Sad passing of Dennis Ritchie

Saw a tweet earlier on today and it caught my eye.

Then learnt that the creator of the C programming language and also Unix, passed away over this weekend.

RIP Dennis Ritchie.

On a more serious note, need to get this off my chest, and no dis-respect either in this regard to Apple’s Steve Jobs who also passed away last week, but…and this is what I find absolutely gob-smacked about, very little was mentioned of Dennis Ritchie (dmr). The twitter-sphere has been going on about Steve Jobs for the last week or so. The cruel twists of fate has been made… when you read on and realize…

But what the twitterers fail to grasp the concept and realization, there would have been no C language nor Unix for that matter, no applications/games that was possible in the 1980′s and 1990′s either, and no operating systems either.

When you think about it for a moment, the influx of different designs of operating systems was programmed in C, combined with assembler programming language.

Nor would the advancements  in chip design have been achieved, which is a catch-22 in this regard, some kind of a package to be able to program the logic flow of chips etc. Hell, even, there would be no mobiles/smartphones, no Android, no Apple OS….

Even in the telecommunications sector, without C, there would have been no improvements somewhat in the arena of phone switching etc, nor even a operating system to run, in the sense of to manage the telecommunications infrastructure either.

There would have been no internet (TCP/IP protocols which was formed on the backbone of the C programming language), or even would DARPA have existed only for that once when the gates to the internet world was opened up? What about web pages, blogs, Twitter, Facebook, the things that we take for granted now today in this electronic age where communication is even more emphasized.

And it was not Steve Jobs that is a legend either, for that matter, sure he pushed and raised the bar for Apple has become of today. No dis-respect to him either, without him, certainly, smartphones would not have been made possible in terms of features and raising of the bar for standards across the board.

The real legend was the quiet man who hacked away and coined the biggest revolution in his hands alongside with Brian Kernighan that totally changed the IT world forever.

You may object and say hang on… but I digress, sure it sounds a little one sided, but have you not thought of what the world would be like today without the Unix, C today.

What would have become if dmr did not pioneer  C, or Unix. What would the IT landscape be like without it, would Apple have existed, would Microsoft have existed, internet, tcp/ip protocols, Windows, you name it…

So for all people out there, I ask you to re-tweet a simple tweet of your liking to salute dmr for he totally changed and revolutionized the IT landscape right back in the late  1960′s/early 1970′s.

From me, who was a self-taught C programmer, and Linux fanatic, I salute you dmr, you’re the real legend!

Windows-free zone!

Ha! Been wanting to say this for a while!

I am now a Windows free zone – no Windows systems lying around.

Goodbye Windows

Goodbye Slackware – yes, I know, I know, was a long time fan of Slackware ever since I  acquired Walnut Creek CDROM set with kernel 1.2.13 ..

And now I welcome in open arms….(drum roll please)

Arch Linux (Ba-dum-tish!)

Well, what can I say, its a rolling release distro… put simply, updates come out and all dependencies taken care of The simple chant of the command sudo pacman -Syyu and pulls down the latest updates from the Arch Linux’s repository. Now, I have currently a testing repository selected – heh, I like to be on the bleeding edge, and so far, extremely impressive and fast!

Now for you winblows (l)users xD try shutting down and reboot back, time it, now, there’s a catch with this challenge – no SSD disks please.

Personally, I can go from Gnome 3.2 desktop to reboot and back again in under 1 minute. There’s no delay, its instant boot up – well, a lot faster than winblows that’s for sure

Yes, Gnome 3.2… Its actually quite a neat GUI system, sure there are rough edges that need smoothing out but its way better than Gnome 3.0, which caused ire among the Linux users… Will blog about that later on

And you know something, it feels good to have a non-windows system running as there’s no associated stress and frustration with applications freezing or locking up due to bloated registry size and flaky drivers.

Everything works as it is out of the box with Arch.

