Ubuntu Tutorials

Big thanks to Aaron over at pthree.org for helping me set up openID for this blog.  If you have an openID account this is now one more site on a growing list that you’ll have easier ID access to. Although it isn’t technically Ubuntu related / specific I do plan on outlining how to setup openID for your blog (WordPress).

In any event, if you don’t yet have an openID, head on over to MyOpenID and register for free.  Or choose from a long list of providers here.

This tutorial will outline how to connect your Linux machine (probably not distro-specific, but this was tested and created using Ubuntu 7.04) to dial-up networking via a Treo 700p Smart Phone. This method uses USB connection and requires a data plan with your service provider. I use Sprint as they have the cheapest unlimited data plan.

In speed tests over the last few days here I have achieved ~350+kbps up and down speeds. This actually beats some residential DSL speeds that I’ve seen. Not bad. Now for the good stuff…

There are two sections of this tutorial. The first is preparing the phone to share connection to the computer. The second is telling the computer how to connect to the phone. Neither are terribly complicated, just make sure you follow the steps carefully.

Step 1 : Configuring the Treo 700p

From what I understand Sprint changed something since the Treo 650 and now require you to pay extra to share a data connection to your computer. We, of course, don’t want to do that so we’ll use a small piece of third party software to help us share this connection. This application, which you’ll need to install to your Treo 700p is called USB Modem.

I should note that this is not free software and is for-pay software, neither are points that I’m thrilled about but when there aren’t any other tools for the job… (anyone want to reverse engineer some Palm code?)

There is a free trial of that application that will run for 14 days or 30 connections. I’d suggest using the trial to initially set this up and if you find that its something you use go ahead and pay the $24.95 for the full version.

In any event, you’ll want to download the USB Modem application and install the .prc file to your Treo 700p. This tutorial will not outline installing or syncing your PDA. This assumes you already have a method of doing that. Remember to install the application to your phone itself and not a memory card.

After installing the USB Modem application navigate to it on your phone, but do not yet ‘Enable Modem Mode’. We’ll do that in a minute.

Step 2 : Configuring the Linux machine

I should note before I dive into this section that the USB Modem archive also includes instructions for setting up Linux, OS X and Windows. If you have trouble you might want to double check those instructions for more details.

On Ubuntu 7.04 (yet untested on other distributions) you need to manually add a kernel module for the Smart Phone syncing to be properly recognized. You can do this manually (not persistent) by using the command:

sudo modprobe visor

If you would like to make this persistent, which is something I have done, you will want to append a line “visor” to the end of your /etc/modules file. This way the kernel will be watching for a Smart Phone / PDA connection. If you don’t make it persistent you’ll, of course, need to do it manually each time you plan on connecting.

In my situation, using Sprint and an EVDO network, my connection does not require any kind of username and password to connect to the data network. This simplifies the steps a bit, but if your provider needs such information it isn’t too much different. Please refer to the USB Modem instructions for where to add your username and password.

The first step (and simplest way I found to connect) is to copy the connection script from the USB Modem archive to your /etc/ppp/peers/ directory. I used this command (assuming you’ve unzipped the archive to your Desktop):

sudo cp ~/Desktop/drivers/linux/ppp-script-evdo-template /etc/ppp/peers/ppp-script-treo

After you have copied the EVDO template file to the location above you should be ready to make your connection. note: I had to close existing connections (eth0, wlan0, etc) for this to work. Can anyone else verify this?

At this point you’ll want to reach over to your Treo 700p and “Enable Modem Mode”. If you’d like to see that the machine is recognizing your phone you could take a look at /var/log/messages.

Now that the phone is set to “Modem Mode” run the following command on the Linux machine:

sudo pppd /dev/ttyACM0 call ppp-script-treo

This will post some output to the screen and tell you whether or not you’re connecting. If you are assigned a remote and local IP plus primary and secondary DNS you’re most likely connected. You should get your prompt back at this point. Try pinging a location to verify your connection.

ping -c3 google.com

If your ping works you’re set. Enjoy your ppp connection over your phone. Internet wherever you have phone service. w00t! If it didn’t work please leave a comment and we’ll see what we can do for you. (chances are differences in providers, EVDO vs EDGE, etc).

I had heard about OpenDNS a while ago but for some reason never looked much into it. A magazine article tonight reminded me about OpenDNS so I thought I’d take a look. Well, I’m happy that I did so far. I thought I would outline a few steps for you to get OpenDNS setup on your machine.

First, what is OpenDNS?

OpenDNS is a better DNS, free to all. OpenDNS uses its distributed network of DNS servers to speed up your Internet experience, increase reliability, improve security and make DNS smarter for users all over the world.

Basically you can stop using your ISPs DNS, which can often be slower or unreliable, and use this instead. Here is how to set it up on an Ubuntu machine. You can see the Ubuntu setup instructions on the OpenDNS site if you’d like more information.

sudo cp /etc/resolv.conf /etc/resolv.conf.auto

sudo gedit /etc/dhcp3/dhclient.conf

Look for the below line, which will be commented, and match this setting.

