-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visiting Carcassonne.
Knightwise posted a photo:
Pictures from our trip to carcassonne.
Pictures from our trip to carcassonne.
-
Visit to the Chateau of Peyrepertuse.
Knightwise posted a photo:
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
-
Visit to the Chateau of Peyrepertuse.
Knightwise posted a photo:
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
-
Visit to the Chateau of Peyrepertuse.
Knightwise posted a photo:
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
-
Visit to the Chateau of Peyrepertuse.
Knightwise posted a photo:
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
-
Visit to the Chateau of Peyrepertuse.
Knightwise posted a photo:
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
-
Visit to the Chateau of Peyrepertuse.
Knightwise posted a photo:
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
Pictures from our visit to the chateau of Peyrepertuse.
Peyrepertuse is a ruined fortress and one of the so-called Cathar castles located high in the French Pyrénées in the commune of Duilhac-sous-Peyrepertuse, in the Aude département, and has been associated with the Counts of Narbonne and Barcelona. It stands at 800m high.
The name of Peyrepetuse derived from the ancient language called Occitan and means Pierced Rock. The castle was built on a strategic location along the french/Spanish border by The kings of Aragon (lower) in the 11th Century and by Louis lX (higher) later on. The two castles are linked together by a huge staircase. However the castle lost importance as a strategic castle when the border of the two countries was moved in 1659. Because of this the castle was abannoned and unlike many other castles in the region was never subjected to siege, instead it was handed over to the french government in 1240.
During the Albigensian Crusade it served as a Cathar haven and stronghold, but was handed over to French forces without a battle in 1240. Known as one of the "five sons of Carcassonne" ? several castles along the border between France and Spain ? the French fortified the castle in 1242 to protect the border.
(wikipedia)
-
Spelonking in the south of france.
Knightwise posted a photo: Pictures of the Gro. Pictures of the caves of limousi and the Giant cave ... Pictures of the caves of limousi and the...
-
Aussie Geek Podcast #000 :: You Have Arrived
you think of the move and anything else you can think of. The standard MyChingo Voicemail is still available! Knightwise has been banned? we are working at smuggling his mobile off him while he is sleeping. ShareThis
-
How To Install Ubuntu 8.04 With Software RAID1
-
How To Install VMware Server (Version 1.0.6) On An Ubuntu 8.04 Desktop
-
Huawei e220 USB modem for beginners
Welcome to my first HOWTO.
Before I begin, I would like to point out that I am NOT a computer expert, but after 6 months spent with ubuntu I have come to love computers as I no longer feel restricted or dictated to by my OS, in fact, I feel liberated, and I would like to thank all of the forum members as it is their contribution that makes all of the hurdles of computing shrink to a size that I feel I can approach with confidence.
As a result, I now feel confident enough to write a HOWTO and believe I actually have one to fill a much needed gap.
Anyway.....
Initially when I was trying to set up my e220, it was, quite simply, a headache. There are dozens of threads, within these forums alone, and countless elsewhere, but as these were generally responses to threads along the lines of "HELP!! Modem not working" they're generally asking for that users specific outputs and troubleshooting them, without explaining what was actually going on.
One HOWTO exists by tazz_tux, and I must acknowledge this as it definitely helped me a gain a better understanding, although for a n00b like myself much of it was over my head.
So lets get your modem working shall we......
Firstly, you should make sure you have wvdial installed, it is in the repositories, you can either open synaptic package manager and look for it there.
Main menu >System >Administration >Synaptic Package Manager
or open a terminal and type
Code:
sudo apt-get install wvdial
Now, with your modem plugged into an available USB port...
(note:: this is more reliable connected directly to your computer as opposed to a hub, and also, some users report problems with the longer cable, but I have had no such problems on the 5 I have set up personally.)
What this does is reads all of the settings you will need directly from your modem and writes them to a file called wvdial.conf. Without sudo it will read from the modem but cannot write the file.
IMPORTANT!! You should NOT edit any of the completed lines in wvdial.conf, the settings that the above command wrote to that file are unique to your modem/service provider, so copying anyone elses from a thread will only prevent yours from functioning. However you will need to edit 3 lines of text: Phone, Username and Password.
Again, in a terminal type...
Code:
sudo gedit /etc/wvdial
This will invoke your text editor (gedit) to open the file at location /etc/wvdial.conf, with administrative privaledges (sudo).
This will look something like this:
Code:
[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem
Baud = 9600
New PPPD = yes
Modem = /dev/ttyUSB0
ISDN = 0
; Phone
; Password
; Username
As you can see, Phone, Password and Username are not designated and are also preceded by a ; followed by a space. First of all delete the ;'s and spaces so that P,P and U respectively are the first characters on their lines. now following the same format as the completed fields add ( = )to each line and give them a value, so you should have something that looks like this.
Code:
[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem
Baud = 9600
New PPPD = yes
Modem = /dev/ttyUSB0
ISDN = 0
Phone = *99#
Password = Anything
Username = Anything
Before you save the file and exit, make a note of the second word in the first line, in the case of my example (Defaults) This is the name of the profile you will need to invoke for a connection.
How you wish to connect now is a matter of preference, I will now explain your options and try to outline the pro's and cons of each.
Firstly, If you feel happy having a connection with no GUI, no taskbar applet or any visual feedback on your desktop, then it's very easy.
