either accept that offer, edit your X configuration file manually so that the NVIDIA X driver will be used, or run nvidia-xconfig.
documentation in /usr/share/doc/NVIDIA_GLX-1.0
executables of utilities in /usr/bin/... such as nvidia-detector, nvidia-installer, nvidia-settings, nvidia-uninstall, nvidia-xconfig...
for a full list of what gets installed, check the documentation
also, "syslog" shows a lot of nvidia results and extensions.
If your X configuration disappears for a userid e.g. marc3, then boot in recovery mode, do a login marc3, and then a "sudo /usr/bin/nvidia-xconfig". This writes a new xconfig.
When you get strange behaviour in X, you can boot in recovery mode, login as root, and then execute "/usr/bin/nvidia-installer --update". This will download latest driver from www.nvidia.com. You get guided through n-curses-based installer, that rebuilds kernel modules and re-configures. Legacy: VGA compatible controller: nVidia Corporation GT200 [GeForce 210] (rev a2) Subsystem: XFX Pine Group Inc. Device 2941 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- Kernel modules: nvidiafb Ref above: kernelmod is nvidiafb. Also: ''xrandr' shows all possible resolutions.
What does this mean 'kernelmod nvidiafb'? Executing 'lsmod' does not list this module. Modules are found in '/lib/modules': you can find '/modules/2.6.31-14-generic/kernel/drivers/video/nvidia/nvidiafb.ko'. What's that? Use systemlogview to peek inside X.org log. This shows a device section with driver "nv". Furtherdown it's specified what "nv" supports... a long list but not the GEFORCE G 210. And a little bit further down you see that X probes and does indeed find a GEFORCE G210.
So the mediocre quality is probably due to using just the "standard" driver "nv". What would be better?
static: during link edit, the library code is integrated with the executable code
dynamic (or "shared") the library code is loaded at execution time. Such dynamic code is also loaded only once, and then shared by all applications. This loading is done by "ld.so", the runtime loader. Linux runs "ldconfig" at boottime to create links to the most recent shared libraries.
Note that the name of dynamic libraries is conform to: libNAME.so.MAJOR.MINOR.
These libraries are defined as:
1. /lib (a so-called "trusted" library)
2. /usr/lib
(=)
3. Libraries specified in "/etc/ld.so.config"
For shared libraries:
ldconfig: configures the dynamic linker run-time bindings - executes automatically at boot-time
ldconfig -p: prints all shared objects (i.e. shared libraries) known to the linker
ldd: lists what shared libraries an executable needs, e.g. "ldd /usr/x386/bin/xv" ===> returns a list of libraries
III.115.2 Kassandra RH 4.0
The libc package contains the basic
shared libraries that are necessary for Linux to function. RH 4.0
came with libc 5.3.12-8 . Prior to ELF, Linux used a.out format. The
library aout provides backward compatibility with this format.
III.115.3 Borsalino RH 5.0
For example: JDK library
requirements: Before downloading the jdk, I checked my libs and found
in glint: libc: 5.3.12-24 ld.so: 1.9.5-3 Xfree86: 3.3.1-14 Should be
alright. Try ldconfig -D for obtaining an overview.
III.115.4 Suse53 libdb.so.1 problem Programs such as kpackage, man
and xman suddenly started complaining they can't load libdb.so.1. Why
not, how did I delete it(man used to work)? On Suse53-CD5 there is a
/usr/lib/libdb.so.1.85.5, and a /usr/i486-linuxaout/libdb.so.1 (which
is the older aout format I suppose...). Oddly enough, if I run a find
on libdb.so.1, the file is locally found in
/usr/i486-linuxaout/libdb.so.1 --- so why are they complaining? How
are libs specified on my machine: in the three locations specified
supra. Runnng ldconfig -D reveals a lot of info, including that
apparently libdb.so1. get loaded ok from libdb.so.1.85.5 (the version
found on Suse53 CD5). Now what?
With Ubuntu try 'gparted'. History: Using fdisk 'print' option on
Kassandra reveals:
Disk /dev/hda: 64 heads, 63 sectors, 786
cylinders
Units = cylinders of 4032 * 512
Device Boot Begin
Start End Blocks ID System
/dev/hda1 * 5 5 385 768096 7 OS/2 HPFS
/dev/hda2 386 386 776 788256 83 Linux native
/dev/hda3 1 1 4
8032+ 12 Unknown
/dev/hda4 777 777 786 20160 5 Extended
/dev/hda5 777 777 782 12064+ 82 Linux swap
/dev/hda6 783 783
786 8032+ 4 DOS 16-bit <32M
Use Alt-Gr key to access ~.
Red Hat 5.0 User Guide: use /usr/sbin/kbdconfig. Use e.g.
"be-latin1". Note that this does not define your keyboard
under X.
Console: use YaST to configure an azerty keyboard. This definition goes into "/etc/rc.config".
Under X: use SaX to configure an international keyboard, with
"Belgian" keys. Use keymap to finetune
if required.
Use Sax to define 800x600 SVGA, with a Belgian keyboard.
Start with the security HOWTO in /usr/doc/howto/en/html/Security-HOWTO.html. On the web, check-out the Linux Security homepage (url in /LinuxWeb1000ITLinux.html). How about LASG, PAM, /etc/security entries, hardening SuSE ...?
Check out man page. Linux uses either a single large /etc/pam.conf file, or a number of files in /etc/pam.d (if the latter is present, the former is ignored). SuSE 6.4 came with /etc/pam.d provided. Documentation is found in e.g. /usr/doc/packages/pam/text. Apparently the /etc/security entries also seem related to PAM in some way.
Use e.g.:
"netstat -an" should only list required servers ("nmap" is of course an alternative)
"find / -perm -4000 -type f" lists the privileged (SUID) files - there should be less than e.g. 100
"find / -perm -2 '!' -type | '!' -perm 1000" indicates the world writable files (spelling?)
and check security patches and your vendor's website
Original source: rsync.samba.org. As per man rsync, there are 4 basic scenarios to use rsync:
via rsync daemon, push
On Linux, rsync can be used as a client, or can be started as a daemon ("rsync --daemon"). On Windows, likewise, with "service" rather than daemon. Backing up Angkor2 to USB with rsync: "rsync -vvvrt /home/marc/Documents ""/media/Samson Two/201306/Backup Angkor2".
Mount e.g. "Samson One" so it's visible in Dolphin. Then do an rsync -vvrt /home/marc/Documents "/media/Samson One" This results in the contents of /home/marc/Documents be replicated into /media/Samson One.
What's the usbstick called? Issue “mount”, results in: /dev/sdb1 on /media/KINGSTON type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush,uhelper=udisks) So the usbstick is formatted as vfat. VFAT is an extension of the FAT file system and was introduced with Windows 95. The command “rsync -vvvrt /home/marc/Documents /media/KINGSTON” creates /Documents on the usbstick and syncs the files. Options: -v verbose -r recursive (into directories) -t preserver modification times “--modify-window=2” is recommended if the target file system is different from ext2 or ext3, because the time management of VFAT/FAT32 etc less accurate than that of ext2 or 3.
Legacy: try scenario 4, push from Windows to rsync daemon on Angkor2. Needs /etc/rsyncd.config and /etc/rsyncd.secrets to be created. Done, daemon starts, but authentication continues to fail. Tried various users and passwords. Legacy: try scenario 2:
on Windows, install cygwin from www.cygwin.com, including ssh-openssh and rsync
on Linux, install ssh, sshd and rsync
on Windows, execute keygen (remember passphrase on private keyfile), mail pubkey to Linux, store in /home/marc/.ssh/authorized_keys, try 'ssh marc@192.168.1.5'
on Windows, open cygwin terminal, perform rsync -avvvr --rsh=/usr/bin/ssh /cygdrive/c/Users/selm/Desktop marc@192.168.1.5/home/marc
Comments:
the "cygdrive/c" is the way cygwin refers to C:\
since I don't run local DNS, you need to use the ip of Angkor2
on Windows, if you open a cygwin terminal, you find yourself at "/home/selm", which is really "C:\cygwin\home\selm".
on Windows, remember if you create a script in /home/selm, you need to call it as "/home/selm/scriptname" or bash won't find it since it's not on his path
For login and scripting, Linux typically relies on bash.Bash is a sh-compatible command interpreter. Info via 'man bash' and in /usr/share/doc/packages/bash. Personalisation:
When bash is invoked as sh, it tries to mimic the behaviour of older versions of sh, and it will not consider any tailoring from start-up files. You can see the value of the environment variables by using 'env'. If you want to see the value of one particular variable, do e.g. 'echo $CLASSPATH'. Rember it is good practice to set values via /root/.bash_profile.
Tracing: use "sh -x /foo/script parm1". Program: try "strace".
Installation: apt-get install secure-delete
Commands: srm, smem, sfill, sswap srm – secure remove This tool is basically a more advanced version of the “shred” command. Instead of just overwriting your files with random data, it uses a special process – a combination of random data, zeros, and special values developed by cryptographer Peter Gutmann – to really, really make sure your files are irrecoverable. It will assign a random value for the filename, hiding that key piece of evidence. srm is used like this: srm myfile.txt Or, for directories: srm -r myfiles/ with the “-r” for recursive mode. smem – secure memory wipe While it’s true that your computer’s RAM is emptied when you power-off your computer, you probably didn’t know that residual traces of data remain in memory, like hard drives, until they are overwritten many times. This means that it’s relatively easy for someone with the right tools to figure out what you had stored in RAM, which may be the contents of important files, internet activity, or whatever else it is you do with your computer. The basic use of smem is the same as srm, although it is a good deal slower. There are options to speed things up, but they increase the risk by performing fewer overwrite passes. For a complete list of options, read the manual on smem (the man smem command), but its basic use is just running the “smem” command sfill – secure free space wipe sfill follows the same general method as srm. It is used to wipe all the free space on your disk, where past files have existed. This is particularly useful if you are getting rid of a hard disk for good; you can boot a LiveCD, delete everything on the disk, and then use sfill to make sure that nothing is recoverable. You may have to be root in order to use this tool effectively, since regular users might not have write access to certain filesystems, and you might have a quota enabled. sfill usage is: sfill mountpoint/ If you specify a directory that isn’t a mountpoint itself (for example, if you have /home/ on a separate partition, but you select /home/me/fun), sfill will wipe the freespace on which the directory resides (in the above example, the /home partition). sswap – secure swap wipe The sswap program is used to wipe your swap partitions, which store the data of running programs when your RAM is filled up. Therefore, feel a need to run smem, it’s probably a good idea to run sswap, too. However, before you use it you must disable your swap partition. You can determine your mounted swap devices by running: cat /proc/swaps Or looking in your /etc/fstab file for filesystems of the type “swap”. In my case, my swap partition is /dev/sda5, so to disable it I run: sudo swapoff /dev/sda5 Once your swap device is disabled, you can wipe it with sswipe. In my case, I run: sudo sswap /dev/sda5 If you aren’t running this as root (sudo), you’re likely to get a permission denied error. As with any of the above commands, you can get more information while it’s running by adding the “-v” option for verbose mode. Also, don’t forget to re-enable swap when you’re finished! Use the swapon command: sudo swapon /dev/sda5 Advertisement: Trying to recover deleted data? Try the most powerful PC/Mac data recovery tool – Wondershare Data Recovery A word on passes and filesystems Passes A commonly asked question is, “how many passes does it take before a file can’t possibly be recovered by advanced tools, such as those used by law-enforcement? The answers here vary, and you can get a lot of extra information via google, but the basics are that the US Government’s standard is 7 passes, while data has been known to be recovered from as many as 14 passes. The “shred” tool allows you to specify the number of passes you wish to make, Secure-Delete tools use a default of 38 passes (enabling the “fast” and “lessen” options on the secure-delete tools significantly decreases the number of passes, however). Of course, more passes means more time, so there’s a trade-off here; depending on how private the data is, and how much time you have available, you may want to use a fewer or greater of passes. Filesystems Another thing to note is that RAID configurations and networked filesystems may affect the performance and effectiveness of these tools. Using a networked filesystem, for example, unless you can SSH into the remote computer, you can’t wipe the machine’s memory and swap. With RAID striping, there are more disks to consider, hence more redundant data traces, so you may want to consider doing a few extra passes. especially using the shred tool.Remember it's
esc - : - w to write the file,
esc - : q to
quit.
beav
Seems to be a hex editor. Check this out.
Question: how do I create special characters like
the at-sign?
Answer: this seems to be depend
whether you run under X or not...
Question: how do I display line numbers?
Answer:
esc - x - 'line-number-mode'
Question: how do I modify the size of the split
windows?
Answer: Note that there is also a more
sophisticated "xemacs".
The GNU C and Pascal compilers. Use "man gcc / man gdb / man gpc". Check-out gcc.gnu.org . Note that "gcc -v" gives you your gcc basics. SuSE 7.2 comes with gcc 2.95.3 .
ALTERNATIVE 1 Plain gcc compilation. For example "gcc -v -o testy showenv.c" where:
-v = verbose
-o = is followed by the name of the executable
showenv.c = the sourcecode
Execution is by cd-ing into the directory and specifying the full path of the executable. PROBLEM - Number Theory A Programmer's Guide. Copied source code to /CH1 and numtype.h to /usr/include. Had to change NUMTYPE.H into numtype.h . Then run into cc1plus problem (signalled as a 'gcc installation problem'). The gcc manual explains that cc1plus is the name of the compiler for C++. So what? PROBLEM - Cryptography in C and C++ - gcc complains about missing flint.h and assert.h - copied them to /usr/include - OK but now whole list of "undefined references". SOLUTION - "gcc -v -o testrand testrand.c /flint/src/flint.c" i.e. statically link with flint.c itself. Other interesting gcc options include:
-E : don't compile, just preprocess
-S : save the intermediate assembly language (remove the -o flag then)
-c : create object files ending in .o
-L/src/local/lib : to link with library /src/local/lib
ALTERNATIVE 2 MAKE For compiling, you can use a 'makefile', residing in the same directory as the sources and called 'make'. See inside for usage.
---contents sample 'make'-file ---
# makefile : compilation resulting in the executable 'showenv'
# execution of the makefile: "make showenv"
showenv:
gcc showenv.c -v -o showenv
--- end of contents of sample 'make'-file ---
In case of problems with make, you can try "make programname -d" (d for debug) - quid this a.out ---? It makes a lot of sense to use make with a prefix
ALTERNATIVE 3 Automake, autoconf, libtool Can be downloaded and installed from gnu.org .
ALTERNATIVE 4 ANT The Java way...
Execution of the program: "/Kassandra..../full-path/showenv"
Be aware that there are many alternatives to run Java on Linux. This includes the jdk port from blackdown.org, guavac, kaffe, tya etc.
I went for jdk113, included with SuSE 5.3. This brings along:
the java runtime (i.e. classes.zip)
java sources for public classes (i.e. src.zip)
tools such as javac, java etc.
documentation & demos
Key troubleshooting to get jdk113 running:
You need the right PATH statement. ">which java" results in ">/usr/lib/java/bin/java". Mind you, "java" is just a wrapper script, locating and starting the right binaries. Apparently, PATH gets set in /etc/profile.
You need the right CLASSPATH statement. What is your current CLASSPATH's value? ">echo $CLASSPATH". If nothing comes back, the variable is not set.
Fixing the classpath for the jdk itself I ran ">java -v(erbose) -classpath /Java/nsm1.class", resulting in "unable to find java/lang/threads". (((with hindsight: note you will now overwrite the standard classpath - so the regular classes are gone))) This is a fundamental problem, you don't find the class to create the first thread. Apparently the wrapper does not look into the right location /usr/lib/jdk113 where YaST put the binaries. So the solution is to ">export CLASSPATH=/usr/lib/jdk1.1.3:/Java". You set first the jdk binaries, and then where java can find your own classfiles.
Fixing "Can't find class nsm1.class" This means you made a naming mistake (or you have a classpath problem). The same name should be used 3 times:
for your sourcefile (foo.java),
for your main (inside that sourcefile) and
for the classfile (foo.class).
Compile with
>"export CLASSPATH=/usr/lib/java-----:/YourOwnAddition...."
>"cd /Java" (change to the dir where your .jave file resides)
>"javac nsm1.java" (note that you have to specify the .java extension)
Check that you indeed have a brandnew compilation e.g. with "ls -l"
Run with ">java nsm1" (note the lack of the .class extension).
Running the appletviewer:
Set the classpath (refer to above). Then ">appletviewer
HelloWorldApplet.html"
Adding an applet to your webpage: Which applets does Sun provide
to play with? Demos go (discovered through YaST) in
/usr/doc/packages/javadoc/demo. Just open the html files there.
Documentation in:
/usr/doc/packages/java: SuSE 6.1 comes with Blackdown's jdk117, includes Metro Link's Motif - contains a README.linux - and an interesting index (pointing to the standard jdk117 README)
/usr/doc/packages/javadoc: all the Sun documentation and demos
/usr/doc/packages/javarunt: info about the run time qenvironment
Installation done as part of the overall YaST installation, and:
"which java" results in "/usr/lib/java/bin/java"
"java -version" results in "version 1.1.7".
On CLASSPATH: Java(c) on Linux runs via a 'wrapper' script, located in e.g. "/usr/lib/java/bin/javac ---> .java_wrapper". The wrapper checks (if [-z "$CLASSPATH ...)" whether the CLASSPATH had been set already, and always appends his stuff to what was already set. So if you want to add your own classfiles for IMPORT statements: set CLASSPATH and export it.
Problem-1: I set my classpath, but it seems to go unnoticed to javac. Solution-1: Careful: if /JavaSamples/CoreJavaVol1+2/corejava is a directory containing useful classes such as CloseableFrame, then set the classpath just above it:
"CLASSPATH=/JavaSamples/CoreJavaVol1+2" (setting the classpath too deep results in not finding your imports...)
alternatively, you can also append more: "CLASSPATH=/JavaNSMsec:/JavaSamples/CoreJavaVol1+2"
"export CLASSPATH"
"env" shows you the value of your environment variables, include CLASSPATH
"sh -x javac myprogram.java" will show the wrapper's substitution of CLASSPATH
Problem-2: I set my classpath, but classes in my current working directory are no longer accessible now. Solution-2: explicitly include ".:" when setting the classpath:
"CLASSPATH=/JavaSamples/CoreJavaVol1+2:/JavaNSMsec" (no leading ".")
"export CLASSPATH" - you can use "env" to check...
"javac myprogram.java" or "sh -x javac myprogram.java"
now again explicitly set CLASSPATH, with a leading ".": "CLASSPATH=.:/JavaSamples/CoreJavaVol1+2:/JavaNSMsec"
"java myprogram" or "sh -x java myprogram"
You can also modify "/usr/lib/java/bin/.java_wrapper" to obtain some more feedback.
For NSM:
"cd /JavaNSM"
"javac master09.java" or
"sh -x [/usr/lib/java/bin/]javac nsm9.java" to see substitutions in the wrapper
"ls -l" will show the timestamp of the .class file
"java master09" (or "sh -x java master09")
CRYPTIX ---> ref to the crypto software (including how to compile a package).
