Sunday, December 25, 2011

Skydrive - The free MS Office cloud?

Merry Christmas people!!!

As I was searching for an alternative free Office cloud alternative for personal and business use I stumbled on my googling the M$ site "skydrive.live.com"

At first I thought it was only an evaluation but to my astonishment It is not! See the Wiki content... 

Windows Live SkyDrive, initially called Windows Live Folders, is a free-of-charge file hosting service that allows users to upload files to a cloud storage and then access them from a Web browser. It is part of Microsoft's Windows Live range of online services, and uses Windows Live ID to control access to files, allowing users to keep the files private, share them with contacts, or make the files public. Publicly-shared files do not require a Windows Live ID to access.

Any way could this be the upcoming rivalry for google Docs free cloud Office app?

We all know that Excel was their #1 product that has put up a good history and also there is a free beta use of Office 2011 though I did not download it and did not make effort to look how long the free use will be because I want to try only the cloud based application.

So far to my tests on IE8, Opera, Firefox and Chrome there are no problems encountered. Except for being slow because it loads a lot of features.
The free cloud service has a 25GB storage vs Google Docs 1GB Document storage and 10GB for other files. You can increase the Google Docs storage but for a price.

To me as of now the free Excel product is a big YES for me because most of my formula's are for Excel and only a minimum was supported in Google Docs. But I hope soon Google Docs can overcome this problem.
Posted by at No comments:
Labels: ,

Thursday, September 29, 2011

creating ssh keys for your users

User level: newbie

This is how to create ssh keys to all your users with "you" the one creating them in your account.

The reason I created this post is to make it clear that one user can create ssh keys to everyone.

This post was made possible by happy coders blog post SSH public key authentication (a.k.a "passwordless login") and svn+ssh: one ssh account, multiple subversion users.

To start:
create a keypair
$ ssh-keygen -t rsa -C "john@yourcompany.com"

Do not enter a passphrase. Creating a passphrase defeats the goal of a passwordless login if you are not going to use ssh-agent. By default, the keypair would be stored in ~/.ssh/


Upload the public key to the remote machine
$ scp ~/.ssh/id_rsa.pub theuser@theserver.com:~/

Setup the public key on the remote machine
$ ssh theuser@theserver.com
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

The permissions are important, SSH would not read an authorized_keys file that is readable by other users and make sure the ".ssh" folder permission is 700 or it will not work.

If the SSH daemon is configured to allow public key authentication then there is nothing more to do. If not, make sure to do the following:

edit /etc/ssh/sshd_config and set the value shown below
PubkeyAuthentication yes
 AuthorizedKeysFile .ssh/authorized_keys
Posted by at No comments:
Labels: , ,

Monday, August 15, 2011

XCloner Backup for WordPress

Searched for a Wordpress Backup plugin that can backup both database and WordPress files and here's the closest thing I could find that suits our needs...

Installation Phase:
- Download Xcloner Manager and extract
- Then place inside wp-content/plugins
- change owner and permission...
-- chown -R www-data:root xcloner-backup-and-restore
-- chmod -R 771 xcloner-backup-and-restore
- create a directory inside main wordpress directory
ex: mywpblog# mkdir administrator administrator/backups
- change owner...
-- chown -R www-data:root administrator/backups

Configuration Phase:
- Activate Xcloner in Plugins page
- open Xcloner link
- login as admin (both user and passw)
- open settings than set the "Backup Store Path" as...
/var/www/mywpblog/wp-content/plugins/xcloner-backup-and-restore/restore
(or to what path you like)

To Backup! Or not to backup! Let me count the ways! ;p
- open Generate Backup link
- most of the default settings are what you really needed so no need to tweak it more, unless you need other tweaks just do so.
- On "Backup Comments" you may put your comments (do I need to elaborate?)
- click "Continue" to proceed with the backup
- if no error occured let's continue to "View Backups"

Restoring Backup to a different location:
- go into the XCloner 'View Backups' area
- download the backup tar file you wish to restore
- after you have selected your backup click on the 'Clone it' button
- Xcloner will put the php scripts in the ftp (TAR.php & Xcloner.php)
- put the backup tar and the 2 php scripts in the target server
- create a directory for the wordpress extraction on the new server (ex mywpblog)
- open XCloner.php in the browser and fill up the necessary details. Make sure the target for extraction is in the created directory
- This process will extract the data from tar first then dump the database.
- After that the site can now be used.

