Linux Wallpaper: Simple and to the Point
A simple, clean Linux wallpaper to let the world know, but without shouting.
If you’d like to see more really nice Linux Wallpapers, take a look at my Wallpaper gallery.
OpenSUSE Linux Tips, tricks, how-tos, opinions, and news
My Resume - My LinkedIn Profile - twitter: @scottmmorrisLinux is built to be inherently secure, and has a great track record of having superior security to its proprietary counterpart.
However, in the world of server administration, paranoia is an asset. How else could someone get in? How can I prevent that? How can I be notified?
One magnificent contribution to the security of Linux servers the world over is called fail2ban. Why should you care?
From the Fail2ban main page:
Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.
So basically, it gives the finger to those mean people who are trying to brute-force your ssh server. And it blocks them at the packet level with iptables. No iptables knowledge necessary. (Though if you want a quickie, take a look at this short “Iptables for Linux” intro).
For openSUSE users, check to see if you have it available using zypper:
[1049][root@laptop:~]$ zypper search fail2ban
If you find it, use zypper install fail2ban to get it on your box.
If you have trouble getting it installed, follow the seriously excellent advice on the fail2ban download page.
When you get it installed, as root, edit your /etc/fail2ban/jail.conf file.
Put your ip addresses in the ignoreip list so you don’t lock yourself out.
bantime is in seconds. 1 hour is 3,600 seconds. 24 hours is 86400. I put in at least 24 hours. Do what works for you.
maxretry is how many tries a user gets before they’re blocked for bantime seconds. 3 to 5 chances seems more than generous.
Now to set up the notification.
In the same file, look for the section called [ssh-iptables]. Change this section so it looks like this:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=notrealemail@suseblog.com, sender=fail2ban@suseblog.com]
logpath = /var/log/messages
maxretry = 3
If you don’t want the ‘whois’ info, take out the ‘-whois’ from the sendmail part. Change the dest email to your own, and set the sender to whatever you want. Maxretry will override the default that you set further up. In logpath, put in the system log, or wherever your sshd logs stuff. Mine happens to be what you see there.
When it’s set up as you like, save and quit.
Now, fire that bad fool up:
[1607][root@mail:/etc/fail2ban]$ fail2ban-client start 2009-11-27 16:07:46,554 fail2ban.server : INFO Starting Fail2ban v0.8.4 2009-11-27 16:07:46,555 fail2ban.server : INFO Starting in daemon mode [1607][root@mail:/etc/fail2ban]$
To make it run when the machine restarts, use chkconfig:
[1607][root@mail:/etc/fail2ban]$ chkconfig -a fail2ban fail2ban 0:off 1:off 2:off 3:on 4:off 5:on 6:off [1610][root@mail:/etc/fail2ban]$
Within at least a few hours, you should get notifications. Or, you can have someone try and brute force your box and see if their IP gets banned.
If you read through jail.conf, you’ll see that fail2ban can do loads more than I’ve covered here. But if you want a little more armor on ssh, your biggest target, slap fail2ban on your box.
A simple, clean Linux wallpaper to let the world know, but without shouting.
If you’d like to see more really nice Linux Wallpapers, take a look at my Wallpaper gallery.
Here is a really cool wallpaper to help you remember CLI commands and what they do. Nice and useful for those times where your brain fails you.
Another migration from Windows to Linux to join my list of nearly 100 Linux Migrations from Around the Globe:
INSURANCE giant Allianz Australia expects to save more than $1 million by switching from Microsoft Windows to Red Hat Linux for key applications.
Excerpt:
“We believe this is just the beginning… the move from a Wintel-based environment to a virtualised Linux environment will save over $1m a year in facilities, hardware and software costs,” Mr Rowe said.
Read “Insurer slashes $1m from costs with move to Linux.”
Good thing they’re switching, too, because they’d be vulnerable to today’s zero-day exploit:
A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.