APPLETS: for O'Reilly's "Java in a nutshell": chapter 6. The FirstApplet.java resides in "/JavaSamples/SampeNutshell/ch06/FirstApplet.java". I created the necesarry html as: ""
This runs smoothly, and you can check out the Java console of Navigator to see what happens. Here you see that Navigator 4.51 runs Java 1.1.5 (only).
Basic documentation in '/usr/doc/packages/java'. Blackdown 1.1.7v3. Oddly enough, there are both:
/usr/lib/jdk1.1.7 (from package 'java')
/usr/lib/jdk1.1.8 (from packages 'ibmjdk' and 'ibmjre')
Which is in use? Running 'env' shows I have /usr/lib/java/bin' in my PATH. Running 'java -version' shows I use '1.1.8'. YaST shows that 1.1.8 comes from package ibmjdk & ibmjre. More info on www.ibm.com/java/jdk/118/linux. As you can see in /usr/lib/jdk1.1.8, there are goodies added such as javap (disassembly). Further down the tree you'll find property files and the java.security file.
Checkout: java support in the Linux kernel: "/usr/src/linux.../documentation/java.txt"
Given up, rather migrate to Java2 as part of SuSE 7.0.
Installation of various Java components done as part of the overall YaST2 installation. xrpm tells me we now have:
standard:
JAVA2: java2-1.2.2-7 (Java2 SDK - Standard Edition v1.2.2) - /usr/lib/jdk1.2.2/bin/javac and /jre/bin/... (keytool, ...)
- /usr/share/doc/packages/java2
* which makes me conclude we don't have any 'standard extensions' such as javax.swing ... are they available for Linux?
JAVA1: java-1.1.8v1-2 (older JDK1.1.8)
JAVA1: javadoc-1.1.3-43
JAVA1: javarunt-1.1.7v3-19
from IBM:
jikes-1.06-119 - IBM Jikes compiler, http://ibm.com/developerworks/opensource
ibmjava2-1.3-8 - /usr/share/doc/packages/ibmjava2 ("Sun's Java 1.3 - J2SE") => even higher than Sun's 1.2???
ibmjre2-1.3-8 - /usr/share/doc/packages/ibmjre2
ibmjaas-1.3-8 - /usr/share/doc/packages/ibmjaas
ibmjcom-1.3-8 - /usr/share/doc/packages/ibmjcom
Which version is this? Sun/Blackdown? IBM? Most likely Sun/Blackdown. Some investigation: Java2 demo's:
Java2D demo's:
"cd /usr/share/doc/packages/java2/demo/jfc/Java2D" (exact path may vary)
"java -jar Java2Demo.jar" ===> nice demo
"cd /usr/share/doc/packages/java2/demo/applets/MoleculeViewer"
"appletviewer example3.html"
SwingSet demo's:
"cd /usr/share/doc/packages/java2/demo/jfc/SwingSet"
"java -jar SwingSet.jar" ===> nice demo
"appletviewer /usr/share/doc/packages/IBMJava2-SDK/jfc/demo/SwingSet2/SwingSet2.html"
Others: Metalworks, SwingApplet, ...
* Remark * Netscape 4.74 supplied with SuSE 7.0 still only runs jdk115. However, a plug-in allows to run Java2 programs. The plug-is is provided by Sun for Win32, Linux is under development.
FIRST TRY Installation of basic JDK and JRE done as part of the overall YaST2 installation. Running "java -version" tells me I have "java 1.3.0". xrpm tells me "java2 1.3-46" resides in "/usr/lib/jdk1.3". Doc and demos in "/usr/share/doc/packages/java2". SECOND TRY Yast2 installation of Java does not result in a working "javac" or "which java". So I did: "PATH=$PATH:/usr/lib/jdk1.3/bin" and "export PATH". Then OK.
Prerequisites for J2EE: J2SE 1.3.1 (not included in SuSE 7.2)
See JTK1.html .
From the "LDAP programming in Java" book. The actual SDK classes reside in /packages/ldapjdk.jar and /packages/ldapfilt.jar. These must be included in the CLASSPATH. Useful programs include /src/netscape/ldap/tools/LDAPsearch.java etc. Usage e.g. "java LDAPSearch -h memberdir.netscape.com -b" "ou=member_directory, o=netcenter.com" "cn=tony d*"
Note that having Java2 installed is a prerequisite.
Move javacomp... file from CD to /. Run "tar xvfz ....", which results in /javacomp-1.2.15. Now you have to copy libjavacomp.so to the jre directory. Use xrpm to find this jre directory: probably /usr/lib/jdk1.2.2/jre/lib/i386. From now on, you can use the JIT by specifying flags on javac / java: Quote from README.TXT: To use the JBuilder JIT for Linux you can either set the environment variable JAVA_COMPILER to javacomp (e.g export JAVA_COMPILER=javacomp if you are running bash) or you can set the JDK system property when you invoke the java runtime: java -Djava.compiler=javacomp HelloWorld to run HelloWorld using the JBuilder JIT for Linux or javac -J-Djava.compiler=javacomp HelloWorld.java to use the JBuilder JIT for Linux with javac Unquote.
Follow instructions. Into /usr/local/jbuilder35. Also installed JDatastore, a DBMS, the JBuilder documentation, the samples. Installated the OpenTools documentation into /usr/local/jbuilder35/opentoolsdoc as well. Running: unclear how to start from CLI, but an entry was added in KDE's personal settings. First start-up required to enter licensekey. Running JBuilder and JDataStore goes fine.
There is:
JBuilder
JDatastore
Documentation
Samples
OpenTools
Where does it live:
usr/local/jbuilder35: the basics
root/.jbuilder: properties, license info, ...
root/.jdatastore: datastore properties
root/jbproject/ the individual projects (ref infra)
Further details can be found in jBuilderToolKit.html
The manual is found here
Following directories are used:
/usr/share/doc/packages/mysql - documentation
/var/mysql - databases and logfiles
/usr/bin - programs such as
mysql - the default client program to connect to the mysqld
mysql_install_db - installation script
mysql_findrows, zap, dump, import, dbug, show, acces, ...
/usr/sbin/mysqld - server program
/usr/share/mysql - misc additional files e.g. language extensions
/usr/include/mysql - include files
/usr/lib/mysql - static libs
/usr/lib/mysqlclient.so* - runtime libs
/usr/share/sql-bench - benchmarks - testsuite
kmysqlad (KDE-admin)
kmysql
Execute "mysql_install_db", which results in creation of 6 tables: db, host, user, func, tables_priv, columns_priv in /var/mysql.
Provided a password (vwp91) via "mysqladmin -u root -h localhost -password vwp91 -p". Apparently this failed since the server was not yet running.
Start the server via "safe_mysqld &". You can now e.g.
mysqladmin status
mysqladmin extended-status
but even better: via kmysqladmin and kmysql
Creating a database means creating a directory under the "mySLQ data directory" to hold the tables. Various ways exist:
"mysql -h localhost -u root" to connect, then enter "CREATE DATABASE db_name" commands
you can also use mysqladmin to create databases
it should be possible via JDBC as well
"show databases;"
"select database();" tells you what database is currently selected
"GRANT ALL ON menagerie.* TO your_sql_name;"
"CREATE DATBASE menagerie"
"USE menagerie"
"SHOW TABLES"
"CREATE TABLE pet (name varchar(20), ...);"
"DESCRIBE pet;" shows you the structure
"INSERT INTO pet VALUES (...);" to manually insert a record at a time
"LOAD DATA ...;" to load from an ASCII text file
"SELECT what FROM table WHERE conditions"
Via "mysql -h localhost -u root < script". You can also "... | more" or "... > output.txt".
MM.MySQL driver(apparently version 1.2c) downloaded via www.mysql.com (an alternative seems to be via GNU). Downloaded and unpacked in /Java55mysqldriver. Sample programs downloaded in /Java90Samples/JDBC2. Results in "no suitable driver".
MM.MySQL 2.04 states: requirements: any JVM supporting JDBC-1.2 or JDBC-2.0. What am I using??? and also: MySQL protocol 9 or 10. What am I using???
Downloaded from jakarta.apache.org. Untar installs Ant in e.g. "/jakarta-ant-1.4.1". Ant requires a JAXP-compliant XML parser. The binary version of Ant includes the Apache Crimson parser. Ant (binary version) consists of /bin, /lib and /docs.
To run Ant, you need to:
execute "export ANT_HOME=/jakarta-ant-1.4.1" (or whatever directory ant resides in)
execute "which java" to determine java's home (e.g. /usr/lib/java/bin/java - this should be linked to e.g. /jdk1.3.1_01)
execute "export JAVA_HOME=/usr/lib/java" (note that you cut-off the last /bin/java - appended automatically)
execute "export PATH=${PATH}:${ANT_HOME}/bin" (this appends the ant bin directory to your path)
I DID PUT THIS IN /root/.bash_profile
Remember you can use "env" to display your environment variables.
Each build.xml file contains one project. Each project has three attributes:
name: the project name
default: the default target to make when no target is given
basedir: the base-dir from where all path calculations are done
Each project has one or more targets, for which tasks are executed.
Just "ant". By default Ant will look for a "build.xml" file. If not found at the level of the working directory, Ant will search in higher directories. You can also specify "-find". And "-verbose", which is very helpful.
Download from www.gentleware.com . Install in /poseidon1.3 (no good under Kassandra's subdirs). Tinker a bit with /poseidon1.3/bin/startPoseidon.sh . Hardcode the classpath, make sure the right ".:/" is there (. for current, : to concat, and / to start the classpath dirs with). I used the following classpath def: CLASSPATH=.:/poseidon1.3/lib/poseidon.jar CLASSPATH=$CLASSPATH:/poseidon1.3/lib/docs.jar CLASSPATH=$CLASSPATH:$HOME/temp
Tried Forte/Sun One Studio - but this only works on Sun Linux or Red Hat. Gave up and switched to www.netbeans.org - download .tar.zip executable. Unpack. Start with '/netbeans/bin/runide.sh -jdkhome /usr/lib/java' .
Just remember :
X, the so-called X-server (e.g. XF86 or MetroX) is in fact the display & keyboard server;
the window manager (e.g. fvwm1, fvwm2, fvwm95, olwm, mwm(motif or lesstif), kde's wm) is a special client that draws the windows for the other Xclients;
Xclients are all these Xapplications.
What does rpm tell me about X? Go into glint (the package
manager), and query under X11. You'll find some packages like fvwm,
and the query will show you all the files (executables, definitions
of resources, man pages, ...).
Obviously, in case of SuSE, use SaX.
Well, you run with a XF86Config file that you defined when first installing X.
Run 'SuperProbe' to find out the very basics, even before X is willing to start.
Run 'X -probeonly' and 'X -showconfig' to find out the basic parameters of my current set-up.
X -probeonly : 'SVGA, chipset clgd5436, videoram 1024K, clocks 25.23 .. 135.00, mode : 640x480, no mode def named 800x600'
X -showconfig : 'XFree86 3.1.2 / X Windows System V.11, revision
0, vendor release 6000, configured drivers : SVGA for 8 bit colour
SVGA ...clgd5436...generic... Now how do I tailor my resolution? Via
XF86Config, read on.
Created a .Xclients in my home directory of root
(/root/.Xclients). If there is already an existing .Xclients file,
save this as .Xclients.original. I'm sure you know you can verify the
existence of . files via 'ls -a'. In my customized .Xclients file, I
specified a minimal set-up of clients, and I start fvwm (rather than
fvwm5).
Further desktop customization is carried out via
/etc/X11/fvwm/system.fvwmrc . Here you set-up the pager, the colors,
the menu items... .
Part 1 : X - the display & keyboard server
CI 1 : the X server program
In fact 'X' (or rather
/usr/X11R6/bin/X) is a symbolic link to the actual server program,
e.g. /usr/X11R6/XF86_SVGA. This link is build via a 'ln' command. You
can run SuperProbe to determine the setting of this link.
CI 2 : the X server configuration file
In pre-SAX systems,
basic X configuration information went into
/usr/X11R6/lib/X11/XF86Config. Now it seems to go into
/etc/X11/XF86Config. Here you find the various sections :
Section "Files"
Section "ServerFlags"
Section "Keyboard"
Section "Pointer"
Section "Monitor" ... identifier - modes - modelines
(documented in /usr/X11R6/lib/X11/doc) Section "Device"
(linked to the chipset) Section "Screen" ... here we define
Driver (the X server, e.g. SVGA), Device (cfr supra), Monitor (cfr
supra), and a SubSection "Display", including the
resolutions "1024x768"...
===> The easiest way to define this XF86Config file is by
running the xf86config program.
Manually adjusting the contents
of this file is, euh, very hard.
===> Your keyboard can be redefined through the XF86Config file. This might lead to problems with AZERTY keyboards etc. In case of doubt, disable these keyboad extensions in the Section "Keyboard".
===> Once you have e.g. three resolutions defined, you can toggle between them using cntl-alt-numkeypad minus/plus.
===> If your Xserver hangs, you can use Cntl-Alt-Backspace to
kill it.
Part 2 : fvwm - the window manager
CI 3 : /etc/X11/fvwm/system.fvwmrc
Overall window manager &
desktop settings. Here you call the executable program from the menu
option.
CI 4 /root/.Xclients :
--- use the xsetroot command to set the
root window ---
Part 3 : individual application settings
... to be further elaborated ...
cfr HP Xlib programming manual
cfr Xtoolkit
SuSe's SaX will write your XF86Config into /etc/X11/XF86Config. So if you want to reuse the pre-toothbrush XF86Config, I guess you'll have to write it there... For some odd reason, the old XF86Config file does not seem to work. Fortunately SaX is pretty good. Running "startx" will create server logfiles in "/root/Serverlog".
You can use commands such as "xset q" to find out about
settings.
Reinstall via 'sudo apt-get install kubuntu-desktop'
Try: xinfo, xkill, xosview, xnetload, xgrab(sc), xwd, ...
According to the NET-2/3-HOWTO, since kernel 1.1.5 you have NET-3.
Programs like ifconfig, route and netstat are called the NET-3
'utility suite'. Programs like telnet(d) etc. are called the 'network
applications'.
IP address : is defined per interface (ifconfig command) :
-127.0.0.1 for the loopback interface
- 10.0.0.1 if Kassandra acts as a ppp server via nullmodem, this Class A address automatically
uses 255.0.0.0 as netmask. And the IP address of your host is also
stored in /etc/hosts.
Network address : is the AND of your IP address and your netmask :
- 10.0.0.1 AND 255.0.0.0 = 10.0.0.0 Broadcast address : is the
network address OR the inverted netmask (cfr NET-2/3 HOWTO if you
need this)
Router (gateway) : not necessary for loopback of PPP usage (but for PPP you may have to issue a "route add default gw 1.2.3.4" command).
Nameserver address : use the ISP's (or run named yourself)
rc files : to automate your configuration commands. Linux supports both BSD and SYS-V style rc commands.
/etc/rc.d/init.d/network : initial script that verifies the
existence of /etc/sysconfig/network, which contains definitions like
e.g. HOSTNAME=Kassandra. If it finds it, it cd's to
/etc/sysconfig/network-scripts, where the configuration scripts (e.g.
ifup-routes etc...) reside.
The old traceroute may still be available but there is also the newer "tracepath". And there is also "lft" layer four trace. Great.
In /etc/host.conf I have 'order hosts, bind multi on'. This means:
first check the host file (/etc/host), then use the nameservers (aka
bind). Multi means that you accept multiple resolutions. This looks
OK. However,there is no /etc/resolv.conf. Well, the 'resolv.conf'
file gets automatically created via the control panel.
Use e.g. INnet's DNS on "194.7.1.4". Configure this via
YaST, System Admin/Network config. This results in an
"/etc/resolv.conf" file with the remark "don't edit,
created via SuSE configuration editor". Not bad.
Similar to SuSE 5.3, use YaST to rely on INnet's DNS on "194.7.1.4". Careful when using DHCP, this simply overwrites your "/etc/resolv.conf"
Don't forget nslookup gives you plenty of info. And KDE comes with KSOA.
Apparently the INnet DNS server (194.7.1.4) went down at a certain point in time, so try:
www.dns.be (under 'domain index' you find name servers for all ISP's registered in Belgium
auth00.ns.be.uu.net - 194.7.1.9
auth50.ns.be.uu.net - 194.7.15.66
Trying this yields no successful name resolution, maybe these are internal name servers? Tried again later with the INnet DNS server, ok again.
The serial ports COM1..COM4 have specific names under Linux, depending whether you use them for input or output:
COM1 out = /dev/cua0
COM1 in = /dev/ttyS0
COM2 out = /dev/cua1 ... (cfr Linux Serial-HOWTO)
So outgoing Netscape traffic will talk to /dev/cua0, and incoming nullmodem traffic will be listened to via /dev/ttyS0 or ttyS2 (pcmcia card)
Note the subtle different with VCs (Virtual Consoles), which are called tty1 etc, WITHOUT the 's' (tty1 versus ttyS0).
Remember 'setserial' sets up the serial ports at boot time. Try
'statserial' to find out the status of your 'pins'.
For incoming communications, a getty program watches the port. This getty is started via INIT, with the definitions found in /etc/inittab. There you'll find lines stating : '1:12345:respawn:/sbin/mingetty tty1'.
--- I note a small inconsistency here: do ttys0 and tty1 match? Or not? CAREFULL : ttys0 is COM1, a serial port, tty1 is the first Virtual Console. So there is no inconsistency at all. ---
Also, 'man mingetty' informs me that this is 'minimal get tty' which does not support serial lines. So I first have to change the listening getty program. 'mingetty' suggests 'mgetty', but there's no manpage for that. -getty_ps & uugetty -
So let's look in the Serial-HOWTO, '/usr/doc/HOWTO/Serial-HOWTO.gz'. This explains how to set-up getty_ps and uugetty, but now where to get them from.
So let's look into Red Hat package manager etc. How to install getty_ps and uugetty? Well, do this via glint. Now how do we get getty_ps to listen to an incoming serial port? Right now, the /etc/inittab contains a definition like '1:12345:respawn/sbin/mingetty tty1' However, this only deals with the Virtual Consoles, hence the reference to tty1 rather than /dev/ttyS1. So add a line to /etc/inittab, making an executable out of the getty_ps package watch over ttyS0.
Question: what is the name of the loadmodule of
'getty_ps'?
Answer: Glint tells me that getty_ps is
a package under 'utilities/system', the executables are /sbin/getty
(for consoles) or uugetty (for modems). So I've added a line to let
uugett watch over ttyS0, the incoming COM1 port.
In order to be able to let root login, I also added ttyS0 in /etc/securetty.
Question: how does setserial initialize my serials
at boot time?
Answer: ...
The file /etc/securetty can be used to restrict the login of root
to a particular tty port. Refer to 'man securetty' and 'man login'
for interesting details.
Can be found in /usr/doc/minicom - man minicom - minicom -h The executable is typically /usr/bin/minicom.
