Monday, December 31, 2007

How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh

FTP is insecure protocol, but file-transfer is required all time. You can use OpenSSH Server to transfer file using SCP and SFTP (secure ftp) without setting up an FTP server. However, this feature also grants ssh shell access to a user. Basically OpenSSH requires a valid shell. In this article series we will help you provide secure restricted file-transfer services to your users without resorting to FTP. It also covers chroot jail setup instructions to lock down users to their own home directories (allow users to transfer files but not browse the entire Linux / UNIX file system of the server) as well as per user configurations.
http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html

FTP is insecure protocol, but file-transfer is required all time. You can use OpenSSH Server to transfer file using SCP and SFTP (secure ftp) without setting up an FTP server. However, this feature also grants ssh shell access to a user. Basically OpenSSH requires a valid shell. Here is how sftp works:

SCP/SFTP -> SSHD -> Call sftpd subsystem -> Requires a shell -> User can login to server and run other commands.

In this article series we will help you provide secure restricted file-transfer services to your users without resorting to FTP. It also covers chroot jail setup instructions to lock down users to their own home directories (allow users to transfer files but not browse the entire Linux / UNIX file system of the server) as well as per user configurations.

rssh ~ a restricted shell

rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.

Supported operations using rssh

Restricted shell only allows following operations only:

  • scp - Secure file copy
  • sftp - Secure FTP
  • cvs - Concurrent Versions System ~ you can easily retrieve old versions to see exactly which change caused the bug
  • rsync - Backup and sync file system
  • rdist - Backup / RDist program maintains identical copies of files on multiple hosts.

Install rssh

CentOS / Fedora / RHEL Linux rssh installation

Visit Dag’s repo to grab rssh package
# cd /tmp
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# rpm -ivh rssh-2.3.2-1.2.el5.rf.i386.rpm

Debian / Ubuntu Linux rssh installation

Use apt-get command:
$ sudo apt-get install rssh

FreeBSD installation

# cd /usr/ports/shells/rssh
# make install clean

Make sure you build binary with rsync support.

rssh configuration file

  • Default configuration file is located at /etc/rssh.conf (FreeBSD - /usr/local/etc/rssh.conf)
  • Default rssh binary location /usr/bin/rssh (FreeBSD - /usr/local/bin/rssh)
  • Default port none - ( openssh 22 port used - rssh is shell with security features)

Continue reading rest of the rssh a restricted shell series.

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or full RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in...

Thursday, December 27, 2007

GRUB Splash Image HowTo

http://forums.fedoraforum.org/showthread.php?t=1243
http://ruslug.rutgers.edu/~mcgrof/grub-images/
http://gentoo-wiki.com/HOWTO_Splash_image_in_GRUB

Instructions

Requirements for GRUB splashimages:

1. xpm.gz file type
2. 640x480
3. 14 colors only

If you already have your image:

1. Gzip your xpm file and put it into your /boot/grub directory (as root)
Code:
# gzip myfile.xpm

2. Edit your grub.conf file
Code:
# nano /boot/grub/grub.conf

and add this line:
splashimage=(hd0,0)/GRUB/myfile.xpm.gz
NOTE Change the partition and directory according to your system's setup.
3. reboot

How to convert an image to only 14 colors
To get the GIMP to use only a 14 color palette, right click on your file and press ALT+I and put 14 where it says "Generate Optimal Palette:" on the top of the menu. If ALT+I doesn't get you there then right click on the image and go to:

Image-->Mode-->Indexed

Specify you want 14 colors and then if you want (*recommended*) select NO DITHERING. This will tell the gimp not to try to guess colors in between areas.

It does not have to be filename.xpm.gz only, but, compressed files load quicker that uncompressed files.

You can also change the foreground and background color of the menu, like this:
Just put something like the following in your menu.lst file:
foreground = ffffff (for text color)
background = 000000 (for background color)

Colors:
ffffff = white
000000 = black
333333 = cyan dark
666666 = cyan light

View images of currently available splashimages

Download working publically available GRUB splash images

------------------------------------------
The complete GRUB Splash Image Howto is here

Good Luck !!!
___________________________
Greetings
gonzalo


===================

Introduction

The splash image is the image shown in the background when GRUB is displaying the list of operating systems you can boot. All you need to customize it is the GIMP or Imagemagick. You will need to make sure your GRUB supports the splashimage command. I took image from gentoo.org and cut a little for the GRUB background.

