1.Install mod_perl, and the DBI, MySQL, and Digest (SHA1) Perl modules.

$ apt-get install libapache-dbi-perl libapache2-mod-perl2 libdbd-

2. Copy Redmine.pm to the relevant Perl location.

$ cd /path/to/redmine
$ mkdir -p /usr/lib/perl5/Apache/Authn
$ cp extra/svn/Redmine.pm /usr/lib/perl5/Apache/Authn/

3. Maybe I’m not using Redmine’s projects/members/permissions right, but I had to patch Redmine.pm to get it to function for me. I simplified the SQL statement used to auth a user. There’s no sense of permissions; it’s pretty much a yes/no for authed users.

--- Redmine.pm  2011-11-12 17:33:10.000000000 -0700
+++ Redmine.richardkmiller.pm   2011-11-12 17:37:26.000000000 -0700
@@ -148,16 +148,11 @@
   my ($self, $parms, $arg) = @_;
   $self->{RedmineDSN} = $arg;
   my $query = "SELECT
-                 hashed_password, salt, auth_source_id, permissions
-              FROM members, projects, users, roles, member_roles
+                 hashed_password, salt
+              FROM users
               WHERE
-                projects.id=members.project_id
-                AND member_roles.member_id=members.id
-                AND users.id=members.user_id
-                AND roles.id=member_roles.role_id
-                AND users.status=1
-                AND login=?
-                AND identifier=? ";
+                    users.status=1
+                AND login=?";
   $self->{RedmineQuery} = trim($query);
 }

@@ -336,11 +331,12 @@
   }
   my $query = $cfg->{RedmineQuery};
   my $sth = $dbh->prepare($query);
-  $sth->execute($redmine_user, $project_id);
+  $sth->execute($redmine_user);

   my $ret;
-  while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) {
-
+  while (my ($hashed_password, $salt) = $sth->fetchrow_array) {
+      my $permissions = ":commit_access";
+      my $auth_source_id = 0;
       unless ($auth_source_id) {
                my $method = $r->method;
           my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest);

4. Configure and restart Apache.

<virtualhost *:80>
    ServerName example.com
    DocumentRoot "/var/www/sites/example.com/public"
    RailsEnv production

    PerlLoadModule Apache::Authn::Redmine

    <directory "/var/www/sites/example.com/public">
        AuthType basic
        AuthName "Private Area"
        Require valid-user
        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
        RedmineDSN "DBI:mysql:database=my_database;host=localhost"
        RedmineDbUser my_db_user
        RedmineDbPass my_db_password
    </directory>
</virtualhost>

Also note that, I’m running Ubuntu 11.10 (oneiric), Apache 2.2, MySQL 5.1, and Redmine 1.2.2.

Before most of us start there may be a few things that you’ll need:

10GB connected with free space with your drive
This Linux Mint DISC, from in this article (x86) or maybe here (x64), burnt into a DVD.
About half-hour of time to yourself

Note: There are a variety of ways to make this happen, and since there is no just one correct strategy to dual booting Microsoft windows and Linux, we’re going to take simplest way to help those fresh to Linux, whilst getting the full experience of installing some sort of Linux OS IN THIS HANDSET.

So why don’t we get started–since i am dual-booting Mint together your witout a doubt existing Microsoft windows 8 setting up, the first thing we should do is usually boot in place Windows in addition to create an empty partition with the Mint setting up. The simplest way to make this happen is to help press this Windows + 3rd r key combo and form diskmgmt. msc into your run pack and attack enter, and you could try to find Disk Management from the Start Menu likewise.

When this Disk Managing MMC unit opens in place right simply click your get containing Microsoft windows 8 and select Shrink Volume… on the context food list.

You will probably now ought to enter the quantity of megabytes you wish to shrink this partition by means of, we recommend at least 10GB. Remember there is 1024MB within a gigabyte, so multiply the volume of gigabytes that you’d like your completely new partition for being by 1024.

Now embed your Mint DISC and boot your computer or laptop from this DVD get, this will probably normally call for a pushing of any key for the POST screen–every motherboard takes a different approach but it will eventually normally possibly be F11 or maybe F12.

This DVD really should automatically footwear into it is Live manner, however when you bump an essential and usually are prompted simply want to start the item.

Once booted, you’ll be ready the setting up by double simply clicking on the Mount Linux Mint shortcut within the desktop.

You can certainly click go on until you’re free to the setting up type portion, here you have got to change radio stations button towards something more option.