Setting up your own GitHub

This article is about how to set up your own private github repository on Linux, in a few easy steps. I have tried a few packages that I personally, found, convoluted and complicated. Sometimes the simplest way is the best way. A few pre-requisites here needed:

• A user id that has been created by root, make sure that the said user id does not have a login shell, in this case, call it gituser (This should create /home/gituser!)
• A group id that, also, has been created by root, in this case, called it git. (The above two are for reasons of security to prevent exploits etc, should the Linux box be ever compromised)
• That there is the latest git binaries or compile from source which can be found here from the main git site. And that it is installed, the installation path will vary depending on your Linux Distribution.
• There is a super-internet daemon running, xinetd.
• Optional: Open the port on your firewall, 9418 for the git protocol.

Now, root access is needed for the most part to get this set up and running.

The pre-requisites out of the way, let’s go ahead and create the github server.

1. All the source code changes will be tracked and stored inside the /home/git/scm directory so create the directory. And this will be referenced by the super-internet daemon configuration.
2. So. inside that directory /home/git/scm, create a directory for each git repo that you want to set up, for example, Kernels and inside that directory you would have different kernel versions, ending in .git. E.g. /home/git/scm/Kernels/2.6.32.9.git This will be perceived via way of git protocol as this: git://localhost/Kernels/2.6.32.9.git (See the tip below if you wish to make this accessible outside of the localhost address)
3. Taking the above example, that the directory is created, issue the following command:
   1. git –bare init
   2. touch git-daemon-export-ok
4. Now, still being as root, change the owner-ship of all of the directories/files within the /home/git/scm directory (chgrp -R git:gituser *).
5. Edit the super-internet daemon configuration, found usually in /etc/xinetd.conf like this:

service git{

disable=no

type=UNLISTED

port=9418

socket_type=stream

wait=no

user=git

server=/usr/lib/git-core/git-daemon

server_args= --inetd --export-all --reuse-addr --enable=receieve-pack --base=/home/git/scm

log_on_failure += USERID

}

Now, restart the super-internet daemon and all should be okie. That’s the server side done and ready to accept files.

As a tip, instead of confining the github repository to be at just localhost, set it to the IP address of the actual linux box that you are hosting the repo at, for example, 192.168.10.1.

As an ordinary user, and have a need to check in the files into your private github, do the following:

1. git init # This initializes the current directory to be used for git-tracking.
2. git add * # This tells git to accept a list of files that needs to be tracked.
3. git commit -a -m “Initial comment and initial version” # Tell git to store the commit message that is related to the the list of files added.
4. git remote add origin git://localhost/Kernels/2.6.32.9.git # Tell git that we’re using the server side address that will be the centralized point of tracking changes. This is only done once!
5. git push origin master # Tell git to push the list of tracked files and changes across to the server. Again, do this once, as it will be stored in the configuration within the directory and will remember next time, i.e. git pull, git push, git log, git status, etc.

Now, your own private github repository is working.

Repeat the steps for each repository/directory that you want tracked by git.

Happy Git’ting

Windows free Zone!

Ha! Been wanting to say this for a while!

I am now a Windows free zone – no Windows systems lying around.

Goodbye Windows

Goodbye Slackware

And now I welcome in open arms….(drum roll please)

Arch Linux (Ba-dum-tish!)

Will blog about that shortly

Stay tuned!!

ZTE Blade and CM7 missing feature

Cyanogenmod ROM 7 is currently undergoing testing and receiving huge feedback, currently for the Orange’s San Francisco/ZTE Blade, there’s still a lot to be ironed out, one of the notable features inherently missing is the usage of the FM Radio.

Read more »

Compiling kernel for Android – Part II

Ok, to keep to the topic as per in the previous posting about how to compile the kernel for Android, I thought I’d share some scripts that I use myself to make life a bit easier….

• ak_stg1 – (Android Kernel, Stage 1), takes in parameters to create a boot.img.
• ak_stg2 – (Android Kernel, Stage 2), again, takes in parameters, copies the modules across to a specified directory.
• ak_stg3 – (Android Kernel, Stage 3), to create a clockworkmod updater script – work in progress….

ak_stg1 bash script.

