Ignoring snoopy logs with logcheck

snoppy is an awesome tool available on the debian archives. It allows you to see what commands your users have run (by default logs to /var/log/auth.log). It acts like a beefed up .bash_history that users cannot disable/delete/etc.

logcheck scans your logs for weird things, and emails them to you.

By default, these two programs do not get along. snoopy entries show up in logcheck’s emails (which can get very, very big). This sort of defeats the purpose of logcheck, since you get sent massive emails with the important stuff hidden between giant blocks of snoopy logs.

To disable this

echo ‘^w{3} [ :0-9]{11} [._[:alnum:]-]+ snoopy.*’ > /etc/logcheck/violations.ignore.d/snoopy

chmod 644  /etc/logcheck/violations.ignore.d/snoopy

ln -s /etc/logcheck/violations.ignore.d/snoopy /etc/logcheck/ignore.d.server/snoopy

Now test it

sudo -u logcheck logcheck

To make more logcheck ignore rules, test your file(s) by:

egrep -f logcheck-file /var/log/auth.log

It will display only what will be ignored.

Make sure the file(s) are 644 (rw r r) or logcheck won’t be able to ignore what’s in the file.

Connect to a Running X Session Remotely

From the computer you want to view the remote X session:

ssh root@computer2 -L 5900:localhost:5900

If you can only connect to a linux gateway, you can substitute localhost with the internal IP address of the machine you want to vnc to.

ssh root@computer2 -L 5900:192.168.1.100:5900

On computer2 do the following.

This does not need to be done as root, but you’ll need to be the actual user running the X session if you log in as a regular user. On ubuntu/debian you can use apt-get install x11vnc.

x11vnc -display :0 -passwd password

If it complains that it cannot connect to :0, try this

x11vnc -auth /var/lib/gdm/:0.Xauth -passwd password

Note that using the :0.Xauth method will work if X is just running at the login screen (so you could connect and log into X as a user).

Now, from computer1, do

vncviewer localhost

This is very useful, but make sure you use a password if port 5900 is open on computer2.

Linux DVR/MythTV Box

There’s a lot of information out there for building a MythTV box out there. I figured I’d throw in my two cents, and hopefully help people that encountered some of the same problems I did.

First, the hardware.

I picked a good case; it’s a low profile case (so you need low profile cards!). It was pretty cheap, looks nice, and came with a power supply. $20 not including shipping.

http://www.svc.com/ycc-s27.html ($40 with shipping)

Front of Case

Since I was on a budget, I picked up a cheap Motherboard and a low power CPU. I had to purchase a Heatsink/Fan elsewhere since the one that came with the CPU would not fit on the motherboard and had a non-standard 4-pin fan power cable.

AMD Semperon LE-1150 Sparta 2.0Ghz 45W CPU ($40~)

BioStar AM2 Motherboard ($40~)

Combined, these were $80. While I might have liked more speed for this price, I felt the low power consumption was worth it.

2GB – 2x1GB DDR2 667 ($40)

A 60GB SATA Laptop drive (had it laying around) performs beautifully. It’s resonsive, and best of all whisper quiet. It’s not much space, but I have a seperate computer with nearly 500GB of free space that I’ll probably be using for NFS.

60GB SATA Laptop Drive ($45)

The PVR-150 (150MCE-LP) capture card performs well; it has a built-in MPEG encoder which takes stress off the CPU (very useful in this case). New this card is around $75, but you can get one off ebay for $20+ less if you feel cheap.

Haupage PVR-150MCE-LP ($75)

This card had trouble dealing with the splitters I was using (900mhz and 1100mhz). Removing the 900mhz helped. My cable was being run from the 3rd floor to the basement, which might have been a problem too (no other capture card I’ve messed with had this trouble, not sure if it’s something with this card or just a weird quirk my card had).

Now, I needed a card with S-Video or RCA out. I ended up getting a GeForce 4 MX440 64MB. Ebay for this; new low profile video cards are quite expensive. This isn’t a major performance card, but it’s low profile (mine had only a heatsink, so even less noise). It’ll do fine for TV watching, and some light game plaing.

