SOHO : Small Office Home Office
Freeware - Opensource software tips, tricks, tweaks & fixes for managing, securing, improving the performance of SOHO Desktop, Laptop, Networks

Wednesday, December 19, 2012

How to show / hide uvnc tray icon with registry method

UVNC release 1.1.8 november 2012.

We prefer to install uvnc as a service, disable tray icon and store the settings in registry rather than ultravnc.ini file.  The admin properties is accessed by right click on the uvnc tray icon. All the settings in the admin properties window can be edited in the registry. But for new sys-admins or support engineers who are not familiar with the registry properties prefer to edit the admin properties by the gui method. This post will help to enable/disable the tray icon by registry method.

1. Stop uvnc service
Right click taskbar > start task manager > goto services tab > Right click uvnc_service and click stop service




2. Regedit 
Open regedit by go to start > run > regedit 

3. Editing the WinVNC3
HKEY_LOCAL_MACHINE\Software\Wow6432Node\ORL\WinVNC3

If you are  not able to locate WinVNC3 at the above path then perform a search for WinVNC3. To perform search go to edit and click find.


Right click on DisableTrayIcon and click on modify
Change the value to 1 to remove tray icon
Change the value to 0 to show tray icon

4. Start uvnc_service
Right click taskbar> start taskmanger> goto services tab> Right click uvnc_service and click start service

5. Tray icon

6. Admin properties window
Right click on the tray icon > select the admin properties

Continue Reading...

Monday, November 19, 2012

EasyPHP error cannot run specified program



EasyPHP is a COMPLETE WAMP package and READY-TO-USE ENVIRONMENT for PHP DEVELOPERS including the server-side scripting language PHP, the web server Apache, the SQL server MySQL, as well as development tools such as the database manager PhpMyAdmin, the debugger Xdebug and many others. Nothing to configure. It's already done! You just need to download, intall ... and code. The administration page allows you to list the docroot, extensions,change the Apache port, the timezone, max execution time, error reporting,upload max filesize, add/remove alias, manage modules.

After installing and running the easyphp I got an error 
"The system cannot execute the specified program" 

Solution:
You are trying to run some program on Windows (such as apache.exe or htpasswd.exe) and you are getting "The system cannot execute the specified program" error. This usually means that the program you are trying to run was compiled against DLLs that are not on your system.

The Apache 2.x binary windows distribution, specifically, was compiled against the Visual Studio 2008 re-distributable package, which you can download from microsoft.

Download link:
Microsoft Visual C++ 2008 SP1 Redistributable package (x86)

Microsoft Visual C++ 2008 SP1 Redistributable package (x64)

Microsoft Visual C++ 2008 Redistributable package (choose from the list of downloads accordingly)



Continue Reading...

Thursday, May 3, 2012

Install openvpn on ubuntu VPS in less than 10 minutes

Overview

If all that you want is just a openvpn server without the hassle of compiling, I recommend a debian / ubuntu system with a minimum of 64mb RAM. The below instructions would let you connect to your own openvpn (openvz VPS) server in less than 10 minutes.


Prerequisite

Before we install openvpn, check if tun/tap is enable for your vps:
cat /dev/net/tun 
In the above image "File descriptor in bad state"  means  tun/tap enabled. If not, contact your vps provider to activate tun/tap. Without tun/tap vpn connection cannot be established.

Installation

To install openvpn in a terminal enter:
sudo apt-get install openvpn


Server Certificates

Now that the openvpn package is installed, the certificates for the VPN server need to be created. 
First, copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. You will also need to adjust permissions in the easy-rsa directory to allow the current user permission to create files. From a terminal enter:

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/
Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment:

export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export KEY_EMAIL="steve@example.com"
Enter the following to create the server certificates:

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/


Client Certificates

The VPN client will also need a certificate to authenticate itself to the server. To create the certificate, enter the following in a terminal:

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname
Replace hostname with the actual hostname of the machine connecting to the VPN.
Copy the following files to the client:

/etc/openvpn/ca.crt
/etc/openvpn/easy-rsa/keys/hostname.crt
/etc/openvpn/easy-rsa/keys/hostname.key
/etc/openvpn/ta.key
Remember to adjust the above file names for your client machine's hostname.
It is best to use a secure method to copy the certificate and key files. The scp utility is a good choice, but copying the files to removable media then to the client, also works well.