Upon having clicked within the continue button you might now should pick the place to mount Mint, scroll down soon you see some sort of partition termed “free space”.

Double simply click it to bring up this format food list, here accept each of the defaults except the bracket point, where it is best to enter 1 forward decrease, then press ok.

It’s simple to click within the install at this point button.

A comfortable touch towards installation practice is so it starts asking only a few configuration settings while OS is usually busy the installation of.

You must reboot your computer or laptop when this installation is finished, as you will observe we are now able to easily opt for our OS IN THIS HANDSET at start-up.

Note: Grub picks up our Microsoft windows 8 setting up, the entry in the bottoom, as Microsoft windows Recovery Setting, this will be your Microsoft windows 8 installation along with the display name can potentially be modified by picking out it on the menu in addition to hitting this “e” critical, this is for state-of-the-art users.

Ones default OS IN THIS HANDSET will at this point be Linux Mint, but you have the number of switching here we are at Windows 8 on the Grub footwear menu whenever they want.

Preface

Some of my readers today will be aware of a beautiful operating system that goes by the name of Linux. For those who are not already familiar, here is a brief introduction: Linux is a free open-source alternative to Windows and Macintosh. Based off of Unix, Linus Torvalds laid the framework for the kernel many years ago and then made the source code open to all. He still works on the kernel today, but he’s not alone; millions of programmers around the world work to improve Linux with their free time. They’ve worked hard to bring Linux to maturity, and as of the past couple years, it has reached a mature stage where the average computer user is more than capable of using it. In other words, you no longer need to know how a computer works or how to program in order for Linux to be useful to you.

So why am I bringing up this topic? Quite frankly, there aren’t enough Linux users accessing TechwareLabs, and I believe this needs to change.

Whether it’s because you’ve never heard of Linux, have an interest, or tried it years ago when it was still young and was disappointed, one thing is certain: you’re missing out. I’ll be elaborating further into Linux in future articles, but for now, here is a nice introduction.

What do you mean by open-source?

The source code is freely available on the internet per the GPL license. You are more than welcome to view the code, edit it, and republish a new product (assuming you know a thing or two about programming). The only catch is that you have to release your product under the very same GPL license.

This approach to software truly throws the concept of “proprietary” out the window, and is no doubt confusing to anybody who is business-minded. It’s a foreign concept for many as to why one would develop a product and not claim intellectual property rights. The Linux community, in general (though there are exceptions), does not seek to gain profit. Rather, they put their time into Linux for pride and the occasional “thank you.”

There are companies that sell Linux, though.

This is partially true. They’re still licensed under the GPL, which means they are required to release the source code to the general public. What companies such as Red Hat and Novell are doing is not selling the operating system, but rather they are selling support, primarily for servers. Even so, you can use their products for free. Red Hat Enterprise Linux has fees attached to it, but Red Hat sponsors an open-source community around Fedora, which is the free alternative, developed by programmers in their spare time. Similarly for Novell SUSE Linux Enterprise, there is a free alternative in openSUSE.

Windows works fine. Why should I use something else?

Here, we get to the heart of the matter. Why switch, you ask? What’s the point? Simply put, Linux is faster, more stable and above all, easier to use. The speed is due to higher efficiency in storing/retrieving information. The issue of stability isn’t even questioned by [knowledgeable] die-hard Windows fans. Ultimately, the most controversial claim I’ve made is that it’s easier to use.

This is where the argument rages on within the desktop market. There are many long-time Windows users who try Linux, and are scared off, upon which they claim that Linux is hard to use. The fact is, Linux is different, but I would argue that this is a good thing. There is definitely a learning curve, as there always is when you try something new, but the more you just play around with Linux, the more you’ll find it is simply better.

How is it better? What makes it easier?

Everything is better organized. For starters, you know that little program on Windows, Add/Remove Programs? Raise your hand if you’ve ever actually “added” a program using it.