Press Alt-F2 and type
Or replace the word Defaults with whatever was in the first line of your wvdial.conf.
If you wish for your modem to connect automatically at log on, take your mouse to the the panel menu and navigate >System >Preferences >Sessions and under the "Startup Programs" Tab, click the "Add" button and where it says "Command" Type:
Be sure also to fill in the "Name" box, but what you type in there is up to you, simply "Modem" or "E220" is ideal for your own future reference.
Now you may prefer a graphical user interface to get connected, if so you have a few choices.
If you use gnome then i recommend gnome-ppp
Code:
sudo apt-get install gnome-ppp
for kde, kppp
Code:
sudo apt-get install kppp
Another one some people are using is vodafone-mobile-connect-card-driver-for-linux, (what a mouthful) but you will not find this in the repositories and it is quite a bulky program (like it's name) that requires rather a lot of python dependencies. It does have some extra functions but I am yet to see any of them work, although to be fair I have not tried it with a vodafone sim, but it will still connect you nonetheless.
Whichever utility you choose the following instructions are the same.
If you closed your text editor after saving wvdial.conf then type:
Code:
gedit /etc/wvdial.conf
To bring it back up. Notice there was no sudo this time? Don't worry, Admin privaleges aren't necessary as we won't be editing the file, we just need that information at hand.
All that needs to be done is to complete any fields in your ppp's GUI's settings, using wvdial.conf as reference.
Some points of possible confusion explained.
What's an init string??
see the line in wvdial conf that looks something like ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK, well that's what you need to put in the init string box.
What's the phone number??
My connection is with 3uk, so the number I set mine to dial is *99#
If you have another provider it will no doubt be different, but google should be able to answer that, or contact your provider.
That's it, click connect you should be up and running. try opening up your browser and searching, if all is well, happy browsing. Perhaps you get a message saying "Offline Mode" This is just Firefox thinking it knows best, simply click on the browsers "File" in the tool bar and de-select "Work offline"
Still no connection???
If you're using a GUI to connect, there may be a function called "Stupid Mode" selecting this "apparently" forces your modem to ignore init strings,and will usually sort this problem, but at this point I am unable to explain why and I'm only just scratching at what an init string does myself so I'll avoid any further details here to avoid confusion or giving misleading info. I may edit this at a later date if I consider it appropriate
If your GUI doesn't have this option, or you have opted for my no-GUI approach, then you can go back to....
Code:
sudo gedit /etc/wvdial.conf
And add the line...
Now I hope you are connected.
As I mentioned at the beginning, I am no expert, I am just relaying my experience of setting up 5 such modems, perhaps this HOWTO doesn't work for you, if so leave a message, I'm quite sure I've read just about everything on the net about setting it up under linux, so if you have a problem, I've probably heard it before, and will probably know where to look.
One final note, If you have used this HOWTO and are still having problems, please let me know. Maybe you think I could have been clearer about something. In any case all feedback will be welcomed and appreciated. If you have got it working, which I sincerely hope you have, please leave a message saying which type of setup you opted for, which GUI, or no GUI, this could prove helpful to others in the future.
Just as I hope you have found this helpful.
-
Zimbra Integration With Samba - Ubuntu Based (Similar To AD And Exchange)
-
kc0015 "The Social Interactive Web"
Where and how to find information ? How to contribute and how to behave .. its all here in KC0015. Make sure to check out our website on www.knightwise.com and send us your feedback.
-
Wedding Collage
Knightwise posted a photo: A pretty collage made by Nyana's baby sister in honor of our wedding. A pretty collage made by Nyana's baby sister in...
-
SSH Server: A more secure configuration
by gaten guess: gaten [dot] net [at] gmail [dot] com
I personally believe that SSH is the best thing since sliced bread. It's easy to use, easy to setup, reliable encrypted internet traffic. That's hard to come by. What could be better, you ask? A more secure configuration.
The default sshd_config that ships with Ubuntu is fairly secure, but we can make it a lot better, so that's what we're going to do.
This guide assumes a few things: 1. You understand the basics of the ssh server. If you don't, here's some reading material:
2. You are comfortable editing config files and using the command line. No GUIs here.
3. You've updated sshd and your keys, and have used ssh-vulnkey (and others) to make sure your keys do not belong to the vulnerable set. See http://www.ubuntu.com/usn/usn-612-2
4. You have your public and private key system already set up. If you restart your sshd server with the configuration below and do not have your keys in place, you will not be able to login remotely. If you need help setting this up, see: https://help.ubuntu.com/community/SSHHowto
5. You understand that these are my personal recommendations for security. If you disagree and/or have an improvement, please let me know!
On with the tutorial!
For the impatient, here's the complete sshd_config
Code:
# user modified sshd_config
# See the sshd(8) manpage for details
#### Networking options ####
# Listen on a non-standard port > 1024
Port 50000
# Restrict to IPv4. inet = IPv4, inet6 = IPv6, any = both
AddressFamily inet
# Listen only on the internal network address
ListenAddress 192.168.1.0
# Only use protocol version 2
Protocol 2
# Disable XForwarding unless you need it
X11Forwarding no
# Disable TCPKeepAlive and use ClientAliveInterval instead to prevent TCP Spoofing attacks
TCPKeepAlive no
ClientAliveInterval 600
ClientAliveCountMax 3
#### Networking options ####
#### Key Configuration ####
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Use public key authentication
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Disable black listed key usage (update your keys!)