Configuration goes e.g. /var/lib/minicom/minicom.users and minirc.dfl (defaults). On SuSE, I also noticed an "/etc/minicom.users". Check out the contents of the package via glint or rpm if in doubt. Minicom can talk to the modem via:
/dev/modem (if the link has been set)
/dev/cua0 or cua1 (on Borsalino /dev/cua1 was the external serial interface)
---> apparently since kernel 2.2, cua is no longer used, it became /dev/ttyS...
/dev/ttyS0 (on Avina this is the external serial interface)
/dev/ttyS2 (on Aviana this is the pcmcia card modem)
This is defined in the Minicom-configuration.
Minicom can be configured in at least two ways:
by running it with the -s switch: minicom -s
once within minicom, use Alt-O or Cntl-A O (cOnfigure?)
You typically create an entry for your ISP via Cntl-A D.
Remember
help is provided via Cntl-A Z, quitting is via Cntl-A Q.
Make very sure dhcp-client is stopped (/sbin/init.d/dhclient stop - or /etc/init.d/...). If you get the message '/dev/modem is locked', you can at least try 2 solutions:
identify the locking PID in the logfile and kill it: one way is to peek inside "/var/lock/LCK..cua1" - here you'll find a PID. Kill it with e.g. "kill -n 9 PID".
reboot the machine.
Minicom via serial interface apparantly won't run together with pcmcia services. So stop these, e.g. via Sys V init editor.
After using pcmcia & dhcp, DNS seems to be screwed up as well. You need to manually adjust "/etc/resolv.conf" again. That's why I created a "resolv.conf.original". Anf finally, if you want to surf, remember that Netscape might have been configured to go via a proxy (edit preferences - direct connection).
Ultimately, pppd lives as /usr/sbin/pppd. Options go in /etc/ppp.
Then:
Ensure dhcp-client has been stopped, e.g. /sbin/init.d/dhclient stop - or /etc/init.d/...
Via minicom, dial out
Logon to your ISP machine using your uid/psw
[Optionally, you may need to start the pppd server on the ISP side (but this is rare)]
Quit minicom without resetting the modem (Cntl-A Q or Alt-Q)
Start pppd as a client, e.g.:
cd /usr/lib/ppp
pppd -d -detach/dev/____ &
Optionally, you may need to define the ppp link as the default outgoing route. Do this in three steps:
ifconfig will show you the other side of the ppp link, e.g. P-t-P: 193.74.1.238
now do: route add default gw 193.....
ping, e.g. your name server (cfr /etc/resolv.conf)
check again with ifconfig, netstat, pppstats
start your browser
terminate with ppp-off.
Basic directories include : /etc/ppp (options) /usr/doc/ppp-2.2.0f-2 (readme's, scripts directory with lots of ppp scrip ts , ...)
===> README.linux is helpful, as well as : /usr/sbin/pppd
/usr/sbin/pppstats
RH's PPP can be basically defined and activated via the control panel/networking. I can dial out and start the ppp0 automatically from here, and since I've hardcoded my password, apparently he does the login for me as well. If I then run ifconfig, I can see that I have a ppp0 running, and I can ping the other side.
For example the 'other side' of the ifconfig output, or 194.7.1.4,
the INnet name server. However, where are the oldfashioned PPP
commands??? Have a look in the rpm : for example in usr/sbin/pppd -
pppstats ...
No change required to /etc/inittab, you don't need a getty to watch over the port.
Starting the ppp daemons:
=> Server (Kassandra): pppd -d
-detach crtscts lock 10.0.0.1:10.0.0.2 /dev/ttyS0 38400 &
=>
Client (Bugis): pppd -d -detach crtscts lock 10.0.0.2:10.0.0.1
/dev/cua0 38400 &
Verify via 'ifconfig' command.
You have to:
Point minicom to the serial device /dev/ttyS0 (serial port) or ttyS2 (typically PCMCIA)....!
Reset /etc/resolv.conf (e.g. from /etc/resov.conf.original) - careful with SuSe, which starts from /etc/rc.config for name server configuration etc
If running, stop your dhcp client'/sbin/init.d/dhclient stop' - or /etc/init.d/... (pppd will allocate the IP address)
Launch ppp with "pppd -d -detach /dev/ttyS0 &" or ttyS2...!
Use "ifconfig" and "route add default gw ..."
If you want to surf, let Netscape use a direct link, no proxies (Edit/preferences/advanced/proxy)
What string to use in order to let the modem sound appear?
Remember the basic structure of the protocol stack:
Appl:
_________________________| appl hdr / data |_______
TCP:
_________________| TCP hdr | appl hdr / data |_______
IP:_____________| IP hdr | TCP hdr | appl hdr / data |_______
Eth:_____| Eth hdr | IP hdr | TCP hdr | appl hdr / data | Eth
trl |_______
Also, consider:
IP hdr includes 8 bit 'protocol' field, where 1=ICMP, 2=IGMP, 6=TCP, 17=UDP.
TCP/UDP hdr include the port numbers, with well-known ports defined in /etc/services.
Basic documentation can be found in /usr/doc/packages/tcpdump.
Tcpdump operates by putting the NIC in promiscuous mode (which must be allowed by the OS). Note that alternatives to tcpdump include Solaris' snoop and Aix iptrace.
Tcpdump relies on the kernel to capture and filter the packets for it. BSD-derived kernels provide BPF (BSD Packet Filter), Sun provides the NIT (Network Interface Tap). Linux provides LSF (Linux Socket Filtering), derived from the BPF. Check this out on /usr/src/linux... /Documentation/Networking/filter.txt
Filtering: BPF is instructed by the tcpdump process to put the interface into promiscuous mode, and to pass all packets to tcpdump or to filter some out. The filter is specified on the command line. By default, all packets should be captured. If the network outruns the box, packets are 'dropped'.
Timeout: since the data rate of the network can easily outrun the processing power of the CPU, and since it's costly for a userprocess to read from the kernel, BPF packs multiple frames into a single read buffer and returns only when the buffer is full, OR after a user-specified time-out (default 1 s).
On SuSE 6.1, there was no man page for bpf. The kernel feature is probably Linux-specif.
Basic fact-finding: try running 'tcpdump -i eth0'.
According to the man page, tcpdump should by default capture all traffic. But how do we get it visualised? Flags include
-v and -vv for very verbose
-e print link-level header on each line
-s snaft snaplen bytes of data rather than the 68 bytes default
-a convert addresses into names - seems to generate nice output for SMB
expression: here you can specify e.g. TYPE: 'host foo', 'net 10.54', 'port 23', or DIRection: 'src foo', 'dst net 10.54', or PROTO: 'tcp port 21'
Question 1: where do we see/save the output?
Answer 1.1:
use 'tcpdump' and the output goes to your screen.
Answer 1.2: use
'tcpdump -l > /root/tcpdumpdata1 & tail -f /root/tcpdumpdata1.
The output goes to the file.
Question 2: what do we see?
Answer 2.1: Output is 'raw'.
First the name of the itf, then a timestamp. Next sending host, then
destination host.
Answer 2.2: I ran some tests and dumped them
into /root/tcpdump123. Tcpdump's manpage states it was created to
dump HEADERS of packets. Default lenght is 68 bytes, this can be
changed with -s. Also, remember, it's called 'tcpdump', so we should
be watching at the level of tcp (however...). How do we interprete?
Interesting add-on: tcpslice (checkout man tcpslice).
Also: checkout ITA: www.acm.org/sigcomm/ITA - the Internet Traffic Archive.
If you run 'ifconfig', you'll see the IP address of your eth0, and the PROMISC flag.
A basic traffic monitor, monitors load, indicates types of traffic, etc. Apparently no real sniffer capability. Check out /usr/doc/packages/iptraf.
Great tools from Carnegie Mellon University. Includes snmpget/set/trap, and also snmpwalk... Installed by default via the package manager. Check out /usr/bin/snmp* for various commands.
Copied over from previous Linux, zipped tarfile plus my
descriptive logfile of actions undertaken. Stuffed this all in
RMS_Programs.
The DHCP protocol is defined in RFC 2131 (obsoletes 1541). For Linux:
the dhcp server is "dhcpd", reading configuration information from "/etc/dhcpd.conf" and keeping track of leases in "dhcp.leases". Address pools are allocated per subnet.
the dhcp client is "dhclient", reading configuration info from "/etc/dhclient.conf".
No "howto". No "man dhcp"- however, there's a "man dhcpd". No info in /howto/Net3 manual. However, found a "mini-howto" (at the end of the "howto" directory => mini). Covers both client & server set-up, however seems outdated. Rather:
Client:
/etc/init.d/dhclient
/etc/dhclient.conf
man dhclient
man dhclient.conf
Quite easy to use Yast2 for configuration.
Server:
dhcpd (the server himself)
/etc/dhcpd.conf (config file)
man dhcpd
man dhcpd.conf
man dhcpd.leases
Yast: System Administration/Network/DHCP client. First install dhclient (series "n"). Then use Yast to activate it.
On start-up, dhclient reads "/etc/dhclient.conf". This:
contains information on what is expected from the dhcp server (subnet mask, broadcast address, dns, ...)
points to "/sbin/dhclient-script" where various "ifconfig" and "route add" commands are executed.
Note that also "/etc/resolv.conf" is typically overwritten, since you receive a dns server.
Within PwC Brussels, a W95 client tells me that:
the W95 box' own IP address (obtained via dhcp) is e.g. 10.54.18.216
the corresponding subnetmask is 255.255.252.0
the default gw is 10.54.16.2
dns and dhcp server are combined on 10.54.20.40
the outgoing proxy is found at 10.54.14.10 (used to be 10.54.20.04)
I've safeguarded working (at least @ PwC Brussels) versions /etc/dhclient.conf and dhcpd.conf in *.original files. In the Kuala Lumpur office, use the dhcp and the Sydney gateway (10.140.10.2) to surf out. Within DigiCert, use their internal www.digicert.com.my (port 8080) to surf out.
Server
Configuration comes from '/etc/dhcpd.conf'. This contains essentially two types of statements:
parameters, e.g. how long lasts a lease, provide addresses to unknown clients, make suggestions with regard to default gw's, ...
declarations, e.g. describing the topology, the clients, the addresses they can use, ... This includes shared and subnet declarations.
Some core decisions for c4.net, taking into account the IPv4 address is 32 bits long, composed of network number and host number. Let's select a class B network address. This means: '10''--14-bits-network''---16-bits-host---', which makes 32 bits altogether. Class B ranges from 128.* to 191.* .
According to the rules for private networks (RFC1918), for class B, we can select between '172.16.0.0' and '172.31.255.255'. The standard subnetmask for class B is '255.255.0.0'.
So let it be: network '172.16.0.0', addresses ranging '172.16.0.10..20', with a subnetmask of '255.255.0.0'. Save this in '/etc/dhcpd.config'.
Two alternatives to start dhcpd:
by updating '/etc/rc.config' (start dhcpd) and running '/sbin/SuSEconfig', or
by '/sbin/init.d/dhcpd start'.
The second alternative is preferred. HOWEVER this runs into problems. The dhcpd parameters conflict with what's already defined in /etc/rc.config as IP address. SOLUTION:
Manually stop your dhcp client'/sbin/init.d/dhclient stop';
Manually 'ifconfig/ eth0 172.16.0.1'
Starting & stopping the dhcp server:
Starting up the dhcp server: '/sbin/init.d/dhcp start'.
Shutting down the dhcp server: '/sbin/init.d/dhcp stop'.
Starting & stopping the dhcp client:
Starting up the dhcp client: '/sbin/init.d/dhclient start'.
Shutting down the dhcp client: '/sbin/init.d/dhclient stop'.
DHCP client is by default not installed, instead the DHCP server was automatically installed. Used YaST to remove the server and install the client. Then use Yast1 to configure and activate it.
PwC Belgium: proxy-be, or 10.54.20.4 (remember to enable SSL 40-bit ! )
PwC UK: 10.44.240.41:80
PwC Australia: 10.140.10.2
Configuration via "/etc/diald.conf".
Howto in "/usr/doc/howto/en/PCMCIA-HOW.gz". SuSE uses a Sys V init editor's "initscript". However, I don't find a script to start pcmcia. Script should be "/sbin/init.d/pcmcia". I don't have the script, I assume pcmcia is not installed.
OK, pcmcia is a package of the "a" series, manually installed through YaST now. Card services is essentially a set of loadable modules. Use Sys V init editor. Remember: use "lsmod" to see what's loaded, however this reports no pcmcia is loaded. This seems to be a common problem according to the pcmcia howto. Some fact-finding on boy:
SuSE 6.0 manual p. 339 explains that "/etc/rc.config" defines whether the pcmcia subsystem is launched at boot time (PCMCIA=i82365 or tcic - whatever that means).
there exists /etc/pcmcia, which contains e.g. sample config files from David Hinds.
Howto: "/usr/doc/howto/en/PCMCIA-HOW.gz"
Package documentation: "/usr/doc/packages/pcmcia/..." - here file SUPPORTED.CARDS explicitly states that my 3COM 3C589C is supported. In fact, it's on the top of the list. The Howto in this directory states that virtually all cards are i82365.
SuSE's pcmcia start-up config is kept in "/etc/rc.config", with "/sbin/init.d/pcmcia" as the start-up script.
Programs include: cardmgr, cardinfo
Helpful: lsmod
So I included a "PCMCIA=i82365" statement in "/etc/rc.config". And I invoked "sbin/SuSEconfig". Reboot, works OK. However, seems to be incompatible with running Minicom.
QUESTION: How to install PCMCIA services?
Remember that pcmcia is a package of the 'a' series. Some fact finding:
No variable found in /etc/rc.config (should be PCMCIA="82365").
No references to pcmcia in the system log /var/log/messages .
Neither in /var/log/boot.msg .
No beep at boot time.
No reference to pcmcia in /var/adm/inst-log/installation-990828 .
Conclusion: no pcmcia package installed.
ANSWER
Tried YaST, but is not really elegant to install a single package. Used kpackage instead. After the installation of the pcmcia package, I ran SuSEconfig. As a result, /etc/rc.config got updated and now includes the PCMCIA=i82365 statement. Also, lsmod shows that pcmciacore and i82365 modules are loaded. Cardinfo works fine now.
Using the 3COM 3C589C card as eth0 works fine on the PwC Brussels LAN.
Insertion results in two high beeps, in rapid succession.
The log shows that an "insmod /...../3C589_cs.o" happens.
After that, the script "network start" is executed.
The cardinfo utility reports a 3C589 card.
Using the Xircom CEM-56-100 as modem is not that smoothly.
Insertion results in a first beep, followed by another one various seconds later. So there's a difference there...
The log shows an "insmode /..../xirc2ps_cs.o" happens.
Then "insmode /..../serial_cs.o" happens as well.
After that, script "network start eth0" is executed. Options are read from /etc/pcmcia/network.opts.
And script "serial start ttyS3". Options are read from /etc/pcmcia/serial.opts.
However, there is no feedback to be found after the execution of the scripts.
File /var/run/stab contains an entry for socket 1, stating the card is ttyS3, major node 4, minor node 67
Cardinfo reports a Xircom CEM56, both as eth0 and ttys3 as serial device. So the type is not entirely correct (CEM56 versus CEM56-100).
Also, "file /dev/modem" reveals it is a link to /dev/cua3. That looks OK.
Still,/ Minicom (or Seyon) does not seem to find it.
The PCMCIA HOWTO states that a single beep means the card was identified successfull. The second beep would mean the configuration went OK. This second beeps takes quite a while on malekh. The HOWTO suggests to run "sh -x /etc/pcmcia/serial start ttyS3". Which runs fine, ending in linking cua3 to modem. So far so good.
Still, Minicom doesn't find it.
...maybe the problem's due to me using a CEM56-100, rather than a simple CEM56.
Further info:
Running "cardctl scheme" informs me that I have the default scheme.
File /var/run/pcmcia-scheme is empty...STRANGE...
Running "setserial /dev/modem" shows I have a UART 16550A, port ..., IRQ 5.
Using the WISEcom at MBS: cardinfo registers this as ttyS2,
pointing minicom to /dev/ttyS2 gets me a reply of ATZ / OK - ATDT /
NO CARRIER.
By default, PCMCIA does not work, cardmgr reports "no pcmcia driver in /proc/devices". PCMCIA How-To: your base kernel modules do not load. The SuSE website indicates this is a bug. Downloaded new pcmcia.rpm into /Avina/pcmcia.rpm, performed rpm -U /Avina/pcmcia.rpm . Now seems to discover the Toshiba chipset... Then download and install pcmcia_m.rpm . Reboot. Cardinfo now works and recognizes the 3COM Ethernet card. Then install dhcp client, and configure eth0 with dhcp addressing.
Package needs to be installed. Configuration via Yast1 or Yast2 does not work (at least not easily). Use 'cardctl status' to see if the card is found. Manually adjust /etc/rc.config, by making 'NETCONFIG_PCMCIA="_0" (i.e. the first device). Hey, apparently Yast2 decided (at an unknown point in time) to remove the dhclient software and to install dhcpd instead. This had to be manually adjusted again via Yast2. Also, in /etc/rc.config you may have to remake the adjustment to NETCONFIG_PCMCIA=_0. This seems to vanish occasionally too. Run SuSEconfig. NETCONFIG_PCMCIA="_0". Occasionally some other dhcp settings vanish. Apparently Yast2 is not so good in redefining them - Yast1 seems to do a better job.
Try 'xnetload ppp0'. Try 'ntop'.
Samba is a LanManager-like file manager for Unix, implementing SMB. Try "man samba". Key components include:
smbd, the server daemon, configured via smb.conf, handles file & print services
nmdb, the netbios name services daemon, can also be used interactively to query various name servers
/etc/smb.conf (configuration file, mainly oriented towards the server-side)
smbclient, a client that allows to access SMB shares e.g. in a WfWG environment - try "man smbclient"...
various other utilities such as smbprint, smbtar (dumping smb shares directly into tar), ...
testparm (a test utility)
smbstatus
So it must be possible to:
use smbclient to work on a windows share (e.g. Win2000-Kassandros)
use smbd to let a windows client access an avina 'share'
HISTORY PART 1/2 Using smbclient
Playing ...
"smbstatus": not very helpful
"smbclient -L kassandros" : does not get you very far due to security
"smbclient -L kassandros -U administrator" : if then you provide the right password, you get a list of shares back
"smbclient //kassandros/tux -U administrator" : provide the psw, and you have access to /tux
use the -l flag e.g. "smbclient ... -l logfilename" to enable logging
use the -d flag e.g. "smbclient ... -d 3" to see debug messages in the log files
use "?" to list the possible commands now
"mkdir / mget (kassandros -> tux) / mput (tux -> kassandros) / ls ..."
"recurse" to turn recursion on/off for directory operations
"mask" to define exactly what is mget/mput when recurse is "on" (?)
"lcd" to position your local directory
"exit" to quit
Uploading files to kassandros (win2000):
Before using "smbclient", the Linux box needs to be able to resolve kassandros into 10.0.0.5 . A simple way is by editing "/etc/hosts" on Linux, and entering there the IP address that kassandros got from the dhcp server (on W2000, use "ipconfig" to learn kassondros' IP address)
Connect: "smbclient //kassandros/tux -U administrator" : provide the psw, and you have access to /tux - use "?" to list the possible commands ...
