Tag: debian

bookmark_borderDebian on MacBook Pro 2015 with custom kernel 5.9-rc5

Posted on by salahuddin

I was trying to install kernel 5.9-rc5 manually in my mid-2015 MacBook Pro, but the graphics did not work. I could only boot using nomodeset.

It was due to: https://bugs.debian.org/935270

You can download patch from https://salsa.debian.org/kernel-team/linux.git

  • debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
  • debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch

apply patch on your kernel:

patch -p1 < LOCATION/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch

patch -p1 < LOCATION/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch

configure and compile your kernel:

$ make menuconfig
$ make bindeb-pkg

bookmark_borderExim local mail in Debian

Posted on by salahuddin

I was trying to configure Exim in a local KVM host to test mail functionality for the other KVM hosts within the local network. After spending some time I found that there is ‘ignore_target_hosts’ with local addresses by default.

/etc/exim4/exim4.conf.template

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  # ignore private rfc1918 and APIPA addresses                                                                                                                                                                                                
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
                        255.255.255.255
  no_more
.endif

KVM host ‘A’ running main Exim4 mail server where the users are registered. Another local host ‘B’ running an application and generating mails for host ‘A’.

I removed 192.168.0.0/16 from host ‘B’s Exim4 configuration to allow internal mail to host ‘A’.

bookmark_borderExim in Debian

Posted on by salahuddin

I was trying to configure Exim4 in debian for receiving and sending email occasionally.

First I have setup account in dyndns.com for my dynamic public IP.

#dpkg-reconfigure exim4-config
General type of mail configuration:  internet site; mail is sent and received directly using SMTP.
System mail name: yourdomain.com
IP-addresses to listen on for incomming SMTP connections: // leave blank
Other destinations for which mail is accepted: yourdomain.com
Domains to relay mail for: // leave blank
Machines to relay mail for: // leave blank
Keep number of DNS-queries minimal (Dial-on-Demand) ?: No
Delivery method for local mail: Maildir format in home directory

Split configuration into small files ? : No

You can add new account in Evolution mail as “maildir“, sending SMTP localhost. done…..

If you face problem while sending mail, you might be interested to configure SMTP relay:
http://wiki.debian.org/GmailAndExim4

TLS and Authentication

Generate a certificate using:
#bash /usr/share/doc/exim4-base/examples/exim-gencert

It will generate exim.crt and exim.key in /etc/exim4/
You may simply copy certificates if you have bought it earlier.

#cd /etc/exim4
#vi exim4.conf.template

add the following line
MAIN_TLS_ENABLE = yes

before
.ifdef MAIN_TLS_ENABLE

To verify TLS we are installing diagnostic tool:

# apt-get install swaks libnet-ssleay-perl

Test the connection:

$ swaks -a -tls -q HELO -s localhost -au your_user -ap ‘<>’
=== Trying localhost:25…
=== Connected to localhost.
<-  220 debianwb ESMTP Exim 4.76 Thu, 04 Aug 2011 14:22:02 +0600
 -> EHLO debianwb
<-  250-debianwb Hello localhost [127.0.0.1]
<-  250-SIZE 52428800
<-  250-PIPELINING
<-  250-STARTTLS
<-  250 HELP
 -> STARTTLS
<-  220 TLS go ahead
=== TLS started w/ cipher DHE-RSA-AES256-SHA
 ~> EHLO debianwb
<~  250-debianwb Hello localhost [127.0.0.1]
<~  250-SIZE 52428800
<~  250-PIPELINING
<~  250 HELP
 ~> QUIT
<~  221 evie closing connection

We were sending an empty pass while testing swaks.
Now, we will add authentication schema.
For the shell users we are using SASL, which uses PAM for password authentication.

#apt-get install sasl2-bin

To enable:
#vi /etc/default/saslauthd

START=yes

start the deamon
#/etc/init.d/saslauthd start

#vi /etc/exim4/exim4.conf
Un-comment the following line authentication via saslauthd:

plain_saslauthd_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif

Add exim to sasl group

#adduser Debian-exim sasl

Test the connection using your username:
#swaks -a -tls -q AUTH -s localhost -au your_user
Password:

you may need to add

#vi /etc/hosts
127.0.0.1    your_domain

Enableing IMAP access:

#apt-get install courier-imap courier-imap-ssl

Create directories for web-based administration -> No

You may install “File Access Monitor” daemon to check other folders beside Inbox:

# apt-get install fam

 Check this link for details information.