Configuration

Server Configuration

Now configure the openvpn server by creating /etc/openvpn/server.conf from the example file. In a terminal enter:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
Edit /etc/openvpn/server.conf changing the following options to:

push "redirect-gateway defi by-pass-dhcp" ; uncomment this line
push "dhcp-option DNS 10.8.0.1"; add this line
script-security 3 ; add this line
push: are directives to add networking options for clients.

After configuring the server, restart openvpn by entering:
sudo /etc/init.d/openvpn restart


Network Configuration

This network configuration is for openvz virtualization only, This guide is not related to dedicated or xen server.


Edit  /etc/sysctl.conf file and uncomment the following line:
net.ipv4.ip_forward=1
We want the ipv4 forward to be persistent even on reboot:
sudo echo 1 > /proc/sys/net/ipv4/ip_forward


Firewall / iptables Configuration


Setup iptables to allow vpn connection
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 1.1.1.1
Replace 1.1.1.1 with the actual ip address.


Saving iptables

You may want to have your iptables saved everytime you reboot. You could add a line like this one in /etc/network/interfaces

pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
The line "post-down iptables-save > /etc/iptables.rules" will save the rules to be used on the next boot.


Manage users

You may want to add multiple users to your vpn server with the command:

useradd username -s /bin/false
passwd username
You may want to delete a user with the command
userdel username 
Finally, restart openvpn:
sudo /etc/init.d/openvpn restart 
You should now be able to connect to the remote LAN through the VPN..


Client Configuration 

First, install openvpn on the client:
sudo apt-get install openvpn
Then with the server configured and the client certificates copied to the /etc/openvpn/ directory, create a client configuration file by copying the example. In a terminal on the client machine enter:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
Now edit /etc/openvpn/client.conf changing the following options:

remote vpn.example.com 1194
cert hostname.crt
key hostname.key
ca ca.crt
tls-auth ta.key 1
script-security 3
Replace vpn.example.com with the hostname of your VPN server, and hostname.* with the actual certificate and key filenames.


Windows Client Configuration 

  • Download and install openvpn-gui stable
  • copy client.conf file to c:\program files\openvpn\config\ rename client.conf to client.ovpn
  • copy ca.crt, hostname.crt, hostname.key, ta.key to c:\program files\openvpn\config\
  • Right click openvpn tray icon and connect




Sample server configuration

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
script-security 3

Sample client configuration


client
dev tun
proto udp
remote vps4.tidydns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 3
ca ca.crt
cert vps4.tidydns.net.crt
key vps4.tidydns.net.key
ns-cert-type server
comp-lzo
verb 3

Continue Reading...

Wednesday, May 2, 2012

Setup ramdisk with ramfs or tmpfs

Overview:
Using ramfs or tmpfs you can allocate part of the physical memory to be used as a partition. You can mount this partition and start writing and reading files like a hard disk partition. Since you’ll be reading and writing to the RAM, it will be faster.

When a vital process becomes drastically slow because of disk writes, you can choose either ramfs or tmpfs file systems for writing files to the RAM.

Both tmpfs and ramfs mount will give you the power of fast reading and writing files from and to the primary memory. When you test this on a small file, you may not see a huge difference. You’ll notice the difference only when you write large amount of data to a file with some other processing overhead such as network.

 How to mount Tmpfs
# mkdir -p /mnt/tmp
# mount -t tmpfs -o size=20m tmpfs /mnt/tmp

The last line in the following df -k shows the above mounted /mnt/tmp tmpfs file system.

# df -k
Filesystem      1K-blocks  Used     Available Use%  Mounted on
/dev/sda2       32705400   5002488  26041576  17%   /
/dev/sda1       194442     18567    165836    11%   /boot
tmpfs           517320     0        517320    0%    /dev/shm
tmpfs           20480      0        20480     0%    /mnt/tmp

How to mount Ramfs

# mkdir -p /mnt/ram
# mount -t ramfs -o size=20m ramfs /mnt/ram


The last line in the following mount command shows the above mounted /mnt/ram ramfs file system.

# mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
tmpfs on /mnt/tmp type tmpfs (rw,size=20m)
ramfs on /mnt/ram type ramfs (rw,size=20m)

You can mount ramfs and tmpfs during boot time by adding an entry to the /etc/fstab

Ramfs vs TmpfsPrimarily both ramfs and tmpfs does the same thing with few minor differences.
  •  Ramfs will grow dynamically.  So, you need control the process that writes the data to make sure ramfs doesn’t go above the available RAM size in the system. Let us say you have 2GB of RAM on your system and created a 1 GB ramfs and mounted as /tmp/ram. When the total size of the /tmp/ram crosses 1GB, you can still write data to it.  System will not stop you from writing data more than 1GB. However, when it goes above total RAM size of 2GB, the system may hang, as there is no place in the RAM to keep the data.
  • Tmpfs will not grow dynamically. It would not allow you to write more than the size you’ve specified while mounting the tmpfs. So, you don’t need to worry about controlling the process that writes the data to make sure tmpfs doesn’t go above the specified limit. It may give errors similar to “No space left on device”.
  • Tmpfs uses swap.
  • Ramfs does not use swap.
Disadvantages of Ramfs and Tmpfs
Since both ramfs and tmpfs is writing to the system RAM, it would get deleted once the system gets rebooted, or crashed. So, you should write a process to pick up the data from ramfs/tmpfs to disk in periodic intervals. You can also write a process to write down the data from ramfs/tmpfs to disk while the system is shutting down. But, this will not help you in the time of system crash.

Table: Comparison of ramfs and tmpfs
Experimentation Tmpfs Ramfs
Fill maximum space and continue writing Will display error Will continue writing
Fixed Size Yes No
Uses Swap Yes No
Volatile Storage Yes Yes

If you want your process to write faster, opting for tmpfs is a better choice with precautions about the system crash.
Continue Reading...

ramfs manpage


NAME
ramfs  - memory file system

SYNOPSIS
ramfs [ -Dipsu ] [ -m mountpoint ] [ -S srvname ]

DESCRIPTION
Ramfs starts a process that mounts itself on mountpoint (default /tmp).  The ramfs process implements a tree rooted at dir, keeping all files in memory.  Ini- the file tree is empty.

The -D option enables a trace of general debugging

The -i flag tells ramfs to use file descriptors 0 and 1 for its communication channel rather than create a pipe.  This makes it possible to use ramfs as a file server on a remote machine: the file descriptors 0 and 1 will be the network channel from ramfs to the client machine.

The -p flag causes ramfs to make its memory `private' so that its files are not accessible through the debugging interface.

The -s (-S) flag causes ramfs to post its channel on /srv/ramfs (/srv/srvname) rather than mounting it on mountpoint, enabling multiple clients to access its files. However, it does not authenticate its clients and its implementation of groups is simplistic, so it should not be used for precious data.

The -u option permits ramfs to consume as much memory as needed; without it, ramfs will limit its consumption to some arbitrary amount, currently 768MB (enough to hold a CD image).

This program is useful mainly as an example of how to write a user-level file server.  It can also be used to provide high-performance temporary files.

source : http://man.aiju.de/4/ramfs
Continue Reading...

Tuesday, April 17, 2012

Add scripts to startup or shutdown


User-defined tasks can be done by executing a script at startup and shutdown for Linux. To execute script at startup of Ubuntu, the rc.local can be modified to include additional commands. To execute script when rebooting Ubuntu, the script has to be copied to the relevant directory. Once the permissions of the script have been changed to executable, it will run when rebooting the Linux operating system. Scripts are run in the alphabetical order in the directories and the scripts should be named following the nomenclature rules when executing a script at startup and shutdown.

To execute a script at startup of ubuntu
Edit /etc/rc.local and add your commands
The script must always end with exit 0

To execute a script upon rebooting Ubuntu
Put your script in /etc/rc0.d
Make it executable (sudo chmod +x myscript)
Note:
The scripts in this directory are executed in alphabetical order
The name of your script must begin with K99 to run at the right time. 

To execute a script at shutdown
Put your script in /etc/rc6.d
Make it executable (sudo chmod +x myscript)
Note:
The scripts in this directory are executed in alphabetical order
The name of your script must begin with K99 to run at the right time. 


How to put script in rc*.d?

  1. Create a script and make it executable
  2. Copy it to /etc/init.d folder
  3. Run the command ( dont forget the dot in the end)
sudo update-rc.d script_name start 3 0 6 . 

The above command will run the script during shutdown or reboot. update-rc.d adds this script to runlevels rc0.d and rc6.d 




rc0.d is shutdown
rc6.d is reboot


source : http://ubuntuforums.org/showthread.php?p=6234799
Continue Reading...