I see a few hands from people who have via a NT system or something similar, but other than that, it is unlikely you’ve used Add/Remove for anything other than “remove” (though Vista does allow for the user to download programs directly from Microsoft, a feature suspiciously appearing long after Linux started doing the exact same thing). In Linux, this little program is called the “package manager”, and this is where you both add AND remove your programs. Everything that’s currently installed, as well as everything you’re able to install from the supplied servers appears in an easy-to-use catalog. For the most part, everything you need is right there in one place. Want to install an office suite? How about an IM program? Or how about a game? Just go to the respective section and choose the program you want. Check the boxes for everything you want to change (install/uninstall) and push the appropriate button to update your system (specifics will differ depending on the package manager used by the distribution).

red letting are command that you need to issue as root

1. click on Computer > More Applications > YaST

2. Put in root password for YaST

3. Scroll down until you see Software Management and single click on it

4. Check for the following software. If you don’t have it installed, install it

   1. kernel-source

   2. gcc

   3. gcc-c++

   4. make (This is most likely already installed, but just to double check)

5. Once you have installed that software, lets head over to the command line. Right click on the desktop and select “open terminal”

6. Once you get into the terminal, you want to log in as a super user or root. You can do this by using the su command

   clmowers@linux-box:~> SUPassword:linux-box:/home/clmowers #

7. Next you want to run the following command. This will check for the needed software and it will also show you the kernel modules that are installed. You MUST have the same kernel numbers though out, or you will have issues later down the road

   rpm -qa kernel* gcc* make

   It will look like this when the command is run

   linux-box:/home/clmowers # rpm -qa kernel* gcc* make gcc-c++-4.2-24make-3.81-66kernel-source-2.6.22.17-0.1 gcc42-c++-4.2.1_20070724-17 kernel-default-2.6.22.17-0.1 gcc-4.2-24 gcc42-4.2.1_20070724-17

   Notice that both of the kernels are the same. If these numbers are diffent then you need to run the online updates to get the lastest ones and to make sure everything matches. ***Just remember that these numbers change, This was the latest kernel when I wrote this, yours might be different from mine.

8. OK, lets move on. Next we want to change the directory to /usr/scr/linux. We can do that by this command

   linux-box:/home/clmowers # cd /usr/src/linux

9. next we want to issue these commands. Don’t worry, we are almost done in the command line for the time being.

   linux-box:/home/clmowers # make mrproper; make cloneconfig; make modules_prepareYou will notice that it is done when you get back to this linelinux-box:/home/clmowers #

10. YEA!!! The moment we all have been waiting for, installing vmware server. But we are not done yet. Once vmware server is installed we will need to configure it. Then you can start adding all the VM that your heart desires.

11. Next you want to go to where you have downloaded the file and right click and select install software

12. Once the windows closes we are ready to configure it. I know I know, but we are almost done. Just 2 more minutes.

13. open up a new terminal window (or open the one you already had) and issue this command

    linux-box:/home/clmowers # cd /usr/binlinux-box:/usr/bin #

14. This will bring you to the /usr/bin directory. Next we want to run the pl script the vmware was so kind of to provide us. This will let us configure the server

    linux-box:/usr/bin # vmware-config.pl

15. We will start out by reading the EULA. Hit space or enter to go through the agreement. Once you are done reading hit Q and then type yes. Now what I did was just accept all the defaults. This will give you a very good install of vmware. My only suggestion would be to create a folder under your /home/username/ directory called vms. When you get to the question asking you where you want to have your virutual machine saved, type in that location.

16. You will be ask for your license key, so make sure that you have one. Type it in and press eneter.

By Jessica Hupp

For most computer literate children, a request from mom to get her set up on “this web thing” is met with panic and a feeling of drudgery. Are you about to expose your sweet mother to spam, phishing, viruses, or worse? Or perhaps more frightening, sign your life away as a 24/7 tech support center? Perhaps, but there’s a better way. By setting your mom up on a Linux machine, you can give her a safe, lean computing experience that will let her do all of the things she wants to do without giving you a nervous breakdown. Here, we’ve compiled over 50 of the best resources to help you get your mom on Linux without a whole lot of trouble.

Systems & Environments

With these systems and environments, you can get your mom set up with low maintenance and friendly interfaces.

1. SimplyMEPIS: SimplyMEPIS is low-maintenance and great for Linux beginners.
2. Linspire: Linspire is the “World’s Easiest Desktop Linux,” with a familiar look and feel for Windows users.
3. Mandriva: Mandriva Linux was specifically designed to offer ease of use for new users.
4. Ubuntu: One of the most popular Linux distributions, Ubuntu is stable and easy to use.
5. KDE: The K Desktop Environment is easy to use, and offers basic desktop functions.
6. Ximian Desktop: Ximian offers a simple layout, with large icons that are great for elderly users.
7. Lycoris: This distribution looks a lot like windows, and offers great ease of use.
8. SuSE: With SuSE, you’ll got lots of popular open source software like OpenOffice, Kaffeine, and more.
9. GNOME: In this desktop environment, you’ll find an extremely usable GUI.