The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites’ content. Symantec currently detects the exploit with the Bloodhound.Exploit.129 antivirus signature and is working on new signatures now. Symantec IPS protection also currently detects this exploit with signatures HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO. A new IPS signature, HTTP IE Style Heap Spray BO, has also been created for this specific exploit. To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.
Provided by Symantec. This is why friends don’t let friends use Windows.
In other news, how would you like to turn a body part into a TV screen or computer monitor?
Check this out:
“New LED tattoos from the University of Pennsylvania could make the Illustrated Man real (minus the creepy stories, of course). Researchers there are developing silicon-and-silk implantable devices which sit under the skin like a tattoo. Already implanted into mice, these tattoos could carry LEDs, turning your skin into a screen.”
Read “How LED Tattoos Could Make Your Skin a Screen.”
Just use Linux.
Zonker, you rock, brother. Joe ‘Zonker’ Brockmeier has provided us with a nice explanation of enhancing openSUSE 11.2. He talks about adding repositories and packages. It’s a little more user-friendly to new users than my quick summary: OpenSUSE Linux: Quick Zypper Tutorial.
Aimed at new users, he provides a nice detailed article on repositories, packages, and how to use zypper to manage them from the command-line.
Excerpt:
“So you’ve got that shiny new openSUSE 11.2 system up and running. Now what? The default repositories have plenty of software, but there’s much more for openSUSE in community and semi-official repositories that you might find useful.
“openSUSE comes with an enormous amount of software in the official repositories. But, sometimes you just need something that isn’t in the default release. Either because the package isn’t offered through the official repos, or because you want to track software that’s ahead of the current release.”
Take a look at Enhancing openSUSE 11.2: Adding Repositories and Packages
Linux wallpapers can totally change how your machine feels. I saw this one and thought it was rather well-done. Greets and congrats to the person who did it. If you know who did this, tell them thanks for me.
If you’d like to see more really nice Linux Wallpapers, take a look at my Wallpaper gallery. I honestly don’t know who makes such great artwork, I just know that I never could. The best thing I can do for these excellent artists is to promote their great wallpapers. Throw an eyeball at the gallery and see what you think.
Coming in from ZDNet, music to my ears… Daryl McBride is canned from SCO. No more President/CEO for SCO. Apparently, some one must have finally taken the red pill.
Excerpt:
“Remember SCO?
Back when I started writing about open source and Linux, in 2005, you couldn’t swing a cat without catching someone with an opinion about SCO.
SCO claimed Linux was infringing its patentscopyright. SCO claimed it owned Linux. SCO sued IBM.
CORRECTION: Microsoft claims patent rights on Linux code. The SCO case was about copyright.
Once SCO built a railroad of lawsuits, made it race against time. Now it’s done.
As quietly as possible last week, through a required SEC filing, SCO quietly canned CEO Darl McBride, the architect of its audacious ‘better luck through lawsuits’ business plan.
They didn’t just ease the man out. They eliminated the positions of CEO and president, which McBride held. The top name on the org chart is now COO Jeff Hunsaker (above), whose background includes stints at WordPerfect, Novell and Corel (so he knows from failure).
Anyone have a few words they want to say over the body?”
OK, it wasn’t an excerpt. It was the whole thing. You can’t prune news as beautiful as this.
I finally got my twitter account going and put the tweets into the left navigation here on http://www.suseblog.com/. If you have a good Linux-related contact that you can recommend, shoot ‘em on over. Also, should you wish to follow me, my account is @scottmmorris. Everyone have a marvy day.
Blatantly stolen from Distrowatch:
“Klaus Knopper has released KNOPPIX 6.2, a new version of the popular Debian-based live CD/DVD with LXDE as the default desktop: “The current version 6.2 has been completely updated from Debian ‘Lenny’, ‘Testing’ and ‘Unstable’, and uses kernel 2.6.31.6 and X.Org 7.4. Microknoppix is a complete rewrite of the KNOPPIX boot system from version 6.0 and up, with the following features: high compatibility with its Debian base; accelerated boot procedure; LXDE as graphical environment – a very slim and fast desktop with extremely short start time and low resource requirements; amount of installed software greatly reduced in the CD edition; network configuration handled by NetworkManager….” Read the rest of the release notes for more details. Download the DVD, CD or the special ADRIANE edition with accessibility features for the visually impaired: KNOPPIX_V6.2DVD-EN.iso (3,675MB, MD5, torrent), KNOPPIX_V6.2CD-EN.iso (691MB, MD5, torrent), KNOPPIX-ADRIANE_V6.2CD-EN.iso (691MB, MD5, torrent).”
