Difference between revisions of "Main Page"

From Wiki at Neela Nurseries
Jump to: navigation, search
(^ GNU gpg utility and to configure gpg with proxy)
m (^ GNU gpg utility and to configure gpg with proxy)
Line 316: Line 316:
  
  
 +
 +
 +
 +
 +
<!-- comment -->
 +
 +
=== Secure shell via alternate ports ===
 +
 +
*  https://unix.stackexchange.com/questions/324610/is-it-bad-to-port-forward-port-443-for-ssh
 +
 +
<pre>
 +
If you are going to do this, at the minimum, please:
 +
 +
    Create a whitelist: Limit access to port 443 from only known IPs
 +
    Disable Password logins and only use SSH Keys
 +
 +
You could open yourself up to danger otherwise. What if someone finds a security bug that allows them to automatically login when given an SSH prompt? Your whitelist will reduce that future risk.
 +
 +
By disabling password logins to SSH, if a bad actor on the whitelist manages to access your server, it will be much harder to bruteforce a way in.
 +
 +
This is good security hygiene. If you are a regular university student, the chances of attack could be low, but why take an unnecessary risk?
 +
 +
</pre>
  
 
<!-- comment -->
 
<!-- comment -->

Revision as of 05:48, 30 March 2018


MediaWiki installation at Neela Nurseries, 2017 June


Consult the User's Guide for information on using the wiki software.

Getting started - this is MediaWiki's default main page section




^ Linux Distributions


Following section holds links to some commonly used server and desktop Linux distributions, available for download as install isos and sometimes as minimal net install isos. After these full-scale distros are listed some of the smaller distributions of Linux and supporting softwares. These smaller distros appear to be a good starting point for learning how to design and build embedded Linux systems . . .

- 2017-11-30 -

- 2017-12-08 -



^ lists of Linux distribution releases




^ Linux and Linux Kernel Projects



^ Linux Administration


Article detailing how to add IPV4 route to configured network interface:




^ Linux User Space Configuration

To configure xserver-xorg

Snippet from work on getting xserver-xorg to recognize a 1920x1080 native resolution monitor, ViewSonic VX2250 Series monitor . . .


user@localhost:~$ gtf 1920 1080 60

  # 1920x1080 @ 60.00 Hz (GTF) hsync: 67.08 kHz; pclk: 172.80 MHz
  Modeline "1920x1080_60.00"  172.80  1920 2040 2248 2576  1080 1081 1084 1118  -HSync +Vsync

user@localhost:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 8.9 (jessie)
Release:        8.9
Codename:       jessie

user@localhost:~$


Looking at /var/log/Xorg.0.log there appear to be two or more issues keeping xserver-xorg framework from fully recognizing the resolutions of the attached monitor. First we'll sift for errors from X, then we look at loading of modules, unloading of modules, the module named 'radeon', and also look at the timing of these X-logged events:


user@localhost:/var/log$ grep -n EE Xorg.0.log
15:     (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
342:[    27.938] (EE) open /dev/dri/card0: No such file or directory
344:[    27.938] (EE) open /dev/dri/card0: No such file or directory
351:[    27.945] (EE) open /dev/fb0: No such file or directory
359:[    27.946] (EE) open /dev/fb0: No such file or directory
360:[    27.946] (EE) Screen 0 deleted because of no matching config section.
362:[    27.946] (EE) Screen 0 deleted because of no matching config section.
364:[    27.946] (EE) Screen 0 deleted because of no matching config section.
2689:[    28.915] (EE) AIGLX: reverting to software rendering

user@localhost:/var/log$ grep -n 'LoadModule: ' Xorg.0.log
47:[    27.193] (II) LoadModule: "glx"
58:[    27.669] (II) LoadModule: "ati"
64:[    27.719] (II) LoadModule: "radeon"
70:[    27.795] (II) LoadModule: "modesetting"
76:[    27.832] (II) LoadModule: "fbdev"
82:[    27.842] (II) LoadModule: "vesa"
346:[    27.938] (II) LoadModule: "fbdevhw"
354:[    27.946] (II) LoadModule: "fbdevhw"
368:[    27.946] (II) LoadModule: "vbe"
374:[    27.994] (II) LoadModule: "int10"
396:[    28.200] (II) LoadModule: "ddc"
2651:[    28.611] (II) LoadModule: "shadow"
2657:[    28.621] (II) LoadModule: "fb"
2664:[    28.630] (II) LoadModule: "int10"
2694:[    31.327] (II) LoadModule: "evdev"

user@localhost:/var/log$ grep -n UnloadModule Xorg.0.log
361:[    27.946] (II) UnloadModule: "radeon"
363:[    27.946] (II) UnloadModule: "modesetting"
365:[    27.946] (II) UnloadModule: "fbdev"

user@localhost:/var/log$ grep -n radeon Xorg.0.log
64:[    27.719] (II) LoadModule: "radeon"
65:[    27.720] (II) Loading /usr/lib/xorg/modules/drivers/radeon_drv.so
66:[    27.795] (II) Module radeon: vendor="X.Org Foundation"
361:[    27.946] (II) UnloadModule: "radeon"

user@localhost:/var/log$


^ Edit point . . .