General preparation:
"recurse" (to turn recursion on - works alright on the local side, but does not recursively create subdirs on the server side ...)
"prompt" (to turn prompting off)
Adjust the local path:
"lcd /Java01Net" ("lcd" works on the local side)
"lcd" (acts as a local "pwd")
Adjust the remote path:
"pwd" ("pwd" works on the remote server)
"mkdir /Java999"
"cd /Java999" ("cd" works on the remote server)
Do the transfer:
"mput *.*"
"dir" ("dir" works on the remote server)
"du" ("du" works on the remote server)
OK BASICS WORK BUT RECURSION ON SERVER SIDE DOES NOT. CAN ONLY UPLOAD WITHIN 1 LEVEL OF THE DIRECTORY, OR MUST MANUALLY BUILD THE ENTIRE TREE. Try C$ share: "smbclient //kassandros/C$ -U administrator": does not work either. HISTORY PART 2/2 Using smbd Objective: establish the Linux box as a Samba server, offering shares to Win2000. Major problem: Win2000 only allows you to go out if the server you're connecting to supports encrypted passwords. Therefor: create initial smbpasswd entries via "cat /etc/passwd | /usr/lib/samba/scripts/mksmbpasswd.sh > /etc/smbpasswd". Encrypted passwords obviously go in "/etc/smbpasswd". As root, you can execute "smbpasswd -d marcsel" and "smbpasswd -a marcsel" to reset the password on this smb userid (password set to "samba").
create appropriate /etc/smb.conf
then execute "testparm"
then update /etc/rc.config to start samba, and run SuSEconfig
reboot to start smbd and nmdb
* alternatively: "/etc/rc.d/init.d/smb stop | start"
you get details in "/var/log/smb.log"
smbstatus
smbclient '\\TUX\HOMES' -U root ("homes" is the name of the share in /etc/smb.conf)
smbclient '\\TUX\AAATEST' -U marcsel (must be capital letters for the service, and you must use marcsel which was enabled via smbpasswd)
- and the access rights must allow marcsel to read/write AAATEST and subdirs ...
- used "chmod -R o+r /Kassandra_Data/*" - this seemed to do the trick
Downloaded sniffit, basic and patch file. Safeguarded into /Kassandra_Data/AdditionalRPM. Moved to '/' and unpacked. Also untarred the patch tar file, and moved the path to the source dir. Then 'patch Running 'configure' for a second time, the msg looked OK, what's in this 'config.status' file? Looks OK, also in 'configure.log'. Running 'make' for a second time: 'sniffit is up to date'. Thank you. But where is it??? OK, in /sniffit.0.3.5 there is an executable 'sniffit'. However, it comes back with 'cannot execute binary file'. So?
Alternatively, reviewing the index file of SuSE61, sniffit seems to be distributed on CD3. Let's have a look. Unfortunately, it does not seem to be there. Back to the Internet. Mailed the author. HOWEVER: try '/sniffit.0.3.5/sniffit'. This works, but does not recognize the device, even if I try '-F eth0'.
From www.packetfactory.net . Configure script bumps out on 'can't find complete set of pcap headers'. Too bad.
Alternative: downloaded the binary executable, but I get a 'cannot execute binary file' on this one. Now what???
TO DO: Starting point: RFC 1470. a bit old (1993), but a good start. Other points of interest include the Linux Software Map and Trinux.
Check out /usr/src/linux..., particularly the make files and:
tcp.c: "/usr/src/linux.../net/ipv4/tcp.c": the implementation of tcp
ip: "/usr/src/linux.../net/ipv4/ip_input.c": the implementation of ip
Documentation can e.g. be found in "/usr/src/linux.../Documentation/networking/tcp.txt"
Quid firewalling code?
Here we deal with native (direct) ISDN connections, e.g. straight onto the S-bus.Check out:
/usr/doc/howto/en/NET-3 - contains a section on ISDN, and a pointer to a faq
/usr/src/linux.../documentation/ISDN
/usr/doc/packages/i4l
/usr/doc/packages/i4ldoc: FAQ: eng-i4l-faq.html
/usr/doc/packages/i4ldoc/howto - tutorial - ...
Command: isdnctrl.
Typically:
reset the PCMCIA card (pull it out, plug it in)
physically connect malekh to the ISDN LAN modem
start your dhcp client ('/sbin/init.d/dhclient start')
use 'ifconfig' to see whether you did obtain an IP address for eth0
you can try to ping 192.168.1.1
point your browser to '192.168.1.1/mainpage' / alternatively, you can also telnet
psw for 3COM could be: qdge0416
Check out /usr/doc/packages/hylafax. Here's a README.SuSE, providing installation instructions (start via faxsetup, which configures items such as your modem). There's also an html section, with lots of info. Apparently hylafax is the server, susefax is a client. Starting the client results in a nice GUI, but no server to talk to.
NFS components:
portmapper (rpc.portmap or rpcbind) to map ports to rpc programs
rpcinfo, use "rpcinfo -p", or for the remote side "rpcinfo -p 10.0.0.3".
server-side: /etc/exports
server-side: nfsd (sometimes called rpc.nfsd) and mountd (sometimes called rpc.mountd)
client-side: mount/umount (you can use "-v" for verbose output, and -o timeo=n to increase the timeout value)
Of course, there is an NFS-HowTO. The "tar" seems to be the fastest way to pass files over. Debugging: on the server-side, running "rpcinfo -p" should show at least portmapper, mountd and nfsd running. You can also check /var/log/messages for daemon output. Easy way: make a tar file, export it to the client. On the client, move the tar file into "/" and untar it there.
SAVING to tintin
Connect both tintin (NFS server) and malekh (client issuing 'mount') to a hub, then:
on tintin: mkdir ttmalekh, and include a line "/ttmalekh (rw)" in /etc/exports
on tintin: restart the nfs server
on malekh: mkdir tintin
on malekh: mount 192.168.1.3:/ttmalekh /tintin (use "-v" for verbose output, and "-o timeo=n" with default n starting at 7 increased to e.g. 21)
You can also use KDE to copy files (but it's slow).
RESTORING from tintin
Mounting on tintin from avina fails with the msg: RPC timed out. Try the other way round: On avina:
mkdir tintin
make sure the nfs server is started (in /etc/rc.config)
make sure outsiders can write to /tintin; here various alternatives exist, probably best is to handle it at individual user level & via PAM, however, for the time being: simply used MC to allow "others" to write
On tintin:
mount 192.168.1.253:/tintin /avina
cp -r Cryptix3 /avina (where the -r stands for recursively)
cp -r ...
SAVING to tux
Connect both tux (NFS server) and avina (client issuing 'mount') to a hub, then:
on tux: mkdir TuxAvina, and include a line "/TuxAvina (rw)" in /etc/exports
on tux: restart the nfs server ("/sbin/init.d/nfsserver stop" "start")
on avina: mkdir tux
on avina: mount 10.0.0.5:/ttmalekh /tintin
=> results in "mount: RPC: program not registered"
solution: NFS server was not started in /etc/rc.config on tux, hence update and run /sbin/SuSEconfig
=> results in "RPC: timed out"
solution: simply retry (sometimes a reboot of the server machine seems to be necessary), then issue "mount"
Then you can use e.g. the cp command to copy files.
In general: use iwconfig, iwlist, iwspy, iwevent, iwpriv, wireless.... You may have to do e.g. "sudo iwlist scanning". On BlackBetty (Dell mini): connect to <-?-> by entering the password. When editing the connection you get request: 'nm-connection-editor' wants to access the password for 'Network secret for Auto <-?-> / 802-11-wireless-security/psk' in the default keyring.
On Angkor2, Kubuntu 12.10 comes with "NetworkManager". Good intro in Wikipedia. Documentation seems hard to find on the running Angkor2, but there is https://live.gnome.org/NetworkManager.
This database format is used e.g. by Netscape Communicator. Refer to www.sleepycat.com.
...to be provided.
Ftp to 'ftp.netscape.com', cd to /pub/communicator/4.03/shipping/english/unix/... . Carry out a get into /RMS_Programs/Netscape/navi.... . Gunzip, tar -xvf. Then run ns-install.
First time : fails, even logs me out. Browsing ns-install. Run it
a second time. OK. Executable goes into /usr/local/netscape/netscape.
Added an entry in system.fvwmrc to call it.
As Navigator 4.05 is part of SuSE, it gets (almost) automatically installed. Basic files go into /opt/netscape. Plugins reside in /opt/netscape/plugins. Caching goes into /root/.netscape/cache etc. Don't forget to clean-up every now and then.
Resetting your visited links: edit/preferences/navigator/clear history. Alternatively, go to /root/.netscape and clean out manually.
LDAP client included now (edit/search directory)
Good info can be found at Netscape's developer's site. Configuration can be done via:
Mission Control (central management tool);
The Netscape client's GUI (Preferences...);
netscape.cfg (the basic configuration file), note that this file can point to an AutoConfigURL, which will also be read;
config.jsc (the configuration file for Professional Edition)
directly editing resources such as bitmaps and help files (not recommended unless you use Mission Control to distribute your changes);
Don't forget that firewalls and proxy servers can also influence the behaviour of your browser (e.g. locking out https).
Surfing in the PwC office: needs PwC DNS (10.54.72.40) and proxy (proxy-be, port 8080 for http, https and ftp). Also needs to accept the certificate from the firewall (10.54.20.4), which is signed by PWC_TREE. The PWC_TREE certificate is not a root-signer and hence is not visible through the Netscape GUI-view on the certificate db. Nevertheless, you can view it (e.g. with mc), and then you'll notice there is a Novell certificate attribute embedded, including url.
All certificates go in /root/.netscape/cert7.db . This includes own personal certificate. You can use e.g. 'mc' to browse the contents of this cert7.db file. Alternatively, goo Communicator/Security Info/Cryptographic Modules and select e.g. Netscape internal PKCS #11 module. Here you find 'slots', one for crypto services and another one for certificate db. Here you can configure, change password, login/logout, etc.
HOWEVER, how good is my private key? Netscape says its servers and clients contain a piece of software called 'Security Module 1', which is FIPS-140 compliant. For example browsers version 4.02 and above include Security Module 1. HOWEVER, my Linux Navigator says my security module is Netscape Internal PKCS#11 Module. This sounds different... Email sent to fips@netscape.com ...
Netscape's FIPS-FAQ states they also obtained FIPS certificates for their DES, 3DES, SHA1 and DSA implementations. Do I have this?
Go to HELP - About Communicator - RSA product embedded: RSA public key support, MD2, MD5, RC2-CBC, RC4.
HOWEVER how good is my private key protected? Your key is stored in '/root/.netscape/key3.db'. Your certificates go in '/root/.netscape/cert7.db'. I assume they are protected under the relevant PKCS mechanisms such as PKCS #5 PBE etc.
What if your Netscape seems to hang ("Java starting...")? "ps -a" "kill -s 9 123".
Basic crypto support of the Communicator provided by SuSE (from the "about" screen): "This version supports U.S. security with RSA Public Key Cryptography, MD2,MD5, RC2-CBC, RC4, DES-CBC, DES-EDE3-CBC". Ciphers for SSL v3 include RC4 with 128 bit and 3DES. Ciphers for S/MIME include RC2 with 128 bit and 3DES.
Hence there does not seem to be any need to apply Fortify. Anyway, just for the record, Fortify is provided by SuSE, package fortify-1.4.6-10, from www.fortify.net. Info in /opt/fortify.
On Angkor3, installed pure-ftpd. Verify security settings... Documentation in /usr/share/doc/pure-ftpd. Executables in /usr/sbin. (pending question: how about the sftp which comes inside ssh?)
Starting: 'service pure-ftpd start' (legacy: /usr/sbin/pure-ftpd &
Legacy stopping: pkill pure-ftpd
Status: 'ps auxw|grep pure-ftpd' should show you the SERVER process and optionally some connected clients. To connect you can eg use 'ipconfig' on the server to list the server's IP-address. Then use eg Filezilla on the client.
Legacy on Angkor2: installed vsftpd via sudo apt-get etc. See ubuntuforums.org. There is a config file in /etc/vsftpd.conf. You start/restart with 'sudo /etc/init.d/vsftpd restart'. Only worked once, apparently then hung. On Angkor2, installed ftpd. No instructions to be found on how to start it, manually starting it as daemon fails, removed again. Tried pure-ftpd - seems OK.
So (O'Reilly's 'Managing Internet information services - p. 54 ) :
(1) inetd.conf must fire up a daemon contains the following line: 'ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a' to listen for incoming ftp. So inetd gives the hand to tcpd, which gives the hand to in.ftpd (which is actually /usr/sbin/in.ftpd, cfr glint).
(2) user ftp must exist
User ftp exists in /etc/passwd (this
allows 'anonymous' to connect to your ftpd)
(3) wu-ftpd config files need to be adjusted
(31)
/etc/ftpaccess (by default, definitions in here are active)
(32)
/etc/ftpconversions
(33) /etc/ftphosts (can deny particular
hosts)
(34) /etc/ftpusers ('inverse logic', denies users like
root access)
(4) directories on the server side According to 'man ftpd', the server performs a chroot to '/home/ftp'. Here you find bin, dev, etc, pub, directories... . OK, I can 'get' from Bugis. However, to upload, I need an 'upload' statement in my /etc/ftpaccess file.
And I need to allow write access on the /home/ftp/pub directory: I've used a coarse way: chown ftp /home/ftp/pub; chmod a+w /home/ftp/pub. Verify the results with ls -al. You can now ftp to '0' or Kassandra, login as anonymous, cd /pub. If you want to upload, remember:
On Bugis:
- lcd: shows you the local directory, i.e. on Bugis,
e.g. /root
- pwd: shows you the remote directory, i.e. on
Kassandra.
- cd: changes the remote directory, i.e. on Kassandra.
- ls: lists the remote directory, i.e. on Kassandra.
- put:
will write into the remote directory, and you need to have the access
rights for that. So typically, you need to cd to it.
Apache is part of most distributions, you can also checkout "www.apache.org". The main configuration file is called the "ServerConfig" file, e.g. "/etc/httpd/httpd.conf". This is based on the NCSA server and its config file, full details on "www.apache.org/docs".
Use "httpd -?" to find out all the options for starting Apache.
Use the manual command line or the System V Init editor to start/stop Apache. The editor's entry is linked to /etc/rc.d/init.d/apache. This currently starts "/usr/sbin/httpd -f /etc/httpd/httpd.conf -D SSL...". This -f flag specifies the full path to the "ServerConfig (=httpd.conf)" file. After processing ServerConfig, the settings of ResourceConfig and AccessConfig directives determine what happens next. Both directives are included in the ServerConfig file, and are by default commented out. This default results in processing "srm.conf" and "access.conf". Both are by default empty - it is suggested to leave them empty.
Note the role of the ServerRoot directive: if you specify a filename starting with a /, this is absolute. If there's no /, the value of ServerRoot (e.g. /usr/local/httpd) is prepended.
The SuSE 6.0 installation includes Apache 1.3: start it via System V Init editor, and point your browser simply to "localhost". There you are. ServerRoot points to "/usr/local/httpd", so the demo website is served from "/usr/local/httpd/index.html".
Directive DocumentRoot (default "/usr/local/httpd/htdocs") defines where you serve documents from. Further directives will specify authorizations on your documents.
As specified by directives in ServerRoot, logging goes by default into:
"/var/log/httpd.error_log" - directive ErrorLog defines this;
"/var/log/httpd.access_log" - directive CustomLog defines this - directive LogLevel (e.g. warn) defines the granularity.
Point your browser to "http://localhost:80/server-status". Setting directive ExtendedStatus on (in ServerConfig, i.e. httpd.conf) gives more info.
Some facts:
executable: /usr/sbin/httpd (binary)
man page: man httpd
documentation in "/usr/local/httpd/htdocs/manual/index.html"
sample configuration: "/etc/httpd/httpd.conf"
adopted configuration: "/Kassandra_Control/conf/httpd.conf": this file contained a lot of "invalid commands" (which used to work on boy), defined by a module not included in the server... so what is included? Running "httpd -l" lists that only two modules are compiled in:
http_core.c
mod_so.c
Conclusion: compared to the modules that exist (close to 100) this is limited. However, there is an impressive amount of modules in "/usr/lib/apache/mod_....."
Oddly enought, I get a "sqlinit: DBROOT must be set" when starting. Now "/etc/rc.d/rc3.d/K20apache" starts with "DBROOT=/dev/null". So when should this be set? WHAT IS THE NORMAL WAY TO START APACHE??? WHY DO I NEED sql???
OK, cool:
There's a mistake in SuSe's scripts for starting Apache (in fact they forgot it altogether). Got suggested correction from the SuSE Support Database (SDB), and saved it in /Kassandra_Scripts/malekh.apache.correction. Then executed it. Still "DBROOT must be set". Hmhm. OK, my fault: should use "rcapache start" rather than "httpd -f ....".
And there's also a specific problem with setting DBROOT, solution now saved in /Malekh/ApacheDBROOTproblem (but this not seem mandatory to fix)
Now "rcapache start" works, but "sh -x rcapache start" shows it uses the standard /etc/httpd/httpd.conf file (rather than my own one). How to fix this? Save a copy of the original, and write my conf file over it. OK, now Netscape can talk to my Apache, and gets a "forbidden". Since the ServerRoot points to /Kassandra_Control, you should surf to e.g. "http://localhost/LinuxWeb.html". Indexes does not seem to be generated automatically.
Check out /usr/doc/howto/en/html/mini/Apache+SSL... Also, have a look at www.apache-ssl.org. I decided to download SSL from the OpenSSL website. Resulted in /openssl-0.9.2b, with README and INSTALL files. The www.apache-ssl.org site explains you need:
apache 1.3 in source for compilation with the patches and the openssl libs (downloaded from www.apache.org)
openssl-0.9.2b (downloaded from OpenSSL)
apache136ssl134 (downloaded from ftp.MASTER.pgp.net/pub/crypto/SSL/apache-ssl)
Hence I now have three directories straight under "/":
apache_1.3.6 (full Apache, including source code)
apache136ssl134 (
openssl_0.9.2b
Also, "Kassandra_Data/AdditionalRPM" still stores the .tar.gz originals.
Let's start with Apache itself, and its various README's etc. From within "/apache_1.3.6" I've executed "./configure --prefix=/usr/local/apache136". Next is "make" and "make install". Then I can start my newly created httpd with "/usr/local/apache136/apachectl start". Use "http://localhost" to see the newly created server. Use "/usr/local/apache136/bin/httpd -v" to see that you've effectively build it.