Thursday, April 12, 2012

Unable to open env locale


In my ssh-log
/var/log/auth.log : I have the following error message

Unable to open env file: /etc/default/locale: No such file or directory

Edited on 19/December/2012

1. Create and edit file locale at  /etc/default
sudo nano /etc/default/locale
2.. Add this to the file (in this case we are adding US english)
LANG = en_US.utf8 
3. save and quit the editor

4. regenerate the locales
sudo locale-gen en_US.utf8
5. logout and login for the environment variables to be in effect


Solution for ubuntu
sudo update locale

if the error still persists then 
sudo apt-get install localepurge
sudo dpkg-reconfigure localepurge

check the out with command 
locale

Solution for Deian
How to get rid of  locale/perl error messages?

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory 
This is similar to the error explained above.

Solution:
apt-get update
apt-get install locales
dpkg-reconfigure locales 

A window will popup, select en_US.UTF-8 as shown below:
Configuring locales choose en_us.UTF-8
Click on <OK>

Generating locales (this might take a while)...
en_US.UTF-8... done
Generation complete.
debian-workstation:~#
Reboot your system (changes to environment variables require system reboot)
Continue Reading...

Saturday, April 7, 2012

create terminal bash shortcuts

You can assign shortcuts for your most frequently used terminal commands by appending alias as many times as you did like to your bash configuration file (~/.bashrc). The syntax for alias is as follows.

alias yourCommand="YourTerminalCommand"

example:
alias la="ls -la"
alias gs1="ssh gs1.yourdomain.com"




Aliases shorten the amount of keystrokes necessary to throw commands.

I put my aliases in a file called ~/.aliases and then insert "source ~/.aliases" in my bash ~/.profile. That way it's easy to grab a copy of .aliases in case I'm doing command-line stuff on someone else's computer and don't want to mess with their .profile. 

I would advise that you only alias commands, that don't change your system or delete files. So don't alias "sudo" or "apt-get". When you're actually installing software, you want to do it deliberately, and you don't want the chance that a typo will actually do something that changes your system with elevated permissions.
Continue Reading...

Common Linux commands on system info


pwd 
Print working directory, i.e., display the name of my current directory on the screen.

hostname 
Print the name of the local host (the machine on which you are working). Use netconf (as root) to change the name of the machine.

whoami 
Print my login name.

id username 
Print user id (uid) and his/her group id (gid), effective id (if different than the real id) and the supplementary groups.

date 
Print or change the operating system date and time. E.g., I could change the date and time to 2000-12-31 23:57 using this command: 
date 123123572000 
To set the hardware (BIOS) clock from the system (Linux) clock, use the command (as root) setclock

time 
Determine the amount of time that it takes for a process to complete + other info. Don't confuse it with the date command. E.g. I can find out how long it takes to display a directory content using: 
time ls

who 
Determine the users logged on the machine.

rwho -a 
(=remote who) Determine all users logged on your network. The rwho service must be enabled for this command to run. If it isn't, run setup as root to enable "rwho".

finger user_name 
System info about a user. Try: finger root

last 
Show listing of users last logged-in on your system.

history | more 
Show the last (1000 or so) commands executed from the command line on the current account. The "| more" causes the display to stop after each screenful.

uptime 
Show the amount of time since the last reboot.

ps 
(=print status) List the processes currently run by the current user.

ps axu | more 
List all the processes currently running, even those without the controlling terminal, together with the name of the user that owns each process.

top 
Keep listing the currently running processes, sorted by cpu usage (top users first). In KDE, you can get GUI-based Ktop from "K"menu under "System"-"Task Manager" (or by executing "ktop" in an X-terminal).

uname -a 
(= Unix name with option "all") Info on your (local) server. I can also use guname (in X-window terminal) to display the info more nicely.

free 
Memory info (in kilobytes).

df -h 
(=disk free) Print disk info about all the filesystems (in human-readable form)

du / -bh | more 
(=disk usage) Print detailed disk usage for each subdirectory starting at the "/" (root) directory (in human legible form).

cat /proc/cpuinfo 
Cpu info--it show the content of the file cpuinfo. Note that the files in the /proc directory are not real files--they are hooks to look at information available to the kernel.

cat /proc/interrupts 
List the interrupts in use.

cat /proc/version 
Linux version and other info

cat /proc/filesystems 
Show the types of filesystems currently in use.

cat /etc/printcap 
Show the setup of printers.

lsmod 
(As root. Use /sbin/lsmod to execute this command when you are a non-root user.) Show the kernel modules currently loaded.

set|more 
Show the current user environment.

echo $PATH 
Show the content of the environment variable "PATH". This command can be used to show other environment variables as well. Use "set" to see the full environment.

dmesg | less 
Print kernel messages (the content of the so-called kernel ring buffer). Press "q" to quit "less". Use less /var/log/dmesg  to see what "dmesg" dumped into this file right after the last system bootup. 