Optionally you can check for X.509 Certificate:

# vi /etc/courier/imapd.cnf

If you do not want to use the default certificate, after edit the imapd.cnf, you may generate using:

# mkimapdcert

If you are behind a router, forward port 25, 143, 706, 993 to your server.

source:
http://blog.edseek.com/~jasonb/articles/exim4_courier/index.html
http://pkg-exim4.alioth.debian.org/README/README.Debian.html
http://library.linode.com/email/exim/send-only-mta-debian-6-squeeze
http://koivi.com/exim4-config/

bookmark_borderBandwidth Control in Linux

Posted on by salahuddin

There are several ways to control / shape / manage bandwidth in Linux.

Simple approach. Install wondershaper:

#apt-get install wondershaper

Configure it using kilobits (change eth1 according to yours):
from manual “wondershaper [ interface ] [ downlink ] [ uplink ]”

#wondershaper eth1 2048 2048

If you want to clear simply run:

#wondershaper clear eth1

We will control the bandwidth using a tool “tc“, which is a part of “iproute” package in Debian.

tc – show / manipulate traffic control settings

Simple, classless Queueing Disciplines:

The Token Bucket Filter (TBF) – Simple and easy, for slowing an interface down. 

qdisc – queuing discipline 
latency – number of bytes that can be queued waiting for tokens to become available.
burst – Size of the bucket, in bytes.
rate – speedknob

#tc qdisc add dev eth1 root tbf rate 220kbit latency 50ms burst 1540

click here for more information on TBF.

Stochastic Fairness Queueing (SFQ) – round robin type, provide each session the chance to send data in turn. It changes its hashing algorithm within an interval.

qdisc – queuing discipline 
perturb – Reconfigure hashing once this many seconds.

#tc qdisc add dev eth1 root sfq perturb 10

click here for more information on SFQ.

To check the status run:

#tc -s -d qdisc show dev eth1

To remove it:

#tc qdisc del dev eth1 root

Classful Queueing Disciplines:

CBQ (Class Based Queueing) – A Classful Queueing
HTB – Another classful Queueing. (we will use it.)

Example classful qdisc



Let assume we want to create some rules for a small office using HTB.
eth0 – external interface – PUBLIC_IP 
eth1 – internal interface – LOCAL_IP 
Email will get the highest priority
General/Other will get the medium priority.
Video streaming will get the lowest priority.

 

Creating root 1: and 1:1 using HTB (default 6 means follow 1:6 if no rule matched)

#tc qdisc add dev eth1 root handle 1: htb default 6
#tc class add dev eth1 parent 1: classid 1:1 htb rate 2mbit ceil 2mbit

Creating leaf class 1:5 (prio represents priority, and 0 means high priority)

#tc class add dev eth1 parent 1:1 classid 1:5 htb rate 1mbit ceil 1.5mbit
#tc filter add dev eth1 protocol ip parent 1:0 prio 0 u32 match ip src YOUR_MAIL_SERVER_IP/32 flowid 1:5
#tc filter add dev eth1 protocol ip parent 1:0 prio 0 u32 match ip sport 22 0xffff flowid 1:5

Creating leaf class 1:6 (It is set as default in root qdisc, so we are not setting any rules)

#tc class add dev eth1 parent 1:1 classid 1:6 htb rate 0.5mbit ceil 1.5mbit

Creating leaf class 1:7 (use /32 for specific IP, /24 for that series. Priority low – prio 5. You can get the IP address using “iptraf” tool)

#tc class add dev eth1 parent 1:1 classid 1:7 htb rate 0.2mbit ceil 1mbit
#tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 match ip src VIDEO_STREAM_IP/32 flowid 1:7

Optionally we can also add discipline with leaf (for an example we are adding SFQ with leaf class 1:5)

#tc qdisc add dev eth1 parent 1:5 handle 20: sfq perturb 10

To remove it:

#tc qdisc del dev eth1 root handle 1: htb


Click here for more information on HTB.