Now configuration can take place via a.o.:
flags at start-up time
editing /usr/local/apache136/conf[etc - according to the doc]/httpd.conf
editing /usr/local/apache136/conf[etc - according to the doc]/access.conf
editing /usr/local/apache136/conf[etc - according to the doc]/srm.conf
I created "/Kassandra_Control/conf/*.*". Now issuing "/usr/local/apache136/bin/httpd -d /Kassandra_Control" hopefully starts Apache with LinuxWeb. Careful, under "/Kassandra_Control" you need to create the three subdirectories that Apache expects: conf, logs and htdocs. The "Kassandra_Control/conf/httpd.conf" needs some customisation to point to "/Kassandra_Control/..." files rather than the defaults. OK, basics seem to work.
Documentation in "/usr/share/doc/packages/apache". SuSE manual points to:
/usr/local/httpd (example documents)
/etc/httpd/httpd.conf (by default configured as SuSE help system)
I saved the .conf into .original, and created a LinuxWeb specific .conf file. Useful:
/usr/sbin/rcapache help (for help on how to start/stop Apache)
"rcapache full-status" informs you on current status
"sh -x rcapache start" (useful for debugging)
Access via Netscape, "http://localhost" or "http://imagine".
Squid is a cache server/www-proxy. Documentation in /usr/doc/packages/squid. Configuration via "/etc/squid.conf".
WWWoffle is a www offline explorer, another proxy server, capable of interacting with e.g. diald. Configuration via "/etc/wwwofle/wwwofle.conf".
Builds an index over a document-base which is served from a webserver. No manpage for htdig. However, there is a full package and corresponding documentation: "/usr/doc/packages/htdig/htdoc/index.html".
htdig's files: "/opt/www/".
/opt/www/htdig/conf/htdig.conf: starturl points to localhost, basedir where htdig resides, commondir where search.html resides etc
Apache: /etc/httpd/httpd.conf: ServerRoot (/Kassandra_...), DocumentRoot (?),
How it works:
digging - before you can search, htdig (acting as a regular www user) builds the db of all documents that need to be searched, this results in:
a list of words that can be searched for in /opt/www/htdig/db.wordlist
a db of 'hits' in db.docdb
merging - htmerge converts the db into something quickly searchable
searching - htsearch is a cgi program invoked through html which carries out your searches
Script "rundig (or rundig -vvv to see debug output)" executes both htdig and htmerge. Search via ... TODO: narrow search for htdig via config file.
There are accounts on
email.angelfire.com (marc.l.sel@angelfire.com)
home.netscape.net/netcenter (marclsel@netscape.net)
belgacom.net (marc.sel@belgacom.net) - login gc363580/psw vud285v5/PIN 242515011 (required for technical assistance)/incoming POP3 mail: pop.belgacom.net/outgoing SMTP mail: relay.belgacom.net/POP with local rate: 0909.34100 - maybe only usable when you're dialling in through Skynet...?
A simple but efficient email client. Ref man pine.
Ref man mail. Use q to quit, p to print a mail message.
An electronic catalog system (shopping cart). Refer to the article in LJ June 1999. Check-out www.minivend.com.
Check out mico.
Getting started: via xrpm.
"slapd" is the stand-alone ldap server
"slurpd" is for replication
"ldapsearch" - "ldapadd" - "ldapmodify" ...
"ldif"
"ldbm"
"centipede"
KDE's ldap client is "kldap"
Xrpm: /etc/openldap. Info in /usr/share/doc/packages/openldap. Start via "/sbin/init.d/ldap start" or "start -v". "Man ldap" comes with suggestions. Query via ldapsearch.
Config in /etc/openldap. Major configfile"/etc/openldap/slapd.conf".
You get some feedback in "/var/log/messages". Configuration:
schema used: via include in /etc/openldap/slapd.conf: slapd.oc.conf contains all oc (objectclasses)
tailoring of "/etc/openldap/slapd.conf" (e.g. loglevel -1 for maximum logging)
stop | start slapd by "/sbin/init.d/ldap stop | start"
creation of /Kassandra_Data/AdditionalCONFIG/imagine.ldif"
execution of "ldapadd -D "cn=Manager,dc=imagine,dc=com" -W -f /Kassandra_Data/AdditionalCONFIG/imagine.ldif" - you can see what's happening in /var/log/messages
FYI: dc stands for domainComponent
msg: adding new entry dc=imagine, dc=com
msg: adding new entry cn=Manager,dc=imagine,dc=com
check via "ldapsearch -b "dc=imagine,dc=com" "(objectclass=*)"
you can now also use kldap (careful: while specifying Root DN you need a space after the "," (so it is "cn=Manager, dc=imagine, dc=com")
DEMO
what? ===> xrpm ===> openldap
configure via /etc/openldap/slapd.conf
object classes are found in slapd.oc.conf
>stop | start slapd by "/sbin/init.d/ldap stop | start"
check via "ldapsearch -b "dc=imagine,dc=com" "(objectclass=*)" "
or via Netscape / addressbook
"ldapadd .... imagine3.ldif"
checkout via ldapsearch or Netscape Communicator
or via /Java51LDAP/src/netscape/ldap/tools/LDAPSearch2.java
or via kldap
log: /var/log/messages
Included in EJBCA installation.
Refer to jtk1.html .
Refer to jtk1.html .
XML parser - version 2.2.1 . Installed from xml.apache.org into /xerces.... Unpack with jar xvf xerces....jar into /xerces-2_2_1 and into /tools . I also extracted the xercesSamples.jar . Usage see jtk1.html.
Crypt is DES based, with a salt added and slower encryption.
This utility factors:
according to the man pages: numbers between [-2.147.483.648..2.147.483.648].
according to putting it to the test: much higher numbers ... but how high?
According to man factor, you can also generate primes, but that does not seem to work. Way forward: use Cryptix Prime class etc.
Calculates the md5 hash over a file: "md5sum filename".
Installation on Kassandra. Downloaded in RPM format from "www.pgpi.com". Mind you, this is the "international" website and correspondig PGPi version. Strength?
Installed the rpm via glint, "utilities/text". Executables go in /usr/bin. Doc goes into /usr/doc. There's also a short man page for pgp, pgp.cfg (configuration), pgpk, etc...
Just running pgpk gives you an overview of key management. For details, refer to the user manual.
Running "man pgp.cfg" describes all the entries in the config file. An example would be nice. A quick peek in the rpm reveals that no default config file is provided. Where's this user manual? O'Reilly has an excellent book! Or there is a user manual in pdf on Win95.
Installation on Tootbrush. Run "rpm -ivv /Kassandra_Data/AdditionalRPM/pgp____.rpm". This installs binaries into /usr/bin (pgp and pgpk).
Starting pgpk results in the message: cannot open configuration file "/root/.pgp/pgp.cfg". Indeed, there's no such file.
O'Reilly nicely describes all the fields of this file on p. 271. I created a minimal "pgp.cfg" file.
Question: Can I transfer my existing Win95 keyrings
and continue to use them here?
Answer: Yes, I
copied my pub/secrings into /Kassandra_Data/AdditionalCONFIG. From
there, copy pgp.cfg, the pubring.pkr and secring.skr into
"/root/.pgp". Now "pgpk -l" lists the content of
my keyring, both public and private (PGP: secret) keys.
Question: How do I wipe without a GUI?
Answer:
Use the -w flag, e.g. "pgpe -cw ...".
Reinstalled as described for Toothbrush.
Encrypting with a passphrase and "conventional cryptography (what's that, Phil? IDEA? Yes Marc, IDEA)": "pgpe -c foo"results in being asked a passphrase to encrypt with IDEA. Use "pgpv foo" to decrypt. You'll be challenged for the passphrase.
Encrypting with a public key: "pgpe -r
marc.sel@be.pwcglobal.com foo"
Decrypting again: "pgpv foo" and you'll be challenged
for the passphrase.
Reinstalled from /Kassandra_Data/AdditionalRPM/... Also copied pgp.cfg and keyrings from /Kassandra_Data/AdditionalCONFIG into /root/.pgp . Now wouldn't it be nice to have a GUI interface? Check out the 'Geheimniss' thing from SuSE.
SuSE 6.4 now comes with PGP 2.6.3i. According to the doc, the expects configuration information in your homedirectory, in "/.pgp". Trying to use the old keyring from Malekh - no success. OK, Malekh used PGP 5.Oi, from an additionally downloaded rpm. So I have to remove the "standard" PGP that came with SuSE, and reinstall PGP 5.0i from /Kassandra_Data/Additional_RPM. Hence I removed packages pgp and gpg via YaST. Then installed pgp 5.0i through YaST. This did not work (no pgp executable to be found) but did not return an error msg. Do a manual install "rpm -ivv etc...": failed dependencies:
libm.so.5 is needed by pgp-5.0i-1
libc.so.5 is needed by pgp-5.0i-1
Libaries are found in various places:
in /lib: here you find e.g. libc.so.6 and libm.so.6 (i.e. too high)
in /usr/i486-linux-lib..., but libc5/6 are empty
running "ldconfig -p" shows 552 libs found in cache /etc/ld.so.cache with all mappings
Hence need to install these two libs. Help from SuSE: install package shlibs5 from series a. This resolved the libc.so.5 dependence, rpm still complains for libm.so.5. However, 'ldconfig -p' shows there is '/usr/i486-linux-libc5/lib/libm.so.5', which is a symlink to '....5.0.9'. So what? Alternative: downloaded PGP 6.5.1i. Installed it in /pgp6 and below. Created /root/.pgp containing config & keyfiles. OK. Lot's of documentation, as well as the sources are available now...
Might be provided by SuSE, but is a commercial product with license etc.
GPG (Gnu Privacy Guard) is compliant with the OpenPGP implementation proposed in RFC 2440. It does not use any patented algorithms (IDEA, ex-RSA, ...).
Symmetric algorithms are: 3DES, Blowfish, CAST5 and Twofish (GnuPG does not yet create Twofish encrypted messages because there is no agreement in the OpenPGP WG on how to use it together with a MDC algorithm)
Digest algorithms available are MD5, RIPEMD160 and SHA1. GPG 1.0 is included in SuSE 7.0 together with "GPGaddons". Documentation is /usr/share/doc/packages/gpg. All files are mentioned at the end of "man gpg".
GPG. User-specific files: /root/.gnupg/... . Remember, previous versions of PGP keyring went in /Kassandra_Data/AdditionalConfig. Import via "gpg --import" (ref below). As a result, the trustdb is created, and those keys for which a "user id" is found (internal PGP/GPG user id I assume) are imported alright. Others are processed but not imported. Use:
gpg --version (indicates algorithms supported)
gpg --list-keys --with-colons
gpg --list-public-keys (initially empty)
gpg --list-secret-keys (idem)
gpg --import /root/.gnupg/pubring.pkr (imports all pubkeys)
gpg --import /root/.gnupg/secring.skr (imports secret keyring)
gpg --edit-key marc.sel@be.pwcglobal.com
symmetric encryption:
gpg -c --cipher-spec 3des --compress-algo 1 myfile (encrypts conventionally)
gpg -d --cipher-algo 3des /root/netscape.rpm.gpg > /root/netscape.tst (decrypts)
GPGaddons. Check /usr/share/doc/packages/gpgaddon.
Package and encrypt:
To pack: "tar cvfz /temp/ama.tgz foo/ama" (note that foo/fea refers to the entire directory)
To gpg: "gpg -c /temp/ama.tgz" (will go to ".gpg" file)
---
To un-gpg "gpg -d /temp/ama.tgz.gpg > /tmp/ama.tgz"
To unpack: "tar xvfz /temp/ama.tgz" (note that this will recreate everything at the curent location)
Change to "/usr/local/ssl/bin". Run "./openssl" puts you in commandline mode.
You find source in "/openssl-0.9.2b/crypto/rsa/rsa_gen.c". Here p and q are generated as large primes. Next n is calculated (p*q), then d. Sounds reasonable.
Now look in "/openssl-0.9.2b/doc/ssleay.txt", search for "=== rsa.doc ===". Here you read that the RSA structure used internally can contain both private & public keys. A public key is determined by the fact that RSA-> d value is null. It is explained that rsa_generate_key should only be used to generate initial private keys.
Note that you can find a source: "/openssl-0.9.2b/crypto/rsa/rsa_gen.c". Have a look...
Use "req" to create key pairs and certificates. Check out the configuration in "usr/local/ssl/lib/openssl.cnf".
Have a look in "/openssl-9.2b/apps". Here you find the source code of e.g. an SSL client (s_client.c) and server (s_server.c). Source code contains lots of explanation.
ssh-keysign(8) - Helper program for hostbased authentication.
/usr/share/man/man8/sshd.8.gz
ssh-keysign(8) - ssh helper program for hostbased authentication.
put ...but this only works for individual files
To unpack on the Linux: "tar -xvf ama.tar"
Downloaded .tar.gz file from Anderson's Serpent page. The original file is kept in /Kassandra_Data/AdditionalRPM. Unpacked in / and moved all resulting files into /serpent. What do we have:
Floppy 1: Serpent C code, header files, ...
Floppy 2: Optimized ANSI C implementation
Floppy 3: Optimized Java implementation, based on Cryptix code
Floppy 4:
Apparently comes in at least two flavours:
a provider (e.g. cryptix32) to be used under the Sun JCA - comes with source code, tests and utilities (e.g. to create safe archives)
a JCE - i.e. an implementation of the official JCE 1.2 API as published by Sun (apparently sometimes authorisation required to download)
Very interesting are the source code examples, the tests and the utils such as SCAR - a crypto-secure archive tool.
1) Installing the class files (starting from the source code): follow the README:
download zipfile with sources into /Kassandra_Data/AdditionalNonRPM/Cryptix3JCE1.1-src/Cryptix-src...
extract into /Cryptix3
1.1 install provider in three steps: "cd /Cryptix3/src/cryptix/provider", then "javac Install.java", finally execute it:
"CLASSPATH=/Cryptix3/src" --- so you break-off just before the package name
"export CLASSPATH"
"java cryptix.provider.Install" ---> CLASSPATH || cryptix.provider.Install are now automatically concatenated, and the runtime finds Install.class
this is concluded by the message: "security.provider.2=cryptix.provider.Cryptix" is added in "/usr/lib/java/bin/lib/security/java.security". Remove manually if needed.
1.2 compile: from the top directory, run the make_snap or build shellscripts residing in "/Cryptix3/util" What do we already have: "src", "util(shell scripts)", "doc", "guide (quite nice on crypto & security)", "images", "license", i.e. preparatory stuff. What will be added by compiling: "/build" and the class files below. So I ran "cd /Cryptix3", "sh util/build.sh". This resulted in 1 warning (deprecated APIs).
1.3 test: sources in /Cryptix3/src/cryptix/test, and they include a statement "package cryptix.test", class files in /Cryptix3/build/classes, hence:
"cd /Cryptix3/build/classes"
"java cryptix.test.TestMD2" and "java cryptix.test.TestAll" --- OK.
2) Installing the documentation:
"cd /Cryptix3/doc" and ". build.sh" - first execution only partial success (930 items added, 104 errors), due to not setting the env variable JDK_SOURCE, need to re-do this...
nevertheless, there is quite some useful documentation in LinuxWeb - ITjava
additional documentation available in "/Kassandra/Data/AdditionalNonRPM/Cryptix3...doc..."
/Cryptix3 directory copied over from Malekh. Running 'ExamineSecurity' obviously responds that the cryptix provider is not (yet) installed. Hence:
"cd /Cryptix3/src/cryptix/provider", then "javac Install.java",
execute Install via:
"CLASSPATH=/Cryptix3/src" --- so you break-off just before the package name
"export CLASSPATH"
"java cryptix.provider.Install" ---> CLASSPATH || cryptix.provider.Install are now automatically concatenated, and the runtime finds Install.class - OK
You can see what Install does by peeking into /Cryptix3/src/cryptix/provider/Install.java: it installs Cryptix in the /java.security file (actually '/usr/lib/java/lib/security/java.security').
Feedback from Install: ---Examining the Java installation at /usr/lib/java The following lines were added to /usr/lib/java/lib/security/java.security: # Added by Cryptix V3 installation program: security.provider.2=cryptix.provider.Cryptix To uninstall Cryptix, remove these lines manually----
Try to run my old programs in /Cryptix3/build/classes such as modinverse1: OK. I assume this works since the executables were copied over and the provider is re-installed... Demos are discussed in JTK1.
Downloaded Cryptix32. You get:
Cryptix32/cryptix32.jar => the class files in jar format (so you don't have to compile all the sources)
Cryptix32/doc => the API documentation
Cryptix32/src:
CVS
cryptix: here you find a lot of Java source code: provider, test, tools, util, ...
netscape
xjava
How to proceed: check out the website: 1) "Add the JARs to your classpath...": First "CLASSPATH=/Cryptix32/cryptix32.jar:/CryptixSources", then "export CLASSPATH". Check with "echo $CLASSPATH". You can read out the jar with "jar tvf cryptix32.jar". 2) Install provider:
cd Cryptix32/src/cryptix/provider
javac Install.java
cd /Cryptix32/src
java cryptix.provider.Install =>
Examining the Java installation at /usr/lib/jdk1.2.2/jre
The following lines where added to /usr/lib/jdk1.2.2/jre/lib/security/java.security
"Added by Cryptix V3 installation program:"
"security.provider.2=cryptix.provider.Cryptix"
To uninstall Cryptix, remove these lines manually.
Compile (in the previous version /util contained the compilation scripts ... what happened here?) => WRONG ASSUMPTION. Since you can specify the classfiles in jar format through the CLASSPATH (refer to point "1)" above) there is no need to compile. You can execute right away.
Next steps: start working with certificates (part of Java2 - at least for the basic stuff, without the extensions), and try Rijndael (ref below).
Software that allows you to:
generate .java source files that model ASN1 types defined in an input file
compile those sources so they can be used, either on the fly or later
use those sources in your own applications
STEP-1. Installed in CryptixASN1. Test/demo sources in /CryptixASN1/jar/src/cryptix/asn1/test. Execute tests via:
cd /CryptixASN1/jar/src/cryptix/asn1/test
CLASSPATH=/CryptixASN1/jar/cryptix-asn1-19991128-a6.jar
export CLASSPATH
javac Main6.java
CLASSPATH=/CryptixASN1/jar/cryptix-asn1-19991128-a6.jar:/CryptixASN1/jar/src/cryptix/asn1/test
export CLASSPATH
java Main6
---> wrong name = bad location ...
TRY AGAIN. Move Main6.java to /Java02Security, and removed the "package" statement inside. Copied cryptix.asn there too. Now fails since parser is not found... CLASSPATH=/CryptixASN1/jar/cryptix-asn1-19991128-a6.jar:/CryptixASN1/jar/cryptix/asn1/lang:/CryptixASN1/jar/cryptix/asn1/encoding:/Java02Security: STEP-2. Wait a moment - prerequisite: needs javacc and jmk. Install those first... into /Java53MetaCC (javaCC_0.class, javaccdocs.zip, jmk.jar ...) .
jmk: put a copy of jmk14.jar in /CryptixASN1/jar. This allows "java -jar /CryptixASN1/jar/jmk14.jar" (which will use the makefile.jmk).
javacc: probably used automatically if you put it on the classpath
Hmmhm...
