SecureCube.com

7Jan/130

Setup Linux NTP daemon

Looking for a reliable NTP daemon to keep your system clock up-to-date. Look no further... OpenNTPD. The following will outline setup of OpenNTPD on Linux.

Download the latest source from OpenNTPD.

Extract and change to the install directory.

tar xzf openntpd-3.9p1.tar.gz
cd openntpd-3.9p1

Create a user and group which the ntp daemon will run and chroot'ed to directory.

groupadd _ntp
useradd -g _ntp -s /sbin/nologin -d /var/empty/ntp -c 'OpenNTP daemon' _ntp
mkdir -p /var/empty/ntp
chown 0 /var/empty/ntp
chgrp 0 /var/empty/ntp
chmod 0755 /var/empty/ntp

Perform standard install from source steps. Read the INSTALL doc for more information.

./configure
make && make install

Next we'll create a init script to start/stop the daemon.

vi /etc/init.d/ntpd
#!/bin/bash

NTPD_CONF=/usr/local/etc/ntpd.conf

if [ ! -f $NTPD_CONF ]
 then
 echo "Could not find $NTPD_CONF"
 exit 1
fi

# -s : Set the time immediately at startup if the
# local clock is off by more than 180 seconds.
PARAMS="-s"

PID=`pidof -o %PPID /usr/local/sbin/ntpd`
case "$1" in
 start)
 echo "Starting OpenNTPD"
 [ -z "$PID" ] && /usr/local/sbin/ntpd $PARAMS
 if [ $? -gt 0 ]; then
 echo "Failed"
 else
 PID=`pidof -o %PPID /usr/local/sbin/ntpd`
 echo $PID >/var/run/openntpd.pid
 echo "Done"
 fi
 ;;
 stop)
 echo "Stopping OpenNTPD"
 [ ! -z "$PID" ] && kill $PID &>/dev/null
 if [ $? -gt 0 ]; then
 echo "Failed"
 else
 echo "Done"
 fi
 ;;
 restart)
 $0 stop
 $0 start
 ;;
 *)
 echo "usage: $0 {start|stop|restart}"
esac
exit 0

Change the init script to allow for execution.

chmod a+x /etc/init.d/ntpd

Next setup the ntpd.conf file to point to servers you want to sync with. You can read the man pages first for syntax.

man ntpd.conf
vi /usr/local/etc/ntpd.conf

You can use this site to find a pool of servers close to you.

Finally we'll start the daemon.

/etc/init.d/ntpd start

You can view the progress of the sync using the following command.

cat /var/log/syslog | grep ntpd

You can see the progression of the clock...

Jan 7 12:02:53 pc-name ntpd[1355]: adjusting local clock by -1.462512s
Jan 7 12:05:36 pc-name ntpd[1355]: adjusting local clock by -1.429211s
Jan 7 12:08:27 pc-name ntpd[2064]: adjusting local clock by -1.362814s
Jan 7 12:12:14 pc-name ntpd[2064]: adjusting local clock by -1.302321s
Jan 7 12:16:37 pc-name ntpd[2064]: adjusting local clock by -1.199679s
Jan 7 12:20:53 pc-name ntpd[2064]: adjusting local clock by -1.119930s
Jan 7 12:24:01 pc-name ntpd[2064]: adjusting local clock by -1.076154s
Jan 7 12:25:53 pc-name ntpd[2064]: adjusting local clock by -1.002400s
Jan 7 12:28:47 pc-name ntpd[2064]: adjusting local clock by -0.946294s
Jan 7 12:31:13 pc-name ntpd[2064]: adjusting local clock by -0.926053s
Jan 7 12:33:22 pc-name ntpd[2064]: adjusting local clock by -0.867900s
Jan 7 12:35:44 pc-name ntpd[2064]: adjusting local clock by -0.819938s
Jan 7 12:37:18 pc-name ntpd[2064]: adjusting local clock by -0.787604s
Jan 7 12:38:56 pc-name ntpd[2064]: adjusting local clock by -0.717054s
Jan 7 12:42:42 pc-name ntpd[2064]: adjusting local clock by -0.653446s
Jan 7 12:45:32 pc-name ntpd[2064]: adjusting local clock by -0.599668s
Jan 7 12:47:44 pc-name ntpd[2064]: adjusting local clock by -0.512153s
Jan 7 12:51:51 pc-name ntpd[2064]: adjusting local clock by -0.472384s
Jan 7 12:54:44 pc-name ntpd[2064]: adjusting local clock by -0.397733s
Jan 7 12:57:25 pc-name ntpd[2064]: adjusting local clock by -0.335255s
Jan 7 13:00:39 pc-name ntpd[2064]: adjusting local clock by -0.275158s
Jan 7 13:03:15 pc-name ntpd[2064]: adjusting local clock by -0.222749s
Jan 7 13:06:49 pc-name ntpd[2064]: adjusting local clock by -0.197332s
Jan 7 13:09:53 pc-name ntpd[2064]: adjusting local clock by -0.175554s

