Misc configuration

From CourvilleWiki

1 Misc configuration notes
2 Traffic Analysis for 127.0.0.1 -- 004-E240-A1X/003-7080-406/Build 69-22
3 Traffic Analysis for www.courville.org
4 courville.org temperature

Misc configuration notes

phpwiki

apt-get install phpwiki
requires the presence of extension=mcrypt.so in /etc/php4/apache/php.ini
perform mysql configuration:

mysql -uroot -prootpasswd
        drop database phpwiki;
        quit
mysqladmin -uroot -prootpasswd create phpwiki
mysql -uroot phpwiki
        grant all on phpwiki.* to wikiuser@localhost identified by 'wikiuserpasswd';
        quit
mysql -uwikiuser -pwikiuserpasswd phpwiki < /usr/share/doc/phpwiki/schemas/mysql.sql

go though final tuning of the configuration in /etc/phpwiki/index.php

if (!defined('WIKI_NAME')) define('WIKI_NAME', 'Courville.org PhpWiki');
if (!defined('ADMIN_USER')) define('ADMIN_USER', "wikiadmin");
if (!defined('ADMIN_PASSWD')) define('ADMIN_PASSWD', "?????????");
if (!defined('ZIPDUMP_AUTH')) define('ZIPDUMP_AUTH', false);
if (!defined('ENCRYPTED_PASSWD')) define('ENCRYPTED_PASSWD', true);
$DBParams = array(passencrypt.php
   'dbtype' => 'SQL',
   'dsn' => 'mysql://wikiuser:wikiuserpasswd@localhost/phpwiki',
if (!defined('ALLOW_USER_LOGIN')) define('ALLOW_USER_LOGIN', true);
if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', false);
if (!defined('REQUIRE_SIGNIN_BEFORE_EDIT')) define('REQUIRE_SIGNIN_BEFORE_EDIT', true);

in order to get the right admin password retreive the source package for phpwiki (apt-get source phpwiki) and copy the missing passencrypt.php and configurator.php files into /usr/share/phpwiki then browse the http://localhost/phpwiki/passencrypt.php.

weeblefm

retreive it at http://weeblefm.sf.net
untar in /usr/local/share and make the link under apache in /etc/apache/httpd.conf using

Alias /weeblefm/ /usr/local/share/weeblefm/

requires the presence of extension=mcrypt.so in /etc/php4/apache/php.ini

twig

configure mysql section in /etc/twig/dbconfig.inc.php3

  $dbconfig"sqlserver"             = "localhost";
  $dbconfig"sqlport"               = "3306";
  $dbconfig"sqlusername"           = "www-data";
  $dbconfig"sqlpassword"           = "wwwdatapasswd";
  $dbconfig"defaultdb"             = "twig";
  $dbconfig"sqltype"               = "mysql";

setup database

mysql -u root -prootpasswd mysql
mysql> CREATE DATABASE twig;
mysql> GRANT ALL PRIVILEGES ON twig.* TO "www-data"@localhost IDENTIFIED BY 'wwwdatapasswd';
mysql> \q
gunzip -c /usr/share/twig/setup/twig.table.mysql.gz | mysql -u root -prootpasswd twig

requires the presence of extension=mysql.so and extension=imap.so in /etc/php4/apache/php.ini
apache or apache-ssl now need to recognize php3 extensions for that purpose modify /etc/apache{-ssl}/httpd.conf following:

<Directory />
    Options SymLinksIfOwnerMatch
#    AllowOverride None
    AllowOverride All
</Directory>
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi .index.php index.php3 index.php4 index.php index.phtml
</IfModule>
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps

test the whole browsing http://localhost/twig/test.php3
imap issues solving:

Note that in order to have it working I had to specify in /etc/twig/config.inc.php3 $config"imap_port" = "143/notls"; instead of the classical 143.
apt-get install uw-mailutils
enable plain text passwords with dpkg-reconfigure -plow libc-client2001 and respond YES to question: Allow insecure authentication using plaintext passwords?.
create a /etc/c-client.cf for libc-client with:

I accept the risk
set disable-plaintext nil

Reconfigure console keymap

Use dpkg-reconfigure console-common and answer the questions.

XFree nice issues?

In order to run appl smoothly, modify /etc/X11/Xwrapper.config by changing nice_value=-10 -> nice_value=0

Change dpi resolution

In order to get lower resolution fonts simply replace 100 by 75 (dpi) in the following file: /etc/X11/xinit/xserverrc.