GeForce 4 MX440 64MB Low Profile ($20)

Top of PVR

The last thing this setup needed was a remote control. An ATI Wonder (supported by Linux) was cheap on ebay.

ATI Wonder Remote ($10)

ATI Remote

To get the remote working in Linux isn’t very hard (although it would be nice if lirc would auto-detect controllers). The information is available on mythtv’s website here: http://www.mythtv.org/wiki/index.php/ATI_Remote_Wonder

One important suggestion is to disable the lirc_atiusb module, by adding the following in /etc/modprobe.d/blacklist

blacklist lirc_atiusb

Add the correct module in /etc/modules

ati_remote

Reboot; lircd will no longer hang and your remote should work. 🙂

This setup plays and records video flawlessly (I don’t notice anything while recording and watching at the same time). I play emulators on it (N64, PSX, etc.) with USB-> N64/PSX adapters and definitly think this is worth it. It’s totally silent.

For only $300 including shipping, this isn’t too bad. It could definitly use a larger drive, but personally I like the idea of a central server to store my library (if only to keep down on the noise here in my TV room!).

Security-Related Bug in Ubuntu 7.10

Create a ‘Shared’ folder in /home/username
Create a ‘Shared 192.168.1.100’ folder in /home/username

Right click ‘Shared’ and go to ‘Share Folder’. Add a NFS share with no allowed IP addresses.
Right click ‘Shared 192.168.1.100’. Add a NFS share with no allowed IP addresses.

Go to ‘System’ – ‘Administration’ – ‘Shared Folders’

You will now see only one share, ‘/home/will/Shared’, that allows 192.168.1.100 to access this folder.

This does change the /etc/exports file, and I believe it may be a security vulnerability.

Doing this with a folder with three words (two spaces) adds each word after the space to hosts allowed to access (read-only) the share.

Seems like it would be important for users to share a folder with spaces in it, especially for everyday desktop use.

st0rage.org outages

I figured I’d post some information here about recent outages.

I plan on moving st0rage.org over to a new server soon, and there are going to be some changes (user quotas for the first time ver, yay!). I’ll also be offering a paid service, along with an increased free service.
It’s been a lot of work, and has caused some downtime (usually less than 30 minutes). People using irssi I’m sure havn’t been happy. 😉

Sorry about all the trouble, things will be much nicer soon (moving to a much more stable connection).

Lock Screen on Laptop Lid Close

This used to work on one of my old laptops, but ever since I started buying Dell laptops the screen wouldn’t lock when I closed the laptop lid.

To have your screen be locked when you close your lid, open a Termina and run gconf-editor

/apps

/gnome-power-manager

/lock

[x] blank_screen

Make sure that ‘Blank Screen’ is selected in Power Management Properties.

Vostro 1400 Wireless Problems (ipw3945)

A problem with Debian and Ubuntu (and possibly other distros) is that the ipw3945 module fails after a large amount of activity.

The solution is very simple, but it took a lot of work to find it.

Edit /etc/modules and put the following in there

iwl3945

Edit /etc/modprobe.d/blacklist and add

blacklist ipw3945

That’ll do it. The iwl3945 module performs just as well on sftp transfers, and I havn’t noticed any problems with it.

Windows Mobile 2003

I’ve recently been trying to get my hands on a H4100 series iPAQ to put Linux on. The one I bought on ebay turned out to be the wrong model, but in the meantime I’ve been using Windows Mobile 2003.

My biggest complaint is the backwards way you have to switch between program; aparently you need to open up the Memory manager and ‘activate’ programs.

Frequent wireless drops are common too. I installed PortaPuTTy on the PDA, to use screen and irssi on the go. Wireless networks don’t seem to like the iPAQ however. Even with a strong single I get dropped fairly often.

The lack of multimedia support is very noticable. You are unable to listen to Icecast streams with WMP, nor can you play anything but WMV movies.

The Pro version I’m using has remote desktop support for Windows clients, which is nice (although mostly unusable at such a low resolution compared to the other machine).