PermitBlacklistedKeys no
#### Key Configuration ####
#### Authentication ####
# Whitelist allowed users
AllowUsers user1 user2
# one minute to enter your key passphrase
LoginGraceTime 60
# No root login
PermitRootLogin no
# Force permissions checks on keyfiles and directories
StrictModes yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# similar for protocol version 2
HostbasedAuthentication no
# Don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Disable challenge and response auth. Unessisary when using keys
ChallengeResponseAuthentication no
# Disable the use of passwords completly, only use public/private keys
PasswordAuthentication no
# Using keys, no need for PAM. Also allows SSHD to be run as a non-root user
UsePAM no
# Don't use login(1)
UseLogin no
#### Authentication ####
#### Misc ####
# Logging
SyslogFacility AUTH
LogLevel INFO
# Print the last time the user logged in
PrintLastLog yes
MaxAuthTries 2
MaxStartups 10:30:60
# Display login banner
Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
#### Misc ####
Now we'll go through it, section by section.
#### Networking Options ####
Port 5000
- Using something other than the default port (22) for the ssh server can help avoid attacks by script kiddies. I can't tell you how many attempts per day my IDS picks up attacking port 22. Some might argue that security by obscurity is a bad idea, but I think it works in this case (so does my IDS).
AddressFamily inet
- Specifically limit traffic to IPv4. I don't use IPv6, so I see no reason to allow ssh to run over it. I've also disabled IPv6 on all my computers, so using it for ssh would be pointless. You're also limiting the attack vectors, which is always a good thing.
ListenAddress 192.168.1.0
- Only listen to the internal address. An entry like ListenAddress 0.0.0.0 means listen on all interfaces, including external ones. With our entry, we're only listening on internal addresses and the server cannot be accessed from the internet unless you set up port forwarding on your router/computer. It's just an extra layer of precaution, and defense in depth is the name of the game.
Protocol 2
- Force protocol version 2. This is the default entry on Ubuntu, and there is no reason to use version 1, due to the security vulnerabilities discovered with it.
X11Forwarding no
- Disable X forwarding. I use VNC tunneled over ssh if I need to see my desktop, so I have no need of X forwarding. Please note that disabling this option may break some services, such as LSTP (http://www.ltsp.org/).
TCPKeepAlive no
- Disable TCP KeepAlive messages. These messages are spoofable and are sent outside of the encrypted channel, and ClientAliveInterval is an encrypted, unspoofable (that I know of) alternative, so I see no reason to use TCPKeepAlive.
ClientAliveInterval 60
- The secure alternative to TCPKeepAlive. 60 means after 60 seconds, the sshd server will send a message to the client expecting a response.
ClientAliveCountMax 3
- The number of times the sshd server will attempt to illicit a response from the ssh client before disconnecting it. Using our configuration, an unresponsive ssh client will be disconnected after 3 minutes (ClientAliveCountMax * ClientAliveInterval).
#### Key Configuration ####
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
- RSA and DSA host (server) keys. This is the Ubuntu default
UsePrivilegeSeparation yes
- Splits up server processes in an attempt to prevent privilege escalation exploits.
PubkeyAuthentication yes
- Use public key authentication. In my opinion this option, combined with the PasswordAuthentication no option is the most important security enhancement you can make to your ssh server. When you disable password authentication and enable this option, the user will be required to have his or her public key stored on the server, and will need their private key (and passphrase for that key) in order to login. Using this combination will reduce script kiddy attacks tremendously, and brute for password attacks completely. Now an attack will have to brute force the key, which is almost impossible (in theory).
AuthorizedKeysFile %h/.ssh/authorized_keys
- The default public key file for the user.
PermitBlacklistedKeys no
- Don't allow black listed keys to be used to login to the server. Due to the recent Debian/Ubutu ssh vulnerability, I see no reason not to enable this.
#### Authentication ####
AllowUsers user1 user2
- White list the users you want to allow to login to your system. This is a space separated list, in this case user1 and user2 are the only users allowed to login to the ssh server. Black lists are a stupid idea and should be avoided if at all possible.
LoginGraceTime 60
- The number of seconds the user has to login to the system once prompted. I don't have such a long passphrase that I can't type it in a minute!
PermitRootLogin no
- Disable root logins completely. Ubuntu's root account is locked by default, but I don't care. I see no reason that you would need to login as root, or even why this needs to be enabled by default. Create a normal user account and give it sudo privileges.
StrictModes yes
- Require that users set the correct permissions on their key files and the directories that they are stored in. In order for keys to pass strict mode, they must not be writable by anyone but the owner. I'd suggest a chmod of 600 for the keyfile.
IgnoreRhosts yes
- Ignore Rhosts authentication for .rhosts and .shosts files in RhostsRSAAuthentication or HostbasedAuthentication. /etc/hosts.equiv is still used if the HostbasedAuthentication option is not disabled.
HostbasedAuthentication no
- Decides if rhosts or /etc/hosts.equiv and a public key are allowed (host-based authentication). We're relying on public keys only.
IgnoreUserKnownHosts yes
- Decide whether the server should ignore the users ~/.ssh/known_hosts during Host based or Rhost authentication. As we're disabling both, there is no reason to enable known_host authentication.