Regeneration of XF86Config-4 file in `/tmp/foo`

dpkg-reconfigure -plow xserver-xfree86
dexconf --output=/tmp/foo

Migration to ext3:

tune2fs -j /dev/hda2

modify /etc/fstab and /etc/lilo.conf

append="bootfs=ext3 vga=0x317 video=vesa:ywrap,pmipal,mtrr"

Mrtg: view nice graphs of the router traffic history

get the marvellous mrtg package and retreive the configuration of your router through:

apt-get install mrtg mrtg-contrib
snmpwalk -Os -c public -v 1 192.168.254.254
cfgmaker --global 'WorkDir: /var/www/mrtg' \
  --global 'Options[[_]]: kbytes,growright' --ifref=ATM \
  --output /etc/mrtg.cfg public@192.168.254.254

no need for modification of /etc/crontab since /etc/cron.d/mrtg already contains:

#cat /etc/cron.d/mrtg
0-55/5 * * * * root if  -x /usr/bin/mrtg  &&  -r /etc/mrtg.cfg ; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi

after some modification on the verbose output of cfgmaker the /etc/mrtg.cfg file looks like:

# Created by
# /usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[[_]]: bits,growright' --ifref=ip --output /etc/mrtg.cfg public@192.168.254.254

WorkDir: /var/www/mrtg
Options[[_]]: bits,growright

Target192.168.254.254_127.0.0.1: /127.0.0.1:public@192.168.254.254:
SetEnv192.168.254.254_127.0.0.1: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="loopback (pseudo ethernet)"
MaxBytes192.168.254.254_127.0.0.1: 1250000
Title192.168.254.254_127.0.0.1: Traffic Analysis for 127.0.0.1 -- 004-E240-A1X/003-7080-406/Build 69-22

PageTop192.168.254.254_127.0.0.1:

Traffic Analysis for 127.0.0.1 -- 004-E240-A1X/003-7080-406/Build 69-22

### Interface 3 >> Descr: 'Bridge' | Name:  | Ip: '192.168.254.254' | Eth:  ###

Target192.168.254.254_192.168.254.254: /192.168.254.254:public@192.168.254.254:
SetEnv192.168.254.254_192.168.254.254: MRTG_INT_IP="192.168.254.254" MRTG_INT_DESCR="Bridge"
MaxBytes192.168.254.254_192.168.254.254: 1250000
Title192.168.254.254_192.168.254.254: Traffic Analysis for www.courville.org

PageTop192.168.254.254_192.168.254.254:

Traffic Analysis for www.courville.org

### SYSTEM courville.org Temperature ###
#Optionsgritche_temp: gauge,nopercent
#Targetgritche_temp: `/var/www/script/lm_sensors.pl`
#MaxBytesgritche_temp: 100
#YLegendgritche_temp: Temperature
#LegendIgritche_temp: M/B temp:
#ShortLegendgritche_temp: degrees
#Titlegritche_temp: courville.org temperature

#PageTopgritche_temp:

courville.org temperature

spamassassin

edit /etc/default/spamassassin and enable spamd
install good filtering rules:

cd /etc/spamassassin
wget http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf

usb camera permission settings for a user

mkdir /etc/hotplug/usb
/usr/lib/libgphoto2-2/print-usb-usermap > /etc/hotplug/usb/usbcam.usermap
cp /usr/share/doc/libgphoto2-2/linux-hotplug/* /etc/hotplug/usb/
addgroup camera
adduser marc camera

put labels for easy mount

e2label /dev/sda1 040Go-HD-IBM-01
mkdir /mnt/040Go-HD-IBM-01
tail -n 1 /etc/fstab
LABEL=040Go-HD-IBM-01 /mnt/040Go-HD-IBM-01 ext2 user,noauto 0 0
cat /etc/fstab
#Not supermount section
/dev/hdc  /mnt/cdrom  auto ro,iocharset=iso8859-15,codepage=850,umask=0      0 0
/dev/hdc  /mnt/dvd    auto ro,iocharset=iso8859-15,codepage=850,umask=0      0 0
/dev/fd0  /mnt/floppy auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sda1 /mnt/flash  auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sda1 /mnt/flasha auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sdb1 /mnt/flashb auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sdc1 /mnt/flashc auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0

Debug apache when it is not starting

uncomment in /etc/apache/modules.conf the libphp4 loadmodule
restart apache service

/etc/init.d/apache stop
rm /var/run/apache.pid
/etc/init.d/apache start
ps -auxww | grep apache

if it works then re-enable libphp4 and look in /etc/php4/apache/php.ini and uncomment both:

extension=mysql.so
extension=imap.so

reiterate... sometimes it is due to imap sometimes mysql!
latest hot news: laurent advise, apt-get install libapache-mod-ssl and create proper certificate with a mod-ssl-makecert; select custom 1 and do not encrypt private key
in order to check config with apache issue a apachectl configtest and then launch in case of success a apache -X

Select default dictionary under debian

select-default-ispell
select-default-wordlist

turboprint installation

I use this software [1] in order to get the full capabilities of my deskjet printer. In order to get it working with stock debian and devfs I had to edit manually the device of the printer in the /etc/turboprint and /etc/cups replacing /dev/usblp0 with /dev/usb/lp0 (mainly in /etc/turboprint/turboprint.cfg and in /etc/cups/printers.conf).