#!/bin/sh

usage(){

cat << EOF

usage: $0 options

This script creates a kernel boot image for flashing with ClockworkMod 3.0.0.x [Stage 1]

OPTIONS:

-h      Show this message

-k       Location of recently compiled zImage

-r       Location of ramdisk

EOF

}

invoke_mkbootimg(){

echo "$@" | awk '{ system($0); }'

}

KERNEL_ZIMAGE=""

RAMDISK_IMAGE=""

RESERVED_STMT="androidboot.hardware=blade console=ttyMSM2,115200 g_android.product_id=0x1354"

BASE_ADDR=0x2A00000

BOOTIMGF=boot.img

while getopts "hk:r:" OPTION

do

case $OPTION in

h)

usage

exit 1;;

k)

KERNEL_ZIMAGE=$OPTARG

;;

r)

RAMDISK_IMAGE=$OPTARG

;;

?)

usage

exit 1

;;

esac

done

if [[ -z $KERNEL_ZIMAGE ]] || [[ -z $RAMDISK_IMAGE ]]

then

usage

exit 1

fi

BOOTMAKE="$HOME/bin/mkbootimg"

BOOTMAKE_OPTS="  --base $BASE_ADDR --cmdline "\'"$RESERVED_STMT"\'" --kernel $KERNEL_ZIMAGE --ramdisk $RAMDISK_IMAGE --output $BOOTIMGF"

invoke_mkbootimg $BOOTMAKE  $BOOTMAKE_OPTS

ak_stg2 bash script.

#!/bin/sh

usage(){

cat << EOF

usage: $0 options

This script copies the freshly built kernel modules for flashing with ClockworkMod 3.0.0.x [Stage 2]

OPTIONS:

-h      Show this message

-k       Location of recently compiled kernel source

-m      Location of where to copy the modules to

EOF

}

KERNEL_PATH=""

MODULES_PATH=""

while getopts "hk:m:" OPTION

do

case $OPTION in

h)

usage

exit 1;;

k)

KERNEL_PATH=$OPTARG

;;

m)

MODULES_PATH=$OPTARG

;;

?)

usage

exit 1

;;

esac

done

if [[ -z $KERNEL_PATH ]] || [[ -z $MODULES_PATH ]]

then

usage

exit 1

fi

cat $KERNEL_PATH/modules.order | sed s/^kernel\//g | while read -r line

do

cp $KERNEL_PATH$line $MODULES_PATH

done

Now, no fuss, no muss, and less prone to errors on the command line. w00t. \o/

Compiling kernel for Android

Here are the steps required to build your own kernel for your Android handset. All commands are italicized and precedes the $HOME variable to indicate the directory.

Prerequisites:

• Linux box up and running that contains the full developers tool-kit such as bison, flex, automake, bash, gcc, git, curl, kernel sources of your choice, adb. Your mileage will vary in accordance to different Linux distributions of your choice so refer to your package manager if you do not have the above developer tools. I am using Slackware 13.0 distribution.
• A Android based handset, in my case, its Orange’s San Francisco/ZTE Blade, running Modaco Custom ROM 11, and also, that you are using a ROM Manager, in my case, I use Clockwork Mod recovery.
• Tools to extract the kernel from your android’s boot image, namely, split_bootimage.pl which can be found here.
• Java – You will need Java 1.5 runtime and sdk, if you ever want to build a Android release from the Android Open Source (AOS), crucially, 1.5 is required for releases up to Froyo (Eclair, Donut, Cupcake releases), Gingerbread and upwards requires Java 1.6 or better. The thing about it is, it’s difficult to obtain the official 1.5 from Sun since Oracle took over….
• That you have $HOME/bin in your $PATH, this is where the split_bootimg.pl and repo, mkbootimg, testsign.jar will be found in.

