January 2006 - VirtJunkie

Month: January 2006

Howto: Kernel Building in Debian Sarge (3.1)

Posted on January 25, 2006 by Jon

I’ve tried and tried to build my own custom kernel over the past year or so, usually only to stop in frustration because of some small part of the process not working.

This is all different now.

I found out that using the took make-kpkg makes things way easier. In fact I configured, compiled, and installed kernel 2.6.15 in about 30 minutes including the time that it took me to build it.

Here’s the process that I followed to achieve this:

Get required packages apt-get install libncurses5-dev fakeroot bzip2 kernel-package
Get latest kernel package from Kernel.org. The latest one at the time of this post is linux-2.6.15.tar.bz2.
Decompress the kernel archive (tar -xjvf linux-2.6.15.tar.bz2)
Start the kernel configuration tool (make menuconfig)

I should mention that it was way easier for me to load my existing kernel configuration, which was located at /boot/config-(kernel version here).

make-kpkg clean
fakeroot make-kpkg –initrd –revision=myfirstkernelbuild_v.0.1 kernel_image

This runs make-kpkg as root, while making it so that initrd can load the kernekl. –revision is just the revision of the kernel, and kernel_image is just the name of the kernel that you’re building.

The output of this command is kernel-image-2.6.15_myfirstkernelbuild_v.0.1.deb

Install the kernel (dpkg -i kernel-image-2.6.15_myfirstkernelbuild_v.0.1.deb)
Restart the computer (init 6)

If this process worked the output of uname -r should be 2.6.15.

Let me know if you have any problems.

Later,
Jon Howe

Word Of the Day: Uber

Posted on January 21, 2006 by Jon

I love the word uber, but before today I didn’t know how cool the word really is.

From wikipedia:

The word

Argh

Posted on January 16, 2006 by Jon

This semester is going to be crazy.

I just got done with my first morning class in more than a half of a year and I thought that I was going to die. I didn’t really care about the fact that it was a morning class, it was more about the class itself.

My 9:30 class on Mondays and Wednesdays is Intro to Logic. The class seemed like it would be a good choice (plus it was required for my degree), but I didn’t think that it would be as boring as it was today.

The Prof talked the whole time about things that seemed complely… well, logical to me. In other words, he talked about things that were obvious to me.

I guess that this should make me happy that I have an easy class, but for some reason it leaves me a little scared.

Historically when I get into situations like this, I tend to pay less attention in class and end up with a worse grade than I would if it was a harder class and I had to pay attention.

Oh well, we’ll see what happens.

I have a break from 11:00AM – 1:15PM, so I decided that I’d get some stuff done.

I’m a big fan of IRC, and without my laptop here I have no way to use it. So I found a CGI based IRC client.

I haven’t installed it yet, but I plan to before I leave for lunch.

Later,
Jon Howe

Great Iptables Tool

Posted on January 12, 2006 by Jon

I’ve been messing around with iptables a bit more than usual the past week or so. Through this process, I decided that it wasn’t worth it for me to keep creating / tweaking all of my rules by hand. So.. I found an Excellent (with a capital ‘E’) frontend to iptables.

For me the frontend had to meet some strict requirements.

It must have a curses graphical user interface
It must be easy to use

Something called Jay’s Iptables Fits these requirements perfectly.

You can find all of the details at it’s website.

Check it out!

Later,
Jon Howe

Convert RPM to Deb + News

Posted on January 12, 2006 by Jon

I found a few cool things this morning.

The first being a way to install a rpm file in Debian. You do this using the alien command (apt-get install alien).

To convert a package from an rpm to a deb run the following command:
alias --to-deb

To just install a rpm use the following command:
alias -i

It's that easy.

Also, I was looking at some stories on the front page of Digg, and found a Great New Library for use with Google Maps. It has the features of the one that I was messing around with earlier (I forgot the name of it). It even includes the features that I had to add inot the other library.

Who knows, you might be getting a little tutorial on how to use this library soon.

Later,
Jon Howe

How To Cache Apt Packages On A Network Using Apt-Cacher

Posted on January 10, 2006 by Jon

If you’ve got more than one computer running Debian that packages are downloaded through apt, then apt-cacher should help you a lot.

Apt-cacher is actually a cgi script that is run by apache. Using apt-cacher is very easy, and installing it is even easier.

Step 1: Install apt-cacher.
(Run this on the proxy computer)

apt-get install apt-cacher

Enter the webpage : http://localhost/apt-cacher
to see that the proxy is running.