PermitEmptyPasswords no
- Do not allow empty passwords. If they want to get into your system, they'll need a key with a password.
ChallengeResponseAuthentication no
- Disable challenger response authentication. We're not using login(1) or password authentication, so there's no reason to set it.
PasswordAuthentication no
- As stated in the key section, this is a very important option. By disabling password authentication, you will require the user to have a public key on the system to login. This will eliminate brute force dictionary password attacks. This of course means you will need to transfer the keys to the system before hand, or you will lock yourself out of your system.
UsePAM no
- We're not using password authentication, so we don't need to use PAM. Also, this will allow sshd to run as an unprivileged user.
UseLogin no
- Don't use the traditional login(1) service to log in users. Because we are using privilege separation, as soon as the user logs in ths login(1) service is disabled.
#### Misc ####
SyslogFacility AUTH
- Log sshd messages to the AUTH syslog facility, which stores its messages in /var/log/auth.log by default in Ubunutu. The following command should print you out a list of sshd messages contained in that file:
Code:
grep sshd /var/log/auth.log
LogLevel INFO
- Defines what verbosity level to use for login. Available options are (removing redundant options): SILENT, QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG2, and DEBUG3. INFO is the default.
PrintLastLog yes
- When the user logs into the system, print the last time they logged in. If you see a time or date that you don't remember logging in, time to do some checking!
MaxAuthTries 2
- Maximum times a user can attempt to login per connection. Failures are logged after half the number is reached.
MaxStartups 10:30:60
- Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon (the number of users still logging in). See the man page for more info.
Banner /etc/issue.net
- Message to display when a user logins in. You may want to replace the standard Ubuntu issue.net with something warning people that only authorized users are allowed in the system. Some people claim this can help in prosecuting people who break into your systems, but I have no idea if that's viable advice or not. At the least make it look cooler than the default ;)
AcceptEnv LANG LC_*
- Which environmental variables to accept from the client. As mentioned in the sshd_config man page, take care which variables to accept. These are the Ubuntu defaults.
Subsystem sftp /usr/lib/openssh/sftp-server
- External file transfer daemon to use for sftp requests. This is the Ubuntu default.
In summary, we've changed the following:
- Disabled any authentication but key authentication
- Disabled X Forwarding
- Disabled unencrypted KeepAlive messages
- Disabled the use of Black listed keys
- Disabled root logins of any kind
- Changed the port the server listens on
- Forced the server to listen to only the internal network interface
In general, I'd say we have a pretty secure ssh server. Any comments, corrections or suggestions? Please PM me on here or email me: gaten [dot] net [at] gmail [dot] com.
Here's some further reading material on the subject. I've pulled heavily from these sources for this tutorial. Ubuntu Advanced SSH Server Guide: https://help.ubuntu.com/community/AdvancedOpenSSH
Debian "Secure SSH" article: http://www.debian-administration.org/articles/455
The Ultimate SSH Security Tutorial:
http://tuxtraining.com/2008/05/14/th...rity-tutorial/
Ubuntu SSH Documentation: https://help.ubuntu.com/community/SSHHowto
OpenSSH: http://www.openssh.org/
Wikipedia Entry: http://en.wikipedia.org/wiki/Secure_Shell/
sshd_config man page
-
HOWTO: Set up Pidgin so you can view your MSN buddies' personal messages
msn-pecan is an alternative MSN/Windows Live Messenger plugin for Pidgin. In the author's own words:
Quote:
Being the main author of the MSN plug-in in Pidgin I got tired of being neglected from the development. So I started a fork.
|
The project page is located at http://code.google.com/p/msn-pecan/
Please note: This is an unofficial plugin, so not supported by Pidgin's development team.
I will do most things from the terminal, since it's easier to explain, but if you want, you can install the packages through synaptic. You can start the terminal from Applications>Accessories>Terminal.
Please close Pidgin before you start.
1. Install libpurple-dev and git-core:
Code:
sudo apt-get install libpurple-dev git-core
2. Download the plugin:
Code:
git clone git://github.com/felipec/msn-pecan.git
3. Compile and install the plugin:
Code:
cd msn-pecan
make
sudo make install
4. Setup Pidgin to use the new plugin:
- a. Start Pidgin and go to Accounts>Manage.
- b. Either disable your existing MSN account by unchecking the check box or delete it by selecting it and clicking Delete. I would recommend deleting it to keep things tidy, but it's up to you!
- c. Click add and set up an account as you normally would, except select WLM instead of MSN for Protocol.
5. Done!
Please let me know how you get on!
-
kc0014 "Virtual Insanity"
In episode 14 we talk about virtual machines and how you can use them. Scale down your computer lab to just one machine and virtualize everything else. The tools you need, the way you can set it up, the pro's and the pitfalls , its all in KC 0014 : Virtual insanity.
-
HOW TO: VMware Server 1.0.6 in Ubuntu 8.0.4 Hardy Heron 64-bit Editions
ADDED: HOW TO: VMware Server 1.0.6 in Ubuntu 8.0.4 Hardy Heron 64-bit Editions
Applies only to 64-bit editions. Installing on a 32-bit edition is pretty straight forward.
Build your Environment:
Make sure you have the needed build environment and tools to compile the vmware modules for the kernel.
