Tuesday 25 August 2009

Make Pasword file Immutable - A Security tip

You can add a extra layer of protection to your machine, or in my case help to prevent wannabe haxx0r brothers at the parents house from changing to extremely short passwords with a little trick that not many are aware of.

What happened to me was my brother managed to shoulder surf the admin account on my parents PC, I normally update their PC by SSH from home, but I was around there visiting and mum had described a problem so I was fixing it while we chatted, my brother was lurking around and managed to shoulder read my 12 digit alpha numeric password (have to give the guy a bit of credit there, sadly)

Anyway I became aware that files on the admin account had incorrect accessed times afterwards and then looked deeper and found that someone had been in on the account and had changed my brothers password on his account from a sensible 10 digit alphanumeric (which was dead simple to bang in with two fingers as the digits were paired on the keyboard) into a rather less safe two letter password. He claimed that a friend had helped him break into my account as "you aren't the only one that knows linux", as if I ever imagined that I was some guru, I'm a self confessed learner still! As we "discussed" this further he came clean that he had simply watched me enter the password rather than "hacked" in.

Anyway lets get onto the crux of this, after setting your passwords open a terminal and enter:
chattr +i /etc/shadow

This will make the file immutable, which means that it cannot be deleted or renamed, no symlink can be made to this file and no data can be written to the file. The immutable flag must be cleared before passwords can be changed, if you try to do so without clearing it then it will appear to change the password, but in fact it would not write to the file, without error. Meaning the new password would never be written and the old password would continue being the active one.

If a fairly knowledgeable user tries to dig into why it won't write and they try:
$ ls -l /etc/shadow
-rw-r----- 1 root shadow 1027 2009-08-25 14:37 shadow


There is nothing obviously wrong with writing to the file, to check properly you would use:
$ sudo lsattr shadow
----i------------- shadow


Here we can see the +i flag set for immutable. If we clear that with:
chattr -i /etc/shadow
The password can now be changed as normal, using sudo passwd username
and then it can be set +i again to protect it.

A little bit sneaky and just a little bit safer.

Monday 24 August 2009

A script to copy clipboard to a file.

While mucking about with some scripts I got a little bored of copying them into files and chmod +x and copying them into the path, so I just knocked up this little scriptlet. It will optionally set the execute flag on the file if it is a script you are pasting, or leave it as a normal txt file for just saving some text.


First install the package xclip with either Synaptic or:
sudo apt-get install xclip

This isn't a great script, there is very little error checking and it won't even go out of its way to tell you if the syntax is wrong, luckily its easy enough and does what I wanted simply.

Syntax is :
clip2file -x filename
Copies the clipboard into a file and sets it to execute with chmod +x then movies it into ~/bin
clip2file -a filename
Copies the clipboard into a file and nothing more.

You should have already made a bin/ folder in your home (~/bin/) this I believe is already defined as in the $PATH on Ubuntu install.

make a new file in that bin folder called "clip2file" and open it in your favourite text editor such as nano, vim or gedit and past the following script into it.

#!/bin/bash
#
# Copy the contents of the X clipboard into
# the specified file.
#
# This makes it crap loads easier to make new commands from scripts.
#
# Perhaps make it automagically +x if the first script line is
# #/bin/*
#
#

hflag=
aflag=
xflag=

while getopts 'ha:x:' OPTION
do
case $OPTION in
h) hflag=1 ;;

a) aflag=1
aval="$OPTARG" ;;

x) xflag=1
xval="$OPTARG" ;;

?) printf "Usage: %s: [-x filename] [-a filename] or use -h to recieve help\n"
exit 1 ;;
esac
done

shift $(($OPTIND - 1))

if [ "$hflag" ]
then
printf "Clip2file provides an easy method to create a file from the X clipboard\n"
printf "as either a text file, or make the file executable as a bash script.\n\n"
printf "-x filename ......... Create the file, then set the execute bit.\n"
printf "-a filename ......... Create the file but do not set execute.\n\n"
exit 1
fi

if [ "$xflag" ]
then
xclip -selection clipboard -o > "$xval"
chmod +x "$xval"
mv "$xval" $HOME/bin/
fi

if [ "$aflag" ]
then
xclip -selection clipboard -o > "$aval"
fi

exit 0

Set the file to allow executing, with with chmod +x clipt2file or by right clicking it in nautilus and choosing Proerties then going to the Permissions tab and setting it to allow executing.

Now if you want to add a new script off a website, simply copy the text into the clipboard and in a terminal or run dialog (alt+F2) enter:

clip2file -x filename

Filename of course being the name to save the file too, you can then run your new script right away.

Please remeber this script isn't perfect but its good enough for what it does, if someone would like to expand on it then I would happily post the improved version with credit.