Continue Reading...

Thursday, April 5, 2012

Adding color to bash shell prompt

Mistakes do happen if not taken care off.

Other day I was handling two servers at the sametime. It so happend that the commands to be executed on  server-1 ended on server-2, this was a disaster. To avoid this I have set colored prompts to easily identify the servers. While I was doing this, I also modified the profiles to change colors for local user and root user. Now its easy to identify as to which server I am on and as a local or a root user. 

We are using ubuntu servers and to set the colored prompts I modified the .bashrc file. The .bashrc file is located in the users home directory. We have set green colored prompt for server-1 and blue colored prompt for server-2.

To set green color prompt for local user on server-1 append the following line to users .bashrc file.
export PS1="\e[0;32m[\u@\h \W]\$ \e[m"
To identify the root account we have hightlight the background with the same green color and red colored text. Append the following line to the root .bashrc 
export PS1="\e[0;31m\e[42m\u@\h \w> \e[m"

The image below will help you understand better.
click on image to enlarge

The code and its function


Change background color of the prompt
Change the background color by specifying \e[{code}m in the PS1 prompt as shown below.
Example:
$ export PS1="\e[47m\u@\h \w> \e[m"
[Note: This is for Light Gray background]
Combination of background and foreground
export PS1="\e[0;34m\e[47m\u@\h \w> \e[m"
[Note: This is for Light Blue foreground and Light Gray background]
Add the following to the .bash_profile or .bashrc to make the above background and foreground color permanent.
STARTFGCOLOR='\e[0;34m';
STARTBGCOLOR="\e[47m"
ENDCOLOR="\e[0m"
export PS1="$STARTFGCOLOR$STARTBGCOLOR\u@\h \w> $ENDCOLOR"
Play around by using the following background color and choose the one that suites your taste:
  • \e[40m
  • \e[41m
  • \e[42m
  • \e[43m
  • \e[44m
  • \e[45m
  • \e[46m
  • \e[47m

Foreground Color Code Table:

Black 0;30
Blue 0;34
Green 0;32
Cyan 0;36
Red 0;31
Purple 0;35
Brown 0;33
[Note: Replace 0 with 1 for dark color]
Continue Reading...

rtorrent queue manager python script


The complete story...

*** RTorrent as a torrent download manager ***

RTorrent is a very powerful console based torrent client.
You can find pretty advanced documentation on http://libtorrent.rakshasa.no.
I wanted to use rtorrent as my only torrent download manager, for that I needed to able to:

1) configure the total number of concurrent active torrent downloads;
2) add a queue of torrents to be automatically downloaded as soon as possible, provided the total number of active downloads before;
3) move the downloaded files to another directory and delete any related torrent;
4) limit the total amount of upload and download bandwidth not to choke my adsl connection.

while rtorrent provides built-in capabilities to accomplish 3) and 4), it doesn't provide a direct method to accomplish the first two points.
Fortunately rtorrent is able to watch a directory for torrents, meaning that automatically downloads any torrent added to that directory and automatically cancels any download related to a torrent that has been deleted from that directory.
I used this capability together with a little external script to solve 1) and 2).

First of all I created the following directory structure under /path (substitute /path with whatever you want):

/path/completed/
/path/loading/
/path/session/
/path/temp/
/path/watch/

loading contains the queued torrents;
session contains all the torrents rtorrent is downloading, this directory is managed by rtorrent and rtorrent only;
temp contains the uncompleted downloads, again this directory is managed my rtorrent;
completed contains all the completed downloads.