You rely on the touchscreen to interface with the keyboard. Unfortuantely, the keyboard cannot be moved around the screen so it covers up some applications (like PortaPutty) so you cannot see what you are typing. This is a very big annoyance with me.

There is not much open source software ported to the iPAQ for Windows; many applications either don’t work (well or at all) or require payment after 30 days.

Windows Mobile 2003 has been a horrible experience, and I look forward to being able to use mplayer and firefox on my new H4155 iPAQ.

I look forward to trying Linux on my new iPAQ; after I do, I”ll be sure to post about my experience there.

Debian/Ubuntu Apache2 + PHP5 + Mysql + SSL

First let’s grab the packages we need for a basic LAMP setup:

apt-get install apache2 php5-cgi libapache2-mod-php5 mysql-server php5-mysql php5-common apache2.2-common ssl-cert

If using Ubuntu, be sure to install libapache2-mod-auth-mysql

apache2.2-common and ssl-cert are needed to generate a ssl cert

make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.crt
mkdir /etc/apache2/ssl
mv apache.crt /etc/apache2/ssl

cd /etc/apache2/mods-enabled
ln -s ../mods-available/ssl.conf ssl.conf
ln -s ../mods-available/ssl.load ssl.load

Make sure /etc/apache2/ports.conf is listening on 443

Listen *:443

In your 000-default file in /etc/apache2/sites-enabled (or where ever your VirtualHosts are managed) Change:

NameVirtualHost *
<VirtualHost *>

to

NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>

Add a site for SSL:

<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/wwws
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/wwws>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

/etc/init.d/apache2 restart

By default, the User/group is www-data so make sure all your website files are owned by this user/group.

chown -R www-data:www-data /var/wwws/

Will accomplish this

All website files should be located in /var/www and /var/wwws (you can choose different directories, of course, like /home/www but make sure you change the config)

Debian Spamassassin/SquirrelMail

Updated Jan 24, 2008

Try the following crontab entries

0 0 * * * /usr/bin/find /home/*/Maildir/.Spam/cur/ -type f -mtime +7 | xargs rm -f 1> /dev/null
0 1 * * * sa-learn –spam /home/youruser/Maildir/.Spam/cur/* 1>/dev/null

The first line will check for spam older than 7 days and delete it. This is a very useful (and fast!) way to save diskspace.

Change ‘youruser’ to your actual user. Anything put in your spam folder on squirrelmail will be marked as spam.

Thanks to WastedMemory for helping me with this.

This assumes you’ve already set up a functioning MTA and have imap/pop working.

apt-get install spamassassin squrirelmail

Edit /etc/default/spamassassin and set ENABLED=1

Create a file called /etc/procmailrc

MAILDIR=$HOME/Maildir
DEFAULT=$HOME/Maildir/cur
DROPPRIVS=YES
:0fw
| /usr/bin/spamc

:0:
* ^X-Spam-Status: Yes
$HOME/Maildir/.Spam/cur

To set up squirrelmail, edit /etc/apache2/sites-enabled/000-default (or whatever site you want to use) and add:

Alias /mail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

Restart apache2, squirrelmail

/etc/init.d/apache2 restart && /etc/init.d/spamassassin restart

As a normal user (su – user), do:

maildirmake (or maildirmake.courier) ~/Maildir

Go to http://your-ip/mail and log in as the user you created Maildir with. Log in, and send a test email to another address.

Back as your user, do:

cd ~/Maildir

cp -rp .Sent .Spam

It might be a good idea to have all new users have this directory created.

cp -r /home/user/Maildir /etc/skel

If you have many users that already exit, you can do this:

for x in `ls /home`; do

cp -r /etc/skel/Maildir /home/$x

chown -R $x /home/$x/Maildir

done

Spam will now go to their Spam folder. They can check this by subscribing to INBOX.Spam in squirrelmail (Folders)

You can change the sensitivity of Spamassassin by editing /etc/spamassassin/local.cf

required_score 1.0