Steps:

1. Obtain the Android SDK from the official download page here, in my case, I installed it into $HOME/ANDROID.
2. Pull down the entire Android Source tree by following the instructions from here. I installed this into $HOME/mydroid, this is a clone of the current source tree as maintained in the public repository. Be warned, this will take a while depending on your broadband connection, the source is well over 3.5Gb. You need to follow the instructions there, this step is required so you could obtain the necessary tools to build the kernel.
3. Now when that’s done, I cloned the repository residing on github into $HOME/repository.
   1. $HOME/repository: git clone https://github.org/ZTE-BLADE/ZTE-BLADE-2.6.32.git
4. Obtain the original ROM that is used in your handset and unzip the ROM into $HOME/myrom.
   1. $HOME/myrom: unzip -d my_rom.zip
   2. There should be two directories – META-INF and system. The one that we are interested in is boot.img.
   3. Using the split_bootimg.pl, we extract the information from boot.img:
   4. $HOME/myrom: split_bootimg.pl boot.img
   5. There should be two files, boot.img and boot.img-ramdisk.cpio.gz(your mileage will vary as the ROM may be different…) boot.img is the actual kernel, the ramdisk.img is the image that is loaded into ram which the kernel runs the initialization of hardware etc.
5. Plug in your handset and using adb, obtain the kernel’s configuration
   1. $HOME: adb pull /proc/config.gz $HOME/androidconfig.gz
6. Go into the kernel’s sources and issue the following commands:
   1. $HOME/repository/ZTE-BLADE-2.6.32: zcat $HOME/androidconfig.gz > .config
   2. Now, we need to set up a special flag to indicate that we’re cross-compiling to the handset’s chipset architecture $HOME/repository/ZTE-BLADE-2.6.32: export CCOMPILER=$HOME/mydroid/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-
   3. You can at this stage, if you’re feeling adventurous, to browse through the configuration of the kernel via the kernel’s menu: $HOME/repository/ZTE-BLADE-2.6.32: make menuconfig
   4. To build the kernel, issue this, $HOME/repository/ZTE-BLADE-2.6.32: make ARCH=arm CROSS_COMPILE=$CCOMPILER
   5. The above step will take a while…
   6. The kernel will reside in $HOME/repository/ZTE-BLADE-2.6.32/arch/arm/boot/zImage
   7. Also, watch out for the optional kernel modules, this can be found in $HOME/repository/ZTE-BLADE-2.6.32/modules.order
7. Navigate back to the $HOME/myrom, and go into the system/lib/modules directory:
   1. cat $HOME/repository/ZTE-BLADE-2.6.32/modules.order | sed s/^kernel\//g | awk ‘{ system(sprintf(“cp $HOME/repository/ZTE-BLADE-2.6.32%s .\n”, $0)); }’
   2. What we have done here, is copied the freshly built optional kernel modules here.
8. Navigate back to $HOME/myrom and copy the freshly built kernel image here.
   1. $HOME/myrom: cp $HOME/repository/ZTE-BLADE-2.6.32/arch/arm/boot/zImage .
9. Now, to recreate the boot image, this part is extremely important, ensure the hexadecimal address is correct as this is where the kernel will get loaded on the handset in the region of memory as specified by the hexadecimal address. Check around first before doing this, as when you re-flash the new ROM, the addresses will conflict and worst case – the handset will refuse to boot. For the Orange’s San Francisco/ZTE Blade, the address is 0x2A0000:
   1. $HOME/myrom: mkbootimg –base 0x2A00000 –cmdline ‘androidboot.hardware=blade console=ttyMSM2,115200 g_android.product_id=0×1354′ –kernel zImage –ramdisk boot.img-ramdisk.cpio.gz -o boot.img (Thanks to hecatae from blade.modaco.com for the correction by pointing out that –cmdline was left out – whoops! )
10. Next step, re-zip up the ROM:
    1. $HOME/myrom: zip -r my_new_rom.zip META-INF boot.img system
11. Finally, we need to re-sign the newly created ROM:
    1. $HOME/myrom: java -classpath $HOME/bin/testsign.jar testsign my_new_rom.zip my_new_rom_signed.zip

Now, copy the file my_new_rom_signed.zip to your SDCARD on your handset and reboot, using your ROM manager to install and flash the ROM. In my case, I can tell Clockwork Mod Recovery to install the zip and flash the system.

