Ubuntu Tutorials

First off, I’ll get back to the tutorials after this week slows down.  I’m presenting at the Utah Open Source Conference this weekend along with helping organize it and its events.  This on top of my regularly scheduled work-program just doesn’t facilitate the tutorials.  My apologies.

In other news, my presentation at the Utah Open Source Conference will be very specific to Ubuntu and its community.  I would like to gather some stats on the following:

• Estimated number of users
• Estimated number of countries deployed
• Estimated number of translated languages
• Estimated number of LoCo teams (approved and pending)
• Estimated number of total Teams (marketing, loco, documentation, etc)
• A list of the members of the Ubuntu Community Council (and perhaps links to bios, wikis, etc)
• Estimated number of registered or active forum users
• Estimated number of Ubuntu related irc channels and or accounts
•  …that’s all I can think of

My presentation isn’t going to turn into an Ubuntu resume, but I’d like to showcase many of the worldwide successes.  Anyone that is able to offer answers to any of the above I truly appreciate it.  This will really help in wrapping up the last bits of my presentation.

I know this isn’t particularly new, but seeing some news this morning about potentially more Google Apps coming to the Linux Desktop I thought I’d throw this together.

How to install Google Apps on your Ubuntu Desktop.

Currently the list of applications within the Google repository is Google Desktop and Picasa.  We could be seeing some more soon, but we’ll have to wait and see on more details.

Set up the repository

You’ll want to add the following to your sources.list. This can be done graphically via the System > Admin > Software Sources menu, or via manually editing your /etc/apt/sources.list file.

deb http://dl.google.com/linux/deb stable non-free

Once you’ve got that you’ll also need Googles package signing key.  This can also be done via the GUI or the command line.  Try this command to pull down the key file and then we’ll import it to the apt system:

wget -c https://dl-ssl.google.com/linux/linux_signing_key.pub

If you still have the Software Sources window open switch tabs to  Authentication and click Import Key File…   Look for the file you just pulled down (probably in your home folder) and click OK.

Installing Google Desktop

We’re now ready to install the Google Desktop or Picasa tool.  From the command line enter:

sudo aptitude update

sudo aptitude install google-desktop-linux  picasa

You can also install these via your favorite package manager front-end like Synaptic or Adept if you prefer.  Simply search for the package name.

I should mention that just because these are available for Linux does not mean they are now Free Software or Open Source.  They are to be considered non-free so the choice is yours.  If you don’t like the non-free cooties on your system, don’t bother installing this.

Quick Tips

If you do install the Google Desktop there are a few things that you might want to be aware of.

1. ctrl-ctrl will open a desktop search applet allowing you to quick-search the web, your gmail or your desktop.
2. you can set your preferences by right-clicking on the Google Desktop icon in your notification tray.  This allows you to customize what is indexed and what is not.

Notes

More resources for configuring or installing the Google Desktop tools available here.

I thought today I would outline a few tips on network security with tcpwrappers or, as you’re probably more familiar, the hosts.allow and hosts.deny files.  How you can use them?  What applications are compatible? etc.  I know network security is a really broad topic, but this will hopefully be enough to get you going and understand some more basics of securing your machine.

tcpwrappers compatibility

The first thing to remember is that not every network-based application on your machine is compatible with tcpwrappers.  The restrictions on hosts.allow or hosts.deny are only valid if they refer to the tcpwrappers library.  How can you find out if your application is compatible?  Use this command:

ldd /path/to/binary | grep libwrap (general example)

ldd /usr/sbin/sshd | grep libwrap (shows that the sshd refers to libwrap)

ldd /usr/sbin/apache2 | grep libwrap (show that apache does not refer to libwrap)

In the basic example above we see that the sshd (ssh server) is referring to the libwrap.so, so we can tell that any restrictions in hosts.allow and hosts.deny are applicable to that service.  We also see that apache2 does not refer to libwrap.so, so any restrictions outlined there do not apply to apache2 connections. (ie; you could lock down ssh but apache2 is still wide open)

hosts.allow and hosts.deny

These two files, located in your /etc/ folder, allow you to limit or permit connections from specific hosts or ips.  Using these two files you could setup a whitelisting firewall or blacklist.  Remember, as mentioned in the compatibility section, this only applies to the services referring to libwrap.  If you are running services outside of the scope of libwrap.so this may not be the best solution for you in terms of firewalling.

/etc/hosts.allow

ALL: 127.0. [::1] (the 127.0. range is allowed, as well as the localhost ipv6 address)

sshd : 192.168.0.5 (specific IP) 192.168.0. (specific range) EXCEPT 192.168.0.10 (range exceptions)

/etc/hosts.deny

ALL : ALL (denying all services to all hosts)

This example would allow connections from localhost on ipv4 and ipv6 for all services and also explicitly allow ssh connections from the 192.168.0.5 address, the entire 192.168.0. range, but excluding the 192.168.0.10 host.  The hosts.deny then outright denies all services for all hosts.  This is a very basic example but hopefully it gets the idea across.  You could also reverse the contents of the two files in the example above and do blacklisting.  ALL : ALL are allowed with the exceptions of services and ips listed in the hosts.deny.

The syntax of the hosts.allow and hosts.deny files are:

service(s) : ips or hosts

You can comma separate the list of services you want to allow or deny and make a similar list of hosts/ips to allow or deny.  Very simple syntax.

conclusion

The hosts.allow and hosts.deny files are very flexible and allow you to lock down your network in very granular ways.  The limitation of some applications not honoring hosts.allow and hosts.deny is the biggest thing to remember.  Make sure the service you are trying to block refers to libwrap.so before you start writing rules or you may sit and wonder why your rules don’t work, when its really the application itself not being compatible.

Please consider downloading the latest version of folding instead.

After ten days of improvements, minor code fixes and a very thorough audit done by a concerned reader (Thanks Jeff) I am proud to release folding v0.4.1 codename “shanghai”.

This release does not address any major bug fixes. It should contain the same functionality, but the code has been cleaned up and improved.

As usual if you’ve already installed this application there is no need to upgrade. If you have never run the folding client on your machine please consider it. See Stanfords Protein Folding site for more details.

Downloads available below:

Folding v0.4.1 “shanghai” zip

Folding v0.4.1 “shanghai” tar

Folding v0.4.1 “shanghai” bz2

As usual, bugs may be reported in the comments section here or by emailing me directly. Full details on use of the application(s) are contained within the README file.