Good old Steven J. Vaughn-Nichols. Excellent article, man. Linux is taking the recordbooks by storm according to his latest article.
He says,”Once upon a time, supercomputers used special vector model processors to achieve their remarkable speeds. Then, at the dawn of the 21st century, people began working out how to achieve record-breaking computer speed by linking hundreds or thousands of commercial microprocessors running Linux and connected with high-speed networking in MPP (massively parallel processor) arrays. The supercomputing world has never been the same. Today, Linux rules supercomputing.
The latest ‘Top 500 supercomputer’ list of the fastest computers on the planet makes that abundantly clear. Broken down by operating system, this latest ranking has 469 of the top 500 running one kind of Linux or another.
To be exact, 391 are running their own house brand of Linux. Sixty-two are running some version of Novell’s SUSE Linux, including such variants as UNICOS/lc and CNL (Compute Node Linux). Red Hat and its relatives, including CentOS, come in second with 16 supercomputers.”
When you start up Linux on your box, generally you are taken to a graphical login screen (unless, of course, you have configured things differently). This graphical login screen is called the display manager.
Would you like to check out some different display managers in Linux? There are about 4 that I have been playing around with: xdm, gdm, kdm, wdm
To take a look at the differences, and see which one you like, install them with your package manager. With OpenSUSE, this is yast or zypper.
The commandline way to do this is simple:
For OpenSUSE 11.2
[1004][root@dev:/home/scott]$ zypper in gdm kdm wdm xdm
To see which one you like, edit the /etc/sysconfig/displaymanager file. Look for this section:
## Type: string(kdm,kdm3,kdm4,xdm,gdm,wdm,console) ## Default: "" # # Here you can set the default Display manager (kdm/xdm/gdm/wdm/console). # all changes in this file require a restart of the displaymanager # DISPLAYMANAGER="kdm4"
You’ll notice that the first couple of lines tell you what to put in for the display manager you want to use (kdm,kdm3,kdm4,xdm,gdm,wdm,console). Put in different ones and see what floats your boat. When you get it how you like it, stop.
For OpenSUSE 11.1
[1004][root@dev:/home/scott]$ zypper in gdm kde4-kdm wdm
I didn’t see xdm available on 11.1, but I could be up in the night.
To see which one you like, edit the /etc/sysconfig/displaymanager file. Look for this section:
## Type: string(kdm,kdm3,kdm4,xdm,gdm,wdm,console) ## Default: "" # # Here you can set the default Display manager (kdm/xdm/gdm/wdm/console). # all changes in this file require a restart of the displaymanager # DISPLAYMANAGER="kdm4"
You’ll notice that it tells you what to put in for the display manager you want to use (kdm,kdm3,kdm4,xdm,gdm,wdm,console). Take a look at them, see which one suits your fancy, and use the one that makes your heart tingle.
G’day.
Ophcrack is the Linux LiveCD that you reach for when you forget your admin password on your Win32 (incl. XP and Vista) box.
From the Ophcrack Sourceforge page:
“Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.”
For all admins who use said proprietary OS, if you ever forget your admin password, this is one great way to recover it, and help you keep your job.
Please do not ever, ever, ever use tools like this for malicious purposes, because that’s just plain not very nice.