This document is written to describe a basic of bandwidth controlling/shaping for the new users. Please check the details documentation for advance options.

source:
http://lartc.org/howto/index.html
http://www.opalsoft.net/qos/DS.htm
http://blog.edseek.com/~jasonb/articles/traffic_shaping/index.html
HTB user guide:
http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
Filter:
http://lartc.org/howto/lartc.qdisc.filters.html
http://linux-ip.net/articles/Traffic-Control-HOWTO/index.html

bookmark_borderEncrypted folder in Linux

Posted on by salahuddin

We are using EncFS. It provides an encrypted filesystem in user-space.

You may need to load fuse module:

#modprobe fuse

Install encfs:

#apt-get install encfs

Optionally you may install (EncFS system tray applet for GNOME):

#apt-get install cryptkeeper

encfs [options] rootDir mountPoint
Here I am creating a root folder name encrypt for storing encrypted files.
Also creating a mount point folder named decrypt, which we will use to read/write files.

$encfs ~/.encrypt ~/decrypt

It will ask permission for creating the directory – type y here.
Now, it will ask for expert or pre-configured mode – use pre-configured – type p here.

It will ask for a password. Use a secure password here.

done! now you can use decrypt folder as an encrypted folder.

The actual data will be stored under .encrypt folder, and will be available via decrypt folder after mounting via encfs.

You may unmount it using:

$fusermount -u ~/decrypt

source:
http://www.debian-administration.org/articles/204
http://ubuntuforums.org/showthread.php?t=148600

bookmark_borderEncrypted partition in Linux

Posted on by salahuddin

To create encrypted disks we are using cryptsetup

#apt-get install cryptsetup

Backup your data and optionally clean it:

#shred -n1 -v /dev/sdaX

Initializes a LUKS partition (warning!):

#cryptsetup luksFormat /dev/sdaX

 Type “YES”. It will ask for a password for filesystem. Use a secure password, otherwise encryption wont help you.
There is other options for securing. Check the cryptsetup manual for details.

Open and sets up a mapping for LUKS partition:

#cryptsetup luksOpen /dev/sdaX your_map_name

Format the LUKS partition using the mapping:

#mkfs.ext3 /dev/mapper/your_map_name

Now you can mount it:

#mount /dev/mapper/your_map_name /mnt/your_mount_name

Optionally you can umount and (removes mapping) lock the LUKS again:

#umount  /mnt/your_mount_name
#cryptsetup luksClose your_map_name

I have tested this in Debian 6.0.0.
You may need to load module (optionally you may add in /etc/modules):

modprobe dm_mod

Edit /etc/crypttab

# <target name=””>  <source device=””>         <key file=””>      <options>
your_map_name            /dev/sdaX               none            luks

Edit /etc/fstab

# <file system=””> <mount point=””>nbsp;  <type>   <options>       <dump>   <pass>

/dev/mapper/your_map_name      /mnt/your_mount_name  ext3    user,auto       0       0

You can reboot. It will ask for the password while booting.

source:
http://www.debian-administration.org/article/Encrypting_an_existing_Debian_lenny_installation
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3683011/Protect-Your-Stuff-With-Encrypted-Linux-Partitions.htm
http://www.linuxconfig.org/Partition_Encryption

bookmark_borderDebian Kiosk

Posted on by salahuddin

I have configured a kiosk using Debian GNU/Linux with blackbox window manager.

The challenges:
1. Touchscreen configuration.
2. Autometic login and start X server.
3. Start desired application for kiosk.
4. A boot splash for booting and shutdown.
 