Rijndael java code is included in Cryptix, use the cryptix32 provider. Start by using "TestRijndael.java":
you may have to set the classpath to the jar (ref above), then continue by:
"cd /Cryptix32/src/cryptix/test" (position yourself for compilation)
"javac TestRijndael.java" (compile)
Problem: compilation error: the "import cryptix.provider.key. ..." fails
solution: "export CLASSPATH=/Cryptix/Cryptix32/cryptix32.jar"
"cd /Cryptix32/src" (position yourself just above the full 'program'-name you specify below for execution)
"java cryptix/test/TestRijndael" (you must use this qualified name or the execution fails)
Problem: "no such provider" exception
solution: install provider
cd Cryptix32/src/cryptix/provider
javac Install.java
cd /Cryptix32/src
java cryptix.provider.Install =>
Examining the Java installation at /usr/lib/jdk1.3/jre
The following lines where added to /usr/lib/jdk1.3/jre/lib/security/java.security
"Added by Cryptix V3 installation program:"
"security.provider.3=cryptix.provider.Cryptix"
To uninstall Cryptix, remove these lines manually.
Next step is to use Rijndael in a program. This is done via the Cryptix provider. Check out the test and util programs.
Downloaded them into /Baltimore. Also downloaded the Sun xml parser and api into /Java52XML/....
safeguarded a copy of /usr/lib/jdk1.2.2/jre/lib/security/java.security (because it currently contains the Cryptix provider)
"CLASSPATH=/Baltimore/libs/jpkiplus.jar:/Baltimore/libs/jcrypto_1.1.jar:/Baltimore/libs/jce.jar:/Java52XML/jaxp1.0.1/jaxp.jar:/Java52XML/jaxp1.0.1/parser.jar"
"export CLASSPATH" "echo $CLASSPATH"
"javac BaltKPG.java"
xxx
Installed from Berkeley's CD. After installation comes with following error message:
xset: bad font path element (#38), possible causes are: Directory does not exist or has wrong permissions Directory missing fonts.dir Incorrect font server address or syntax
Solution: X server's font path may need updating. Probably via "xset fp+ ....". OK problem was that the X server's path referred to /cdrom/.... . Restarting the X server seems to resolve the problem already.
Modifications to your platform result in a new MathID, which requires a new password. Even insertion/removal of PCMCIA card leads to "missing password".
Create new notebook. Use shift-enter to calculate.
Factoring integers: FactorInteger[n]. There is also Lenstra's FactorIntegerECM. This extends Mathematica's factoring up to approximately 40 digits. Prime digits are approximately 18 digits long then. Very nice help available.
Modular: Mod[k, n].
Modular inverse: you can use PowerMod (a, b, n). This returns a^b mod n. E.g. 25 mod 6 can be done as PowerMod[5, 2, 6]. This can then be used to find modinv by taking b=-1. To find the modinv of 3 mod 7: PowerMod [3, -1, 7]. You can also calculate beyond the simple modinv -1. You can do -2 etc. also.
Copied from CD in /flint (rijndael not copied yet). Software is the FLINT/C function library (functions for large integers in number theory and cryptograph). The library contains a number of modules for arithmetic, number theory, tests, RSA and Rijndael.
For testrand.c: try make:
cd /flint/test then "make": fails
try "make -d" to see errormsgs - still not clear why it fails
For testrand.c: try manual gcc.
gcc -v -o testrand testrand.c lacks header files
so copied flint.h and assert.h into /usr/include ===> problem gone but now list of unresolved references to the functions that are defined in flint.c itself
solution is to link the full flint.c statically into your executable (for which you have to provide the full path), hence:
gcc -v -o testrand testrand.c /flint/src/flint.c
If you get msgs that libflint is not found, you can compile with the following flags: "gcc ... -lflint -L/flint/lib" For rsademo.cpp (C++ Nice overview of C++ at www.cplusplus.com.)
since it's C++ we'll need the stdc++ library, including:
header files such as iostream.h fstream.h and iomanip.h
the library itself
Suse packages such as libgpp contain C++ libraries such as libg++ and libstdc++, both the header files and the actual libraries. Doing a "locate libstd" finds a list of /usr/lib/libstdc++... libraries. They seem to be shared and static libs. They include:
/usr/lib/libstdc++-3-libc6.1-2-2.10.0.so - running "file" on this tells us it is a ELF 32-bit shared object, not stripped
/usr/lib/libstdc++-3-libc6.2-2-2.10.0.a - running "file" on this tells us it is a current ar archive
/usr/lib/libstdc++-3-libc6.2-2-2.10.0.so - another so
Remember you can do "ldconfig -p" for an overview of existing libraries. You can do "ldd" to find out what a program needs. Problem on imagine/tecra780DVD: compiling results in "gcc installation problem - cannot execute cc1plus" However, on the Satellite2060CDS compile goes OK. Guess I should reinstall the tecra from scratch (Yast2 doesn't work either).
append the c++ library to LD_LIBRARY_PATH in the environment variables:
use "env" to list
then "LD_LIBRARY_PATH=/opt/mozilla//:/opt/mozilla/components//:/opt/kde/lib:/opt/kde2/lib:/usr/lib/libstdc++.so.2.9"
then "export LD_LIBRARY_PATH" and "env" to check again
use the -l and -L switches at compile/link time
specify -l as -lstdc++
specify -L as -L/usr/lib/libstdc++.so.2.9
Requires Ant and Jboss/Tomcat as prerequisites. Then deploy into Jboss.
EJBCA builds on EJB 1.1, and relies on:
BouncyCastle JCE provider - OpenSource JCE crypto provider from www.bouncycastle.org (jar included)
JBoss - OpenSource J2EE application server (jar claimed to be included - WRONG INFO)
Tomcat - servlet container, invoking servlets for users and handles JSP (jar claimed to be included - WRONG INFO)
log4j - from Apache Software Foundation (jar included)
JUnit - can be obtained from www.junit.org, (jar included)
Building EJBCA #1: start-up:
unzip into '/', creates /ejbca
cd ejbca
ant (there's a build.xml present) ===> goes fine, creates subdirs, compiles classes etc.
ant javadoc (to build the doc) ===> goes fine
copy the Bouncycastle JCE provider /ejbca/lib/jce-jdk13-.jar to the directory jboss/lib/ext ===> however
at first I looked for bcprov*.* and I thought the provider was not supplied (hence I downloaded and manually installed to no good use); it's provided but called jce-jdk13...
and neither JBOSS is present (has to be downloaded too)
COPY LATER WHEN JBOSS IS PRESENT
Building EJBCA #2: JBoss:
Downloaded jboss 2.4.3, the "current stable version", extracted into /JBoss-2.4.3_Tomcat-3.2.3, with a jboss and a tomcat subdirectory. Jboss provides a basic EJB container. Furthermore:
JNDI is used to find the remote and home interfaces of the beans.
Security is based on JAAS.
If the JVM which is used has HotSpot support, it is used.
Crimson is used as XML parser.
Log4j is used as logger.
Config for JBOSS: /JBoss-2.4.3_Tomcat-3.2.3/jboss/conf/default/
standardjboss.xml
jboss.conf
jboss.jcml
jboss.properties
Security config for JBOSS: /JBoss-2.4.3_Tomcat-3.2.3/jboss/conf/default/
server.policy
auth.conf
Logfile of JBOSS: /JBoss-2.4.3_Tomcat-3.2.3/jboss/log
server.log
JBoss comes with a test servlet: point your browser to imagine:8080/jboss/index.html.
To dynamically administer JBoss services (i.e. start, stop, ...) the MBeans: point browser to localhost port 8082. Particularly JNDIview is helpful.
Monitor client: /JBOSS_HOME/jboss/admin/client/monitor.jar: try "java -jar client/monitor.jar"
Building EJBCA #3: Tomcat:
TOMCAT is the servlet container with a JSP environment. A servlet
container is a runtime shell that manages and invokes servlets on
behalf of users. It is used in the official reference implementation
for the Java Servlet and the JavaServer Pages. Tomcat is Servlet API
2.2 and JSP 1.1 compliant container (remember JServ was only Servlet
API 2.0 compliant). It was originally intended to be deployed under
Apache, IIS, Enterprise Server or the like. Howeverm it can be used
stand-alone also. Tomcat is part of Jakarta.Apache.org. Tomcat
documentation is available in /JBoss-2.4.3_Tomcat-3.2.3/tomcat/doc.
The two main config files are server.xml and web.xml (defining your
servlets and other components) .
Web applications live in "web
application archives" which exist in two formats:
unpacked hierarchy of directories and files (typically: development)
packed hierarchy for deployment, the "wars"
The top-level directory is the application root, where html and JSP pages are located. At the moment of deployment, a context indication will be added. If tomcat is started, you can access its default homepage on 127.0.0.1:8080. There is an admin page at 127.0.0.1:8080/admin (but what's the password?) So for EJBCA:
copied /root/jce-jdk13....jar into /JBoss-2.4.3_Tomcat-3.2.3/jboss/lib/ext
set JBOSS_HOME to right value ("export JBOSS_HOME=....")
Building EJBCA #4: starting JBoss:
Starting jboss: "/JBoss-2.4.3_Tomcat-3.2.3/jboss/bin/run.sh"
Problem 1: Exits since /org/jboss/Main not found... . Try "sh -x /Jboss...." to visualise the batch-file substitutions.
Solution 1 You simply need to "cd /JBoss-2.4.3_Tomcat-3.2.3/jboss/bin". Then ". run.sh".
Problem 2: starts but automatically calls JDK 1.2 which is of course not high enough. So I must specify to use the J2EE SDK. My JAVA_HOME does not seem to be used. I assume the problem comes from the java wrapper which still points to Java 1.2.2 . How do I change this? Probably due to /usr/lib/java being a link to /usr/lib/jdk1.2.2. The wrapper is /usr/lib/jdk1.2.2/bin/java, pointing to .javawrapper....
Solution 2: make /usr/lib/java link to /jdk1.3, so I did:
rm /usr/lib/java
ln -s /jdk1.3.1_01 /usr/lib/java
Now java version informs me of 1.3.1 --- OK.
Restarting jboss: "/JBoss-2.4.3_Tomcat-3.2.3/jboss/bin/run.sh" or "run_with_tomcat.sh" now calls JDK 1.3. Better. Jboss started 46 services.... How do you stop it? Cntl-C works of course. Then:
KEYSTORE: copied the keystore from /ejbca/src/ca/keyStore/server.p12 to /ejbca/tmp = MISTAKE: error in /ejbca/runtest.sh persists: it must be the 'hardcoded path', i.e. "/tmp", nowhere else
SET JBOSS_HOME: export JBOSS_HOME=/Jboss-2.4.3_Tomcat-3.2.3/jboss
SET JAVA_HOME: export JAVA_HOME=/usr/lib/java
DEPLOY: 'cd /ejbca' - then - '. deploy.sh' (which copies /ejbca/dist/*.j|war into JBOSS_HOME/deploy
msg: 'bcprov.jar must be copied to /jboss/lib/ext' - which it is... -> checked the script: this is just an echo (stupid)
RUN:
cd /JBoss-..../jboss/bin
/JBoss-... / /run_with_tomcat.sh ---> watch start-up msgs
RUNTESTS: /ejbca/runtest.sh - if you get connections refused it means you forgot to deploy - the tests can be found at "/ejbca/src/java/se/anatom/ejbca/ca/auth/junit/...".
also nice: via browser to /ejbca/src/webdist/dist.html
You can apply for certificates at http://127.0.0.1:8080/apply/request/index.html.
In /ejbca/dist you find both the .jar and .war files. It's the .war files which provide the html/servlets/JSP's.
Building EJBCA #5: user/manager views:
VIEW 1 END-USER
problem* since /ejbca/dist/webdist.war contains the dist.html which is deployed, which includes a hardcoded ref to 127.0.0.1, it does not work from any other remote platform. Have to hardcode the right IP here. The html is deployed in /jboss-tomcat.../jboss/deploy. The format is .war - whatever that is. How to recreate it? Source resides in ejbca/src/webdist/dist.html. Building was through ant, with /ejbca/build.xml .
solution* modify ip address in dist.html (e.g. to 192.168.0.7), recompile with ant. Redeploy. OK.
1 Applying for a certificate
STEP-1: RA first needs to create the user via the ra command (ref infra).
STEP-2: user applies via 127.0.0.1:8080/apply.
STEP-3: user fetches cert via 127.0.0.1:8080/webdist - if done under Netscape you can also see the cert in the browserstore.
Cert types: from CA to end user, ref ra.java source (ejbca.admin) Requesting a cert via the browser fails if Tomcat does not find the javac. That's why you must set JAVA_HOME.
2 Checking out other certs via 127.0.0.1:8080/webdist/dist.html If you download a cert into e.g. /root/john.cer, you can check it with Sun's keytool: "keytool -printcert -file /root/john.cer"
3 You can use /Java03dmf/cmf002list to get a more detailed view.
4 Sampleauth via 127.0.0.1:8080/sampleauth Authentication is performed against database: /ejbca/src/sampleauth/database/dbUsers.txt
problem* downloading the root cert fails on Win2000 client ... fails to find javac...
solution is to
stop ejbca
execute "export JAVA_HOME=/usr/lib/java" in the shell
restart - OK
problem* certificate has expired or is not yet valid says the browser: indeed, Imagine's clock is an hour ahead of Kassandros...
solution: change via "date"
VIEW 2 MANAGER
You use the ca / ra shellscripts. Find a user:
cd /ejbca
. ra.sh finduser foo
Add a user: ". ra.sh adduser theo oeht "CN=theo,O=AnaTom,C=SE" theo@theo.com 1" - carefull with the syntax here, no space in CN=etc...
Certificate type
Can be obtained via ". ra.sh adduser". The possible values are:
1 end-user
2 CA
4 RA
8 RootCA
16 CAadmin
x032 RAadmin
Userstatus
Can be obtained via ". ra.sh setuserstatus". The possible values are:
10 new
11 failed
20 initialised
30 inprocess
40 generated
50 historical
Since PCSC Lite won't install without openssl in place, first installed that in / . Then install pcsc-lite.
libopensc is a library for accessing SmartCard devices using PC/SC Lite middleware package. It is also the core library of the OpenSC project. Basic functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible SmartCard. Encryption and decryption using private keys on the SmartCard is at the moment possible only with PKCS#15 compatible cards, such as the FINEID (Finnish Electronic IDentity) card manufactured by Setec. First attempt to install failed due to lack of library lpcsclite - hence first install this. Second attempt goes better but make fails on lacking OpenSSL. Downloaded and installed OpenSSL under /OpenSC. Still fails. Reinstall OpenSSL and OpenSC both straight under "/". OK. Now fails on lack of "-lfl" I guess that is a library. Resolved by installing package flex. We have:
doc and source code under /opensc-0.7.0 - here you find include files such as opensc.h for compiling against the library
library files etc in /usr/local/lib - including libopensc.....
binaries of tools under /usr/local/bin:
opensc-tool - use "opensc-tool -D -ddddd" - REMEMBER TO FIRST START PCSCD.
opensc-explorer - "no readers found" - so how to configure it? /etc/reader.conf
pkcs15-tool such as pkcs15-init
Does not work with Towitoko reader. According to godot, have to download latest version from CVS, then run the bootstrap script. Which fails due to lack of tools: autoconf, automake and libtool. Downloaded autoconf and automake, apparently libtool is already installed with SuSE 7.2. Make sure to install in / rather than in /root. Each of them has to be installed via ./configure /make etc... check the INSTALL. Autoconf has a make check possibility, quite some checks did fail (but aclocal passed). I did not install libtool since that was already present. Tried /opensc/bootstrap which failed. Installed libtool from gnu.org. Then back to /opensc. Tried bootstrap again - OK. Tried configure again OK. But the make install fails. Next round after re-installing pcsc-lite (now the older version 1.0.1). Do a bootstrap....a make....still fails....back to godot. Tried again to download latest version 070,,,, configure/make/make install goes ok. Now how to configure the readers....
APPARENTLY have to get PCSC Lite from www.linuxnet.com/middle.html first. This provides (use kpackage):
the library libpcsclite.so.0.0.1 in /usr/local/lib
pcscd - daemon - apparently in /usr/local/sbin
documentation in /usr/local/doc on pcsclite and muscleapi
winscard.h and pcsc.h
Since the configure of opensc fails - ref effort together with Godot - he suggested to downgrade to pcsc-lite-1.0.1. Downloaded from www.linuxnet.com/middleware/files/ pcsc-lite-1.0.1,tar.gz . Unpacked into /pcsc-lite-1.0.1 . Then do a configure, make, make install . OK, you can start the daemon via "pcscd".
This library provides a driver for using Towitoko smartcard readers under UNIX environment, serial and USB interfaces. It requires PCSC Lite, a smartcard and a reader. Smartcard API's provided: * CT-API 1.1 and CT-BCS 0.9. * PCSC Lite. See http://www.linuxnet.com for download and documentation (pretty unclear ... is it provided or is it a prerequisite?) Installation:
configure the serial port as for a modem
from the serial howto: remember serial port is typically something like /dev/ttyS0 - dmesg shows device ttyS00 (a synonym for /dev/ttyS0) is a 16550A UART )
issuing "setserial -ga /dev/ttyS0" comes back with a reasonable answer on IRQ etc
cd /OpenSC/towitoko-2.0.7
./configure (went OK, even without PCSC Lite installed)
make (files will go into /usr/local/bin etc)
make check (run self-tests)
make install
First round apparently went smooth, but the doc states the files go into /usr/local/bin and there is nothing there.... Ooops this is a mistake in the doc. You find it all in /usr/local/towitoko. The main thing seems to be a shared library. There are man pages but they do not seem to work. There are:
bin: tester - this allows direct read/write to the card - call via "/usr/local/towitoko/bin/tester" - THIS WILL NOT WORK IF THE DAEMON RUNS (pcscd)
include: ctapi.h and ctbcs.h
lib: various libs, including libtowitoko.so.2
man: some manpages - but how to read them ...
Mind you, there also useful info in /towitoko-2.0.7/doc ... even on design... Using the "tester", you learn the I2C cards are memorycards, 256 bytes. Their ATR (Answer To Reset) is A2 13 10 91. However, the card also contains 2 KBit EEPROM. How to write there? /etc/reader.conf Config: /usr/local/towitoko/lib COM1 = CHANNELID 0x0103F8
Via Danny De Cock. http://ludovic.rousseau.free.fr/softwares/pcsc-tools/
Requires: pcsc-lite-1.1.1 or higher This framework works on nearly all platforms and provides a pluggable architecture for smartcards and cryptographic tokens. Send and receive signed and encrypted email, authenticate to SSL sites all using your smartcard. With tools like XCardII and MuscleTool, manage your card, and personalize it to suite your needs. To install, first make sure pcsc-lite-1.1.1 is installed. Then install each of the plugins for MuscleCard and Cryptoflex. Then install the PKCS11. Once this is installed you will have a /usr/local/lib/pkcs11.so In Netscape or Mozilla simply use this path and the name "Muscle PKCS#11" and you are ready to begin.
