Apr 25, 2024

Top 4 steps to secure debian / ubuntu

1. Security Update

grep security /etc/apt/sources.list > /tmp/security.list
sudo apt-get upgrade -oDir::Etc::Sourcelist=/tmp/security.list'

2. IPS/IDS using fail2ban

apt-get install rsyslog
apt-get install fail2ban

3. Install and enable firewall using ufw

vi /etc/myufw.sh

#!/bin/bash
ufw=/usr/sbin/ufw
$ufw disable
$ufw default deny incoming
$ufw default allow outgoing
$ufw allow ssh
$ufw allow https 
$ufw allow 5000 
$ufw allow 3000 
$ufw allow 7000
$ufw - force enable

$sudo chmod +x /etc/myufw.sh

$ sudo chmod /etc/myufw.sh

$ sudo iptables -L -n

4. Enable only key based authentication:

vi /etc/ssh/sshd_config and check following 2 lines
PasswordAuthentication no
PermitRootLogin no

$sudo systemctl restart ssh

Aug 31, 2011

Convert .flv (Google Videos) to .mpeg using ffmpeg

Install ffmpeg package

get install ffmpeg

The basic command is:

mpeg -i youtube.flv youtube.mpg

To convert all the files in one shot:

for i in *.flv;
do
ffmpeg -i $i `basename $i .flv`.mpg;
done

Feb 16, 2011

Dyndns over NCELL Connect

Setting up NCELL Mobile Broadband & Dynamic DNS on OLPC School Server (NEXS)

(Senario: Fedora 9-0.6 , OLPC School Server, Network Manager can not be run for there is no GUI, so dial using wvdial on Terminal)

Steps:
1. Installed following 2 packages (Had to compile from source)



# rpm -ivh usb_modeswitch-data-20101222-1.fc9.noarch

# rpm -ivh usb_modeswitch-1.1.6-1.fc9.i386

2. Check to see if the Modem(Datacard) is being detected :Huawei E160/E220 USB Stick



# wvdialconf

Found a modem on /dev/ttyUSB0

3. It may be necessary write a following udev rule if the modem doesn't get switched to modem mode automatically



# cat > /etc/udev/rules.d/99-ncell-connect.rules <# Ncell Connect switch mode to usbserial (E1550 device id => 12d1:1446)

SUBSYSTEM=="usb", ATTRS{idProduct}=="1446", ATTRS{idVendor}=="12d1", RUN+="/lib/udev/modem-modeswitch --vendor 0x12d1 --product 0x1446 --type option-zerocd"

EOT

4. Write a wvdial dailer file



# vi /etc/wvdial.conf

[Dialer Defaults]

Init1 = ATZ

Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0

Stupid Mode = 1

Modem Type = Analog Modem

ISDN = 0

Phone = *99#

Modem = /dev/ttyUSB0

Username = web

Dial Command = ATDT

Password = web

Baud = 460800

5. Run the dialer



# wvdial

Now, Setting up Dyndns

1. Get a free dyndns domainname, its free, signup and on dyndns.com. you can get upto 5 free domainnames.

2. Install dyndns.org client package.



# yum install ipcheck 

( The above didn't work for me, I went to my debian machine and did following to get rpm out of ipcheck deb package) 



# apt-get install ipcheck

# cd /var/cache/apt/archieve

# alien -r ipcheck_0.233-1_all.deb

Then,

copied ipcheck-0.233-2.noarch.rpm over to server and installed using



#rpm -ivh ipcheck-0.233-2.noarch.rpm

3. Get the domainname, username and password ready and do following



# python /usr/sbin/ipcheck.py --makedat -i ppp0 username password hostname

(Eg. python /usr/sbin/ipcheck.py --makedat -i ppp0 ole ole lal.homelinux.org)

4. Wait for a minute and ping lal.homelinux.org, it should resolve to the IP address of your ppp0 interface.

Feb 2, 2011

NCELL Connect in Linux, Ubuntu

sudo su
# apt-get install usb-modeswitch
# cat > /etc/udev/rules.d/99-ncell-connect.rules <# Ncell Connect switch mode to usbserial (E1550 device id => 12d1:1446)
SUBSYSTEM=="usb", ATTRS{idProduct}=="1446", ATTRS{idVendor}=="12d1", RUN+="/lib/udev/modem-modeswitch --vendor 0x12d1 --product 0x1446 --type option-zerocd"
EOT

Dec 14, 2010

Linux System Cloning using "dd"

First check the partition table first using following command
fdisk -l

Device Boot Start End Blocks Id System
/dev/sda1 1 9 72261 83 HPFS/NTFS
/dev/sda2 10 75 530145 82 Linux swap
/dev/sda3 76 467 3148740 fd Linux raid autodetect
/dev/sda4 468 2200 13920322+ 83 Linux

Simple but may take a lot of time ( over 10 hours is no surprise)
dd if=/dev/sda of=/dev/sdb

If you think there is no point in cloning swap areas and empty partition, clone each partition

Note: Both drives are partitioned exactly same. If you have different brand harddrives, make sure each partition on second drive must be equal to or greater than first drive partitions. Also make sure File system ID should match for second drive also.

dd if=/dev/sda of=/dev/sdb bs=446 count=1
dd if=/dev/sda1 of=/dev/sdb1 ==> Clone NTFS partition
dd if=/dev/sda3 of=/dev/sdb3 ==> Clone RAID-1 partition