Bitlbee + MSN glitch…

There has been a slight glitch in the bitlbee server running on my linux box, it refused to sign into MSN. Accordingly there’s a change in the MSN’s passport protocol and the authentication failed. If you have downloaded the source tarball, then head here to get the patch. Download the patch as diff file. Patch it in the directory (You will have to change into this directory to patch it) bitlbee-1.2.6a/protocols/msn and invoke the patch patch -p1 < changeset_rdevel,578.diff.

Recompile bitlbee and restart the inetd server. Then it should work this time round!

Thanks to Wilmer van der Gaast for the patch!

w00t w00t…

Terminal Multiplexer

Yes, you’ve read this correctly…terminal multiplexer…what’s that? Is it a hardware gadget? uhhh No…. Is it some kind of funky monitor? uhhh No… Is it something to do with Linux? Ummmm… Yup… kay…. Some kind of software to handle Linux Terminals?….Yes….Enlightenment please?

Read more »

Multi-Tail

I stumbled on this darn useful utility for monitoring logs on screen…ever use tail -f /var/log/messages and getting frustrated at not being able to see the other logs also, implying that another session has to be started, and issue another command tail -f /var/log/syslog for instance.

This utility is a much more powerful tail tool, called MultiTail, is uses the curses library to create panes where you can view different logs on the one tail session. As an example:

• multitail -s 2 /var/log/messages /var/log/syslog
  • A neat window appears with the screen split into two, messages on one pane, and syslog on the other, in real-time…

How cool is that..there are a plethora of options such as custom colours for certain keywords to highlight when scrolling by or going backwards in the window’s pane.

Some astute readers may point out, “Hey I can use screen for that… “, but you would be missing the point, this is really a dedicated screen for monitoring logs… Enjoy

Secure Shell + securing your box

Earlier I was watching with interest in what was going on with my Linux box, and was surprised to see a hacker attempting to secure shell into it using a brute force dictionary attack based on user id’s in order to find a weakness.