Tools & Applications

Put these tools to work to give your mom the functionality she wants while still keeping things safe and simple.

10. Fluxbox: This X window manager makes it easy to customize the view of your mom’s machine.
11. Rfbdrake: Set up rfbdrake to create a pathway for remote support.
12. IEs4Linux: With this handy tool, you can make MSN groups and other Internet Explorer applications play properly for your game-addicted mom.
13. IceWM: This window manager’s goal is to stay out of the user’s way while offering speed and simplicity.
14. OpenAntiVirus: Although a Linux machine isn’t likely to run into virus problems, this antivirus program is better safe than sorry.
15. Wine: Wine makes it easy to run Windows software and applications on your Linux box.
16. Firestarter: For an easy, simple firewall, consider Firestarter.
17. phpGACL: Keep your mom safe by implementing this access control list for applications.
18. CrossOver Office: With CrossOver, you can run lots of Windows-based applications.
19. CNR: This tool makes it easy for your mom to install applications, even if she’s clueless about putting things on her computer.
20. KDE Crystal: KDE Crystal offers an icon set with recognizable images, which is great for remote support so you can tell your mom exactly what to press.
21. Guarddog: Guarddog is an ideal firewall for novices because it offers a goal-oriented, non-technical GUI.
22. Blackbox: Blackbox offers a clean, light environment for a Linux system.
23. IPCop: Create a more secure home network with this simple firewall designed for novice users.
24. vncserver: Utilize vncserver to run remote support on your mom’s Linux machine.
25. OpenOffice: With OpenOffice, your mom will be able to do all of the word processing she wants.
26. Evolution: This personal information manager offers email, addresses, tasks, and more in an interface much like Microsoft Outlook.
27. KMail: Set your mom up on KMail for email with excellent spam filtering, cryptographic support, and more.
28. Kate: With this lightweight editor, your mom can do simple word processing with automatic backup.
29. Ekiga With Ekiga, formerly Gnomemeeting, your mom can video chat with you.
30. MailWasher Pro: With this program, you can make sure that spam email will never hit your mom’s inbox.
31. Abiword: Give your mom simple word processing with AbiWord.
32. Kopete: Use Kopete to get your mom set up on chat programs like AIM, ICQ, and IRC.
33. Adobe Reader: Put Adobe Reader for Linux on your mom’s computer so she can enjoy PDFs.
34. Pidgin: Pidgin, formerly known as Gaim, makes it easy for your mom to log into a number of different messaging systems at once.
35. Konqueror: With Konqueror, your mom can browse the web safely.
36. Thunderbird: Use Thunderbird to offer your mom a clean email interface.
37. Firefox: Get your mom set up on the wildly popular Firefox for safe and easy web browsing.
38. GIMP: Give your mom GIMP for Photoshop functionality.
39. No-Script: Use No-Script to make your mom’s Firefox browsing safe from harmful Javascript and Flash.

Guides & Articles

For even more help, check out these guides and articles that will walk you through creating a Linux box for your mom.

40. Ubuntu for your grandmother: One helpful grandchild walks his grandmother through creating a Ubuntu laptop in this article.
41. Post Installation Configuration Basic Help: Get help with basic hardware and network configuration here.
42. Is Linux ready for mom?: This article discusses some of the trials and advantages of Linux for novice users.
43. Windows to Linux: A Beginner’s Guide: Let your mom check out this article to get familiarized with Linux when coming from a Windows environment.
44. Top 10 Ways to Protect Your Linux Home System: Follow this guide to keep your mom’s computer safe.
45. Setting up Linux for Mom and Dad: See how one person set up a parent version of Mandrake Linux in this article.
46. Desktop Adapted for Dad (DAD): This writer gave his father a computer with carefully installed and configured software.
47. Moving a Beginner to Linux: Learn how to make the switch with this article.
48. The Top 50 Proprietary Programs that Drive You Crazy-and Their Open Source Alternatives: In this resource, you’re sure to find lots of programs that will help your mom convert.
49. Linux distro for mom?: In this thread, you’ll find lots of excellent advice for creating a Linux setup for a computer illiterate mom.
50. Beginner’s Introduction to the KDE Desktop: This guide offers a look at KDE for non-techies.
51. A Senior Citizen’s Introduction to Linux: See how one person set up a simple Linux system for an elderly woman in this article.
52. 7 Reasons you should switch Grandma to Linux: This article touts security, stability, and more for Linux.

from virtualhosting.com

Installing Ruby on Rails (RoR) on windows, OSX and Linux. Generally there are 3 installations: OSX, Windows and Linux, and Linux install is the most easy one.