Depending on how far your clock is off you man want to perform a manual update.

rdate -nv tick.usno.navy.mil

Check how far off you clock currently is.

rdate -nv tick.usno.navy.mil

Following are some troubleshooting steps...

Check for ntp connections to ntp sources

netstat -upn

Check your hardware clock isn't jumping around

hwclock --show; hwclock --show; hwclock --show; hwclock --show; hwclock --show

Other things to note is you may not be able to set your clock if your on a VPS server. You'll have to talk to your VPS provider to fix. Also don't use ntpdate in a cron job as this will just force your clock to jump all around where as an ntp daemon will progressivly adjust the clock into accurate time.

Filed under: Linux No Comments
21Nov/120

Linux ntpd Sync with Windows 2008

Debian squeeze comes with ntpĀ 4.2.6p2 which doesn't work with Windows 2008 R2 servers as seen in this bug. To fix this update to a newer version such as 4.2.7p326. Tried running version 4.2.6p5 but was receiving segfaults while running debian 6.0.4 squeeze with kernel 2.6.32-5-amd64.

sudo apt-get remove ntp ntpdate
wget http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.2.7p326.tar.gz
tar xzvf ntp-dev-4.2.7p326.tar.gz
cd ntp-dev-4.2.7p326/
./configure --enable-clockctl
sudo make && make install

You then just need to setup your init script to start ntpd.

26Aug/110

Apache LDAP Authentication

Quick Setup of using LDAP for authentication in Apache with .htaccess

1. Enable ldap module
a2enmod authnz_ldap

2. Enable .htaccess files to be read

vi /etc/apache2/sites-enabled/000-default

Set AllowOverride from 'none' to 'All' for your web directory.

3. Create a .htaccess file within the directory your trying to set passwords on and enter the following into the file.

AuthType Basic
AuthBasicProvider ldap
AuthName "My LDAP Auth"

AuthLDAPURL "ldap://<serverIP>/o=<root>?cn"
Require ldap-group cn=<group_name>, o=<root>

Following is a real world example with secondary LDAP server:

AuthType Basic
AuthBasicProvider ldap
AuthName "My LDAP Auth"

AuthLDAPURL "ldap://192.168.1.10 192.168.1.11/ou=People, o=Facility?cn"
Require ldap-group cn=Administrators, ou=People, o=Facility

That's it. Documentation can be found on the Apache site.

14Jul/110

Replicate using rsync

To replicate local directories

The following will replicate all files and folders in the '/home' folder to '/mnt/backup/' folder recursively.

rsync -avh --delete /home/ /mnt/backup/
To replicate to remote directories

The following will replicate all files and folders in the '/home' folder to the remote server myhost under the username bob to directory '/backup/'. The use of the progress argument will show you the status of the transfer.

rsync --progress -avhe ssh --delete /home/ [email protected]:/backup/

You can of course automate the running of these through crontab.

Tagged as: No Comments
25Jun/110

Firefox and wrong ELF class error

If you running a system that newer than say 8 years your probably running a 64-bit processor. Now weather you're running a 64-bit OS is another story. Well if you're like me, you probably are running a 64-bit OS, linux of course!

Recently I had a little bit of time and wanted to make sure all my systems were up-to-date, starting with their browsers. Currently I am running Debian squeeze which comes with GNU browser Iceweasel and found out there is no recent update. However you can get the latest through Iceweasel's new name... IceCat. Well I didn't feel like using that so I decided to change to Firefox......

23Apr/110

Printing to PDF from Adobe

To print a PDF from Adobe Reader (acroread) you will need to install the following:

sudo apt-get install cups-pdf

Along with:

sudo apt-get install cups-bsd

Without the 'cups-bsd' you will receive the following error while trying to print:

The print process returned error. Please check whether the printer is connected to the machine

After you have the above installed you should see a new printer named 'PDF'. You can now print to PDF from within Adobe Reader.

12Feb/110

Colorize output

With some regex magic and perl we can colorize the output in console:

tail -f filename | perl -pe 's/keyword/\e[1;31;43m$&\e[0m/g'
9Jan/110

Resize Images

The ability to resize images is an essential tool when working with the web. Here are some tools for Linux and Microsoft OS's.