Code:
sudo apt-get install linux-headers-`uname -r` build-essential xinetd
These are required for 64-bit Servers:
Code:
sudo apt-get install libxtst6 libxt6 libxrender1
sudo apt-get install ia32-libs libc6-i386
Install VMware Server:
Untar the VMware Server package:
Code:
tar -xzf /Path/To/VMware-server-1.0.6-xxx.tar.gz
Change into the install directory and run the installer:
Code:
cd vmware-server-distrib
sudo vmware-install.pl
Choose defaults and installation will fail eventually when trying to build the drivers:
As of right now VMware Server 1.0.6 won't compile correctly on Hardy 64-bit without patching the vmmon file.
The patch can be downloaded here:
Code:
wget http://uruz.org/files/vmware-any-any-update-116.tgz
Untar the patch and resume installation:
Code:
tar -xvzf vmware-any-any-update116.tgz
cd vmware-any-any-update116
sudo ./runme.pl
That will finish the vmware-server installation succesfully.
Installing the Management User Interface:
Create symbolic links first for VMware-mui-1.0.6 to install and work properly:
Code:
sudo ln -sf /lib/libgcc_s.so.1 /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1
sudo ln -sf /usr/lib/libpng12.so.0 /usr/lib/vmware/lib/libpng12.so.0/libpng12.so.0
Untar the downloaded vmware-mui package and install:
Code:
tar xzvf Vmware-mui-1.0.6-xxx.tar.gz
sudo ./vmware-install.pl
If you receive a "starting httpd.vmware:-ne failed" error at the end of running vmware-config-mui.pl you will need to run the following command.
EXECUTE CAREFULLY!!
Code:
sudo ln -s -f /bin/bash /bin/sh
sudo vmware-config-mui.pl
Autostart VMware Management User Interface:
To enable vmware-mui automatically on each restart without requiring user intervention, add this to your "/etc/rc.local" file
The line has to be added before "exit 0" line. "exit 0" is always the last command in the file.
Code:
vmware-mui-config.pl -d
The "-d" switch will automatically generate a SSL certificate with a default session time out of 60 minutes.
For 64 bit users there is one additional step in order to allow vmware console (on your desktops - not on the server) to launch:
Code:
sudo ln -s /usr/lib32 /usr/l32
sudo sed -i -e 's/usr\/lib/usr\/l32/g' /usr/lib32/gtk-2.0/2.10.0/loader-files.d/libgtk2.0-0.loaders
sudo sed -i -e 's/usr\/lib/usr\/l32/g' /usr/lib32/libgdk_pixbuf-2.0.so.0.1200.9
That is all. You've now got all you want run VMware-server on your Hardy 64 bit server.
-
Introducing GUFW the Uncomplicated Firewall GUI for Ubuntu Linux Hardy Heron!!
I just woke up this morning and found a great comment on my blog introducing me to a promising new project by marcoscostales called gufw and he has taken his time to create a .deb package for us all. This application looks promising and can only get better with our suggestions.
So far 1200 people on Ubuntu Brainstorm voted for an application like this, see here
Features: Enable/disable Firewall via 1 click access
Deny all inbound/outbound connections with 1 click
Allow all inbound/outbound connections with 1 click
A nice allow/deny drop down box.
Easily add/remove firewall rules
Block ping replies to show up as having a stealth/invisible ip on the lan/inet
Screens:
Howto Install?
Download GuFw here
See here for updated packages
Double click the .deb file and click install.
You will find ufw with a nice shield icon via Applications->Internet->gufw
For support see here
Help improve this application by submitting bug reports and ideas here
-
How To Install VMware Tools on Ubuntu 8.04 Guests
Installing VMware Tools on virtualized guests gives you a much more enjoyable experience within your virtual environment. Screen resolution, mouse behaviour, etc will be improved for your virtual sessions after installing these additional tools. Installing these tools within Ubuntu 8.04 virtualized guests is fairly simple, just follow along below.
Installing VMware Tools
The first requirement, of course, is that you have Ubuntu 8.04 installed within VMware Server and that Ubuntu 8.04 is running.
Once you?ve got your Ubuntu 8.04 guest logged in, navigate to the ?VM? menu option (File, Edit, View? VM) and select ?Install VMware Tools?. This will notify you once again that your guest must be logged in. If that is the case, click ?Install?.
note: The next step in the process may be simpler if you make sure any other CD images are unmounted before continuing.
This part of the process mounts a virtual CD image with the VMware Tools contained on it. To find these tools for installation navigate to Places > Computer > CD Drive. You should find these two files listed there:
VMwareTools-*.rpm
VMwareTools-.tar.gz
For Ubuntu guest installations we?ll want to use the .tar.gz file. Now we have access to the needed file, the next part of the process is opening the archive and installing the tools.
Below I?ve put together a copy-paste list of commands you should be able to use to unpack and setup VMware Tools on your Ubuntu 8.04 guest. All of these commands happen within the Ubuntu 8.04 Guest machine:
sudo aptitude install build-essential linux-headers-generic
cp /media/cdrom/VMwareTools-*.tar.gz /tmp/
cd /tmp/
tar xf VMwareTools-*.tar.gz
cd vmware-tools-distrib/
sudo ./vmware-install.pl
You should be able to safely select the defaults for most of the questions. You might want to pay attention at the step where it asks for your preferred available resolution and set that properly. For the new VMware Tools to be available once this process is done you?ll need to reboot your Ubuntu 8.04 guest. Enjoy.