Literally, quite literally, the names were in order from A-Z …

May  8 21:26:41 inspiron8600 sshd[29250]: Invalid user andra from 113.59.255.6
May  8 21:26:41 inspiron8600 sshd[29250]: Failed password for invalid user andra from 113.59.255.6 port 36041 ssh2
May  8 21:26:44 inspiron8600 sshd[29254]: Invalid user andrada from 113.59.255.6
May  8 21:26:44 inspiron8600 sshd[29254]: Failed password for invalid user andrada from 113.59.255.6 port 36619 ssh2
May  8 21:26:47 inspiron8600 sshd[29258]: Invalid user andrada from 113.59.255.6
May  8 21:26:47 inspiron8600 sshd[29258]: Failed password for invalid user andrada from 113.59.255.6 port 37245 ssh2
May  8 21:26:51 inspiron8600 sshd[29262]: Invalid user andrea from 113.59.255.6
May  8 21:26:51 inspiron8600 sshd[29262]: Failed password for invalid user andrea from 113.59.255.6 port 45656 ssh2
May  8 21:26:54 inspiron8600 sshd[29266]: Invalid user andrea from 113.59.255.6
May  8 21:26:54 inspiron8600 sshd[29266]: Failed password for invalid user andrea from 113.59.255.6 port 46232 ssh2
May  8 21:26:57 inspiron8600 sshd[29270]: Invalid user andre from 113.59.255.6
May  8 21:26:57 inspiron8600 sshd[29270]: Failed password for invalid user andre from 113.59.255.6 port 46810 ssh2
May  8 21:27:01 inspiron8600 sshd[29274]: Invalid user andre from 113.59.255.6
May  8 21:27:01 inspiron8600 sshd[29274]: Failed password for invalid user andre from 113.59.255.6 port 47404 ssh2
May  8 21:27:04 inspiron8600 sshd[29278]: Invalid user andreea from 113.59.255.6
May  8 21:27:04 inspiron8600 sshd[29278]: Failed password for invalid user andreea from 113.59.255.6 port 48030 ssh2
May  8 21:27:07 inspiron8600 sshd[29282]: Invalid user andreea from 113.59.255.6
May  8 21:27:07 inspiron8600 sshd[29282]: Failed password for invalid user andreea from 113.59.255.6 port 48659 ssh2
May  8 21:27:11 inspiron8600 sshd[29286]: Invalid user andreiana from 113.59.255.6
May  8 21:27:11 inspiron8600 sshd[29286]: Failed password for invalid user andreiana from 113.59.255.6 port 49292 ssh2
May  8 21:27:14 inspiron8600 sshd[29290]: Invalid user andreiana from 113.59.255.6
May  8 21:27:14 inspiron8600 sshd[29290]: Failed password for invalid user andreiana from 113.59.255.6 port 49821 ssh2
May  8 21:27:17 inspiron8600 sshd[29294]: Invalid user andrei from 113.59.255.6
May  8 21:27:17 inspiron8600 sshd[29294]: Failed password for invalid user andrei from 113.59.255.6 port 50449 ssh2
May  8 21:27:21 inspiron8600 sshd[29298]: Invalid user andrei from 113.59.255.6May  8 21:26:41 inspiron8600 sshd[29250]: Invalid user andra from 113.59.255.6May  8 21:26:41 inspiron8600 sshd[29250]: Failed password for invalid user andra from 113.59.255.6 port 36041 ssh2May  8 21:26:44 inspiron8600 sshd[29254]: Invalid user andrada from 113.59.255.6May  8 21:26:44 inspiron8600 sshd[29254]: Failed password for invalid user andrada from 113.59.255.6 port 36619 ssh2May  8 21:26:47 inspiron8600 sshd[29258]: Invalid user andrada from 113.59.255.6May  8 21:26:47 inspiron8600 sshd[29258]: Failed password for invalid user andrada from 113.59.255.6 port 37245 ssh2May  8 21:26:51 inspiron8600 sshd[29262]: Invalid user andrea from 113.59.255.6May  8 21:26:51 inspiron8600 sshd[29262]: Failed password for invalid user andrea from 113.59.255.6 port 45656 ssh2May  8 21:26:54 inspiron8600 sshd[29266]: Invalid user andrea from 113.59.255.6May  8 21:26:54 inspiron8600 sshd[29266]: Failed password for invalid user andrea from 113.59.255.6 port 46232 ssh2May  8 21:26:57 inspiron8600 sshd[29270]: Invalid user andre from 113.59.255.6May  8 21:26:57 inspiron8600 sshd[29270]: Failed password for invalid user andre from 113.59.255.6 port 46810 ssh2May  8 21:27:01 inspiron8600 sshd[29274]: Invalid user andre from 113.59.255.6May  8 21:27:01 inspiron8600 sshd[29274]: Failed password for invalid user andre from 113.59.255.6 port 47404 ssh2May  8 21:27:04 inspiron8600 sshd[29278]: Invalid user andreea from 113.59.255.6May  8 21:27:04 inspiron8600 sshd[29278]: Failed password for invalid user andreea from 113.59.255.6 port 48030 ssh2May  8 21:27:07 inspiron8600 sshd[29282]: Invalid user andreea from 113.59.255.6May  8 21:27:07 inspiron8600 sshd[29282]: Failed password for invalid user andreea from 113.59.255.6 port 48659 ssh2May  8 21:27:11 inspiron8600 sshd[29286]: Invalid user andreiana from 113.59.255.6May  8 21:27:11 inspiron8600 sshd[29286]: Failed password for invalid user andreiana from 113.59.255.6 port 49292 ssh2May  8 21:27:14 inspiron8600 sshd[29290]: Invalid user andreiana from 113.59.255.6May  8 21:27:14 inspiron8600 sshd[29290]: Failed password for invalid user andreiana from 113.59.255.6 port 49821 ssh2May  8 21:27:17 inspiron8600 sshd[29294]: Invalid user andrei from 113.59.255.6May  8 21:27:17 inspiron8600 sshd[29294]: Failed password for invalid user andrei from 113.59.255.6 port 50449 ssh2
<pre>May  8 21:31:19 inspiron8600 sshd[29582]: Failed password for invalid user bianca from 113.59.255.6 port 38423 ssh2
May  8 21:31:22 inspiron8600 sshd[29586]: Invalid user bianca from 113.59.255.6
May  8 21:31:22 inspiron8600 sshd[29586]: Failed password for invalid user bianca from 113.59.255.6 port 39029 ssh2
May  8 21:31:25 inspiron8600 sshd[29590]: Invalid user bibi from 113.59.255.6
May  8 21:31:25 inspiron8600 sshd[29590]: Failed password for invalid user bibi from 113.59.255.6 port 39636 ssh2
May  8 21:31:28 inspiron8600 sshd[29594]: Invalid user bibi from 113.59.255.6
May  8 21:31:28 inspiron8600 sshd[29594]: Failed password for invalid user bibi from 113.59.255.6 port 40256 ssh2
May  8 21:31:32 inspiron8600 sshd[29598]: Invalid user biologie from 113.59.255.6
May  8 21:31:32 inspiron8600 sshd[29598]: Failed password for invalid user biologie from 113.59.255.6 port 40809 ssh2</pre>
May  8 21:31:19 inspiron8600 sshd[29582]: Failed password for invalid user bianca from 113.59.255.6 port 38423 ssh2 May  8 21:31:22 inspiron8600 sshd[29586]: Invalid user bianca from 113.59.255.6 May  8 21:31:22 inspiron8600 sshd[29586]: Failed password for invalid user bianca from 113.59.255.6 port 39029 ssh2 May  8 21:31:25 inspiron8600 sshd[29590]: Invalid user bibi from 113.59.255.6 May  8 21:31:25 inspiron8600 sshd[29590]: Failed password for invalid user bibi from 113.59.255.6 port 39636 ssh2 May  8 21:31:28 inspiron8600 sshd[29594]: Invalid user bibi from 113.59.255.6 May  8 21:31:28 inspiron8600 sshd[29594]: Failed password for invalid user bibi from 113.59.255.6 port 40256 ssh2 May  8 21:31:32 inspiron8600 sshd[29598]: Invalid user biologie from 113.59.255.6 May  8 21:31:32 inspiron8600 sshd[29598]: Failed password for invalid user biologie from 113.59.255.6 port 40809 ssh2</pre>