Sunday 23 August 2009

Howto: SSH Public Key Authorisation Login (AKA Passwordless)

To be clear, this is how to login using SSH to another machine without having to enter your password. It is not an all encompassing solution but a "good enough" set up. I have to administer a couple of machines and a shell which I have use of, my own machine is kept up to date and I feel is secure enough with only myself as sole user.

Firstly we should make a key pair if you haven't already done so, these are deposited into into ~/.ssh

ssh-keygen -t rsa

Next we need to get the contents of ~/.ssh/id_rsa.pub onto our remote machine and into ~/.ssh/authorized_keys this can be done a couple ways, I found it as easy to just ssh into the remote machine and paste the contents directly into the file just note that if you paste it in you may have to correct the formatting so it is all on one line, I noticed a couple of line breaks sneak in. You could use something like the following however:

scp -P 20060 ~/.ssh/id_rsa.pub remoteaccount@remotesserver.com

Then you can just append it automatically with the following (we will touch the file in case it doesn't already exist on your machine:

touch ~/.ssh/authorized_keys
cat id_rsa.pub >> ~/.ssh/authorized_keys


We should at this point make the .ssh folder only readable by the owner:

chmod 700 ~/.ssh

You can optionally delete the id_rsa.pub key file if it was in your home folder, its the public key part so its not really necessary in my opinion but it is nice to tidy up after yourself ;)

rm id_rsa.pub

If you try and login now to the remote machine with SSH you should with any luck find you do not have to enter your password at all and can just get right on with your work.

Saturday 15 August 2009

Howto: Make Rhythmbox Put Album Covers on the Desktop (Desktop Art)

Ever wondered how people get the album covers on the desktop of the tracks they are listening too?

From Ubuntu Linux Tips and Tutorials


I'm happy to say its very simple, though it will depend on your albums having the cover art available in the mp3 folders.
Open up a terminal and simply paste these commands in one at a time:

If you do not have subversion installed then issue the following command, if you are not sure then enter it anyway, at worst it will just tell you it is already installed and do nothing.

sudo apt-get install subversion

And then these:

mkdir -p $HOME/.gnome2/rhythmbox/plugins/
cd $HOME/.gnome2/rhythmbox/plugins/
svn co http://nedrebo.org/svn/rhythmbox/desktop-art

Fire up Rhythmbox and go to the Edit/Plugins in the menu bar and find Desktop Art in the lefthand list and simply enable it. You can now configure it using the configure button on the right hand pane, don't worry about using the X,Y positioning coordinates as you can simply alt+leftclick drag the desktop art frame when you exit the configuration. So just adjust the colours if you want, and chane the text position relative to the album cover art.




Wednesday 12 August 2009

Enable Composite Manager in Metacity

Not every computer has the resources to run Compiz, but if you pine after some nice effects like window shadows then there is a good chance your computer is capable of running simpler effects. i use this on my Acer Aspire One, sure it can manage Compiz, but it is a little overkill on the baby netbook.

Well rejoice now as Metacity has a composite manager built in which can give you nice drop shadows as well as a window preview on alt+tab and that  pesky inactive window title-bar transparency (which I detailed how to disable last post).

Enable the composite manager in gconf-editor and navigate to the branch in apps/metacity/general

Tick the box next to the setting composite_manager and you are now hopefully enjoying drop shadows... Yay!

A quick alternative is to paste this into a terminal

gconftool-2 -s '/apps/metacity/general/compositing_manager' --type bool true

and if you need to disable it again use:

gconftool-2 -s '/apps/metacity/general/compositing_manager' --type bool false




Adjust Titlebar Transparency in Metacity

I might be in the minority with this sentiment but I really dislike the transparency Gnome has gained on its inactive window titles when using the GTK window decorator. So here is how to make inactive windows have a solid title-bar or if you are are fan of it, make it even more transparent.

Press alt+F2 and in the run dialog enter:

gconf-editor

Navigate in the left hand tree to the branch /apps/gwd/

The two values we are interested in are :

metacity_theme_opacity which affects inactive window titlebars
metacity_theme_active_opacity which affects active windows

A setting of 1 will make the title-bars solid while 0.75 is the default at three quarters opacity.

Friday 7 August 2009

How to use OTF fonts in Ubuntu

It isn't possible to use OTF fonts directly in Ubuntu without converting them into TTF's.

If we spend just a few minutes and install FontForge and make a very small script it becomes almost trivial to do.

sudo apt-get install fontforge

Now we should make the scripts, well it is two actually but one is a small config script for FontForge and the other is just a script to convert many OTF files in one go, rather than individually. First the FontForge settings file.

cd ~/bin
touch otf2ttf.conf

Then open otf2ttf.conf in your favourite text editor and paste the following into it.

#!/usr/local/bin/fontforge
# Quick and dirty hack: converts a font to truetype (.ttf)
Print("Opening "+$1);
Open($1);
Print("Saving "+$1:r+".ttf");
Generate($1:r+".ttf");
Quit(0);

Save the file, and now lets make the script to convert many fonts in one swoop.

cd ~/bin
touch otf2ttf
chmod +x otf2ttf

Again, open this file with your prefered text editor and paste the following in.