Then I configured rtorrent as follows:

--- .rtorrent.rc ---

directory = /path/temp
session = /path/session

schedule = watch_directory,10,10,load_start=/path/watch/*.torrent
schedule = untied_directory,5,5,"remove_untied="
schedule = low_diskspace,60,60,"close_low_diskspace=500M"

on_finished = rm_torrent,"execute=rm,$d.get_tied_to_file="
on_finished = move_complete,"execute=mv,-u,$d.get_base_path=,/path/completed/ ;d.set_directory=/path/
completed/"

upload_rate = 15
download_rate = 50

port_range = 6881-6889


--- .rtorrent.rc ---

Save this as .rtorrent.rc in your home directory.
directory specifies the temporary downloads directory;
session specifies where to put the torrents related to the active downloads;
upload_rate is for limiting the upload bandwidth;
download_rate is for limiting the download bandwidth;
I also specified the port_range for compatibility with the other torrent clients.
The other options are more difficult to understand:
the first two schedule commands are to configure a watch directory as described above, the third is to stop any download when the disk is full.
The two on_finished commands are to move all the finished downloads to the completed directory and to delete their torrents from the watch directory too.

These configurations alone accomplish 3) and 4), but we are not finished yet with 1) and 2):
we need a script to move torrents from the loading directory to the watch directory, so that the total number of concurrent downloads is lower or equal to the specified value. As a consequence there must be no more than that number of torrents in the watch directory.
When a torrent download is completed, it is removed from the session and the watch directories; the script can recognise this event and move another torrent to the watch directory and so on.
I wrote this script in Python:

--- rtorrentqueuemanager.py ---

#!/usr/bin/env python

# Now you can dynamically change the maximum number of simultaneous
# downloads writing the new number to the file "max_downloads_file" and
# then sending a signal SIGHUP to the rtorrentqueuemanager process.

import glob
import stat
import os
import shutil
import time
import signal

watch = "/share/storage/rtorrent/watch"
session = "/share/storage/rtorrent/session"
queue = "/share/storage/rtorrent/loading"
max_downloads_file = "/share/storage/rtorrent/max_downloads"
max_downloads = 2

def handler_sighup(signum, frame):
    f = open(max_downloads_file, "r")
    max_downloads = int(f.readline())
    f.close()

#### START
signal.signal(signal.SIGHUP, handler_sighup)
while True:
    time.sleep(60)
    bz2files = glob.glob(queue + "/*.torrent.bz2")
    for i in bz2files :
        os.system('bzip2 -d ' + i)
    gzipfiles = glob.glob(queue + "/*.torrent.gz")
    for i in gzipfiles :
        os.system('gunzip ' + i)
    sfiles = glob.glob(session + "/*.torrent")
    oldesttime = 0
    oldestfile = ""
    if len(sfiles) < max_downloads :
        qfiles = glob.glob(queue + "/*.torrent")
        for i in qfiles :
            ftime = os.stat(i)[stat.ST_MTIME]
            if oldesttime == 0 or ftime < oldesttime :
                oldesttime = ftime
                oldestfile = i
        if oldestfile != "" :
            shutil.move(oldestfile, watch)

--- rtorrentqueuemanager.py ---

save it as rtorrentqueuemanager.py.
Now you can start rtorrent with the screen utility:

screen rtorrent

detach the screen pressing Ctrl-A-D.
Then start the script:

python rtorrentqueuemanager.py &

From now on you can copy any torrent you want to download to the loading directory and rtorrent plus this script will take care of the rest!


Thanks to Jari Sundell for this great peace of software and to Shaun Dennie for giving me the idea of the queue manager script.

Stefano Stabellini
stefano@stabellini.net

Credit & Source : http://www.stabellini.net/rtorrent-howto.txt
Continue Reading...

Tuesday, April 3, 2012

perl: warning: Setting locale failed

I get this error while updating and installing software : perl: warning: Setting locale failed


perl: warning: Falling back to the standard locale ("C").
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
As root enter the following command in terminal and reboot your server.
echo "en_US.UTF-8 UTF-8" > /var/lib/locales/supported.d/local dpkg-reconfigure locales 
Continue Reading...

Monday, April 2, 2012

Logwatch output as file with date

update: This post has been edited with complete instructions from installaion  and configuration to store logwatch report as a file to a location of your choice.

Logwatch 

Logwatch is a tool that will monitor your server's logs and email the administrator a digest on a daily basis.