Windows:

Go to http://www.rubyonrails.org/, and download the package containing gems (windows installer).

Install the package.

Update the gem system via:

gem update –system

Update installed gems via:

gem update

When this is done install the relevant gems. I would suggest the following as a minimum:
*rails (for the framework)
Please note, that rails 2.02 is the newest version, you can install an older version via

gem install v1.2.6 rails

*mysql (for database assess)
*mongrel (webserver better when webrick)

When asked for the version you want to use, choose the newst version, that has win32 in the option.

OSX 10.4 and 10.5

Go to http://www.macports.org/ and download the correct version of the file (tiger/leopard).

Read through the installation guide: http://www.macports.org/install.php

Quick guide:
Install the correct xcode for your system.
Install the macports program (this can take a little while)
When done, do:

sudo port install ruby
sudo port install rb-gems (enabling gems under ruby)
sudo gem install rails (framework)
sudo port install rb-mysql (mysql for use under RoR)
sudo gem install mongrel (webserver)
sudo port install subversion (for easy install for remote plugins)

Linux (Ubuntu like / Debian based)

sudo apt-get update && sudo apt-get upgrade (getting newst list, and updateing software before continuing).
sudo apt-get install ruby subversion mysql libmysql-ruby1.8

sudo gem install rails
sudo gem install mongrel

And you should be set to go.

IDE for use with RoR:
Textmate (OSX), has very poor subversion integration, but good RoR integration
Not free
Eclipse (good integration, via plugins)
http://www.eclipse.org/ download plugins via Aptana website, for RoR support.
Free

Aptana (good integration via plugins) http://www.aptana.com/
complete IDE, eclipse based. Free
IDEA (good integration via plugins)
Complete IDE suite, with great integration of subversion, mysql and even jira for bugtracking.
Professional, but expensive.

Remeber to point your IDE to where your RoR / rails is installed for best integration:
Windows most often: c:\ruby\bin
OSX: /opt/local/
Linux: /usr/bin/ruby

Errors:

Linux:

sudo gem update –system

Which introduced this error:

/usr/bin/gem:23: uninitialized constant Gem::GemRunner(NameError)

whenever I tried to run rubygems. On the rails forum, I found a fix for it!. Simply add the line to the file /usr/bin/gem (may be different on a mac):

require 'rubygems/gem_runner'

after

require 'rubygems'

Source: http://www.nickpeters.net/2007/12/31/fix-for-uninitialized-constant-gemgemrunner-nameerror/

This error when installing gems:

extconf.rb:1:in `require’: no such file to load—mkmf (LoadError)

from extconf.rb:1.

Do:

sudo apt-get install ruby1.8-dev

Introduction

Are you using SSH in the best way possible? Have you configured it to be as limited and secure as possible? The goal of this document is to kick in the new year with some best practices for SSH: why you should use them, how to set them up, and how to verify that they are in place.

All of the examples below assume that you are using EnGarde Secure Linux but any modern Linux distribution will do just fine since, as far as I know, everybody ships OpenSSH.

SSHv2 vs. SSHv1

There are numerous benefits to using the latest version of the SSH protocol, version 2, over it’s older counterpart, version 1 and I’m not going into a lot of details on those benefits here – if you’re interested, see the URL in the reference below or Google around. That being said if you don’t have an explicit reason to use the older version 1, you should always be using version 2.

To use SSHv2 by default but permit SSHv1, locate the “Protocol” line in your sshd_config file and change it to:

Protocol 2,1

When doing 2,1 please note that the protocol selection is left up to the client. Most clients will default to v2 and “fall back” to v1, while legacy clients may continue to use v1. To force everybody to use SSHv2, change it to:

Protocol 2

When you make this change don’t forget to generate the appropriate HostKey’s as well! SSHv2 requires the following keys:

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

While SSHv1 requires:

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key

Once your changes are made, restart the SSH daemon:

# /etc/init.d/sshd restart

[ SUCCESSFUL ] Secure Shell Daemon
[ SUCCESSFUL ] Secure Shell Daemon

From another machine, try SSH’ing in. You can use the -v option to see which protocol is being used, and the ‘-oProtocol=’ option to force one or the other – for example, “ssh -v -oProtocol=2 ” would force protocol version 2.