References for Linux user-space configuration issues:



^ SSH key pair configuration and use


Ted copying some ssh key commands from Digital Ocean article on-line. Also noting that ssh keys and secure network connections is a topic to factor into its own wiki article at Neela wiki installation . . . - TMH



Key ssh key generation and set up commands are:


   $ ssh-keygen -t rsa

   $ cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"



^ SSH keep alive facility

In the file /etc/ssh/ssh_config make sure to add . . .

Host *
    ServerAliveInterval 300
    ServerAliveCountMax 2



^ installing PHP 7.0

Creating config file /etc/php/7.0/cgi/php.ini with new version
Setting up php7.0 (7.0.25-0ubuntu0.16.04.1) ...
Setting up php (1:7.0+35ubuntu6) ...
Setting up shtool (2.0.8-8) ...
Setting up php7.0-dev (7.0.25-0ubuntu0.16.04.1) ...
update-alternatives: using /usr/bin/php-config7.0 to provide /usr/bin/php-config (php-config) in auto mode
update-alternatives: using /usr/bin/phpize7.0 to provide /usr/bin/phpize (phpize) in auto mode
Setting up php-all-dev (1:35ubuntu6) ...
Setting up php-cgi (1:7.0+35ubuntu6) ...
Setting up php-cli (1:7.0+35ubuntu6) ...
Setting up php-dev (1:7.0+35ubuntu6) ...
Setting up php-doc (20140201-1ubuntu1) ...
Setting up php7.0-mysql (7.0.25-0ubuntu0.16.04.1) ...

Creating config file /etc/php/7.0/mods-available/mysqlnd.ini with new version

Creating config file /etc/php/7.0/mods-available/mysqli.ini with new version


- 2018-03-28 -



^ GNU gpg utility and to configure gpg with proxy

- 2018-03-29 THU -

 We have a new and strict firewall policy in place, which is blocking GNU gpg requests from our work site to the greater internet.  Here are some initial references to the issue, both of which mention a protocol called hkps, and also a default gpg port 11371 . . .

  * https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096


Invoking gpg for first time, and then a second time behind firewall we get the following messages:

user@localhost:~$ gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010
gpg: directory `/home/ted/.gnupg' created
gpg: new configuration file `/home/ted/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/ted/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/ted/.gnupg/secring.gpg' created
gpg: keyring `/home/ted/.gnupg/pubring.gpg' created
gpg: requesting key 2B90D010 from hkp server pgpkeys.mit.edu
^C
gpg: Interrupt caught ... exiting

ted@VERIS-ALTAENGR:~$ gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010
gpg: requesting key 2B90D010 from hkp server pgpkeys.mit.edu
^C
gpg: Interrupt caught ... exiting

user@localhost:~$


STEP 1

Configuration file created for gpg, to allow communications across filewall with few ports open:

## Started 2018-30-29 - TMH
## Reference - https://wiki.archlinux.org/index.php/GnuPG
keyserver hkp://pool.sks-keyservers.net:443


STEP 2

And a crucial step to adding a public key to apt explained here at this ccm web page:

gpg --keyserver pgpkeys.mit.edu --recv-key 010908312D230C5F
gpg -a --export 010908312D230C5F | sudo apt-key add -




Secure shell via alternate ports

If you are going to do this, at the minimum, please:

    Create a whitelist: Limit access to port 443 from only known IPs
    Disable Password logins and only use SSH Keys

You could open yourself up to danger otherwise. What if someone finds a security bug that allows them to automatically login when given an SSH prompt? Your whitelist will reduce that future risk.

By disabling password logins to SSH, if a bad actor on the whitelist manages to access your server, it will be much harder to bruteforce a way in.

This is good security hygiene. If you are a regular university student, the chances of attack could be low, but why take an unnecessary risk?


^ Unix and Linux utilities

Use of `date` command to convert Unix timestamps:

Vagrant Cascadian < * e-mail address here * >
	
AttachmentsDec 7 (1 day ago)
	
to Juergen, Santiago, Reprobuilds, bug-apl
On 2017-12-05, Juergen Sauermann wrote:
> I have adopted the environment variable approach, which is now
> contained in *SVN 1026*. (and therefore also in the next GNU APL release).

That's great news!