Related
-
Remove Unnecessary Packages and Other Random Tidbits
This is a general guide to the some things that I like to remember whenever I reinstall, including a long list of packages that can be potentially removed.
This is based on Gnome, but some things should or can be common with KDE or Xubuntu.
If I have something wrong or you have any questions, feel free to let me know. I'll try to update this as much as possible.
Packages I install/utilize:
smartmontools
- Find power cycles (and more) of hard disk (indicates if you have the hard drive bug
Code:
sudo smartctl -d ata -a /dev/sda | grep Cycle
gnomesword
gthumb
- Though eog is installed by default, it seems to use a lot of memory. Gthumb also provides many useful basic functions such as cropping, mass resize/convert, and color adjustment.
firestarter
- A GUI to configure iptables firewall.
icedtea
- Free implementation of the Java environment.
audacity
- Very good audio editing program.
dvdrip
- For making video files from DVDs.
boinc
boinc-manager
- Client and manager program respectively for distributed computing. You can install just the client and manage it remotely.
sensors-applet
- Monitor temperature and fan speeds on the panel through acpi, lm-sensors, hddtemp, etc. You may want to set lm-sensors up with:
Code:
sudo sensors-detect
Nautilus has a few plugins available, notably:
image resize
- Provides options to rotate and resize images from the right-click menu.
open terminal
- Provides on option to open a terminal from the right-click menu. Clicking on/in a directory opens a terminal starting in that directory, clicking on the desktop will open it in your home folder.
gksu
- Provides an option to open a file as root. Useful to not have to use the above plugin or root user Nautilus.
sound convert
- Provides options to convert audio files from the right click menu. I haven't had much luck with it, but it could be useful.
emerald
emerald-theme-manager
- An alternative to Metacity that can handle transparency, very customizable, themes available here.
compizconfig-settings-manager
- Enable plugins and alter their settings for Compiz.
ndiswrapper
ndisgtk
- Use Windows drivers for wireless cards. This has been my best friend through most of my time with Linux. :)
conky
- Place customized information on your desktop. More info here.
five-a-day-applet
Code:
deb http://ppa.launchpad.net/5-a-day/ubuntu hardy main
avant-window-navigator
- This is like the Mac OS X bar. Gdesklets has an attempt at this, too, but I have been very impressed at this program. It combines launchers with a window list, and can also have applets like the Gnome panel. Between this and Conky, along with a couple of short programs I wrote, I no longer need my Gnome panel. :)
balsa
- An email program. I've had problems every time I've used Evolution. Thunderbird is nice, but I've found Balsa to be very fast, and integrates well with Gnome.
espeak
- This is a very simple text to speech program that is installed by default. I think with a little creativity it could be very useful. For example, I had it read a warning when my processor got too hot.
- You can have it read a text file via
Code:
espeak -f /path/to/file
REMOVALS
I have spent a lot of time trying to cut down Ubuntu installs to fit on 1.5 GB hard drives and into RAM, so anything that I can remove is helpful sometimes.
These are programs and packages that I have found I don't need. You may need them. I'll try to explain (to you and myself both) what they do. Based on that, it's your decision. If in doubt, don't remove anything. Aptitude will tell you of almost anything that will totally break your system or another package, but try to remember what you have done in case something breaks.
There are many guides on the forums about how to remove unused packages, and they can make a great second step to removing things from this list, especially gtkorphan.
ubuntu-desktop
- This is what is called a "metapackage." It doesn't actually contain anything, it just makes sure that all of the default desktop applications are installed. If you remove something it depends on, it will be removed too. That's fine. When (if) you upgrade, it may be a good idea to reinstall it.
ttf
- If you search for this in Synaptic you will find that a lot of other language fonts are installed by default. If you don't plan an reading or writing with them, you can remove them.
bluez-gnome
bluez-utils
- If you don't have Bluetooth capability, you can remove these packages.
xscreensaver-gl
xscreensaver-data
rss-glx
screensaver-default-images
- I'm not interested in using any pretty screensavers on my laptop. I just blank the screen rather than make it heat up or waste CPU time. Leaving gnome-screensaver retains the basic ability.
tomboy
- An application for note taking that I have never used.
ekiga
libopal-2.2
- Something like Skype, you can talk/conference over the Internet. I've never used it.
xcursor-themes
- Extra themes for your mouse cursor.
language-support-writing-en
language-support-en
language-support-translations-en
- All of these are metapackages that depend on all of the writing tools, general language support, and translations for English (or whatever language you have installed, the last two letters will be different).
myspell-en-za
- South African English dictionary.
openoffice.org-l10n-en-gb
openoffice.org-help-en-gb
- British English translation and help for OpenOffice.
openoffice.org-l10n-en-za
- South African English translation for OpenOffice.
openoffice.org-thesaurus-en-au
- Australian English thesaurus for OpenOffice.
yelp
- Help viewer. I choose to use the forums and the internet rather than any of the locally installed help.
gimp-help-common
gimp-help-en
- Help files for the Gimp. Again, I prefer online.