#!/bin/bash
#
# had to enable extglob
shopt -s extglob

# this uses globbing to match fiels ending in otf/OTF
for i in +(*.otf|*.OTF)

do fontforge -script /home/subbass/bin/otf2ttf.conf $i

done

To use this now (provided that your ~/bin folder is in your path) just open a terminal where your OTF files are, and issue the command otf2ttf. It will convert 20 files in just a couple of seconds to give you an idea of speed, you can then move all the resulting TTF files into ~/.fonts


Credit to http://www.stuermer.ch/blog/convert-otf-to-ttf-font-on-ubuntu.html where I found the script before re-typing the instructions. I put it here so I don't lose it next time I need it.

Wednesday 5 August 2009

Howto Create Split RAR Files

Lets learn how to create split Rar files

If you have a large amount of data to backup or especially to transfer it can be very prudent to use an archive that can be split into smaller parts, if one section becomes corrupted during transfer, it is far better to transfer a single 15mb file again, than an entire 10GB file, right?

Lets grab the rar program:

sudo apt-get install rar

Ok lets compress our directory of files:

To compress file(s) to split rar archive know which directory you want to compress, I'll use a fictional DVD Image folder in the home folder.

rar a -m5 -v5M -R myarchive /home/yourname/dvdimage

Let me break the above command down

rar – starts the program
a – tells program to add files to the archive
-m5 – determine the compression level (0-store (fast)…3-default…5-maximum(slow))
-v15M – determine the size of each file in split archive, in this example you get files with size 15MB (if you wanted files of 512kB size you would write -v512k)
myarchive – name of the archive you are creating
/home/yourname/dvdimage – is folder of the files you wish to add to the archive

You can also add -p to the command after a and it will prompt you for a password.

You can read the manual for more options with man rar (Press q to exit and arrows to scroll up/down)

To uncompress the archive type:

rar x myarchive.part01.rar

Or right click on file myarchive.part01.rar in Nautilus and choose Extract Here.




Tuesday 4 August 2009

Howto make autohide panels smaller and hidden more in Gnome

Autohide panels in Gnome default to a 6 pixel strip remaining showing. I suspect this is done to "reduce confusion" which is a popular phrase from the Gnome guys, regardless its a little annoying to autohide a panel and still have it show around 20% of itself, so lets fix that.

The easiest way to do this is pop open a terminal and enter:

gconf-editor

This is quite a daunting program if you are fairly new to dabbling in the guts of OS's, and I must warn you to be a little careful in here, certainly don't go just changing stuff around to "see what happens"... Ok, no-one is that dumb... right?

Anyway, down the left hand side is a nice tree menu, navigate to:

/apps/panel/toplevels/

You should then see your panels on the left in the toplevels branch, possibly named bottom_panel_screen0, top_panel_screen0 or simply panel_0, panel_1 etc. Click on each of the panel entries and you will see the right pane populate with some "keys", locate the one auto_hide_size which is very likely set to 6 at the moment, change the 6 to a 1 by clicking on it.

The change is nearly instant and you will hopefully see the relevant autohidden panel sneak a little further offscreen, setting the value to 0 (zero) will not have the desired effect incidently so stick to 1 please.


Monday 3 August 2009

Delay applications running with sleep from autostart

This is how to cause some programs to wait until they run from the autostart, I will cover both Gnome and Openbox.

First, how to do this in Gnome. Fire up the Session manager either from preferences or via:

gnome-session-properties

Now when you either edit an existing entry, or add a new one the command should be in the following format:

bash -c "sleep 30; gnome-do"

This will make Gnome Do wait 30 seconds before running, obviously you can adjust the 30 and the command to run as your needs dictate. Any changes will be affected when you next login of course.

For Openbox we need to edit ~/.config/openbox/autostart.sh (where ~/ relates to your own home folder, the system will translate it). The file is a simple text format with one command per line, almost all applications in here will want a & (ampersand) after them. The ampersand tells the system to run the command and not wait for it to finish before going to the next, without it Openbox would likely run the first command then stall loading, waiting for it to end before it would even finish loading the desktop.

Ok, the magic to cause the delay....

(sleep 30s && ubuntuone-client-applet) &

Please note the parenthesis, its apparently very important to ensure the command is bracketed like this. Again you may adjust the delay time, and the command (in this case ubuntuone-client-applet)



How to create Debian menu for Openbox

This may also work for other WM like Fluxbox and TWM.

The Debian menu builds a menu from all the installed applications on your system and nicely organises them. I believe it also keeps it updated when you install new software so you do not have to manually add items to your Openbox menu.

To install it use:

sudo aptitude install menu

After it is installed run:

sudo update-menus

To enable the menu in Gnome go to the desktop panel menu:

System / Preferences / Main Menu and enable the Debian menu under Applications.