Add the following lines at the end of /etc/sysctl.conf:
# IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
and enter sysctl -p
you’re done
Task
To enhance security in your datacenter you may want to restrict root logins to your Linux servers to one or few admin servers. So this is how you do it:
How to
Add the following line to your /etc/pam.d/sshd:
account required pam_access.so
to activate sshd to look into the file /etc/pam.d/access.conf for authentication
Now you can use the /etc/pam.d/access.conf file to configure your access conditions (there are a lot possible which are well documented in the file itself). In this case we will configure the SSH Daemon to only grant root access from one specific administration server called “myadminserver.domain.local”. Therefor you need two lines in the access.conf file:
This will allow the root login from myadminserver.domain.local
+ : root : myadminserver.domain.local
And this will deny logins from the rest of the world
- : root : ALL
This is all you need to do. The changes will take effect immediately you don’t need to restart anything.
secure
Is one of those “self-speaking” error messages. If you run into this while printing from bash with ls -la | lp -d <printername> or while trying to print a test page from the CUPS Webinterface you should check the content of your CUPS spool directory /var/spool/cups. In most cases you’ll find a lot of files in there. You can move them away or delete them. After that you simply have to restart the CUPS Service with /etc/init.d/cups restart
All you lose is your printing history…
Digikam is a pretty nice digital photograph management software I am using for some time now. I love the automatic renaming of files while downloading them from the camera or SD card. To build your desired file names you can use special renaming patterns. The one I use is the following:
[date:yyyy-MM-dd]_[date:dddd]_[file].[ext]{lower}
results in something like this:
2011-10-01_Samstag_P1070263.jpg
nothing else to say ;)
If you ever want to overwrite the same files on RedHat based distros (CentOS, RHEL, Fedora,…) you are penetrated with the annoying “Do you want to overwrite” message on every file you’re going to overwrite. The reason is simple – RedHat based Distros by default have an alias on cp which directs to cp -i for interactive mode. To avoid the nagging messages you have the following options:
- unalias cp
- use the command with full path:
/bin/cp <options> <files> <target> instead of using only cp
Requirements
- PNP 0.6.12 or higher (I used 0.6.13)
- Perl module Gearman::Worker (cpan Gearman::Worker)
- Perl module Crypt::Rijndael (aptitude install libcrypt-rijndael-perl)
- A working icinga and mod_gearman installation
PNP Installation
To install PNP enter the following lines in case of icinga (–prefix is optional)
./configure --prefix=/path/to/pnp/installation --with-nagios-user=icinga --with-nagios-group=icinga make all make fullinstall
Configuration
PNP
Edit the PNP process_perfdata.cfg and edit the following directives
vi /path/to/pnp/installation/etc/process_perfdata.cfg GEARMAN_HOST = localhost:4730 ENCRYPTION = 0 (i don't use encryption in mod_gearman if you do - you just have to change the KEY variable)
mod_gearman
Edit the config file you use in the mod_gearman broker_module directive in main icinga config file icinga.cfg
broker_module=/path/to/mod_gearman/lib/mod_gearman/mod_gearman.o config=/path/to/mod_gearman/etc/mod_gearman_local.conf
Edit the file
vi /path/to/mod_gearman/etc/mod_gearman_local.conf change perfdata=no to perfdata=yes
to activate perfdata processing to gearmand
Remove any existing PNP configuration like npcdmod.o from icinga.cfg and stop npcd if running
Restart icinga then restart gearmand
/etc/init.d/icinga restart /etc/init.d/gearmand restart
Then check with gearman_top if there is a queue named perfdata appearing and if its “jobs waiting” queue is increasing
Then start your pnp_gearman worker
/etc/init.d/pnp_gearman_worker start
That’s it.
Apache authentication against MS Active Directory can be very useful from time to time – so here is how to do it.
First you need to verify if you have mod-authnz-ldap available for apache2 and if you have activated it (Ubuntu a2enmod authnz_ldap). Then you need a User in your AD with read permission (standard user) whose credentials you’ll youse in the AuthLDAPBindDN and AuthLDAPBindPassword lines.
Then you can put the following lines in your <Directory “/some/nice/webroot”></Directory> (or Location) section
<Directory "/some/nice/webroot"> AuthLDAPBindDN "CN=John Doe,OU=_Users,DC=example,DC=com" AuthLDAPBindPassword "t0ps3cr3t" AuthLDAPURL "ldap://<domaincontroller_name_or_ip>/ou=_Users,dc=demo,dc=lab?sAMAccountName?sub?(objectClass=*)" AuthType Basic AuthName "USE YOUR WINDOWS ACCOUNT" AuthBasicProvider ldap # Important, otherwise "(9)Bad file descriptor: Could not open password file: (null)" AuthUserFile /dev/null require valid-user </Directory>
(instead of the standard AuthName, AuthType, AuthUserFile and Require valid-user directives of HTTP Basic Auth)
Restart Apache and try to login your protected webpage with your Active Directory Accound using the sAMAccountName
Hint
To find out the right DN to bind you can use your Windows Account in combination with ldapsearch:
ldapsearch -LLL -x -H ldap://<domaincontroller_name_or_ip:389 -b 'ou=_Users,dc=example,dc=com' -D 'DOMAIN\user' -w 'p@ssword' '(sAMAccountName=<yourfilter>)'
maybe you need to play around a bit with ldapsearch to get what you need
done
Task
The tiptel IP 280 IP phone supports the upload of own ringtones. The format it requires (8kHz mono 16Bit WAV µlaw respectively mu-law compressed) is a bit uncommon.
But you can convert any mp3 file to the above audio format with the following tools and steps:
Tools
Steps
- Open audacity
- File -> Import -> Audio -> select your mp3 file
- Select the part of the mp3 file you want to convert to a ringtone
- Edit -> Trim to remove the rest of the mp3 you don’t want to have in your ringtone
- Convert Stereo to mono
- Click on the name of the song (in the Track Control Panel to left of the waveform, where the downward pointing arrow is). This brings down a selection menu.
- Select the Split Stereo Track option.
- Click on the name of one of the resulting tracks then on “mono” using the same menu
- Close the other track by clicking on [X] on the Track Control Panel.
- Look at the Project Rate button at bottom left of the screen. Select 8000
- Click File > Export and in the “Export File” dialogue, choose “other uncompressed files” in the file types dropdown, then a file name to export to. Click Options and in the “Format” dropdown, select “WAV (Microsoft 16 bit PCM)”. Click OK then Save. If the Metadata Editor pops up at any stage, click OK. Metadata tags are not needed.
- Open a terminal and enter
-
sox file_name_of_audacity_export.wav -U file_name_of_ulaw_compressed.wav
-
- Upload the file_name_of_ulaw_compressed.wav to your tiptel via web-interface (use a short file name with no special characters like ringer.wav)
- Select the uploaded file as ringtone
- Call yourself and listen :)
done