Problems encountered:
- the images are not extracted properly. Manually extracted the tar file and all is good
Posted by at No comments:
Labels: , ,

Friday, July 15, 2011

Rename eth devices in Ubuntu

Been swapping PC units recently (because of hardware failure) and noticed that it's kinda annoying trying to remember the new eth numbering everytime the hardware changes. Did a little research on how to rename the eth to a better name.

First open the config file using vim (my preferred editor or you may use your own)
# vim  /etc/udev/rules.d/70-persistent-net.rules

Then you should see a sample below
# PCI device 0x10de:0x03ef (forcedeth)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:1d:61:50:1f", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth20"
 I colored the sample text above green to indicate that it is the one that I wish to change. Note that if the old config lines are not to be used anymore feel free to delete them. Don't worry because upon reboot the system should auto-detect them again if the need arises.

Now the new name I like is displayed below...

# PCI device 0x10de:0x03ef (forcedeth)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:1d:61:50:1f", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="OptimusPrime"


Now I changed the /etc/network/interfaces to match the new name above.
auto OptimusPrime
iface OptimusPrime inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1

or if you like dhcp...

auto OptimusPrime
iface OptimusPrime inet dhcp


Reboot and hope it works!!! (just kidding)
Posted by at No comments:
Labels: , ,

Wednesday, July 6, 2011

Adobe Flash not detected in Firefox

I just installed the Firefox 5 tar file from Mozilla and extracted it to /opt directory and everything loaded fine but the Adobe Flash is not seen though it is loading in the other browser.

My OS is a 64 bit Ubuntu Karmic and found out that Firefox did not use the old flash plugin so I did a little research and this is what I found...

The old plugins in my system is found in /usr/lib64/mozilla/plugins/ but the downloaded firefox does not look there instead it looks in the...
/usr/lib/mozilla/plugins/

so I just symlinked the flash plugin from /usr/lib64/mozilla/plugins/ to /usr/lib/mozilla/plugins/ and it just worked!
Posted by at No comments:
Labels: , ,

Tuesday, May 3, 2011

Static IP for OpenVPN Clients

To set your vpn clients to have a static IP uncomment the line from the server config
client-config-dir /etc/openvpn/ccd
then create a directory...
# mkdir /etc/openvpn/ccd
then create a file in the /etc/openvpn/ccd directory with the same name as the created client certificate (ex Juan)
# vim /etc/openvpn/ccd/Juan
Below is a sample content:
ifconfig-push 192.168.1.20 255.255.255.0
Save it and restart your OpenVPN server...
# /etc/init.d/openvpn restart
You can create as many as you like as long the certificate is the same as the config file in ccd directory
Posted by at No comments:
Labels:

Monday, May 2, 2011

OpenVPN Client how to

Generating Client Certificate and Key

Generating certificates and keys for a client is very similar to the process used for generating server certificates. It is assumed that you have already set up the /etc/openvpn/easy-rsa/ directory and updated the /etc/openvpn/easy-rsa/vars file as described above. You should have already setup your Certificate Authority and created a server certificate and keys.

cd /etc/openvpn/easy-rsa/
source ./vars
./pkitool client        

Note: You can change the name of your client certificate like your name Ex: ./pkitool Juan

Then you will need the following files to be placed on the client PC...
  • client.ovpn (config file. extension is conf if using linux)
  • ca.crt
  • client.crt
  • client.key
  • ta.key
client config file contents:
client

dev tap
proto tcp
remote server1 1194
#remote server2 1194
#remote server 3 8080
nobind
persist-key
comp-lzo

ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1 
ns-cert-type server
cipher BF-CBC
verb 3
ping 10
ping-restart 120
# uncomment below if Vista or higher is the client
#route-method exe
#route-delay 2

#uncomment this if you wish to prevent the client to get route info from server
#route-nopull

=== End of file

Extra windows settings:
Edit the registry value below to enable LAN Routing in Vista and higher
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1) 

To start OpenVPN in Windows just load the OpenVPN GUI
Note: make sure the config file extension name is ovpn and all the certificates are inside the config directory

To start OpenVPN in linux just type the ff. below...
# /etc/init.d/openvpn restart
Note: make sure the extension name is conf and all the certificates are inside the OpenVPN directory
Posted by at No comments:
Labels:

Sunday, May 1, 2011

OpenVPN Server on Ubuntu

source: https://help.ubuntu.com/community/OpenVPN

To install the OpenVPN in your Ubuntu machine type this on the console
# aptitude install openvpn bridge-utils