Binding to a Specific Address or Non-Standard Port

If you’re running SSH on an internal, firewalled, workstation then you can probably skip this section, but if you’re running SSH on a firewall or on a machine with two network interfaces, this section is for you.

Out of the box OpenSSH will bind to every available network address; while convenient and suitable for most installations, this is far from optimal. If your machine has two or more interfaces then the odds are that one is “trusted” and the other is “untrusted.” If this is the case, and you don’t need nor want SSH access coming in on the untrusted interface, then you should configure OpenSSH to listen on a specific interface.

To have OpenSSH only bind to your internal interface, 192.168.0.1 in the example below, locate the following line in your sshd_config file:

ListenAddress 0.0.0.0

and change the 0.0.0.0 to 192.168.0.1:

ListenAddress 192.168.0.1

To verify that this change took, restart OpenSSH and look at netstat:

# /etc/init.d/sshd restart

[ SUCCESSFUL ] Secure Shell Daemon
[ SUCCESSFUL ] Secure Shell Daemon

# netstat -anp | grep sshd

tcp 0 0 192.168.0.1:22 0.0.0.0:* LISTEN 7868/sshd

As you can see, the sshd daemon is now only listening on 192.168.0.1. SSH requests coming in any other interface will be ignored.

Similarly, you may want to change the port that the SSH daemon binds to. Sometimes there is a functional need for this (ie, your employer blocks outbound 22/tcp) but there is also security-through-obscurity value in this as well. While not providing any real security benefit against a determined attacker, moving the SSH daemon off of port 22 protects you against automated attacks which assume that the daemon is running on port 22.

To have OpenSSH bind to a port other than port 22, 31337 in the example below, locate the following line in your sshd_config file:

Port 22

and change the 22 to 31337:

Port 31337

To verify that this change took, restart OpenSSH and, again, look at netstat:

# netstat -anp | grep sshd

tcp 0 0 192.168.0.1:31337 0.0.0.0:* LISTEN 330/sshd

Finally, to SSH into a host whose SSH daemon is listening on a non-standard port, use the -p option:

ssh -p 31337 user@192.168.0.1

Using TCP Wrappers

TCP Wrappers are used to limit access to TCP services on your machine. If you haven’t heard of TCP Wrappers you’ve probably heard of /etc/hosts.allow and /etc/hosts.deny: these are the two configuration files for TCP Wrappers. In the context of SSH, TCP Wrappers allow you to decide what specific addresses or networks have access to the SSH service.

To use TCP Wrappers with SSH you need to make sure that OpenSSH was built with the -with-tcp-wrappers. This is the case on any modern distribution.

As I indicated earlier, TCP Wrappers are configured by editing the /etc/hosts.deny and /etc/hosts.allow files. Typically you tell hosts.deny to deny everything, then add entries to hosts.allow to permit specific hosts access to specific services.

An example:

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL: ALL
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
sshd: 207.46.236. 198.133.219.25

In the example above, access to SSH is limited to the network 207.46.236.0/24 and the address 198.133.219.25. Requests to any other service from any other address are denied by the “ALL: ALL” in hosts.deny. If you try to SSH into a machine and TCP Wrappers denies your access, you’ll see something like this:

ssh_exchange_identification: Connection closed by remote host

This simple configuration change significantly hardens your installation since, with it in place, packets from hostile clients are dropped very early in the TCP session — and before they can do any real damage to a potentially vulnerable daemon.

Public Key Authentication

The last item I will cover is public key authentication. One of the best things you can do to tighten the security of your SSH installation is to disable password authentication and to use public key authentication instead. Password authentication is suboptimal for many reasons, but mostly because people choose bad passwords and attackers routinely try to brute-force passwords. If the systems administrator has chosen a bad password and he’s permitting root logins… game over.

Public key authentication is no silver bullet – similarly, people generate passphrase-less keys or leave ssh-agents running when they shouldn’t – but, in my opinion, it’s a much better bet.

Just about every distribution ships with public key authentication enabled, but begin by making sure it is:

RSAAuthentication yes
PubkeyAuthentication yes

Both of these options default to “yes” and the “RSAAuthentication” option is for SSHv1 and the “PubkeyAuthentication” option is for SSHv2. If you plan on using this authentication method exclusively, while you’re there, you may want to disable password authentication:

PasswordAuthentication no

Before you proceed, make sure you have a terminal open on your target machine. Once you restart the SSH daemon you will no longer be able to log in without a key… which we haven’t generated yet!