> I took the freedom to change your patch from:
>
> +    BUILD_DATE=`date -u "%F %R:%S %Z" --date=@$SOURDCE_DATE_EPOCH`
>
> to:
>
> + BUILD_DATE=`date -u "+%F %R:%S %Z" --date=$SOURCE_DATE_EPOCH`

Unfortunately, the "@" in the --date argument is necessary for it to
work correctly when SOURCE_DATE_EPOCH is specified:

  $ date -u "+%F %R:%S %Z" --date=1412583777
  date: invalid date ‘1412583777’
  $ date -u "+%F %R:%S %Z" --date=@1412583777
  2014-10-06 08:22:57 UTC
  $ date -u "+%F %R:%S %Z" --date=
  2017-12-06 00:00:00 UTC

At least, that's how it works on my Debian system...


live well,
  vagrant



^ Shell scripting


A well-written and comprehensive guide to bash shell scripting:


bash example: back up multiple MYSQL databases

Simple bash script to back up MYSQL databases to local .sql file, in following figure. Ted noting that script variables are not consistently capitalized, would be better form to capitalize all or none of them. Ted also noting that script could read database user passphrase from a file, a file which could be root-only readable and located in a place different from the script, which is likely to be run as a cron job.


Figure x - shell script to dump MYSQL databases, first draft script:

#!/bin/bash


DATABASE_LIST="information_schema mysql phpmyadmin wikidb database_1 database_2 database_3 ..."

SERVER_NAME="example_database_server"

user="root"
pass_phrase_for_mysql="database-passphrase"
options_extra="--skip-lock-tables"


response="n"

mode_interactive="n"



echo "shell script starting,"



for database in ${DATABASE_LIST}; 
do echo "backing up $SERVER_NAME database $database . . .";

#    command="mysqldump --databases $database -u$user -p$pass_phrase_for_mysql $options_extra >> au-database-back-up--${database}.sql"
    command="mysqldump --databases $database -u$user -p$pass_phrase_for_mysql $options_extra"
    redirect="au-database-back-up--${database}.sql"

    if [ $mode_interactive = 'y' ]; then

        echo "build command '$command' and database back-up filename'$redirect',"
        echo "full command will be '$command' > '$redirect',"
        echo "trying running this command and redirect? [y/N/q]  yes, no, 'q' to quit"

        read response
        if [ $response = 'Y' -o $response = 'y' ]; then
            ${command} > $redirect
        elif [ $response = 'N' -o $response = 'n' ]; then
            echo "skipping present command . . ."
        elif [ $response = 'Q' -o $response = 'q' ]; then
            echo "stopping script '$0' and exiting."
            break
        fi
        echo

    else

        echo "$0:  backing up database '$database' to file '$redirect' . . ."
        ${command} > $redirect
        ls -l $redirect

    fi

done


echo "done."

exit 0



bash example: show Linux kernel version in kernel makefile

Figure x - script to show Linux kernel version in source tree makefile

#!/bin/bash


## - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
## Started 2017-12-15 FRI - script to parse and show Linux kernel
##  version from top-level makefile in set of kernel sources.  Patterns
##  to `grep` chosen based on kernel version identifiers in first
##  three lines of typical kernel top-level makefile.  Example:
##
##  $ head -n 6 Makefile
##  VERSION = 4
##  PATCHLEVEL = 9
##  SUBLEVEL = 66
##  EXTRAVERSION =
##  NAME = Roaring Lionus
##
##
## - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


if [ ]; then
    head -n 5 Makefile | grep ^VERSION | cut -d " " -f 3
    head -n 5 Makefile | grep ^PATCH | cut -d " " -f 3
    head -n 5 Makefile | grep ^SUBLEVEL | cut -d " " -f 3
fi

MAJOR=$(head -n 5 Makefile | grep ^VERSION | cut -d " " -f 3)
MINOR1=$(head -n 5 Makefile | grep ^PATCH | cut -d " " -f 3)
MINOR2=$(head -n 5 Makefile | grep ^SUBLEVEL | cut -d " " -f 3)

KERNEL_REVISION="${MAJOR}.${MINOR1}.${MINOR2}"

echo
echo "Kernel version in present kernel sources tree, per makefile, is ${KERNEL_REVISION}"
echo



exit 0


bash example: list symbolic links in long format

for file in `ls`; do if [ -h $file ]; then ls -l $file; fi; done



^ How To Use Git


- 2017-12-04 - Hey Ted moving Git notes to a separate article. Not a lot of notes but anticipating need to write down more detailed git-related stuff. Ted's git notes on Neela wiki will be here at Git notes article.


Wanting to understand and use git better, here are some on-line references to git version control. Also, Ted searching for a git reference posted by a female author, can't remember name but reference well-written with lots of commands and concise explanations of each command. First URL reference may be that page, now 2017-10-02 not sure of the author's name . . .


Basic git commands:


Git references found while answering specific git task questions:

Markdown and .md file formatting at Github


Git and Working with Remote Repositories



^ Drupal Content Management




2017-08-23


2017-08-23 - Drupal installation . . .


2017-08-24

2017-08-25

2017-08-30
Ted looking for information on how Drupal can aid setting up dynamic, site navigation menus:


2017-09-01



^ Java Programming and Android App Development



^ Composer, a dependency manager of PHP



^ Geography and Science



^ Mathematica



^ Technology


Technology new and old, links to . . .



^ Music and Culture

Musica . . .


Ciudades y Lugares . . .

      Vermont cities: Burlington, Montpelier, South Burlington, Essex, Middlebury



^ Outdoors




- - - top of page - - -