As many know, one of my BIGGEST gripes with Gnome and/or GTK-based apps is their inability to NATIVELY support remote filesystem access, like Konqueror does by default, and Kate does by default, and many of the other applications built for KDE do by default. As mentioned in a previous post:
“kio-slave – For anyone who doesn’t know what this does, it gives KDE the ability to interact with remote filesystems via FTP, SSH, etc. You can open up a remote filesystem, and drag and drop a text file right onto your Kate icon. Kate will open the file for you to edit it. When you are done editing, just click SAVE and close the file. KDE via kio-slave saves the file back to the remote fileystem (assuming you have the proper privileges). This is the one thing that has the supremest of importance to me. It is possible to have one Konqueror window open and have it split into 16 different panes, each pane connected to a different filesystem or directory, whether local or remote. If you have never done this, you have to try it some time. You can split Kate windows the same way. Before anyone says it, I realize that you can make other desktop environments do this, but KDE just does it right out of the box.”
Some may even remember when I posted a bit of a rant about this. I use remote filesystems ALL DAY LONG.
As I’m moving away from KDE and everything that ties me to it, the need arose to access remote filesystems very quickly in a windowing system. I realize ssh does this. With ssh, it takes about 12 seconds to log in and copy a file over, not to mention all the keystrokes. With Konqueror, I click the Konqueror Icon, press CTRL+SHIFT+L, and select the remote filesystem I want from my bookmarks and I’m there. All of 3 seconds and a tenth of the effort.
How to mimic the functionality I want?
One possibility is a little app called gigolo. Why the name? As the author says, “Because it mounts what its told to.”
For XFCE4 users, this little baby is pretty fun. It allows you to bookmark remote filesystems, autoconnect to them, and all sorts of great stuff, quite a bit like kio-slave does. Just a bit more cumbersome, but at least I get the functionality.
Experience is a great teacher, so add the repo and install gigolo:
[1207][root@suse-desktop:/home/scott]$ zypper addrepo "http://download.opensuse.org/repositories/X11:/xfce/openSUSE_11.1" XFCE4 ; zypper modifyrepo -r XFCE4 ; zypper in gigolo Adding repository 'XFCE4' [done] Repository 'XFCE4' successfully added Enabled: Yes Autorefresh: No URI: http://download.opensuse.org/repositories/X11:/xfce/openSUSE_11.1 Autorefresh has been enabled for repository 'XFCE4'. Retrieving repository 'XFCE4' metadata [done] Building repository 'XFCE4' cache [done] Loading repository data... Reading installed packages... Resolving package dependencies... The following NEW package is going to be installed: gigolo Overall download size: 90.0 K. After the operation, additional 310.0 K will be used. Continue? [YES/no]: Retrieving package gigolo-0.3.2-1.1.i586 (1/1), 90.0 K (310.0 K unpacked) Retrieving: gigolo-0.3.2-1.1.i586.rpm [done] Installing: gigolo-0.3.2-1.1 [done] [1208][root@suse-desktop:/home/scott]$
Now just run it. You’ll get a window similar to the following:
Press CTRL+B to edit your bookmarks. A window like this comes up:
Click ADD. In the box that appears, fill out the info and click OK:
If you selected autoconnect, you’ll be prompted for the password:
You may also have to create a keyring password. When you are done, if you selected autoconnect, you’ll see an icon showing that it’s connected:
If not, click the down arrow next to the bookmark button (furthest left), and select the bookmark you want to connect to:
Once you have connected to a bookmark, double-click it in the gigolo window. Nautilus comes up displaying the remote filesystem. Not sure if you can use other file managers, but if you can, let me know.
OpenSUSE Linux provides a command-line method of managing repositories and packages. This tool is called zypper. The following is a basic tutorial by example of how to use zypper.