To set the Bridge:
- Edit /etc/network/interfaces

When a Linux server is behind a NAT firewall, the /etc/network/interfaces file commonly looks like 

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo eth0
iface lo inet loopback
# The primary network interface
## This device provides internet access.
iface eth0 inet static
  address 192.168.1.10
  netmask 255.255.255.0
  gateway 192.168.1.1
- Edit this and add a bridge interface so that it look similar to:
## This is the network bridge declaration
## Start these interfaces on boot
auto lo br0
iface lo inet loopback
iface br0 inet static
  address 192.168.1.10
  netmask 255.255.255.0
  gateway 192.168.1.1
  bridge_ports eth0
iface eth0 inet manual
  up ip link set $IFACE up promisc on
  down ip link set $IFACE down promisc off
- Restart networking: 
# sudo /etc/init.d/networking restart

After installation of OpenVPN let's create the Certificates to be used...
Step 1: 
Copy files to the /etc/openvpn/easy-rsa/ directory 
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ 

Step 2: 
Edit /etc/openvpn/easy-rsa/vars 
sudo vi /etc/openvpn/easy-rsa/vars
Change these lines at the bottom so that they reflect your new CA. 
export KEY_COUNTRY="PH"
export KEY_PROVINCE="BC"
export KEY_CITY="Makati"
export KEY_ORG="verzion"
export KEY_EMAIL="me@myhost.mydomain"

Step 3: 
Setup the CA and create the first server certificate. Follow them as is.
cd /etc/openvpn/easy-rsa/
sudo chown -R root:admin .
sudo chmod g+w .
source ./vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../

The Certificate Authority is now setup and the needed keys are in /etc/openvpn/


Configuring the Server

By default all servers specified in *.conf files in the /etc/openvpn/ directory are started on boot. Therefore, all we have to do is creating a new file named server.conf in the /etc/openvpn/ directory.

First, we're going to create a couple of new scripts to be used by the openvpn server. 

sudo vi /etc/openvpn/up.sh

This script should contain the following 
#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ip link set "$DEV" up promisc on mtu "$MTU"
/usr/sbin/brctl addif $BR $DEV

Now, we'll create a "down" script. 

sudo vi /etc/openvpn/down.sh

It should contain the following. 
#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ip link set "$DEV" down

Now, make both scripts executable. 

sudo chmod +x /etc/openvpn/up.sh /etc/openvpn/down.sh

And now on to the server configuration itself...
# vim /etc/openvpn/server.conf

here are the content:
mode server
tls-server

# the local ip addr of the server
local 192.168.11.1
# the port can be changed
port 1194

proto tcp
#proto udp
mssfix 1400

#bridging directive
dev tap0
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"

# the certificates
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
cipher BF-CBC
comp-lzo

# the VPN ip addr
server-bridge 192.168.1.50 255.255.255.0 192.168.0.100 192.168.1.120
# this will make the other VPN client to communicate
client-to-client
# uncomment below if you wish to have static IP on you clients
#client-config-dir /etc/openvpn/ccd
ifconfig-pool-persist ipp.txt

push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway"

keepalive 10 120
# may be changed if more or less users are to connect
# remember to create more VPN tap devices if more users are to connect
max-clients 9
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
verb 3
ping 10
ping restart 120

=== End of file

then to start the OpenVPN server type...
# /etc/init.d/openvpn restart

After setting up the VPN server let's go to the Client VPN
Posted by at No comments:
Labels: ,

Monday, April 25, 2011

Updated my template

Just made a few changes in the design of my Blog UI by using the available templates here in google blogs and also reposted my transparent squid article.

Hope you people liked it! Cheers!!!
Posted by at No comments:

DHCP for transparent Squid


And last but not the least the DHCP server
# aptitude install dhcp3-server
Then to edit the configuration file...
# vim /etc/dhcp3/dhcpd.conf

here are the content:

ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "verZion.com";

option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600; max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local 
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file
log-facility local7;

# gateway on your internal interface
option routers 192.168.1.1;

# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 { 
range 192.168.1.150 192.168.1.250;
}

=== End of file

After placing all the basic setting now let's get it on!!!
# /etc/init.d/dhcp3-server restart
And that's it! All client PC will have their own IP assigned by the server and they should be able use the invisible proxy on your server without any need to configure every PC.
Posted by at No comments:
Labels:

IPTABLES for transparent Squid

In this post I created an iptables script and I name the file as fw.sh 

here's the sample content:
#!/bin/bash
#
#iptables ko... by verzion

# init string
ipt="/sbin/iptables"
SQUID_SERVER="ip_addr of your squid server"
WAN="eth0"
LAN="eth1"
SQUID_PORT="3128"

# how to use:
# $ipt -F
# rather than...
# /sbin/iptables -F

# Flush all config
$ipt -t filter -F
$ipt -t nat -F

# Policy settings
$ipt -P INPUT ACCEPT
$ipt -P FORWARD DROP
$ipt -P OUTPUT DROP

# Enabling IP forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward

# no firewall for LAN
$ipt -A INPUT -i $LAN -p all -j ACCEPT
$ipt -A OUTPUT -o $LAN -p all -j ACCEPT

# Allow SSH. Uncomment if you wish to use SSH
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow ICMP. Zero (0) is for echo-reply. Eight (8) is for echo-request.
$ipt -A INPUT -p icmp --icmp-type 8 -j ACCEPT

# Allow internet connection to this PC.
$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN
$ipt --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
$ipt --append FORWARD --in-interface $LAN -j ACCEPT
$ipt -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

# save settings to iptables (uncomment either of the two lines below to save the firewall settings)
#$ipt -L
#iptables-save
=== End of file

then make the script executable
# chmod a+x fw.sh

then to execute the script
# ./fw,sh

This ends the IPTABLES to forward the port 80 (www) requests to 3128 (squid). Now to automatically set the client PC's to have their own network IP by using DHCP

There is an update for this post. see http://linuxverzion.blogspot.com/2013/09/update-for-my-iptables-for-transparent.html
Cheers!
Posted by at No comments:
Labels:

Transparent SQUID proxy setup

Just got transparent proxy to work in Ubuntu and here's the basic configuration of what I did...

Squid Setup

1. Download and Install The Squid Package.
# aptitude install squid

2. Configure the /etc/squid/squid.conf file.
# vim etc/squid/squid.conf

Here's the contents:
visible_hostname SQDverZion
http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

access_log /var/log/squid/access.log squid
#logformat Squid %>h

# Input here your DNS server
dns_nameservers 8.8.8.8

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# restriction list
#acl GoodSites dstdomain "/etc/squid/allowed-sites.squid"
#acl BadSites dstdomain "/etc/squid/blocked-sites.squid"

# blocking a site
acl facebooksite dstdomain .facebook.com
http_access deny facebooksite

# if you wish the site is not to be cached #
#acl site01 dstdomain google.com
#always_direct allow site01

# globaly allowed sites #
acl yahoosite dstdomain www.yahoo.com

# No Limit users by range #
#acl nolimitusers src 192.168.1.1-192.168.1.20
#http_access allow nolimitusers

# users with restrictions set #
# Below is sample how to use restriction list to users
#acl user01 src 192.168.1.100
#http_access deny user01 BadSites
#http_access allow user01 GoodSites

=== End of Squid.conf file

to start the squid just type:
# /etc/init.d/squid start

other commands that can be used is "stop" and "restart" with the command above.
Also to reconfigure squid without restarting just issue...
# squid -k reconfigure

See the next post regarding IPTABLES to redirect port 80 requests to 3128
Posted by at No comments:
Labels: , ,

Wednesday, March 2, 2011

Virtual Drive from a Folder

Today we are going to tell you about a secret DOS command "subst" which can be used to create a virtual drive in Windows Explorer for any of your desired folder.
For example, if you frequently use a folder "E:\Wallpapers", then you can create a virtual drive in Explorer which will directly go to this folder whenever you double click on it or access it from RUN or Command Prompt. It'll save a lot of time.
Here is how to do it:
Open Command Prompt and provide following command:
subst drive_letter: folder_path
for example, if you want to create a virtual drive letter H: for a folder "E:\Wallpapers", then use following command:
subst H: E:\Wallpapers
 If you want to delete this virtual drive, then provide following command:
subst drive_letter: /D


NOTE:
A. Remember! You can't use existing drive letters for creating virtual drives, e.g. if you have 2 partitions C: and D:, then you can't use them for subst command.
B. You should not use chkdsk, diskcomp, diskcopy, format, label and recover commands on virtual drives created using subst command as these virtual drives are not real and these commands either will not work or can cause problems for the actual drives where the folders reside.

source: Tweaking with Vishal
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)