Step 2: Backup and Convert Clients sources.list.
(Do this on the computers that you want to access the cache.)

cp /etc/apt/sources.list /etc/apt/sources.list.backup

vi /etc/apt/sources.list

Press ‘:’ while in vi.

Enter “%s/http:///http://[Your Proxy IP]/apt-cacher?//g”

This searches through your sources and adds http://[Your Proxy IP]/apt-cacher?/ before every repository.

An example from my sources.list looks like this:

deb http://192.168.3.2/apt-cacher?/www.backports.org/debian/ sarge-backports main

Step 3: Update Clients

apt-get update

Optional Step 4: Import Existing packages into the apt-cacher cache

Copy the desired packages to the proxy directory /var/cache/apt-cacher/import

Run the import script to make it so that apt-cacher can use them.
perl /usr/share/apt-cacher/apt-cacher-import.pl

Step 5: Use apt-get

If the required previous steps completed successfully you should now be able to use apt with it’s connection proxied through your apt-cacher proxy.

Questions / Comments, leave me a comment, and I’ll reply.

Later,
Jon Howe

Okay…

Posted on January 5, 2006 by Jon

I did get something good out of this whole fiasco. When I think of it, this blog being down for a day or so is a small price to pay for the amount of knowledge that I gained relating to setting up apache, mysql, and php… Over and Over Again.

Let me know if there are problems that you see.

I’m pretty sure that mail is all screwed up because I have no mail server, or at least I hope that I don’t (I uninstalled it).

However, that’s something that I’m going to work on next. I’m going to try to find a new mail solution, at least until a stable release of Hula comes out.

I’m a pretty picky customer when it comes to mail servers. I want a mail server that’s got a lot of easy to use documentation, so it might be a while until the jonhoweonline.com mx record is active again…

Some other things that I’ll be working on:

Running my own DNS

Setting up mod-rewrite for apache / drupal. This will make it so that instead of this site saying www.jonhoweonline.com/me/?q=node/1 it will say www.jonhoweonline.com/me/node/1

I am going to be starting an open source Content Management System (CMS) project with (primarily) a couple of my friends, so I’m going to get a cvs server up and running.

I hope to have some turorials out for all of those at some point or another,so stay posted!

Later, and thanks for sticking with me,
Jon Howe

Holy Smokes Batman!!

Posted on January 5, 2006 by Jon

Well that was close.

As you can probably tell, my server’s been down for about a day. A day during which almost all of my time was spent getting this server back up.

I decided to switch from Redhat based Centos 4.1 to Debian Sarge (3.1). The operating system install was extremely easy as well as the *first round* of server app installs.

I have to finish up getting the rest of this site working, but I’ll definitely post more later.

OH, and if you caught the single post that I did on the wordpress install, disregard the whole thing about the database backup script. It works great, and I couldn’t be more happy with it.

More later,
Jon

How to Use the Tor Network for Application Anonymity

Posted on January 2, 2006 by Jon

The Tor Network uses something called Onion Routing. Tor’s functionality is pretty simple. You run a daemon on a computer on your network (the tor client) and it connects to a server inside the tor network. Once your transmitted packets are inside the tor network they are routed through the different servers in a way so that no server knows the complete path that a packet takes. On top of this, all transmission inside the tor network is encrypted in order to prevent Man in the Middle Attacks.

The network is not easily accessed directly though. The easiest way to utilize tor as a functional service for your network is to use something called Privoxy. Privoxy acts as a middleman between tor and the computers on your network.

We’ll talk more about the configuration of these later, but first we need to install them.

I’m going to assume, as usual, that you’re Debian as your distribution.

Note: I had some problems getting tor to install properly with apt. In order to fix this I needed to add the following lines to my /etc/apt/sources.list file:
testing

deb http://ftp.egr.msu.edu/debian/ testing main non-free contrib

deb-src http://ftp.egr.msu.edu/debian testing main non-free contrib

I also added the following lines to my /etc/apt/prefrences file to make it so that apt doesn’t try to get packages from the testing branch all of the time:

Package: *
Pin: release a=testing
Pin-Priority: 999

Stay tuned for a tutorial on how to use the previous process, which is called apt pinning.

Next we install Privoxy and Tor using the following command:
apt-get -t testing tor privoxy

Now add the following line to your /etc/privoxy/config:
forward-socks4a / localhost:9050 .

If you’re installing this on your own computer then you can leave this as it is. Otherwise change the listen-address from 127.0.0.1 to the ip address that the interface that goes to the network uses. This line reads: listen-address 192.168.3.2:8118 in my config file.