Secure web services through clean configuration of apache and ssl

Ground rule: do not use apache-ssl: apt-get remove --purge apache-ssl
Activate ssl support through apache ssl module apt-get install libapache-mod-ssl
create proper certificate without mod-ssl-makecert but with dpkg-reconfigure libapache-mod-ssl (otherwise your config will be wiped out next dist-upgrade); select custom 1 and do not encrypt private key otherwise you will have to type the pass phrase at each start of apache service
modify /etc/apache/conf.f/mod-ssl-01-vhost.conf to reflect new certificates, i.e.:

# Server Certificate:
SSLCertificateFile /etc/apache/ssl.crt/server.crt
# Server Private Key:
SSLCertificateKeyFile /etc/apache/ssl.key/server.key

now ssl documents are in /var/www-ssl, you need to edit there index.html
add your links to the services requiring passwd input that you are using through your webgate in file /etc/apache/conf.f/mod-ssl-01-vhost.conf adding for example at the end of the virtual host the following lines:

Alias /ssh /usr/share/mindterm/
Alias /twig /usr/share/twig/
Alias /weeblefm /usr/local/share/weeblefm/
Alias /squirrelmail/ /usr/share/squirrelmail/
Include /etc/gallery/apache.conf
Include /etc/phpwiki/apache.conf

how to make windows use cups ipp: add a remote printer under windows

first edit with notepad c:\windows\system32\drivers\etc\hosts and add a name to cups server (ip addresses won't work with windows...), e.g.:

192.168.0.2 gritche

on cups server e.g. gritche add a class e.g. maison where your local printer will be a member
in control panel select "add printer", then "network printer" and then "connect to printer on the internet or intranet". The url to use is http://gritche:631/classes/maison. Substitute gritche with your cups server and maison with your own class.
if you do not want to create a class and point directly to printer use: http://gritche:631/printers/plume if plume is your printer
for a free generic ipp driver for windows get it from the ESP Print Pro home page at http://www.easysw.com/printpro/

webalizer and dns lookups

in debian reverse dns is not enabled by default in order, to enable it add at bootom of file /etc/webalizer.conf:

DNSCache        /var/log/apache/dns_cache.db
DNSChildren     20

generate cache file with existing logs and reprocess access log files to see results in out directory:

mkdir /tmp/coucou
cd /tmp/coucou
cp /var/log/apache/access* .
gzip -d access*gz
for i in access.log*
do
  webazolver -N 20 -D /var/log/apache/dns_cache.db $i
done
mkdir out
for i in access.log*
do
  webalizer -o out -N 20 -D /var/log/apache/dns_cache.db $i
done

Samba configuration tips

in order to visualize correctly from a windows machine files containing french accents I use the following charset option in /etc/samba/smb.conf in the general section:

unix charset = iso8859-15

Automatic update

In order to download every day all the packages without installing them except the security fixes I use the following script in my daily crontab (this requires the use of dual lists):

mkdir -p /var/lib/aptsec/lists/partial
cat /etc/cron.daily/debupd
#!/bin/sh

apt-get update
apt-get --assume-yes --download-only dist-upgrade

apt-get -o Dir::Etc::SourceList=/etc/apt/security_updates.list -o Dir::State::Lists=/var/lib/aptsec/lists/ update
apt-get --assume-yes -o Dir::Etc::SourceList=/etc/apt/security_updates.list -o Dir::State::Lists=/var/lib/aptsec/lists/ upgrade

Apache rewrite rule to maintain backward compatibility with phpwiki

The issue: when I upgraded phpwiki, it broke the former syntax for the pages and since my wiki was already referenced it was quite frustrating for the visitors to be redirected to non existing pages. The following rewrite rule fixes this problem. All you need to add is the following line in /etc/phpwiki/apache.conf:

<IfModule mod_rewrite.c>
        RewriteEngine on
#MODIF BEGINS
        RewriteRule ^/phpwiki/index.php/(.*)$   /phpwiki/$1
#MODIF ENDS

java setup

get it at [2]
install it in /opt
make the right links with your preferred navigator

ln -s /opt/j2re1.4.2_04 /opt/j2re
ln -s /opt/j2re/plugin/i386/ns610-gcc32/libjavaplugin_oji.so /usr/lib/mozilla/plugins/libjavaplugin_oji.so
ln -s /opt/j2re/plugin/i386/ns610-gcc32/libjavaplugin_oji.so /usr/lib/mozilla-firefox/plugins/libjavaplugin_oji.so