Installation

Update your package list with:
$ sudo apt-get update
Install Logwatch with:
$ sudo apt-get install logwatch
Notes
Create a directory the Logwatch package in the repositories currently does not create, but is required for proper operation:
$ sudo mkdir /var/cache/logwatch
Configuration shouldn't be edited in the install directory (/usr/share/logwatch). Copy logwatch.conf to /etc/logwatch before editing:
$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
Edit logwatch.conf to put in the e-mail where you want the report sent:
MailTo = me@example.com
If you want logwatch to create a file in html format then edit logwatch.conf and make changes as below
Output  = file
Format = Html 
Detail level of the logwatch report can be Low, Med or High. Default level is Low. To change that, edit the newly copied logwatch.conf:
Detail = High
For Ubuntu systems with apache server:
sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/
Then add *combined.log files to the list

We want logwatch output as a file and to be stored on a local / remote server. In our case we will store it in the html folder to be accessed by webserver (You must secure you folder with .htaccess)
To accomplish this, first we need to write a script
$ mkdir ~/scripts
$ nano ~/scripts/logwatch_daily

Insert the below lines in the script file and save it

#!/bin/bash
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
/usr/sbin/logwatch --output file --filename /var/cache/logwatch/$(date +%Y%m%d)-logwatch.html
chmod 644 /var/cache/logwatch/*.html
mv /var/cache/logwatch/*.html /var/www/private/logwatch/

With the above script the logwatch report will be saved in "your-domain/private/logwatch/ " Date will also be appended to the file name. You can modifiy the script to ssh transfer the file to a remote server too. Need help with this, ask your questions in the comments section.

Run the script:

Logwatch adds its script 00logwatch to /etc/cron.daily. We need to modify this for our purpose. Edit the script 00logwatch
$ sudo nano 00logwatch
Delete all the lines from the script and add the below line

#!/bin/bash
/path/to/scripts/logwatch_daily
exit 0

Done...

Every time logwatch generates a report, it is stored in the path specified by the script. You can also get the reports emailed directly to your mailbox. But with this method we can access the logs from the server and look for any report. Also this is a best solution for centralized log collection and monitoring.

Below is the old post & has info on logwatch --save options
How to:
I am using a central log server which has been stripped from all mail sending capabilities. Even local ones. I would like to know how to set up the logwatch so that I would get similar output in a html report as I have when logwatch is sending out daily report via mail.

Is it possible to add a date to the --save option, so that logwatch output would be automatically stored with the information when it was created?

Solution
 you can use the option --filename to append a date:
# logwatch --output file --filename /tmp/logwatch-$(date +%Y%m%d)

or with your version:
# logwatch --save /tmp/logwatch-$(date +%Y%m%d)




Continue Reading...

Saturday, March 31, 2012

How to secure a VPS



To disable Formmail in order to stop spam mails -


1) Command to find Mails -
find / -name “[Ff]orm[mM]ai*”


2) Command to find CGI mails -
find / -name “[Cc]giemai*”


3) To disable form mails -


chmod a-rwx /path/to/filename


this is will disable all the scripts.


B) Root kits should be installed -


- Set a root kit on a cron job, this will show if any one has hacked in the roots.
- Update the roots


1) Command to install chrootkit -


cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44


2) To run chkrootkit -


/root/chkrootkit-0.44/chkrootkit


C) Installation of a root breach detector and warning of any emails -


pico .bash_profile


At the end of the page -


Add,


echo ‘ALERT – Root Shell Access on:’ `date` `name` | mail -s “Alert: Root Access from `the person accessing | awk ‘{print $6}’`” self@mail.com


Thereafter save the changes


Exit.


2) To release an SSH message -


pico /etc/motd


thereafter enter the message


Save changes


Exit


D) Changes to be made in WHM/cpanel to secure server -


Log in to cpanel>Server setup>Tweak settings


a) Domains -


Prevent users from parking/adding domains.


b) Mail -


Prevent pop3 connections loading


c) System -


Jailshell should be used as a default shell for all the accounts.


d) Server setup>Tweak security
1) Enable php open_basedir Protection
2) Enable mod_userdir Protection


e) Server setup>Manage Wheel Group Users
1) Remove all other users except for root and main account users.


f) Server setup > Shell Fork Bomb Protection
1) Enable Shell Fork Bomb Protection


g) Service Configuration>FTP Configuration
1) Disable Anonymous FTP


h) Account Functions>Manage Shell Access
1) Disable shell access


I) Mysql>MySQL Root Password
1) Change root password


j) Security>Run Quick Security Scan>Trojan Horses -
1) The following are not Trojan -
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

Continue Reading...