Inspiron8600 is the Linux box running Slackware 13. Within 5 minutes of being alerted I scrambled into action to lock down the ssh (ok, it was secure, but thought I should batten down the hatches even more).

• Edit /etc/hosts.allow file and only allow designated sshd access on certain IP addresses, i.e. sshd : 192.168.1.0/24
• Edit /etc/hosts.deny file and deny any other access to sshd from the outside, i.e. sshd : ALL
• Edit /etc/sshd/sshd_config and ensure that the following directives are used:
  • AllowUsers user_id – where user_id is the designated ssh user
  • PermitRootLogin no – this will disable root access on the outside. This will only work from the the internal IP address, as specified by /etc/hosts.allow.
• Download DenyHosts which is a simple python script that runs as a daemon and block external IP addresses which has spurious activity of logging ssh attempts and will block those IP addresses. Installation is quite simple:
  • extract the source tarball, latest version as of the time of blog entry is 2.6. Change into that directory where it is extracted.
  • As root, enter python setup.py install. This will install the necessary files to make DenyHosts work into /usr/share/denyhosts.
  • Edit the file /usr/share/denyhosts/denyhosts-cfg.dist and change the directory location where the lock-file will be depending on your installation. Now save that and rename it to /usr/share/denyhosts/denyhosts.cfg.
  • Edit /usr/share/denyhosts/daemon-control.dist and change the directory location where the lock-file will be, usually the same entry as in /usr/share/denyhosts/denyhosts.cfg. Now save that and rename it to /usr/share/denyhosts/daemon-control
  • Finally…
    • chown root daemon-control – to make it owned by root and
    • chmod 700 daemon-control - to make it executable only by root.
    • This can be put into a start-up script when Linux boots up, this will vary depending on the distro, in my case, I put this into /etc/rc.d/rc.local – /usr/share/denyhosts/daemon-control start
    • Run the DenyHosts script – daemon-control start
• Now, restart sshd daemon, via its script, again this will vary from Linux distro to another, in my case, it was /etc/rc.d/rc.sshd restart and hey presto…

No more connection attempts and you know what, DenyHosts is blocking any sshd attempts….and peace and quiet!!!!