Start with Apache's software, downloaded xml-security-bin-1_0_5D2.zip into /. Extract with Karchiveur, put it in /Java62XMLSEC. According to the INSTALL, it includes implementations of W3C recommendations "Canonical XML" and "XML Signature Syntax and Processing". Basically, this means that you can create and verify digital signatures expressed in XML and sign both XML and/or arbitrary contents. Whether you choose the binary or the source version it seems you need to run ANT - hence first fix the path statement for ANT. -1- I started with downloading the binary version and running ANT. Then you get an error since the classfile for ant.md5task is not found. Original statement in BUILD.XML: Wrongly updated statement in BUILD.XML: Rightly updated statement in BUILD.XML: this results in successful built. From now on you can run 'ant' and you get an explanation of what you can do. However, you seem to need the sources to run e.g. the examples. -2- Now download sources but be carefull not to overwrite existing stuff - download in other dir.
Specify the classpath as described above for /Java62XML2. Do a full ant compile. Problem with the import statements. Need a way to specify the prefix /Java62XMLSEC2
Fails with 'cannot resolve symbol' for sources which are indeed not yet present such as XpathAPI. Looked into the INSTALL file:
download Xerces-J-bin.2.0.0.zip. Not found, downloaded 2.2.1 instead, and extracted into /xerces-2-2-1 .
download log4j - manual install and test...
Run ant compile. OK. Run ant doc - problem (why?). Run ant javadoc - OK but warnings. Full API doc in /build. Main info found in / at:
/build
/build/doc/html/index.html is a good starting point
/build/classes contains all the executables - maybe interesting to put them into a single jar
/src
/src-samples
/libs, where many jars are stored such as bouncycastle, xalan, xerces, ...
/data, where many xml-data files are stored
...
Using it: see jtk1.html.
as per https://help.ubuntu.com/community/FolderEncryption marcsel@marcsel:~$ sudo apt-get install encfs [sudo] password for marcsel: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: librlog1c2a The following NEW packages will be installed: encfs librlog1c2a 0 upgraded, 2 newly installed, 0 to remove and 15 not upgraded. Need to get 297kB of archives. After this operation, 1274kB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://dell-mini.archive.canonical.com hardy/universe librlog1c2a 1.3.7-1 [26.3kB] Get:2 http://dell-mini.archive.canonical.com hardy/universe encfs 1.3.2-1-1 [270kB] Fetched 297kB in 0s (350kB/s) Selecting previously deselected package librlog1c2a. (Reading database ... 100262 files and directories currently installed.) Unpacking librlog1c2a (from .../librlog1c2a_1.3.7-1_lpia.deb) ... Selecting previously deselected package encfs. Unpacking encfs (from .../encfs_1.3.2-1-1_lpia.deb) ... Setting up librlog1c2a (1.3.7-1) ... Setting up encfs (1.3.2-1-1) ... Processing triggers for libc6 ... ldconfig deferred processing now taking place marcsel@marcsel:~$ THEN: add the module fuse in etc/modules (ok, was already there) sudo adduser fuse (ok, same) sudo chmod +x /usr/bin/fusermount (fails, no such file or directory)
Create encrypted directory: 'encfs ~/securestorage ~/visible' (AES 192 selected) Work in /visible. When finished 'cd ..' Then remove /visible by 'fusermount -u ~/visible' Later to reaccess: 'encfs ~/securestorage ~/visible' You can use 'encfsctl' later to change your password. DOES NOT SEEM TO WORK - go for alternative.
GPG and GPA (GnuPrivacyAssistant) installed manually - later found Seahorse is similar. GPG CLI via terminal. Basics >marcsel@BlackBetty:~$ gpg --version >gpg (GnuPG) 1.4.6 >Supported algorithms: >Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA >Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH >Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >Compression: Uncompressed, ZIP, ZLIB, BZIP2 So: AES is supported. There's also 'gpg -h', 'man gpg' and 'gpg --dump-options'. Using GPG Consider: --cipher-algo AES192 --encrypt-files to allow multiple files -c for encrypt -d for decrypt -w for wipe Syntax: gpg [options] [files] GPA via GUI marcsel@marcsel:~$ sudo apt-get install gpa [sudo] password for marcsel: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: gpa 0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded. Need to get 203kB of archives. After this operation, 840kB of additional disk space will be used. Get:1 http://dell-mini.archive.canonical.com hardy/universe gpa 0.7.0-1.1ubuntu1 [203kB] Fetched 203kB in 0s (328kB/s) Selecting previously deselected package gpa. (Reading database ... 100327 files and directories currently installed.) Unpacking gpa (from .../gpa_0.7.0-1.1ubuntu1_lpia.deb) ... Setting up gpa (0.7.0-1.1ubuntu1) ... USE GPA via Dell Launcher. Seahorse / Passwords and encryption settings Via GUI: 'System / Preferences / Encryption and keyrings'. This allows you to define eg keyring settings and caching. Seahorse is a Gnome front end for GnuPG. Data encryption and digital signature creation can easily be performed through a GUI and Key Management operations can easily be carried out through an intuitive interface. In addition it includes a Gedit plugin, can handle files using Nautilus, an applet for manging stuff put in the clipboard and an agent for storing private passphrases, as well as a GnuPG and OpenSSH key manager.
Seems to work fine, cross-platform.
No erase. Linux shred and wipe commands ... what does danny use? Shred and wipe. According to man page of shred: it does not work on file systems such as ext3 ... so no use? Installed 'wipe' via 'sudo apt-get install wipe'. So: options 1 edit - encrypt - decrypt - reencrypt to new file - 'wipe' plaintext 2: simply reencrypt the decrypted file so it becomes unusuable...this will not work since it does leave the plaintext intact. Ref email danny
Ref to '/usr/share/doc/opencryptoki'. OpenCryptoki version 2.2 implements the PKCS#11 specification version 2.11. This package includes several cryptographic tokens, including the IBM ICA token (requires libICA, which supports zSeries CPACF and LeedsLite hardware) and an OpenSSL-based software token. For execution refer to http://www-128.ibm.com/developerworks/security/library/s-pkcs/index.html Further: openCryptoki defaults to be usable by anyone who is in the group ``pkcs11''. In this version of openCrypoki, the default SO PIN is 87654321, and the default user PIN is 12345678. These should both be changed to different PIN values before use. You can change the SO PIN by running pkcsconf: % pkcsconf -I You can change the user PIN by typing: % pkcsconf -u You can select the token with the -c command line option; refer to the documentation linked to above for further instructions.
You'll need:
usbmgr, loaded first at boot and normally already in place
pcsclite (libpcsclite and pcscd) - might also be preinstalled, check this first because the reader's driver is installed "underneath pcsc"
ACR 38 reader and its driver package
furthermore:
pcsc_tools is handy to scan the reader for a card
debian utility 'start-stop-daemon' to start/stop pcsc
/usr/bin/cardos-info
/usr/bin/cryptoflex-tool
/usr/bin/eidenv
/usr/bin/netkey-tool
/usr/bin/opensc-tool
/usr/bin/opensc-explorer
/usr/bin/piv-tool
/usr/bin/pkcs11-tool
/usr/bin/pkcs15-crypt
/usr/bin/pkcs15-init
/usr/bin/pkcs15-tool
logviewer
'opensc' tools, which depend upon
'libopensc2' and
'libopenct1'
There is
pcscd, implementing pcsclite, coordinates the loading of drivers. Use Synaptic to identify its files, doc is in '/usr/share/doc/pcscd'. According to man pcscd, for USB drivers '/etc/reader.conf' is not used (but it's not explained what is used). Some info is in 'man update-reader.conf'.
opencryptoki, implementing the PKCS#11 API, interfacing to the underlying tokens, it is supported by:
pkcs11_startup, initialising the contents of pk_config_data, normally run from a start-up script
pkcsslotd, daemon managing PKCS#11 objects between PKCS#11 enabled applications
pkcsconf can be used to further configure opencryptoki once the daemon is running *** 'pkcsconf -i' for info *** fails ....
pk_config_data
With Lucid came beid-tools and beidgui. You see this under Synaptic. The ACR38 reader is recognized, the beidgui tool starts, but reading a card fails with "wrong root certificate". According to "https://bugs.launchpad.net/ubuntu/+source/belpic/+bug/546366", this is because the Ubuntu reposiroty for Lucid contains beid software that is too old, version is "2.6.0-7ubunt1" for both. The solution: download deb package from "http://eid.belgium.be/nl/Hoe_installeer_je_de_eID/Linux/". I stored it in "/home/marc4/Downloads", it's called "eid-mw_4.0.0r925_amd64_tcm147-132618.deb". This raises the question: what is inside this deb package? Do: "dpkg -c packagename". This displays all the files, but nothing comparable to "2.6.0-7ubunt1". How will it interact with the old beid-tools and beidgui? Let's try. RUN1 "sudo dpkg -i eid-mw_4.0.0r925_amd64_tcm147-132618.deb" results in Selecting previously deselected package eid-mw. dpkg: considering removing libbeidlibopensc2 in favour of eid-mw ... dpkg: no, cannot proceed with removal of libbeidlibopensc2 (--auto-deconfigure will help): libbeid2 depends on libbeidlibopensc2 (>= 2.6.0) libbeidlibopensc2 is to be removed. dpkg: regarding eid-mw_4.0.0r925_amd64_tcm147-132618.deb containing eid-mw: eid-mw conflicts with libbeidlibopensc2 libbeidlibopensc2 (version 2.6.0-7ubuntu1) is present and installed. dpkg: error processing eid-mw_4.0.0r925_amd64_tcm147-132618.deb (--install): conflicting packages - not installing eid-mw Errors were encountered while processing: eid-mw_4.0.0r925_amd64_tcm147-132618.deb RUN2 "sudo dpkg -i eid-mw_4.0.0r925_amd64_tcm147-132618.deb --auto-deconfigure" Problem persists. Now did a manual remove via Synaptics of all installed beidlibs and related. RUN3 same as RUN2 but now with OK ending. Check in Synaptics: beidstuff in "old" repositories is visible but not installed. Manually installed deb package is apparently not visible. However, as I uninstalled beidgui and beid-tools - these were not included in the .deb package. So they are no longer present. TRY sudo apt-get install beidgui, which results in terrifying messages: The following extra packages will be installed: beid-tools libbeid2 libbeidlibopensc2 The following packages will be REMOVED eid-mw The following NEW packages will be installed beid-tools beidgui libbeid2 libbeidlibopensc2 So this would reinstall what I just removed etc etc. Not a good plan. TRY Info from http://grep.be/blog/en/computer/debian/belpic/ Download "eid-viewer_4.0.0r52_amd64.deb" from http://code.google.com/p/eid-viewer/downloads/list. Then "sudo dpkg -i eid-viewer_4.0.0r52_amd64.deb". Goes ok. To run "eid-viewer". Documentation in /usr./share/eid-viewer. Viewer works fine. TaxOnWeb fails with "SSL peer was unable to negotiate an acceptable set of security parameters.(Error code: ssl_error_handshake_failure_alert)" What do I need to do more to register the PKCS11 device? From /usr/share/doc/eid-mw's README: To use the Belgian eID in Firefox, we recommend the Firefox extension to handle configuration automatically. The extension will be installed on Linux and OSX. The default install locations: - Linux: DATADIR/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384} (DATADIR is by default PREFIXDIR/lib - PREFIXDIR is by default /usr/local) Google points to: "https://addons.mozilla.org/en-US/firefox/addon/belgium-eid/". Install and restart firefox.
Install
beid-tool
beidgui
After installation of these two packages, 'lsusb' results in 'Bus 007 Device 003: ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader'. The 'beidgui' is callable from from the KDE launcher but fails with 'unknown errorcode'. But: 'Please read the README.Debian file in the 'libbeidlibopensc2' package for information on setting up your system so that it can read from smartcards.' This points to installing libacr38u and pcscd.
Tools:
'id|grep scard' should produce output (otherwise you may not have required authorisation) *** so try to use beid-tool after su ...(later found out I can use my eID with 'id|grep scard' still returning nothing).
beid-tool
beid-tool -l to list readers
beid-tool -a to list atr
beid-tool -n to read name of card
beid-tool -
beid-pkcs11-tool
beid-pkcs11-tool -I to show info
beid-pkcs11-tool -L to list slots
beid-pkcs11-tool -O to to list objects
beid-pkcs11-tool -M to list mechanisms supported
/usr/share/beid/beid-pkcs11-register.html for registering in Mozilla
Originally, most utilities result in 'cannot connect to X server'... so try to natively login as root and startx. However, reboot system, and the CLI-tools works under marc3.
Tried to register '/usr/lib/libbeidpkcs11.so.2' under 'preferences/advanced/security device'. PROBLEM: still not possible to register my own certs.
The beidgui (accessible via KDE launcher) still gives 'wrong root certificate'. This according to eid.belgium.be is due to using too old middleware.
Nice:
#stop pcscd (running in background)
sudo /etc/init.d/pcscd stop
#run in foreground.
sudo pcscd --apdu --foreground --debug *** does not seem to work ...
On BlackBetty, only libpcsclite1 (essentially '/usr/lib/libpcsclite.so.1.0.0') was already installed wrt pcsc. So I added pcscd and pcsc-tools (which depended up libpcsc-perl).
Installation ok. sr/lib/pcsc/drivers/ACR38UDriver.bundle
Let's check: pcscd is normally started at boot time from /usr/etc/init.d/pcscd. But even without rebooting, 'ps -ef' shows me there is a pcscd up and running.
Debian has the 'start-stop-daemon' tool, so you can:
'sudo start-stop-daemon --name pcscd --stop'
'sudo start-stop-daemon --exec /usr/sbin/pcscd --start'
Use the GUI tool system / administration / logviewer to see that indeed the daemon was killed/started.
The toolset pcsc-tools contains:
pcsc_scan scans available smart card readers and print detected events: card insertion with ATR, card removal;
ATR_analysis analyses a smart card ATR (Answer To Reset)
scriptor Perl script to send commands to a smart card using a batch file or stdin - see 'man scriptor'
gscriptor the same idea as scriptor.pl(1) but with Perl-Gtk GUI - NICE - command file is identical to scriptor
Ref to http://ludovic.rousseau.free.fr/softwares/pcsc-tools/
Installed package libacr38u. This is reflected in a driver under pcsc ('usr/lib/pcsc/drivers/ACR38UDriver.bundle').
You can now plug in the reader, insert a card, and run pcsc_scan. OK.
Doc in '/usr/share/doc/opensc/index.html'.
Depending upon its libopensc2 libraries ...
Utilities
/usr/bin/cardos-info
/usr/bin/cryptoflex-tool
/usr/bin/eidenv - reads out standard BeID data - (you may have to cache via pkcs15-tool -L)
/usr/bin/netkey-tool
/usr/bin/opensc-tool
/usr/bin/opensc-explorer
/usr/bin/piv-tool
/usr/bin/pkcs11-tool - careful since BeID is not standard PKCS#11 for signature key (requires GUI pop-up/PIN every time)
/usr/bin/pkcs15-crypt
/usr/bin/pkcs15-init
/usr/bin/pkcs15-tool - particularly useful since BeID is PKCS#15 - read '/usr/share/doc/opensc/index.html'
Quick diagnostic: insert reader and eid. Then 'pkcs15-tool -D' to dump PKCS15 objects visible. Then
pcsc_scan - so you see pcscd is alive and has your card
eidenv - quick readout of your BeID
pkcs15-tool -D - dumps available objects - e.g. ID 06 is root cert, ID 04 is operational CA, 03 and 02 are personal
pkcs15-tool -r 06 shows the root cert, in .pem format
'pkcs15-tool -r 06 -o 001-belgianroot.pem' exports the cert to file *** but Netscape wants PKCS12
Peek inside .pem cert: 'openssl x509 -in 001-belgianroot.pem -noout -text' You can also convert from pem to der with openssl x509....
So the final wayforward may be:
generate keypair on own gemplus card
extract pubkey and turn it into a cert
import cert under pkcs11 under netscape
then use beid package and register belgian pkcs#11 module...
On Angkor, simple use Synaptic. On BlackBetty, it seems to be not available (may have to do either with the processor type or with the Ubuntu repository...). Password for administrator: fdjk123
...
On Angkor, use the manual instructions from https://anonymous-proxy-servers.net/en/help etc.... You have to add the repository to your /etc/apt/sources.list, then download and check the pubkey, and do an aptitude install. There are two components:
jondo - the proxy running on your local hostbased
jondofox - the firefox profile that uses this proxy to surf
After the install, you need to "sudo jondo" to complete the installation. You can find all files and docpointers in Synaptics.
On Angkor2, in /home/downloads/tor-browser_en_US subdir. To start: dolphin, cd to that directory, cd to subdir tor-browser_en-US, doubleclick. Apparently manually executing "./start-tor-browser" does not always work.
When you select a magnet from piratebay, Firefox has by default no protocol handler for magnets. In Firefox, you can enter "about:config" as url, and then you can add "network.protocol-handler.expose.magnet" ... but it does not work for me. So: just open the magnet in another tab, copy it, paste it in Ktorrent.
On Windows: from torproject website. TOR browser available from the menu.
List with onion sites: separate file.
On Angkor, use the manual instructions from I2P2.de/debian. You have to add the repository to your /etc/apt/sources.list, etc. On Windows ... Then
start the I2P router "i2prouter start" (no sudo) - the proxy running on your local hostbased
this gets you a console in your browser - at http://127.0.0.1:7657
configure your browser to go to proxy on ports 4444 and 4445 (http/s)
added entries in C4 LAN firewall for 4444/4445 traversals... but does this help?
Locate torrent as magnet in Postman or Welterde, copy it over to I2PSnark and start the torrent there. Downloads are shown in the applicationwindow, rightmouseclick to save them.
Finding eepsites: installation is in var/lib/i2p, where you find i2p-config, eg an addressbook and doc.
In order to display e.g. PowerPoint slides:
- save them as
JPEG
- transfer them to Linux
- start Xv & load the JPEG
- use shift-space to move to the next slide
- use
shift-backspace to move back to the previous one
- use < and >
to increase/decrease screen size.
Remember the Visual Schnauzer (cntl-v) gives you the 'thumbnails'.
Documentation can be found in /usr/doc. This is in PostScript
format, so you can use GhostView to read it.
b
Automatically installed with SuSE 5.3 or later.
GhostView can be used to view PostScript, Microsoft Documents, ...
Prior to SuSE 6.4, xpdf needed to be installed to view files in Acrobat reader format (*.pdf). If xpdf does not come up with a menu use the right mouse button, or run it "xpdf /filename.pdf".
SuSE 6.4's KDE's browser allows you to read pdf files (but less
than perfect). Acrobat Reader is enclosed as commercial software and
it runs nicely.
POVray and x-povray (provided in /usr/X11R6/bin/... - /usr/lib/povray ... )
Refer to BTK1.html
Simple command to create tiff thumbnails.
Operating Linux machine, with full logging enabled
ISP link up and running (modem, outgoing line, minicom, dns, ppp & routing configured, ISP account, target "pingable")
X operational (for ISS configuration - you'll need an "iss.key"file - but you can always test your ISS against localhost)
Netscape operational (for ISS reports & vulnerability database)
Appropriate iss configuration, matching your objectives.