Creating image (GIMP)

1. Start the GIMP.
2. Click on File » New or type Ctrl+n
3. In the new image dialog, change Width to 640 pixels and Height to 480 pixels (the image should be of size 640x480 pixels). Now click OK.
4. Create the image which you would like to be the splash image. It's quite fun to experiment with the various tools of the GIMP!
5. After you have finished creating the image, hit Alt+i or right click on the image and click on Image » Mode » Indexed.
6. In the Indexed Color Conversion dialog that appears, click on the radio button Generate optimal Palette and in # of colors enter 14. Click OK (the image should be of only 14 colors).
7. Now right-click on the image and click on File » Save As.... Save the file as ImageName.xpm in a directory of your choice. If you can't create ImageName.xpm you can save it as ImageName.png and then convert it with convert ImageName.png ImageName.xpm (convert is a part of imagemagick).
8. Open a terminal, change directory to where the ImageName.xpm was saved, then compress it using GNU-zip: gzip ImageName.xpm

But be careful if you create you work with GIMP under Windows. It will use the standard Windows newline CR+LF. Nethertheless it seems as if GRUB can only cope with plain LF newlines. You have to convert the lineformat manually.

Creating image (Imagemagick)

You can also pick an image (any type supported by ImageMagick) and execute:

convert picture.jpg -resize 640x480! -colors 14 -depth 8 ImageName.xpm.gz

Installing the Image

Make sure you are root, then run the following in the terminal:

# mount /boot
# mv ImageName.xpm.gz /boot/grub/


In the /boot/grub/grub.conf you have to point splashimage to newly created image i.e.:
File: /boot/grub/grub.conf

# Splash Image
splashimage=(hd0,0)/grub/ImageName.xpm.gz

If your boot splash did not change,then try the following:

# cp ImageName.xpm.gz /boot/grub/splash.xpm.gz

That's it! When you reboot, you will find your image in the background, with the menu of operating systems etc. in the foreground.
Changing text colors

If you do not like the look of the default text settings (white text with black shadow and highlighting) or it turns out to be hard to read with your splashimage even though the color command wont work, there is a way to modify these. Use the command foreground to edit the text and border color background will do for the shadows and highlighted background of the selected item.
File: /boot/grub/grub.conf

# Set text color to RRGGBB
foreground RRGGBB

# Set shadows and selected highlight to RRGGBB
background RRGGBB

RRGGBB must be a HEX-Colorcode, i.e. numbers 0-9 and letters A-F, each group of two representing a color. You can either try it out (R means red, G means green, B means blue, so the range from 00 to FF allows you to address a range of 0 to 255 for each color that will then be combined with those of the others to make up the color you chose) or (more conveniently ;-) copy the 6-digit code that e.g. the KDE or GIMP color choosers provide.
Credits

* Some splash images
* Some more splash images
* Even more splash images
* ImageMagick Tricks book

Wednesday, December 26, 2007

Module snd-via82xx

PCM Device VIA 8237

http://ubuntuforums.org/archive/index.php/t-1994.html

This is in my /etc/modprobe.conf
alias eth0 via-rhine
alias scsi_hostadapter libata
alias scsi_hostadapter1 sata_via
alias scsi_hostadapter2 pata_via
alias snd-card-0 snd-via82xx
options snd-card-0 index=0
options snd-via82xx index=0


========== Then do ==============
This seems to solve the problem and load always the module:
=========================================
If there is anyone still alive who has this problem, one solution is to insert the line

options snd-via82xx dxs_support=3

in /etc/modprobe.d/alsa-base and just reboot.8)
=========================================

But mplayer was working without sound
http://www.fedoraonline.it/modules/newbb/viewtopic.php?post_id=32086

Se non va ancora...
...se lanci mplayer con una di queste opzioni:
$ mplayer -ao nosound blablabla.avi
o
$ mplayer -ao sdl blablabla.avi
o
$ mplayer -ao alsa blablabla.avi
o
$ mplayer -ao oss blablabla.avi

The last option worked for me and gave sound to mplayer.