Now just start the daemons:
/etc/init.d/tor start
/etc/init.d/privoxy start

All that’s left is configuring your applications to use the proxy. Every app has different methods of using a proxy, and some don’t even have a way to access a proxy. If you’re trying to run something like firefox anonymously, then just go to connection settings and change the Http Proxy and the Https Proxy to the IP address and the port that privoxy is running on. If you want to use something like Aol Instant Messenger you can use tor directly by going into the settings and changing the Socks 4 proxy to the IP address that tor is running on and the port number 9050.

After doing this all connections will be running through the anonymous tor network. If you have any questions feel free to leave me a comment, and I will answer.

Later,
Jon Howe

How to Set up a Complete Transparent Filtering Proxy

Posted on January 1, 2006 by Jon

This tutorial works with squid versions < 2.6

Many companies find proxy servers useful for a number of reasons. For example, if a company has fairly low bandwidth and needs a cheap way to streamline the distribution of frequently accessed content, a proxy server, such as squid will help a lot. Another use of a proxy server in the business world is for what I like to call, “Employee Management”. In other words, this is for companies that want to see what their employees are viewing on the internet. They can also be used by companies that have less than perfect infrastructures and need to have a way to take one connection to the internet and spread it to many computers.

Squid is great for the uses above and for other unmentioned uses, but when combined with a content filter called dansguardian the results are awesome.

Dansguardian is a content filtering proxy that integrates itself with squid. You can find information about Dansguardian here, and here.

These two things combined into something called a Transparent Proxy allow for much greater flexibility for administrators and end users. With a non-transparent proxy everything that accesses the internet needs to have HTTP proxy support, and needs to be configured by hand before it can be used. With transparent proxying the connections to port 80 (http) are automatically redirected from their original path and routed through the proxy. Don’t worry if this sounds confusing, the details aren’t really that important.

Now for the good part: How to install and configure this in Debian.

Do a Base Install of Debian:
This means that when you get into aptitude
just hit ‘q’ and exit out, becuase we’ll be installing everything manually

Install the packages using apt-get: 'apt-get install squid dansguardian vim ssh'

That should take a little while but should download everything that you’ll need.

Now we have to make it so that the proxy works in non-transparent mode.

To do this we have to edit the dansguardian configuration file located at '/etc/dansguardian/dansguardian.conf'.
Navigate to the section labeled ‘Network Settings’ and change ‘filterip’ to the ip address that’s on the network that you’re clients will be listening on.
At the top of the file comment out the word “UNCONFIGURED”
Save and quit the file by typing: wq (if you’re using vi)
Do some final configuration on dansguardian by entering the command 'dpkg-reconfigure dansguardian'

Now we have dansguardian all set. All that’s left is getting squid set up for transparent proxying, entering the iptables rules, and setting it up to all be set up correctly each time that you restart your proxy server.

In the squid configuration file, which is located at '/etc/squid/squid.conf' add and/or edit the following lines to enable transparent proxying.
' httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on '
Do a search in the squid config file for 'http_access deny all' and change it to http_access allow all. This file should be customized more in the future. This configuration tells squid to use no discretion as to who uses the proxy. Setting this up is beyond the scope of this tutorial.

That finishes the configuration of Squid. Now just enter the following commands and you should be set on the firewall rules. Create this file in the directory '/etc/init.d'. We’ll assume that eth0 is the interface going to the internet and eth1 is the interface leading to the client network.

#! /bin/sh

# Set up IP FORWARDing and Masquerading
echo “Setting up forwarding”
iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

#enable transparent proxying
echo “Enabling Transparent Proxying”
iptables -t nat -A PREROUTING -i eth2 -p tcp –dport 80 -j REDIRECT –to-port 8080
The first group of commands tells your system to take all of the packets that are going to the internet (eth0) and move them from the local interface (eth1) through the proxy server and on to the internet.

The second command does the transparent proxying. It listens for connections going to port 80 and redirects them to port 8080 (the dansguardian port) which in turn checks to see if the website is authorized. If it is the request is forwarded to squid, and then to the destination website. The process is pretty much the same, but opposite on the way back to the client.

The files in the script that we created need to be executed for the proxy to work, so what we’ll do is have it run on startup.

Make it executable: 'chmod +x /etc/init.d/local'
Then make it run when the system starts up: ' update-rc.d local defaults 80'

After that whole process you should have a fully functioning transparent content filtering proxy. If you have any comments / corrections / or suggestions feel free to leave a comment and I will answer.

Later,
Jon Howe