Once you’re sure, restart the SSH daemon:

# /etc/init.d/sshd restart

[ SUCCESSFUL ] Secure Shell Daemon
[ SUCCESSFUL ] Secure Shell Daemon

Now, from your desktop, try to SSH in to your target machine:

$ ssh rwm@brainy

Permission denied (publickey,keyboard-interactive).

We’re locked out! This is a good thing. The next step, on your desktop, is to generate a key:

$ ssh-keygen -t dsa -C “Ryan’s SSHv2 DSA Key (Jan 2008)”

Generating public/private dsa key pair.
Enter file in which to save the key (/home/rwm/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): **********
Enter same passphrase again: **********
Your identification has been saved in /home/rwm/.ssh/id_dsa.
Your public key has been saved in /home/rwm/.ssh/id_dsa.pub.
The key fingerprint is:
98:4d:50:ba:ee:8b:79:be:b3:36:75:8a:c2:4a:44:4b Ryan’s SSHv2 DSA Key (Jan 2008)

A few notes on this:

• You can generate a DSA (-t dsa), RSA (-t rsa), or SSHv1 (-t rsa1) key. In the example above I’m using dsa.
• I like to put the date I generated the key in the comment (-C) field, that way I can change it out every so often.
• You’re entering a passphrase, not a password. Use a long string with spaces and punctuation. The longer and more complicated the better!

The command you just ran generated two files – id_dsa, your private key and id_dsa.pub, your public key. It is critical that you keep your private key private, but you can distribute your public key to any machines you would like to access.

Now that you have generated your keys we need to get the public key into the ~/.ssh/authorized_keys file on the target machine. The best way to do this is to copy-and-paste it – begin by concatenating the public key file:

$ cat .ssh/id_dsa.pub

ssh-dss AAAAB3NzaC1kc3MAAACBAL7p6bsg5kK4ES9BWLPCNABl20iQQB3R0ymaPMHK…
… ds= Ryan’s SSHv2 DSA Key (Jan 2008)

This is a very long string. Make sure you copy all of it and that you do NOT copy the newline character at the end. In other words, copy from the “ssh” to the “2008)”, but not past that.

The next step is to append this key to the end of the ~/.ssh/authorized_keys file on your target machine. Remember that terminal I told you to keep open a few steps ago? Type the following command into it, pasting the key you’ve just copied into the area noted KEY:

echo “KEY” >> ~/.ssh/authorized_keys

For example:

echo “ssh-dss AAAA5kS9BWLPCN…s= Ryan’s SSHv2 DSA Key (Jan 2008)” >> ~/.ssh/authorized_keys

Now, try to SSH in again. If you did this procedure correctly then instead of being denied access, you’ll be prompted for your passphrase:

$ ssh rwm@brainy

Enter passphrase for key ‘/home/rwm/.ssh/id_dsa’:
Last login: Thu Jan 10 14:37:14 2008 from papa.engardelinux.org
[rwm@brainy ~]$

Viola! You’re now logged in using public key authentication instead of password authentication.

In Summary…

SSH is a wonderful tool and is every systems administrators second best friend (Perl, of course, being the first . It allows you to read your email from anywhere, provided you still use a terminal-based mail reader. It allows you to tunnel an xterm or X11 application from your home server to your desktop at work. It provides you a far superior alternative to FTP in SFTP and SCP.

SSH is great but just like any tool, it’s only as good as you use it. I hope that you found value in some of my best practices and if you have any of your own, leave them in the comments!

Before I go, here are some additional resources on SSH:

• The OpenSSH Project
• SSH, The Secure Shell: The Definitive Guide
• Introduction to SSH Versions 1 and 2
• Knock, Knock, Knockin’ on EnGarde’s Door (with FWKNOP)

Open ~/.profile file and the following line:

export KWIN_NVIDIA_HACK=1

For more on this check COMPOSITE_HOWTO. Now see the difference.

Tip: In loads cases, overall smoothness may be increased by turning off direct rendering in advanced options in the Desktop Effects configuration module (Alt+F3->Configure Window Behavior).

No optimastion or tweaks for ATI video cards that I have noticed so far. If you know, let us know.

This document describes how to set up TrueCrypt with GUI on Ubuntu 7.10. TrueCrypt is a free open-source encryption software for desktop usage.