gnome-user-guide
- User guide for Gnome. Again, I prefer getting anything I need online.
diveintopython
- Ever wanted to learn the Python programming language? This is the book for you! Check into it. Otherwise, you can remove it.
ubuntu-docs
- General Ubuntu documentation. I prefer online.
thunderbird-locale-en-gb
- This Great Britain locale for Thunderbird is installed though Thunderbird isn't, which is odd. One of the language support packages depends on it.
linux-generic
linux-restricted-modules-generic
- These are metapackages for the kernel versions and restricted modules respectively.
linux-restricted-modules-2.6.24-16-generic
- This provides madwifi (Atheros), fglrx (ATI), nvidia, fcdsl2, fcdslsl, fcdslslusb, fcdslusb, fcdslusb2, fcpci (AVM ISDN), fcdsl, fcdslusba, fcusb, fwlanusb, fxusb (AVM ISDN x86 only). If you don't use any of these, you can remove it.
nvidia-kernel-common
linux-headers-generic
linux-headers-2.6.24-16
linux-headers-2.6.24-16-generic
- These are only needed if you need to recompile the kernel.
ppp
pppconfig
pppoeconf
wvdial
- Used in modem and similar connections. Not needed for wireless or ethernet connections.
xsane
xsane-common
tracker
tracker-search-tool
libdeskbar-tracker
libtracker-gtk0
- Desktop search tool. I don't find it useful enough to keep.
zenity
gnome-games
gnome-games-data
gnome-cards-data
- The default gnome games. I don't play them enough to keep them.
scim
scim-bridge-agent
scim-bridge-client-gtk
scim-gtk2-immodule
scim-modules-socket
libscim8c2a
- A way to set up input for languages with different alphabets.
brltty
brltty-x11
gnome-app-install
- The nice Add/Remove Applications in the menu.
ubufox
- This helps with the installation of flash and other plugins for Firefox.
apturl
- This is a dependency of ubufox, it allows packages to be installed with the syntax "apt : package"
python-pyatspi
at-spi
mousetweaks
- Mouse accessibility support.
gnome-mag
- The Gnome magnifier. I'd prefer the Compiz plugin.
gnome-orca
bogofilter
bogofilter-bdb
libgsl0ldbl
- Spam filter for use with Evolution or maybe Thunderbird.
ubuntu-sounds
example-content
- Sample files to use when testing/showing off Ubuntu.
evolution-exchange
- Evolution plugin for Microsoft Exchange mail.
evolution-webcal
- Evolution plugin for web-based calendars.
guile-1.6-libs
gnome-pilot
gnome-pilot-conduits
- Tools for PalmPilot devices.
gnome-accessibility-themes
eog
- As I mentioned above, I prefer gthumb.
deskbar-applet
- The Deskbar applet for the panel.
contact-lookup-applet
- The contact lookup applet for the panel.
fast-user-switch-applet
- The applet for switching users for the panel.
jockey-common
jockey-gtk
- This program is responsible for installing restricted drivers such as nvidia or b43.
splix
- This is a driver for samsung laser printers.
min12xxw
- Printer driver for KonicaMinolta PagePro.
xserver-xorg-video-all
- You should be able to remove this metapackage, as well as everything but v4l, vesa, vga, fbdev, dummy, and the one you are using. If you are using a proprietary driver, such as nvidia, it might be a good idea to leave the open source driver, nv, just in case.
tsclient
- For connecting to other machines remotely.
vino
- Server that allows others to access your desktop remotely.
sound-juicer
- A CD ripper, Rhythmbox takes care of my needs.
make
lftp
- For getting files via ftp using the command line.
- I think this is required for the Rhythmbox Cover Art and Lyrics plugins.
Miscellaneous tips:
Control Processor scaling from the panel applet:
Code:
sudo dpkg-reconfigure gnome-applets
"Yes" to run cpufreq as root. Possibly a security problem, but I've risked it.
Change percentage reserved for root on filesystem (-m )
Code:
tune2fs -m 1 /dev/external
Run a script at boot
Code:
/etc/init.d/something.sh
sudo chmod 755 something.sh
sudo update-rc.d something.sh defaults
OR
Boot scripts
Code:
/etc/rc.d/rc2.d/SXXscript
Shutdown scripts
Code:
/etc/rc.d/rc0.d/KXXscript
Run in order of number XX.
I'll end with a script to save battery power. This is placed in /etc/acpi/battery.d and /etc/acpi/ac.d, and I've named it 99-savings.sh. This causes it to run every time the system switches from AC to battery or vice versa, and the script knows which part to run based on whether it's on AC or battery. It's a combination of a script I found somewhere on the forums, the powertop suggestions. I added some processes that I don't really want running while on battery power that will be stopped but started again when back on AC.
I've tested it a bit, and I don't think that every line does exactly what it should. I think some other power management utilities write their own values in some of these places. All in all, though, I think it's worth it.