Image Resizer from Microsoft PowerToys is your best bet when looking to resize images in a Windows environment.

When looking for a utility in Linux there are a slew of options. Ones I have found are from within ImageMagick:

sudo apt-get install imagemagick

Once you have this you can use one of many tools, but I find I use mogrify more often:

mogrify -resize 640 *.png

This will resize and overwrite all png images in the current directory to a scaled with of 640px. If you don't want the images to be overwritten you can use the equivalent command convert.

Filed under: Linux, Microsoft No Comments
17Oct/100

List Samba Users

Using pdb we can read the SAM database of samba users. Use the following command to list the users:

$ pdbedit -w -L
Filed under: Linux No Comments
3May/100

How To Fix Offending key in ~/.ssh/known_hosts file

While trying to ssh into a box you may run in to the following error:
Offending key in ~/.ssh/known_hosts:6

This could mean a handful of things. Amongst some of those is a man-in-the-middle attack or, as in my case, the RSA key has changed, such as a new box taking the place of old IP address. To resolve this use the error message to help you in finding the offending line number, which is shown at the end. In this case it's line 6. To remove this line you can use `sed` with the following parameters:

$ sed -i '6d' ~/.ssh/known_hosts
Filed under: Linux No Comments
2Mar/100

ZIP File Corruption using Apache’s example for mod_deflate

Upon using the example show here I ran into an issue with ZIP files being downloaded showing up as corrupt, specifically from IE.

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Don't compress images
SetEnvIfNoCase Request_URI (?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

Line 17 specifically says to use compression however there is no exclusion for ZIP files. We don't want to compress the already compressed file so we need to add this line below line 20:

# Don't compress zip files
SetEnvIfNoCase Request_URI (?:zip)$ no-gzip dont-vary

This will then exclude ZIP file from compression.

Filed under: Linux No Comments
30Jun/090

Change Java version on Debian

Type the following commands to change the default:

sudo update-alternatives --config java

You can also add a new java version if you would like by using the following commands:

sudo update-alternatives --install "/usr/bin/java" "java" "<java_binary_file_path>" 1
sudo update-alternatives --set java <java_binary_file_path>
Filed under: Linux No Comments
17Feb/090

Ignore Errors with dd

Sometimes you want dd to ignore errors while making an image. The following will do just that:

dd if=/dev/hda of=./securecube.iso conv=noerror,sync

You can read the man page on dd here.

Filed under: Linux No Comments
6Sep/050

APT::Force-LoopBreak

Tonight I was installing the latest net-install using the 2.6 kernel from debian I was eventually prompted by:

This is often bad, but if you really want to do it, activate the APT::Force-LoopBreak option.

This was occuring due to the e2fsprogs, which I wasn't using. So to fix the problem you need to do a:

apt-get -u -o=APT::Force-LoopBreak=true upgrade

Filed under: Linux No Comments
26Aug/050

mySQL Old_Password

To set a users password to use the "old password" method the following is the syntax.

SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('newpwd')

Filed under: Linux No Comments
6Jun/050

VNCserver Setup

You've just installed Debian, but your girlfriend wants her monitor back. That's OK, you were planning on running it headless, anyway. But, wouldn't it be nice to check out some of those groovy GUI apps? Don't fret, VNC will let you interact with a desktop environment from just about any platform available.

Install vncserver (as root):

apt-get install vncserver

Choose your desired window size and color depth, then, as an ordinary user, open a terminal and type:

vncserver -geometry 1024x768 -depth 24

This will prompt you to create a password:

You will require a password to access your desktops.

Password:
Verify:

The server will start and tell you where to access it:

New 'X' desktop is foobar:1

Starting applications specified in /etc/X11/Xsession
Log file is /home/chingchang/.vnc/foobar:1.log

Open the VNC viewer on your remote machine, enter the hostname:screen and password (use a hostname or IP that your client machine understands), and your Linux desktop will open in a window! Network speed and processor power will affect performance, but it's amazing how many apps will run fine under VNC. You might not be able to play Frozen Bubble, but you can use productivity applications without any trouble.

To kill the server enter a command similar to this, using the appropriate settings:

vncserver -kill :1

Filed under: Linux No Comments
26Apr/050

Bridging HowTo

Was looking for a good article explaining bridging and a nice howto. Stumbled across this Bridging HowTo. Very good article. Use this when I need to put a quick network sniffer in-between two nodes.

Filed under: Linux No Comments