# append the following line to the document
prepend domain-name-servers 208.67.222.222,208.67.220.220;

Once your entry matches this you will want to save the file and restart networking using a command such as the one below.

sudo ifdown eth0 && sudo ifup eth0

You can then visit this address to verify that you’re using the new OpenDNS service.

http://welcome.opendns.com

I realize that my earlier post was a bit short. There are those days that I try to put out a tutorial (based on my daily goal) and end up not having a lot of time. I apologize for the short post, but I’ve got the rest of the details.

After you’ve installed Firestarter you’ll need to initially run it and configure it. Since Firestarter is a security application it will need to be run as an administrator. After installation run the following:

ALT-F2: gksudo firestarter

You will be prompted for your admin password and then firestarter will begin the initial Firewall Wizard. As this wizard mentions, if you are unsure about any of the settings it is generally safe to assume the defaults.

Step 1: Welcome to Firestarter

Step 2: Select your network device.

Step 3: Do you need to share this device with another machine?

Step 4: You’re ready to start creating rules.

As you can see from this last screenshot the interface is fairly simple. You can see the current status (Active) which can be turned off using the “Stop Firewall” button to the top.

You may need to turn on / off the firewall as you create rules. In some cases your firewall will block needed traffic. In this case you can troubleshoot things by turning off the firewall while you get used to creating rules.

If there have been any events (firewall notifications) you can see those listed in the events tab. This is where you can see if anyone is trying to access your machine, where they are coming from and what port they are trying to connect to. As you watch this you’ll be able to create custom policies.

To create a policy simply select the policy and create in incoming or outgoing network policy. A simple explanation of these are:

incoming: what do you want to allow in to your machine.

outgoing: where do you want to be able to go out of your machine. outgoing policies can be used to filter traffic or websites (ie; parental filters, blocking microsoft.com, etc)

outgoing policies can be set using whitelisting or blacklisting policies. of course, whitelisting is permissive by default and blacklist is restrictive. Try a few things and test out your firewall. Firestarter is very easy to use. It generally takes a minute or two to know where to create your rules, but after that you can lock down your machine to your comfort.

Update: per the comment left by Chris below it should be noted that whitelisting is more restrictive than blacklisting as it only allows the sites included in the whitelist. Blacklisting specifically denies only the sites listed in the blacklist.

Technorati Tags: firestarter, firewall, gnome, ubuntu, usage

Network security is an ever growing need these days. You never know what you’re going to find when you step out into the wild world of the internet. Luckily we’re all using Ubuntu so we’re much more protected than most of the world, but there still is reason to protect our computers and networks.

For those of you that are not behind a hardware router (if you don’t know this might be you) you definitely want to install a firewall for your system. Firewalls can be very simple or very complex, depending on your needs. Now this post will not go into the deepest detail of configuring, maintaining or watching a firewall but I wanted to give some quick suggestions for those of you that might need one.

The simplest desktop firewall that I’ve used on an Ubuntu system is Firestarter. It is very easy to set incoming and outgoing network policies based on port, IP, domain, etc. To install Firestarter you’ll want to do the following:

sudo aptitude install firestarter

Once this is installed you should be able to run the program by running the command firestarter or it should be located in:

Applications > Internet > Firestarter

This program should be fairly straight-forward to configure for your machine. The best policy on an unprotected machine is no-incoming policy. It’s always the safest route to be able to get out but not let anything in. Give it a try. If you run into any trouble leave a comment or check out the Ubuntu Forums for more detail.

Update:  See the second half of this tutorial at Using Firestarter.

Let me tell you, I’m a busy man. I’m always on the go and my trusty laptop is the only thing to keep me company much of the time. Despite being here, there and everywhere I still need access to my files and folders at home. But how can I access my files, securely, from anywhere on the planet? It is simple with SSH.

If you’re not familiar with SSH you’ll definitely want to check it out. SSH stands for Secure SHell and is probably one of the most used programs on the internet with its long list of uses. It is always encrypted, always secure and easy to use. I have long used it on a daily basis and here is how you can do the same.

You should have outgoing SSH access from a default Ubuntu machine. To check that you do try the following to a machine you have ssh access to: (do you have two machines on your network? On the remote machine make sure you’ve install ssh-server and then try):

ssh [user]@[machine]

Now that you know you can ssh you can also try to remotely mount a folder to your local machine. Before you’re able to do this you need to install a package to offer that support.

sudo aptitude install sshfs

sshfs stands for SSH file system. It’s a beauty. As mentioned it allows you to securely mount and access folders over the network or internet all day long. One of the packages that comes along with sshfs is something called fuse. You’ll need to load fuse as a kernel module before you can use it. You would do so using the following:

sudo modprobe fuse

You also might want to have fuse auto-load at boot time with the rest of your modules. You can use the following command to do so:

sudo sh -c "echo 'fuse' >> /etc/modules"

(Note: make sure you are careful to use the >> instead of a single >. >> appends the entry to the file, meaning it is added to the end. A single > simply writes the information to the file and could seriously screw up your system.)
At this point you have all of the tools necessary to mount a remote filesystem or folder on your machine. You just need a few pieces of information.