Bitlbee

I was introduced to this utility bitlbee while on IRC, this is one heck of an aweseome tool – to put it simply, you can get rid of all your client applications for MSN, Yahoo, ICQ, Gmail, Pidgin, Miranda, Jabber and use your trusty ol’ IRC client, I use irssi, and simply install bitlbee, it can send the messages across those different IM platforms…

It works quite well, actually, it would be preferable to compile it from source and install it on a Linux box, and use irssi to connect up to the localhost, then from there on, instant IM across MSN, ICQ, etc.

The installation from source tarball is a bit confusing as it is not clearly documented, it is preferable to let inetd take care of the bitlbee daemon, you need to create a new user and group and create the appropriate directory residing in /var/lib/bitlbee – Don’t forget to change the ownership of that directory for bitlbee to work properly based on a newly created user and group!

entry in inetd.conf

6667 stream tcp nowait bitlbee /usr/sbin/tcpd /usr/local/sbin/bitlbee

then

chown -R bitlbee:nobody /var/lib/bitlbee

Then, using irssi, connect to the local host, and, register your password with bitlbee, then add your MSN/GMail/Jabber/ICQ/Yahoo accounts and irssi will remember them (don’t forget to /save it!)

Away you go then, bitlbee will take care of the negotiation protocols with those IM platforms and to message your buddy, do /msg buddy howdy there, which will create a new channel to do IM chat!

You can check if your buddies are online by issuing blist.

The only confusion arises is a lot of irssi commands are prefixed with a slash, for bitlbee commands, there’s no slashes…remember that and you’ll be fine…

Happy IM’ing with bitlbee…

Retty

This Linux utility whups ass! A bit of explaining – I was putty’ing into my remote Linux box and had an irssi (by the way – an uber-geek irc client), but accidentally terminated my putty session, re-logged in, and couldn’t get back into irssi, despite in not using the screen command, I stumbled across this utility called retty (re-attach tty) which works and does the job!

What I could not understand was why was it not bundled with distro’s such as my Slackware distro…oh well…I hope to give the creators of this program a bit of coverage..download it and be amazed…

Simple Putty title changer

Right, as I am an avid fan of Putty (the secure shell application), I often run into this situation where the title of the putty session is used (usually an IP address) and if there’s a few of them running then confusion is bound to happen as the title of the window is the same…

Read more »

Having fun with subnets

I am a proud owner of a spanking Linux box, running Slackware 13.0, with kernel 2.6.33.2. And boy, what fun I had in setting up my own super Linux router with NAT/Masquerading in place, FTP server, Web server (incorporating Apache/PHP/MySQL stack), DHCP server…to be done is an email server using Postfix and IDS (intrusion detection system) using Snort…

Now, as this topic is about subnets, here’s a useful bit of information that I have learnt about this subnetting….

Read more »

Linux Rocks…

Quite literally it does rock indeed, the cradle that is…using only 4 lines of shell script, a linux geek actually managed to make his baby rocker rock with a piece of string and a linux box (of course indeed!)…that entry made me smile at such ingenuity…check out the youtube video on that site to see how it works visit this link (labnol.org) or more details. Incidentally, it is Ubuntu distro that is used. One word to describe this… AWESOME!!!

Unix Cheat sheets…

There’s an interesting section of cheat sheets on this blog by Scott Klarr. Handy if you want a quick brush up or recap! Cheers Scott!

Also, check out another site listing the top 10 Best Cheat Sheets for Linux/Unix here.

Unix Hater’s Guide

I stumbled across this link and downloaded the PDF of the above title. Very enjoyable and still have not finished it, it makes me love Unix even more…

http://web.mit.edu/~simsong/www/ugh.pdf