==========================
When the sound is working this are the modules that I have:
[root@localhost acardh]# /sbin/lsmod | grep 82
nfnetlink 8281 3 nf_conntrack_ipv4,nf_conntrack_ipv6,nf_conntrack
ip6t_REJECT 8257 2
dm_multipath 18249 0
snd_via82xx 25177 1
gameport 14665 1 snd_via82xx
snd_ac97_codec 92389 1 snd_via82xx
snd_mpu401_uart 10177 1 snd_via82xx
snd_pcm 63685 4 cx88_alsa,snd_via82xx,snd_ac97_codec,snd_pcm_oss
snd_page_alloc 11337 2 snd_via82xx,snd_pcm
snd 43461 12 cx88_alsa,snd_seq_oss,snd_seq,snd_via82xx,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_mpu401_uart,snd_pcm,snd_rawmidi,snd_seq_device,snd_timer
i2c_core 21825 9 dvb_pll,nxt200x,cx88_vp3054_i2c,tuner,nvidia,cx88xx,i2c_algo_bit,tveeprom,i2c_viapro
ehci_hcd 31821 0


[root@localhost acardh]# /sbin/lsmod | grep snd
snd_seq_dummy 6725 0
snd_seq_oss 29889 0
snd_seq_midi_event 9793 1 snd_seq_oss
snd_seq 44849 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_via82xx 25177 1
gameport 14665 1 snd_via82xx
snd_ac97_codec 92389 1 snd_via82xx
snd_pcm_oss 37569 0
snd_mixer_oss 16705 3 snd_pcm_oss
ac97_bus 6081 1 snd_ac97_codec
snd_mpu401_uart 10177 1 snd_via82xx
snd_pcm 63685 4 cx88_alsa,snd_via82xx,snd_ac97_codec,snd_pcm_oss
snd_rawmidi 21185 1 snd_mpu401_uart
snd_seq_device 10061 4 snd_seq_dummy,snd_seq_oss,snd_seq,snd_rawmidi
snd_timer 20549 2 snd_seq,snd_pcm
snd_page_alloc 11337 2 snd_via82xx,snd_pcm
snd 43461 12 cx88_alsa,snd_seq_oss,snd_seq,snd_via82xx,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_mpu401_uart,snd_pcm,snd_rawmidi,snd_seq_device,snd_timer
soundcore 9633 3 snd


==============================
$$$$$$$$$$$$$$$$$$$$$$$
Sound problem correction link
This is what I have in my /etc/modprobe.d/alsa-base
===============================
options snd-via82xx dxs_support=3

#http://www.linuxquestions.org/questions/fedora-35/problem-with-audio-in-fc5-433011/
# ALSA portion
options snd cards_limit=2
alias snd-card-0 snd-via82xx
alias snd-card-1 cx88-alsa
options snd-via82xx index=0
options cx88-alsa index=1
# OSS/Free portion
alias sound-slot-0 snd-via82xx
alias sound-slot-1 cx88-alsa
====================================
This last oprions in /etc/modprobe.d/alsa-base seemed to work in my Fedora 8

And this is the data in my PC (Fedora 8)

Model: Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller

Sound problem: PCM device VIA 8237

=================
Whithout sound:
[acardh@localhost ~]$ /sbin/lsmod | grep snd
snd_via82xx 25177 0
gameport 14665 1 snd_via82xx
snd_ac97_codec 92389 1 snd_via82xx
ac97_bus 6081 1 snd_ac97_codec
snd_seq_dummy 6725 0
snd_seq_oss 29889 0
snd_seq_midi_event 9793 1 snd_seq_oss
snd_seq 44849 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_pcm_oss 37569 0
snd_mixer_oss 16705 1 snd_pcm_oss
snd_pcm 63685 4 snd_via82xx,snd_ac97_codec,cx88_alsa,snd_pcm_oss
snd_timer 20549 2 snd_seq,snd_pcm
snd_mpu401_uart 10177 1 snd_via82xx
snd_page_alloc 11337 2 snd_via82xx,snd_pcm
snd_rawmidi 21185 1 snd_mpu401_uart
snd_seq_device 10061 4 snd_seq_dummy,snd_seq_oss,snd_seq,snd_rawmidi
snd 43461 12 snd_via82xx,snd_ac97_codec,cx88_alsa,snd_seq_oss,snd_seq,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_device
soundcore 9633 1 snd


==============================
With Kaffeine:

Audio output unavailable. Device is busy. ()
*** PULSEAUDIO: Unable to connect: Connection refused