Repository Management
To list repositories:
[1342][root@dev:/home/scott]$ zypper repos # | Alias | Name | Enabled | Refresh ---+-------------------+-----------------------+---------+-------- 1 | Enlightenment CVS | Enlightenment CVS | Yes | Yes 2 | OpenSUSE_11.1_ISO | OpenSUSE 11.1 ISO | Yes | No 3 | Packman | Packman | Yes | Yes 4 | Window_Managers | Window Managers | Yes | Yes 5 | XFCE4 | XFCE4 | Yes | Yes 6 | aterm | aterm | Yes | Yes 7 | home:danci1973 | home:danci1973 | Yes | Yes 8 | home:dauphin | home:dauphin | Yes | Yes 9 | home:jnelson-suse | home:jnelson-suse | Yes | Yes 10 | mozilla | mozilla | Yes | Yes 11 | openSUSE 11.1-0 | openSUSE 11.1-0 | Yes | Yes 12 | repo-debug | openSUSE-11.1-Debug | No | Yes 13 | repo-non-oss | openSUSE-11.1-Non-Oss | Yes | Yes 14 | repo-source | openSUSE-11.1-Source | No | Yes 15 | repo-update | openSUSE-11.1-Update | Yes | Yes [1402][root@dev:/home/scott]$
To add a repository (we’re going to use Packman as an example):
[1341][root@dev:/home/scott]$ zypper addrepo "http://packman.unixheads.com/suse/11.1/" Packman Adding repository 'Packman' [done] Repository 'Packman' successfully added Enabled: Yes Autorefresh: No URI: http://packman.unixheads.com/suse/11.1/ [1341][root@dev:/home/scott]$
To turn on autorefresh, because it’s disabled by default (again, with Packman):
[1341][root@dev:/home/scott]$ zypper modifyrepo -r Packman Autorefresh has been enabled for repository 'Packman'. [1342][root@dev:/home/scott]$
To refresh a repo manually:
[1342][root@dev:/home/scott]$ zypper refresh -r Packman Retrieving repository 'Packman' metadata [done] Building repository 'Packman' cache [done] Specified repositories have been refreshed. [1342][root@dev:/home/scott]$
Leave out the “-r” and leave off the name of the repo if you want to refresh all of them.
To remove a repository:
[1337][root@dev:/home/scott]$ zypper rr Packman Removing repository 'Packman' [done] Repository 'Packman' has been removed. [1337][root@dev:/home/scott]$
Package Management
To search for a package (id3v2, in this example):
[1224][root@dev:/home/scott]$ zypper search id3v2 Loading repository data... Reading installed packages... S | Name | Summary | Type --+-------+--------------------------------------+-------- | id3v2 | A Command Line Editor for ID3V2 Tags | package [1229][root@dev:/home/scott]$
To get information on a package (again, id3v2):
[1229][root@dev:/home/scott]$ zypper info id3v2 Loading repository data... Reading installed packages... Information for package id3v2: Repository: openSUSE 11.1-0 Name: id3v2 Version: 0.1.11-77.60 Arch: x86_64 Vendor: openSUSE Installed: No Status: not installed Installed Size: 79.0 K Summary: A Command Line Editor for ID3V2 Tags Description: ID3 tags are found in MP3 files. They canstore information about what band recorded the song, the song name, and more. ID3V1 tags are seriously deficient as to the kind of and length ofinformation that they can store. This is a tool for editing ID3V2tags in Linux. [1333][root@dev:/home/scott]$
To install a package:
[1333][root@dev:/home/scott]$ zypper install id3v2 Loading repository data... Reading installed packages... Resolving package dependencies... The following NEW package is going to be installed: id3v2 Overall download size: 30.0 K. After the operation, additional 79.0 K will be used. Continue? [YES/no]: Retrieving package id3v2-0.1.11-77.60.x86_64 (1/1), 30.0 K (79.0 K unpacked) Retrieving: id3v2-0.1.11-77.60.x86_64.rpm [done] Installing: id3v2-0.1.11-77.60 [done] [1334][root@dev:/home/scott]$
To remove a package:
[1334][root@dev:/home/scott]$ zypper remove id3v2 Loading repository data... Reading installed packages... Resolving package dependencies... The following package is going to be REMOVED: id3v2 After the operation, 79.0 K will be freed. Continue? [YES/no]: Removing id3v2-0.1.11-77.60 [done] [1336][root@dev:/home/scott]$
These are some common zypper commands that will help you manage your repositories and packages from the command-line.
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Oct | Dec » | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
181 queries. 1.129 seconds