Income revenue declaration (déclaration d'impots)

install crypto jar in relevant directory and get it there [3]

cp teleir_cryptolib.jar /opt/j2re/lib/ext/
chmod 770 /opt/j2re/lib/ext/
chown root.adm /opt/j2re/lib/ext/

generate a certificate following instructions available at [4]
declare revenues at [5]

flash plugin autoupdate

Simply apt-get install flashplugin-nonfree

my mouse is going crazy when switching back from another node with my KVM

/etc/X11/XF86Config-4 mouse section relies on gpmdata device

Section "InputDevice"
        Identifier      "Configured Mouse"
        Driver          "mouse"
        Option          "CorePointer"
#       Option          "Device"                "/dev/misc/psaux"
        Option          "Device"                "/dev/gpmdata"
        Option          "Protocol"              "IMPS/2"
# fix for KVM switch? yes but wheel do not work after
#       Option          "Protocol"              "auto"
        Option          "Emulate3Buttons"       "false"
        Option          "Buttons"               "5"
        Option          "ZAxisMapping"          "4 5"
EndSection

/etc/gpm.conf need to be put in raw repeater mode

device=/dev/misc/psaux
responsiveness=
repeat_type=raw
# try this one first!!!
#type=imps2
# if you have issues with the wheel under Xfree then switch to broken imps2
type=fuimps2
append=""
sample_rate=

firefox master password: to protect your stored passwd, just go to chrome://pippki/content/pref-masterpass.xul

Convert Windows TTF to bdf and pfc format

#!/usr/bin/perl -w
use strict;
# wandeln.ttf.pl
# converts True Type Fonts from Windows or other sources to
# bdf-files and pfc-files
# needs ttf2dbf, bdftopcf and perl

foreach my $i (@ARGV) {
   if ($i =~ /(.*?)(|b|bi|bd|i)\.ttf$/) {
      my $base = "$1$2";
      my $face = $2;
      my $ttf = $i;
      for my $p (8..16) {
         my $bdf = "$base$p.bdf";
         my $pcf = "$base$p.pcf";
         print "ttf2bdf -v -r 82 -p $p -o $bdf $ttf\n";
         print "bdftopcf -o $pcf $bdf\n";
      }
   }
}
print "mkfontdir\n";

Add ttf fonts:

add in your font server configuration file or in /etc/X11/XF86Config-4 reference to the font directory /usr/local/share/fonts/truetype

        FontPath        "/usr/local/share/fonts/truetype/windows"

create fonts.dir directly from TTF files

apt-get install fttools
cd /usr/local/share/fonts/truetype/windows
mkttfdir

restart the font server to get access to new fonts
tell X to rehash its font cache using xset fp rehash
wine issue: get rid of the only font metric to get new ones rm .wine/cachedmetrics.:0.0

Convert windows format font to unix world

converts *.fon-files from Windows to *.bdf-files.

You need to convert these files to *.pcf-files afterwards

for i in *.fon
do
  file=`echo $i | sed 's/\.pcf$//g'`
  bdftopcf $file.pcf $file.bdf
  fnt2bdf -c $file $file.fon
done

converts *.bdf-files to *.pcf which may be installed

for i in *.pcf
do
  file=`echo $i | sed 's/\.pcf$//g'`
  bdftopcf $file.pcf $file.bdf
done

after installation call mkfontdir and add directory to fontdirs of xserver

ssh key generation and propagation

ssh-keygen -t dsa -b 1024
ssh-copy-id -i ~/.ssh/id_dsa.pub root@localhost

freetv adsltv configuration

first method
- get patched version of vlc from crazyfred which assigns a specific port for video streaming
- edit in vlc under the tab parameters/preferences/input-codecs/demuxer/rtp-rtsp strike advanced options and specify port 31337
- in the router forwarding rules add a custom one forwarding udp port 31336-31337 to the designated machine from source 212.27.38.253 (mafreebox.free.fr)
- note that the downside of this method is that only one stream viewing/recording is then possible
second method
- on the router activate port triggering on port 554 forwarding port range 1024:65535

netinstall debian

setup pxe boot and dhcp server
take netinst image from http://ftp.nl.debian.org/debian/dists/testing/main/installer-i386/beta3/images/netboot/

Retrieved from "http://www.courville.org/mediawiki/index.php/Misc_configuration"