Key ISS files include:
iss (the executable)
xiss (the X version of iss)
iss.key (the keyfile, if you want to scan anything but localhost)
iss.config (the configuration file, which you influence via the config script) - config-gen (the config script)
iss.log (the full logfile of iss)
Firewall HOWTO (1996)
Ipchains HOWTO (1998)
Bridge+Firewall Mini-HOWTO (1997)
Cipe+Masquerading Mini-HOWTO (1998): VPN
Firewall piercing Mini-HOWTO (1998)
VPN Mini-HOWTO (1997)
The Linux kernel can be instructed to do packet filtering, if you compile in the right options. Forwarding and logging will then be managed via ipfw and ipfwadm. Refer to the man pages. Later, IPchains was a rewrite of the firewalling code, and of ipfwadm.
You can also run a proxy server on Linux, using e.g. SOCKS (a single utility to cover all protocols, one daemon and one config file) or the TIS fwtk (one utility per protocol).
input 00000000/00000000->C0000001/FFFFFFFF - 10 0 0 0 0 0 0 0-65535 0-65535 AFF X00 00000000 0 0 -
output C0000001/FFFFFFFF->00000000/00000000 - 10 0 0 0 0 0 0 0-65535 0-65535 AFF X00 00000000 0 0 -
the HOWTO
the source at "/usr/src/linux/net/ip_fw.c"
man ipchains
sudo iwlist wlan0 scan
ifconfig wlan0 down (mind you: ifconfig)
ifconfig wlan0 up
iwconfig wlan0 mode managed (mind you: iwconfig)
iwconfig wlan0 channel 11 ----your channel
iwconfig wlan0 essid networkname ----your essid
after these commands: still not associated.... and wireshark says there are no packets on wlan0 WHY?
tried iwconfog wlan0 essid linksys ap
"ALT: sudo iwconfig essid ap key mode <> commit" Where
is the itf such as wlan0
essid is ----your channel
ap is the MAC of the AP
key is the WEP key
mode is "Managed" for a regular client
So e.g. "iwconfig eth0 ap 00:60:1D:01:23:45" FAILS
Then:
Radiotools include:
airmon-ng: puts wireless chip in monitoring mode
airbase-ng: for attacking clients rather than access points
airodump-ng: dumps file for aircrack, "airodump-ng -w filename eth1"
aircrack-ng: cracks WEP/WPA access, for cracking WPA preshared keys, a dictionary file needs to be provided
where to get it from? Ref: http://aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
how to get it into the USB-booted system? maybe via connecting to internet or email and downloading onto usb?
LEGACY If you want explicit networking, start it with: "/etc/init.d/networking start". This results in DHCPrequests on eth0 i.e. the ethernet LAN itf. How about starting the wireless? Try iwconfig.
First kill LAN using "ifdown eth0" etc. Then "ifup eth1" which is wireless. Running "iwconfig" will then illustrate that if there are no DHCP offers, the inteface will go from "radio off" to "unassociated". Which I interprete as "on" but "no IP address". If you do "iwlist wlan0 scan" you can see the ESSID and the RF quality info.
If you see the ESSID but cannot get an IP address, that may be due to protection such as WPA.
From owasp. Download from Sourceforge 'webscarab-installer-....jar'. Then "exec java -jar webscarab-installer ...". Goes into /home/marc4/WebScarab, start via "java -jar webscarab---.jar".
Will not install on windows unless you deactivate the antivirus. Downloaded the community edition on Angkor and registered it. Then made the installer executable by "chmod +x metasploitinstallername.run", and sudo'd it. Create account, ref KTB. To start metasploit: cd /opt/metasploit, "sh ctlscript.sh start" (or stop). Point your browser to localhost, port 3790.
You need to format the Classic under Windows. They you can plug it in. Use Rhythmbox to transfer the whole music library via "synchronise" function. Mount the ipod.
Select it in the Rythmbox application, you will see buttons appear for "sync". You can also ask the properties of the ipod. Legacy: Under Ubuntu 12.04, use Amarok to transfer music. Ubuntu 10.04 LTS (Lucid Lynx): use gtkpod ipod manager to create "repositories", one for the Linux based file system with the mp3's, another one for the iPod. Import files from filesystem to "MusicLibrary". Select files and rightclick to create playlist (NO smart playlist). You can then transfer playlists from the filesystem repository"MusicLibrary" to the iPod repository. However, you can only transfer mp3's, formats such as wma are not transferred. Unmount the iPod with filemanager (Dolphin), or with "umount /dev/sdh1".Should work with Audacity or ffmpeg, but in some cases this fails due to "wma proprietary" format.
Legacy: Lucid Lynx: physically connect iPod via USB, and then issue "mount" and you get:
kernel log: "write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only."
mount output: "/dev/sdi2 on /media/SiLVER type hfsplus (rw,nosuid,nodev,uhelper=hal)"
Start gtkpod in terminal window. Gtkpod can read the iPod's music but cannot write, since it's mounted read-only. According to various sources mounting in rw is only possible if your iPod is formatted in FAT32 (which mine is not).
On Ubunt 12.10, or 'Quantal', Amarok performs great. You can also use it to copy music to iPods. Mount the iPod, then in Amarok select the music you want, rightclick and then "copy collection" to iPod. Occasionally hangs but in general it does the job.
Legacy---Seems to have lost MP3 support after upgrade to Lucid Lynx. Installing package "kubuntu-restricted-extras" should do the job. Does not seem logical at first sight since it does not contain any files that make me think about mp3... It seems that "Libxine1-ffmpeg contains MPEG-related plugins used by libxine1, the media player library used by Xine engine, which Amarok and other xine-based players use." Indeed, Amarok uses the Phonon Xine backend. But installing package "kubuntu-restricted-extras" did not solve the problem, Amarok still does not play. Other helpfiles state you need to install "libxine1-ffmpeg". It can be found in Synaptic, but when you install the message is that there are unresolved dependencies that cannot be solved. This includes eg "libavcodec52". You can find this via Synaptics too, but then installing it will remove what looks like a lot of useful other libraries and programs. So what? Synaptics/Settings/Repositories/Ubuntu: here you should select "software selected by copyright (multiverse)".Use add-on "Flash and video download" to download videos from YouTube. Download from "http://www.flashandvideo.com". Click in Firefox's status area bottom right to start the download.
Addblock liveheaders Hackbar beid extension
Plays a.o. avi and quick time files. Tried on imagine:
which movie files do we have: "locate *.mov"
try "xanim /Kassandra_Data/Images/Hubble/....."
"XAnim rev 2.80.0"
fails with "video present but not yet supported - video codec Radius Cinepak not supported"
Way forward:
Read-1 Please read "cinepak.readme": download, compile, ...
Read-2 SuSE: /usr/share/doc/packages/xanim/readme.suse: you may have to download from the net.
CONCLUSION: try SuSE 7.1.
Install "Tex Live" basic packages via Muom package manager. Files go in /usr/bin, /usr/share and many other locations and subdirs.
Install "Texworks" packages via Muom package manager. Files go in /usr/bin/texworks etc.
Configuration in /home/marc/.config/TUG/TeXworks.conf
Resources in /home/marc/.TeXworks.
Then install Eclipse, and add Texlipse. Configure as per http://texlipse.sourceforge.net/manual/configuration.html.
Linking to Philips TV 9604: "http://www.consumer.philips.com/c/televisie/9000-serie-32-inch-1080p-full-hd-digitale-tv-32pfl9604h_12/prd/nl/be/". TV is the "MediaRenderer", supporting according to the Philips Website: MP3, WMA versie 2 tot versie 9.2, Diapresentatiebestanden (.alb), JPEG-afbeeldingen, MPEG1, MPEG2, MPEG4, AVI, H.264/MPEG-4 AVC, MPEG-progammastream PAL, WMV9/VC1. Connectivity is Ethernet-UTP5, USB, WiFi 802.11g (ingebouwd). DLNA 1.0-gecertificeerd.
Check it on http://www.dlna.org/products/. On this site you can view the DLNA Certificate for every product. For example the 37PFL9604 Certificate can be found here : http://certification.dlna.org/certs/REG57370173.pdf. It supports DLNA 1.0.
Useful discussion on http://blog.hznet.nl/2009/06/philips-8000-series-and-dlna-not-really/ Conclusion IMHO: it should be possible to stream lots of different video formats to the TV via DLNA, even through the network interfaces (wireless/ethernet). Best approach may be to find some formats that are realiably supported on the TV and then convert whatever you have to such format by transcoding on the fly.
Angkor2, installed Mediatomb version 0.12.1 (via "sudo aptitude install mediatomb") in July 2013. Mediatomb implements the UPnP MediaServer v1.0 specification according to www.upnp.org. Should work with any UPnP MediaRenderer. Url: mediatomb.cc with documentation. After installing you get:
/home/marc/.mediatomb directory with config.xml, mediatomb.db and mediatomb.html
Main config is in .mediatomb/config.xml.
Apparently:
there is a serverprocess started at boot via "etc/rc2.d/s98mediatomb"
still you need to start it from a terminal? - weird
you can interact via GUI (by default disabled) or CLI
With regard to CLI:
'newschool': service mediatomb status
'newschool': service mediatomb start (or stop)
mediatomb --help shows you the options
mediatomb --compile-info will list parameters of the version you are running
mediatomb --add /home/marc/Pictures/ --add /home/marc/Videos
mediatomb -d (starts mediatomb as a background daemon)
then point your browser to /home/marc/.mediatomb/mediatomb.html to start the gui (if enabled)
Good basic info in: "https://help.ubuntu.com/community/MediaTomb".
Adding music. Apparently you can add entries via the GUI, or via CLI:
GUI Starting Mediatomb from userterminal results in informationlisting, with pointer to GUI, eg: "2009-12-20 17:34:58 INFO: http://192.168.1.5:49152/". In the GUI, use the righthalf screen to navigate the filesystem and add your libraries to the database.
CLI
Adding music: 'mediatomb --add /home/c4/Saad'
Adding pictures: 'mediatomb --add /home/c4/Whisky
Accessing the music over the network. According to the documentation:"MediaTomb should work with any UPnP compliant MediaRenderer". How do you identify the status of the Mediatomb server? When running MediaServer on Sanne's HP laptop, I can navigate the entire Angkor filesystem.... scary. According to the documentation, this is because MediaTomb is to be used in a friendly home setting. For better security: run under a more restricted user account, or simply disable the GUI entirely (I assume you can then still work locally via the CLI).
Op onze download website http://www.ing.be/hboff kunt u bovenaan kiezen of u de Windiws, Mac of Linux versie wilt downloaden. Armin Basiri ING Helpdesk Home'Bank tel. 02 464 60 01
As suggested for Ubuntu, downloaded 'HomeBank333.deb' from 'www.ing.be/hboff'. Then used KpackageKit on it which said 'installation successful'. ING website says it should go in /opt, and indeed there are a lot of files there.
Then:
cd /opt/HomeBank
./HBSetup
. /home/marc/.bashrc
then start the program HBSecurity (which resides in /opt/HomeBank:
Results in: HBSecGUI: error while loading shared libraries: libtiff.so.3: cannot open shared object file: No such file or directory
Volgens FAQ: Foutmelding: "error while loading shared libraries: libtiff.so.3 : cannot open shared object file: No such file or directory" Oplossing: Deze foutmelding is veroorzaakt door het ontbreken of corrupt zijn van een library, namelijk libtiff. De veiligheidsmodule vereist het libtiff pakket versie 3. Sommige Linux distributies leveren versie 3 mee, andere een recentere versie (4). Ga na of er libtiff bestanden aanwezig zijn in /usr/lib : > ls /usr/lib/libtiff* -l Indien u een bestand libtiff.so.4 vindt: Maak een link naar libtiff.so.4. U moet volgend commando als root uitvoeren of via “sudo” > sudo ln -s libtiff.so.4 libtiff.so.3
bovenstaande was inderdaad het geval... maar "libtiff.so.4 -> libtiff.so.4.2.1", plus nu "libtiff.so.3 -> libtiff.so.4"
links seem to be mixed up now
"sudo apt-get install libtiff4" could do a new install but thinks it's not necessary
As K3b often returns errors on Angkor, installed "brasero". Seems to work better, also on Angkor2. To write mp4 movies, use a data format.
On BlackBetty, via Synaptics. Usage eg via USB Turntable. Help via http://wiki.audacityteam.org/wiki/USB_turntables. You need to start and connect the USB Turntable before starting Audacity or it will not be recognized. You can see the USB TT being connected at usb level in /var/log/syslog, with a (rather long) device name. You need to configure the USB TT as an input device for Audacity, via /edit/preference, select it as "ALSA USB Audio CODEC". MP3 support? Under /edit/preferences/audiofiles you will also see "MP3 exporting plugin not found". This seems to be the file "libmp3lame.so.O". However: downloading with Audacity's download button fails, and finding it under Synaptics fails too.You can find it via http://packages.ubuntu.com/hardy/libs/liblame0 but it is only available for am64 and i386 architecture.But BlackBetty has an Atom processor. No luck. So either get source and compile, or try to export in eg OggVorbis, and convert that on Angkor.
MLS short summary:
install abcde and helpers (sudo apt-get install abcde cd-discid lame cdparanoia id3 id3v2).
adapt the /etc/abcde.conf file as per below so it will support output to mp3.
finally, with an audio cd in your drive, invoke as 'abcde -o mp3'. Temp wav files are created, but a directory will be created with the mp3's.
The program abcde is actually a long script that manipulates a handful of programs, which I have conveniently added into the Terminal command above. It can actually do a great deal more than simply produce reasonable mp3 files but I will leave you to explore its many other possibilities. The programs that will be used to produce mp3s in this example are:
abcde
"A Better CD Encoder" = abcde! Ordinarily, the process of grabbing the data off a CD and encoding it, then tagging or commenting it, is very involved. The abcde script is designed to automate this.
cd-discid
In order to do CDDB (Compact Disc Database) queries over the Internet, you must know the DiscID of the CD you are querying. cd-discid provides you with that information. It outputs the discid, the number of tracks, the frame offset of all of the tracks, and the total length of the CD in seconds, on one line in a space-delimited format.
cdparanoia
cdparanoia retrieves audio tracks from CDROM drives. The data can be saved to a file or directed to standard output in WAV, AIFF, AIFF-C or raw format. For the purposes of conversion to mp3 abcde directs cdparanoia to produce WAV files.
lame
LAME is a program which can be used to create MPEG Audio Layer III (MP3) files.
id3
id3 is an ID3 v1.1 tag editor. ID3 tags are traditionally put at the end of compressed streamed audio files to denote information about the audio contents.
id3v2
id3v2 is an ID3 v2 tag editor. ID3 tags are traditionally put at the end of compressed streamed audio files to denote information about the audio contents. Using this command line software you can add/modifiy/delete id3v2 tags and optionally convert id3v1 tags to id3v2.abcde looks for two files on startup: /etc/abcde.conf and ~/.abcde.conf. The file abcde.conf is a fully commented configuration file that is well worth looking at, if only to copy to your home directory as ~/.abcde.conf (as is most usually done). Or if you are only interested in creating mp3s my gift to you,
Sample 'abcde.conf' Gentle Reader, is my own ~/.abcde.conf file: ---START OF abcde.conf example file--- # -----------------$HOME/.abcde.conf----------------- # # # A sample configuration file to convert music cds to # MP3 format using abcde version 2.3.99.6 # # http://andrews-corner.org/abcde.html # -------------------------------------------------- # # Specify the encoder to use for MP3. In this case # the alternatives are gogo, bladeenc, l3enc, xingmp3enc, mp3enc. MP3ENCODERSYNTAX=lame # Specify the path to the selected encoder. In most cases the encoder # should be in your $PATH as I illustrate below, otherwise you will # need to specify the full path. For example: /usr/bin/lame LAME=lame # Specify your required encoding options here. Multiple options can # be selected as '--preset standard --another-option' etc. LAMEOPTS='--preset extreme' # Output type for MP3. OUTPUTTYPE="mp3" # The cd ripping program to use. There are a few choices here: cdda2wav, # dagrab, cddafs (Mac OS X only) and flac. CDROMREADERSYNTAX=cdparanoia # Give the location of the ripping program and pass any extra options: CDPARANOIA=cdparanoia CDPARANOIAOPTS="--never-skip=40" # Give the location of the CD identification program: CDDISCID=cd-discid # Give the base location here for the encoded music files. OUTPUTDIR="$HOME/music/" # Decide here how you want the tracks labelled for a standard 'single-artist', # multi-track encode and also for a multi-track, 'various-artist' encode: OUTPUTFORMAT='${OUTPUT}/${ARTISTFILE}-${ALBUMFILE}/${TRACKNUM}.${TRACKFILE}' VAOUTPUTFORMAT='${OUTPUT}/Various-${ALBUMFILE}/${TRACKNUM}.${ARTISTFILE}-${TRACKFILE}' # Decide here how you want the tracks labelled for a standard 'single-artist', # single-track encode and also for a single-track 'various-artist' encode. # (Create a single-track encode with 'abcde -1' from the commandline.) ONETRACKOUTPUTFORMAT='${OUTPUT}/${ARTISTFILE}-${ALBUMFILE}/${ALBUMFILE}' VAONETRACKOUTPUTFORMAT='${OUTPUT}/Various-${ALBUMFILE}/${ALBUMFILE}' # Put spaces in the filenames instead of the more correct underscores: mungefilename () { echo "$@" | sed s,:,-,g | tr / _ | tr -d \'\"\?\[:cntrl:\] } # What extra options? MAXPROCS=2 # Run a few encoders simultaneously PADTRACKS=y # Makes tracks 01 02 not 1 2 EXTRAVERBOSE=y # Useful for debugging EJECTCD=y # Please eject cd when finished :-) ---END OF abcde.conf example file---
On Angkor, via Synaptics. Run "ffmpeg" to find out it is an "FFmpeg video convertor". Run "ffmpeg -formats" to see supported formats. Both ogg and mp3 seem to be present.
"man ffmpeg" has sample commands at the end. For ogg to mp3: "ffmpeg -i file.ogg file.mp3". For ape to mp3: "ffmpeg -i file.ape file.mp3". Using in on 29 Aug 2013 resulted in: “This program is deprecated, please use avconv instead. This was already installed, but failed to do the conversion, complaining about codec missing. Although running “avconv -formats” indicates it does support mp3. So what is wrong then? Some form of encryption?
Pdf annotator.
The Swiss armyknife for pdfs. www.pdflabs.com Sample command to create a pdf that prevents text copying:
pdftk "03b - Productie_mgmt_processen_en_BOM.pdf" output "03b - Productie_mgmt_processen_en_BOM.mls.pdf" owner_pw Tx9Az7 allow printing
pdftk "03b - Productie_mgmt_processen_en_BOM.pdf" output "03b - Productie_mgmt_processen_en_BOM.mls.pdf" owner_pw Tx9Az7 encrypt_128bit allow Printing ModifyAnnotations