This howto is a practical guide without any warranty – it doesn’t cover the theoretical backgrounds. There are many ways to set up such a system – this is the way I chose.

1 Preparation

Set up a standard Ubuntu 7.10 system and update it.

2 Needed Packages

First we install some needed packages with the synaptic package manager.

• sun-java6-jre
• python-pexpect

You’ll see this window during the installation – mark the corresponding checkbox and proceed if you agree with the license agreement.

Afterwards check if all went well – open a terminal and enter.

java -version

The output should look like this:

java version “1.6.0_03″
Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing)

3 Truecrypt

3.1 Installation

Open http://www.truecrypt.org/downloads.php within your browser and download the latest stable version for Ubuntu 7.10 (.tar.gz-file containing the .deb-package).

Afterwards unpack the .tar.gz-file, …

… switch to the folder with the unpacked files and install the .deb-package with the GDebi package installer (simply double click on the package). Click on “Install Package” to start the installation.

Enter the root password.

The package and its dependencies are being installed.

3.2 System Configuration

Please note, that the following steps (3.2.1 – 3.2.3) can be done automatically by the tcgui installer (step 4). Proceed if you have problems with the tcgui-installer or want to configure the system manually in the first place – otherwise go ahead with step 4.

3.2.1 Users & Groups

We have to add the group “truecrypt” to the system and afterwards we add the root-account and our user-account to it. The settings for users and groups are available in the gnome system menu.

Enter the root password.

Click on “Manage Groups“.

Click on “Add Group“.

Insert “truecrypt” (without the quotes) as name for the new group, mark the checkbox next to the root and your username and click on “OK“.

3.2.2 Sudo

Next we configure sudo in order that TrueCrypt is useable without a password query – open a terminal and enter:

sudo visudo

Add the following line:

%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt

It should look like this:

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Defaults
Defaults        !lecture,tty_tickets,!fqdn
# Uncomment to allow members of group sudo to not need a password
# %sudo ALL=NOPASSWD: ALL
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root    ALL=(ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt

To save the changes press CTRL+O (STRG+O on a german keyboard) and hit enter. Close the editor via CTRL+X (STRG+X on a german keyboard).

3.2.3 TrueCrypt Group

As a last resort we have to assign TrueCrypt itself to the new group that we created at step 3.2.1. Open terminal and enter:

sudo chgrp truecrypt /usr/bin/truecrypt

Afterwards we check if all went well – enter:

truecrypt -l

If you’re NOT asked for a system password and the output looks like this …

No volumes mapped

… all is fine.

4 TrueCrypt GUI (tcgui)

Tcgui provides a GUI that is similar to the windows GUI for truecrypt. It’s licensed unter the GPL.

4.1 Download

Open http://tcgui.tc.funpic.de/en/download.htm (http://tcgui.tc.funpic.de/download.htm for German users) within your browser and download the latest version (When I was writing this howto the latest version was 0.4).

Afterwards unpack the file.

4.2 Installation

Open a terminal, switch to the unpacked files and run the installer.

cd Desktop/tcgui-0.4/
sudo bash install.sh $USER

Note: Don’t replace $USER with your username – simply copy & paste the line.

Choose your language (german or english) and answer the following questions with no (n) – unless you haven’t realized step 3.2.1 till 3.2.3. After the installation finished you have to log out and back in to take the changes effect.

4.3 Access The GUI

The TrueCrypt GUI is available in the gnome applications menu.

Click on “Yes” if you agree with the warranty agreement.

The GUI appears – make yourself familiar with it.

Note: Please have a look at the readme in the tcgui-folder (on your desktop). Which functions are working without problems and which not is described at the end of the file – so you should read it before you you’re playing around with the GUI

4.4 Deinstallation

If you want to deinstall the TrueCrypt GUI open a terminal and enter:

sudo bash /usr/share/tcgui/uninstall.sh

Note: The group “truecrypt” will not be deleted and the changes in the sudo configuration will not be restored.

5 Links

TrueCrypt: http://www.truecrypt.org/
TrueCrypt License: http://www.truecrypt.org/license.php
TrueCrypt Linux manpage: http://www.truecrypt.org/docs/linux-manpage.php
TrueCrypt GUI (en): http://tcgui.tc.funpic.de/en/index.htm
TrueCrypt GUI (de): http://tcgui.tc.funpic.de/index.htm
Ubuntu: http://www.ubuntu.com/