1. Touchscreen configuration:
First, setup touchscreen driver and configure it according to your device specification.
I was using eGalax driver, which I have downloaded from
source: http://home.eeti.com.tw/web20/eg/drivers.htm

2. Automatic login:
Edit /etc/inittab and comment the following line:

#1:2345:respawn:/sbin/getty 38400 tty1

add the following line below:

1:2345:respawn:/bin/login -f USER_LOGIN tty1 /dev/tty1 2>&1 

Edit .bash_profile (create if require) and add the following line at bottom:

startx

source: http://www.debianadmin.com/how-to-auto-login-and-startx-without-a-display-manager-in-debian.html

Blackbox window manager:
Edit ~/.xinitrc (or ~/.Xsession), create if require, and add the following line:

exec blackbox

3. Autostart application:
To autostart iceweasel/firefox:
Again edit ~/.xinitrc (or ~/.Xsession) and add the following line:

firefox &
exec blackbox

source: http://blackboxwm.sourceforge.net/BlackboxFAQ/StartupAndShutdown

Install iceweasel/firefox plugin “R-kiosk” from https://addons.mozilla.org/en-US/firefox/addon/1659

3. Bootsplash:
Install a bootsplash

apt-get install splashy

Create your own bootsplash and set it

# splashy_config -c

To enable splashy, you may need to edit grub.config and add the following after “kernel…ro quiet”

vga=791 splash

source: http://splashy.alioth.debian.org/wiki/faq

Tips and tricks:
“X: user not authorized to run the X server”
You can allow the user to use run startx by:

#dpkg-reconfigure x11-common

or edit  /etc/X11/Xwrapper.config

allowed_users=anybody 

“Auto login problem”
 If you have setup GDM (XDM) earlier, then you need to disable it for automatic log in

#update-rc.d -f gdm remove

If you want to enable it simply run (experiment purpose):

#update-rc.d -f gdm defaults

source: http://www.debianadmin.com/howto-boot-debian-in-text-mode-instead-of-graphical-mode-gui.html

Kiosk performance tuning:
Install the CPU frequency related tools and configure it.
details: http://wiki.debian.org/HowTo/CpuFrequencyScaling

resources:
http://www.debianadmin.com/debirf-build-a-kernel-and-initrd-to-run-debian-from-ram.html
http://cmrg.fifthhorseman.net/wiki/debirf

bookmark_borderBackup Evolution mails

Posted on by salahuddin

Yesterday I backup my Evloution mails from my office hdd to home hdd.

Shutdown evolution and gconftool-2:

$evolution --force-shutdown
$gconftool-2 --shutdown

You need to backup this directory.

~/.evolution/
~/.gconf/apps/evolution/
~/.gnome2_private/Evolution

Create a tar.gz

$tar -cvzf evolution-backup.tar.gz .evolution .gconf/apps/evolution .gnome2_private/Evolution

To restore, use:

$gconftool-2 --shutdown
$evolution --force-shutdown
$tar xzf evolution-backup.tar.gz
$gconftool-2 --unload evolution_setting.xml
$gconftool-2 --load evolution_setting.xml

src: http://ubuntu.wordpress.com/

bookmark_borderBangla/Bengali In Debian Etch

Posted on by salahuddin

Install this package.

#apt-get install ttf-bengali-fonts ttf-indic-fonts

you may need to restart your Xserver to view bangla/bengali.

System–>Preferences–>Keyboard

Click Add

Layout Option—>Group Shift/Lock behaviour (or use whatever you like)

Now I can switch to Bangla/English by pressing two ALt key together.
(Use any option here that you like)

bookmark_borderXen Installation in debian etch

Posted on by salahuddin

Install Xen first

#apt-get update
#apt-get install xen-hypervisor-3.0.3-1-i386  xen-utils-3.0.3-1
#apt-get install linux-image-2.6.18-4-xen-686


give the version no according to you deb repository.

edit /etc/xen/xend-config.sxp
------------------------------
uncomment this two line

(network-script network-bridge)
(vif-script vif-bridge)



Install tools for xen

#apt-get install bridge-utils iproute sysfsutils libc6-xen xen-tools


Create a directory

#mkdir /home/xen


edit /etc/xen-tools/xen-tools.conf

here is my sample config file (Here I am showing only uncomment part)

dir = /home/xen
debootstrap = 1
#  Disk and Sizing options.
##
#
size   = 1Gb      # Disk image size.
memory = 128Mb    # Memory size
swap   = 128Mb    # Swap size
# noswap = 1      # Don't use swap at all for the new system.
fs     = ext3     # use the EXT3 filesystem for the disk image.
dist   = etch     # Default distribution to install.
image  = full     # Specify sparse vs. full disk images.