With MPlayer:
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 22050 Hz, 2 ch, s16le, 8.0 kbit/1.13% (ratio: 1000->88200)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)

Could not open/initialize audio device -> no sound.
Audio: no sound

===============================
Whit sound:
[acardh@localhost ~]$ /sbin/lsmod | grep snd
snd_seq_dummy 6725 0
snd_via82xx 25177 2
gameport 14665 1 snd_via82xx
snd_ac97_codec 92389 1 snd_via82xx
ac97_bus 6081 1 snd_ac97_codec
snd_seq_oss 29889 0
snd_seq_midi_event 9793 1 snd_seq_oss
snd_seq 44849 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_pcm_oss 37569 0
snd_mixer_oss 16705 3 snd_pcm_oss
snd_pcm 63685 5 cx88_alsa,snd_via82xx,snd_ac97_codec,snd_pcm_oss
snd_mpu401_uart 10177 1 snd_via82xx
snd_timer 20549 2 snd_seq,snd_pcm
snd_rawmidi 21185 1 snd_mpu401_uart
snd_seq_device 10061 4 snd_seq_dummy,snd_seq_oss,snd_seq,snd_rawmidi
snd_page_alloc 11337 2 snd_via82xx,snd_pcm
snd 43461 13 cx88_alsa,snd_via82xx,snd_ac97_codec,snd_seq_oss,snd_seq,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_mpu401_uart,snd_timer,snd_rawmidi,snd_seq_device
soundcore 9633 3 snd


===============================

Tuesday, December 11, 2007

DynDNS and the ddclient

https://www.dyndns.com/support/clients/unix.html

In the ddclient.conf file I have:
###=============
daemon=300 #300 # check every 300 seconds
syslog=yes # log update msgs to syslog
mail=acardh #mail=root # mail all msgs to root
mail-failure=acardh #root # mail failed update msgs to root
pid=/var/run/ddclient.pid # record PID in file.
#ssl=yes # use ssl-support. Works with
# ssl-library
use=web
protocol=dyndns2
server=members.dyndns.org
login=acardh # default login
password=******** # default password
server=members.dyndns.org, protocol=dyndns2, acardh.homelinux.org
##===============================

My complete ddclient.conf is here (restricted access).

Scaling the video in MPlayer

Example:
mplayer -vf scale=720:576 laverdad18092007.wmv

Livna repostory for Fedora

http://www.my-guides.net/en/content/view/59/26/
http://www.my-guides.net/en/content/view/59/26/1/1/#livna
http://www.my-guides.net/en/content/view/91/26/
http://www.my-guides.net/en/content/view/91/26/1/1/#livna

Livna Repository

In Livna repository you can find additional programs and multimedia codecs. Install it like this:
$ sudo rpm -hiv http://rpm.livna.org/livna-release-7.rpm
$ sudo rpm --import sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-livna

** Note: From now on you should choose only one of the Livna and FreshRPMs repositories for installing additional packages. I prefer the freshrpms repository. You can disable the one you don't want or both of them like that:

$ sudo nano /etc/yum.repos.d/livna.repo
or
$ sudo nano /etc/yum.repos.d/freshrpms.repo

and change "enabled=1" to "enabled=0". For the rest of this guide I will suppose that you have both of them disabled and each time you want to add a package you will enabled the appropriate one.

================///////////////////////////

In a similar way the plugin from Adobe:

Alternativelly you can install the Adobe Fedora Repository and install/update Flash plugin easilly. Open a console and type:

$ sudo rpm -Uvh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm Now you can install flash plugin by typing:

$ sudo yum install flash-plugin
and update it like that:

$ sudo yum update flash-plugin

By default this repository will be enabled. I prefer to disable it and enable it manually each time I want to look if there is an update for Flash Plugin. To odo so type:

$ sudo nano /etc/yum.repos.d/adobe-linux-i386.repo
And change enabled=1 to enabled=0. Now whenever you want to look for an update you can type:

$ sudo yum --enablerepo=adobe-linux-i386 update flash-plugin

=====================/////////////////////////////

In the case of ATRPMS for RHEL/CEntOS/SL follow the instructions provided by http://atrpms.net/ and I recommend to set to 0 the "enabled". Then in order to install a package you can do as root:

yum --enablerepo=atrpms install x