1. username (do you have access to the remote machine? if so, what username)
2. IP or hostname (what machine are you connecting to? works via name, domain or IP)
3. remote folder (what remote folder address do you want?)
4. local folder to use (where to you want to store the remote contents?)

An example of a command to mount a remote system, including the above peices, would be something like:

sshfs user@hostname:/path/to/folder /local/folder

If this doesn’t return any errors you should be able to then navigate to /local/folder and find your precious files there. When you are done, or you no longer need access to those files (for this session) you can safely “unconnect” using the umount command.

sudo umount /local/folder

Ooh, and one other option that you might find useful is to have this remote folder mounted automagically each time you boot your machine. Wouldn’t that be a nice feature. Well, …ok I’ll tell you.

The /etc/fstab file is a list of the boot-time auto-mounted filesystems or partitions. If you take a look at the file you’ll see your current setup. Normally your /, /swap, etc. You can add a new listing to the same file and have your remote folders automagically mounted via sshfs at each boot. Use something like:

[hostname/IP]:/path/to/folder /local/folder fuse defaults 0 0

Now that you’re more acquainted with SSH and sshfs why don’t you take ‘er for a spin. Enjoy. You might also enjoy my previous post about Network File Systems.

You also might be interested in a post at the Ubuntu Blog on the same topic.

technorati tags:ssh, sshfs, linux, network, mount

Based on some recent requests over at Daniel Robitaille’s blog he outlined a few tips on how to manually keep up to date with Firefox. Now, Ubuntu normally is pretty quick on keeping critical system parts up-to-date but for those of you that want a little more manual control here are some steps.

(I don’t mean to duplicate instructions that he’s already posted–these steps are slightly different, and I want to reach anyone else that isn’t familiar with his blog. I’m basing these closely on my instructions on Installing Flock on Ubuntu. You might want to visit his post to see the differences.)

1. Download Firefox 2.0.0.1 (Save to Desktop)
2. Unpack the archive using: sudo tar -C /opt -xzvf firefox-*.tar.gz
3. Update the symbolic link to the executable: sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox
4. Synchronize any existing plugins (see my previous post on synchronizing plugins between browsers) from the default version: sudo ln -s /usr/lib/mozilla/plugins/* /opt/firefox/plugins/

Upon each new release of Firefox you can just repeat these steps and quickly make sure you’re up to the latest and greatest. Thanks again to Daniel for originally laying out the basics of these instructions.

Remember, if you’re not comfortable on the command line or don’t know exactly what you’re doing you might want to just wait for the official updates. As usual it is generally a better idea to use the central maintained packages as customizing your system too much could cause issues. Make sure you know what you’re in for if you follow these steps.

So I’ve realized that the Google Toolbar will not install on Ubuntu 6.10 “Edgy Eft” with Firefox 2. I did however figure out a fix for it. Thanks to a post on Google Groups “Something’s Broken” and the Ubuntu Forums. Below are instructions for downloading, “fixing” and installing the Google Toolbar on Firefox 2.

1. Download Google Toolbar (Save to disk)
2. Open the archive (double-click or Open With “Archive Manager”)
3. Edit the install.rdf file and change it from:

Linux

to

linux-gnu_x86-gcc3

This is the main reason that it wont compile in the first place. It needs to specify what build and compiler was used to make Firefox 2 and “Linux” just isn’t quite specific enough.

Now that we’ve changed that file we’ll have to do one more little tweak. At this point we’ve changed the contents of the archive so we also need to remove the digital signature that verifies the archive. Even that one little change will cause the archive to not verify on signature check. The next step is to remove the contents of the /META-INF/ folder.

• Delete the three files in the /META-INF/ folder of the archive

At this point you should be able to install the .xpi file and the Google Toolbar will function as expected. Either drag-and-drop the .xpi file into the extensions box or select File > Open File and select your newly edited google-toolbar-linux.xpi file.

Tada!

A new version of the incredible Flock browser is now available. For those that are running it on an ubuntu system you most likely need to manually update.

Download Flock 0.7.6

Unpack latest version (should be on Desktop): sudo tar -C /opt -xzvf flock-*.linux-i686.tar.gz
Enjoy!

If this is your first installation of Flock on Ubuntu visit my previous post with complete steps.

I logged into my local webserver admin panel & found that I had, yet again, been hacked. It looks like the damage was very minimal & I’m back to 100% (as far as I can tell), but this hack came from Turkey again.

For those of you that remember my previous experience with crackers you’ll remember those came from Turkey. I thought I had blacklisted Turkey via iptables using the 85.96.0.0/12 subnet. This recent attack came from 85.98.46.46. I’ve added 85.98.0.0/12 to my firewall.. any other tips on subnets originating from that country?

I’ve decided that two things need to happen.

1) VHCS needs to release a security patch. It’s been months with this hole sitting wide open. I feel like I’m running windows here!

2) I’m going to stop doing anything but personal site hosting & manually do everything by hand. A little more work but more secure.

I’d appreciate any more tips on locking out Turkey via firewall.

UPDATE: I came across http://blacklist.linuxadmin.org after I originally posted this. There is a simple generator there that’ll block a long list of countries by port. Could be a very helpful tool!