##
# Networking setup values.
##

#
# Uncomment and adjust these network settings if you wish to give your
# new instances static IP addresses.
#
gateway   = 192.168.7.1
netmask   = 255.255.255.0
#
# Uncomment this if you wish the images to use DHCP
#
# dhcp = 1

# Uncomment the following line if you wish to interactively setup
# a new root password for images.
#
passwd = 1

# Default kernel and ramdisk to use for the virtual servers
#
kernel = /boot/vmlinuz-2.6.18-4-xen-686
initrd = /boot/initrd.img-2.6.18-4-xen-686

# The default mirror for debootstrap which can be used to install
# Debian Sid, Sarge, and Etch.
#
mirror = http://ftp.debian.org/debian/



To create an image (here I am showing with debootstraping)

#xen-create-image --hostname=test --ip=192.168.7.90 --passwd


it will ask for the root passwd after finish the debootstrap.


edit /etc/xen/test.cfg

check the kernel version is correct for your system

kernel = '/boot/vmlinuz-2.6.18-4-xen-686'
ramdisk = '/boot/initrd.img-2.6.18-4-xen-686'


xen-tools generate the disk sda for me. Later I change it to hda


root    = '/dev/hda1 ro'
disk    = [ 'file:/home/xen/domains/test/disk.img,hda1,w', 'file:/home/xen/domains/test/swap.img,hda2,w' ]



check you ip

if  = [ 'ip=192.168.7.90' ]






To start the vm

#xm create test.cfg -c


it will start to boot (simple output)
-------------------------------------

checking file systems...fsck 1.40-WIP (14-Nov-2006)
done.
Setting kernel variables...done.
Mounting local filesystems...done.
Activating swapfile swap...done.
Setting up networking....
Configuring network interfaces...done.
INIT: Entering runlevel: 2
Starting system log daemon: syslogd.
Starting kernel log daemon: klogd.
* Not starting internet superserver: no services enabled.
Starting OpenBSD Secure Shell server: sshdNET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
.
Starting periodic command scheduler: crond.

Debian GNU/Linux 4.0 test tty1

test login:


or use

#xenman

file-->open Domain File
and select the /etc/xen/test.cfg





Here is the nmap output for ip 192.168.7.90

Interesting ports on test (192.168.7.90):
Not shown: 1696 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:16:3E:1F:8F:58 (Xensource)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17.9 (X86)
Uptime: 198.839 days (since Tue Oct 31 15:09:34 2006)
Network Distance: 1 hop




Now I can ssh to my 192.168.7.90


#debian:/home/salahuddin# ssh root@192.168.7.90
root@192.168.7.90's password:
Last login: Fri May 18 05:50:41 2007
Linux test 2.6.18-4-xen-686 #1 SMP Mon Mar 26 21:49:04 UTC 2007 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
test:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:15:BC:3F
      inet addr:192.168.7.90  Bcast:192.168.7.255  Mask:255.255.255.0
      inet6 addr: fe80::216:3eff:fe15:bc3f/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:92 errors:0 dropped:0 overruns:0 frame:0
      TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:15420 (15.0 KiB)  TX bytes:5239 (5.1 KiB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

test:~#halt

Broadcast message from root@test (ttyp0) (Fri May 18 06:16:58 2007):

The system is going down for system halt NOW!
test:~# Connection to 192.168.7.90 closed by remote host.
Connection to 192.168.7.90 closed.
debian:/home/salahuddin#




Note:
Change your kernel path and disk config according to your system.
First time I tried with image  = sparse in /etc/xen-tools/xen-tools.conf but it did not work for me.
Later I give image  = full.


for more doc:

http://wiki.debian.org/Xen

http://www.debian-administration.org/articles/396
http://www.howtoforge.com/perfect_setup_xen3_debian

https://help.ubuntu.com/community/XenVirtualMachine/XenOnUbuntuEdgy