Code:
#!/bin/bash
# Go fast. More or less Ubuntu defaults
if on_ac_power; then
hdparm -B 255 -S 240 -M 254 /dev/sda
mount -o remount,commit=5 /
mount -o remount,commit=5 /home
echo 0 > /proc/sys/vm/laptop_mode
echo 10 > /proc/sys/vm/dirty_ratio
echo 5 > /proc/sys/vm/dirty_background_ratio
echo 500 > /proc/sys/vm/dirty_writeback_centisecs
echo 0 > /sys/module/snd_hda_intel/parameters/power_save
echo max_performance > /sys/class/scsi_host/host0/link_power_management_policy
iwpriv wlan0 power_profile 1
echo 50 > /proc/sys/vm/swappiness
echo 3000 > /proc/sys/vm/dirty_expire_centisecs
hal-disable-polling --device /dev/scd0 --enable-polling
/etc/init.d/postfix start
/etc/init.d/anacron start
/etc/init.d/ntp start
else # Save power
hdparm -B 1 -S 4 -M 128 /dev/sda
mount -o remount,commit=600 /
mount -o remount,commit=600 /home
echo 5 > /proc/sys/vm/laptop_mode
echo 40 > /proc/sys/vm/dirty_ratio
echo 1 > /proc/sys/vm/dirty_background_ratio
echo 30000 > /proc/sys/vm/dirty_writeback_centisecs
echo 10 > /sys/module/snd_hda_intel/parameters/power_save
echo min_power > /sys/class/scsi_host/host0/link_power_management_policy
iwpriv wlan0 power_profile 5
echo 10 > /proc/sys/vm/swappiness
echo 0 > /proc/sys/vm/dirty_expire_centisecs
hal-disable-polling --device /dev/scd0
/etc/init.d/postfix stop
/etc/init.d/anacron stop
/etc/init.d/ntp stop
/etc/init.d/rsync stop
/etc/init.d/smartmontools stop
fi
-
HOWTO: Backup all installed programs/packages
PROBLEM: Lets say you have set up your *buntu box. Now you want to backup all the installed deb files so that you can restore them quickly and efficiently.
UPDATE: Why would you want this?
When I was using windows I had a directory of EVERY Single program that I had downloaded. For one thing it would be easier to install everything as I would not have to go online and hunt for them. Further it would be useful where a computer does not have internet connection. In ubuntu "hunting" for programs is a rare occurrence thanks to the fantastic package managing system. However, I personally have about 20-30 programs that I have either compiled from source (using checkinstall, so that that a deb package is created and they are added to APT), or downloaded debs from obscure locations. Now each of these debs I will save in a directory so that in the future I do not have to go hunting for them. However, this command I have outlined backs up ALL packages, including the ones in the package manager. So, why would you want that?
Firstly, this is VERY useful if lets say you have setup a very basic installation with all updates, and all non-free video/audio/etc codecs. Further you have installed some basic useful software. Now lets say you want to install the SAME setup on your grandmothers computer, except she does not have internet connection, or at the time you go to set it up she does not have a net connection. Using this script you can have all your debs in one simple location, so you will not have to redownload everything.
Secondly, lets assume you work for a school, or a company, and you need to install the SAME ubuntu installation on 30 computers. Wouldn't it be easier to simply put all these debs in a central server and issue the dpkg -i *.deb command. This way you don't have to individually select the packages AND the packages don't have to download.
Thirdly, (and this is purely personal) I like to be able to have all my installed packages at hand. This command doesn't take much effort, and for me it only requires 1.4 gb of space, so for a bit of piece of mind I can easily have all my packages on hand.
There is no real reason to do this if you are already doing a full system backup (e.g. an image of your Ubuntu partition using partimage). This is just something I discovered and feel could be beneficial to other users.
These commands will do that for you.
Open a terminal and paste the following into it:
Code:
$ sudo apt-get install dpkg-repack fakeroot
$ mkdir ~/dpkg-repack; cd ~/dpkg-repack
$ fakeroot -u dpkg-repack `dpkg --get-selections | grep install | cut -f1`
(the last command will take some time)
Now if you scroll to your home folder, you should find a folder called "dpkg-repack" which should have all the deb files of all your installed packages.
RE-INSTALL
If you want to re-install the packages, navigate to the folder with the packages and input the following command in the terminal:
Thanks to https://answers.launchpad.net/aptonc...n/15592/+index (Rafael)
NB: I know AptonCD does this but what prompted me to use this method was that I had done the sudo apt-get clean command which had erased all the files in the /var/cache/apt directory, rendering AptonCD useless (as all it does is take the files from there and put it in the list). So I find this method is more efficient, and easier for me to control!
-
XEN On An Ubuntu Hardy Heron (8.04) Server System (amd64) - High Performance
-
xMod Tweaks Leopard's Hidden Settings [Featured Mac Download]
-
AceBackup Offers Local, Remote, and Secure File Backup [Featured Windows Download]
-
Howto Create Name Based and IP Based Virtual hosts in Apache
We have already seen the apache2 installation if you want to check here
Virtual Host refers to the practice of running more than one web site (such as www.company1.com and www.company2.com) on a single machine. Virtual hosts can be ?IP-based?, meaning that you have a different IP address for every web site, or ?name-based?, meaning that you have multiple names running on each IP address. The fact that they are running on the same physical server is not apparent to the end user.
(...)
Read the rest of Howto Create Name Based and IP Based Virtual hosts in Apache (1,125 words)
© admin for Ubuntu Geek, 2008. | Permalink | One comment | Add to  del.icio.us  digg
Who's linking ?  Technorati  BlogPulse  Google
Want more on these topics ? Browse the archive of posts filed under Server. Related Articles 
|
Lifestream