Adam SMASH!

This tutorial will probably work for any distro with OpenSSH installed.

Normally, when you log into SSH on you Ubuntu PC, you’ll just see a prompt for the login and password.

But there is a way that you can get a bit of text to show after a user enters their login name.

there is a file called /etc/issue.net. Edit this file with your favorite text editor, nano, pico, whatever, and insert whatever you want to show after a user enters their username. It’s typically used as a disclaimer against people trying to gain unauthorized access. Something like “Unauthorized attempts at access are prohibited.”

The reason this method is used is because it will show even on unsuccessful logins or usernames that don’t really exist. You wouldn’t want to place the disclaimer in the motd file, since that would only show if someone actually got logged in.

So anyhow, edit the file.

You’ll need to use sudo, because the file is owned by root, and can only be written to by root. Once in nano, enter the message you want to appear on SSH login attempts and save the file.

Now you’ll need to edit the /etc/ssh/sshd_config file to tell ssh which banner file to use. It may already be set up to use issue.net, but check to make sure.

The line you are looking for is Banner /etc/issue.net. It might be commented out with a # in front, if it is, remove the #, and make sure the line appears as above.

Now to reload the config you need to restart SSH.

Subsequent attempts to log in with SSH should look like this now:

I’ll be doing a writeup for installation of SABnzbd+ in the next few days. I was looking for a Hellanzb replacement, I forget exactly why, but I found this app. Whereas hellanzb is no longer in development, and if you want a new feature, better learn python or request it in forums, SABnzbd+ is in active development and the features list is very extensive and nice. Once I get very confortable with its featureset I’ll show you how to install and move beyond Hellanzb!

Occasionally you may want to not have to type out the full path to a file or directory in your linux system or a network share. That is where links come in. Links are files that redirect to another location.

For instance, I have a 500gb external that I store music and backups etc. Well, I have a directory on there that I use alot, the FILM directory. I keep all the AVIs I’ve created from my DVDs for watching on my Media Center PC. The path is not super long, but once you understand symbolic links in Linux, you don’t have to type more than you want to.

The path to my film folder is /media/My\ Book/Video/Film but I want to be able to copy files to it easily from my home directory. So I will make a link to the directory in my home folder.

From my home folder I need to enter the following command:

ln is the command to create a link, -s will tell it to make a symbolic link. Symbolic links may point to any file or directory irrespective of the volumes on which the source and destination reside. Hard links cannot point to directories or other volumes. The next part is the path we want to link to. the last part, FILM, is the name of the link itself. This could be anything, but I made it film so it describes where I am linking to. But you could name it anything at all.

Now that I have my symbolic link in my home directory, as long as I am in my home directory, I can substitute FILM for the full path anytime I need to access it. For instance:

is now the same as

And you can copy files to the FILM symbolic link and linux will redirect them to the directory linked to.

Also instead of just directories, you can symlink files. For instance, if you wanted to be able to be able to read your system’s auth.log file without having to type out the whole path to /var/log/auth.log, you could make a symlink in your home directory like so:

This will make a symlink in the current directory called authlog pointed to /var/log/auth.log. Now all you have to do is type

in the directory containing the symlink et voila, you’re reading the auth.log file.

There are many other uses for symbolic links in linux, these are just a couple.

In windows, you can use the w32time service to automatically sync your PC’s clock to an atomic clock somewhere on the planet. Well Ubuntu linux has that capability as well. The command is ntpdate, and it comes installed in Ubuntu 9.04 by default.

As a caveat, there may be a way to do this in gnome and/or KDE, but I’m all about the commandline and learning how linux works at the lowest level, so that’s what I’m going to teach you.

As I said the command is called ntpdate. The command to sync your time is fairly simple:

That’s all there is to it. As long as your PC can get out on port 123, your pc will sync the time with an atomic clock and tell you how off it was:

This is nice and all, and our time is synced for now, but we want to work out how to make this update every day automatically, with no further input from you. For this we will need CRON.

Cron is a scheduler in linux, and ubuntu comes with vixie-cron, which from what I can tell is pretty much the standard. At any rate I think they all work mostly the same, but if you’re using Ubuntu 9.04, chances are you’ve got vixie-cron and this is exactly what you need to do.

First we want to create a script that will run this command. For most of this you’ll need to be root, or at the very least use sudo.

This will start up nano and start editing a file called timeupdate in the /etc/cron.daily/ folder. In that, we want to enter the following text:

The first line is just to tell linux which program interpreter to use. In this case we’re just using a bash command we can enter right on the bash terminal line, so /bin/bash will work. Later on if you get into writing scripts in other languages, say python for instance, you will change that line to #!/usr/bin/python. The meat of the script is almost exactly what we put on the command line to get our time updated, but now I’ve added a bit to create a log in the /var/log/ directory, so we know that this is happening. the >> part tells bash to redirect the output of a command to some other location. You could redirect it directly to a printer if you wanted, but in this case, we’re telling it to place the output in a file called /var/log/ntptime.log. the 2>&1 part tells bash to redirect error output to the same place. Otherwise cron throws away the errors, because they get output to STDERR, which is the screen. Since you won’t have access to cron’s STDERR when it’s running, we want it to log the errors too.

Ok once we save the file, we’ll need to make the script executable. In its current state it won’t execute.

This adds the X flag to the file, making it executable.

This is basically all you need to do. Now when your PC runs its cron.daily jobs (which for me is about 7:30am) it will also execute this step, updating your PC’s time every single day.

If you want to test out the script and make sure it is all working, you can simply execute the script. If you are in teh same directory as the script, type sudo ./timeupdate, if you are elsewhere in the system, call it by it’s full pathname. And then check the log that the script is supposed to make. If all is well, it will have an entry in there telling you that it corrected your PC’s time.

SIDENOTE:
You can place any script you want to run on a daily basis in the /etc/cron.daily directory and it will run with the rest of them. Pretty handy!

EDIT: Apparently I reinvented the wheel here, you can just install a daemon called ntpd and it’ll do wha tI just showed you. At any rate, it’s nice to have alternate ways to do stuff I guess. :)

If you log into your Linux box with SSH at all, you will notice that it displays a little message to you telling you some basic info about the system and the GPL if I recall. Well, if you’d like to change your MOTD to display whatever you want, this is how.

It’s pretty simple. There is a file, /etc/motd, and that is the text that is displayed as your message of the day. But you are not meant to edit this file directly. If you do, the next time your PC reboots, it’ll revert to its old MOTD. That is because Ubuntu has another file called /etc/motd.tail, THIS is the file you edit.

In a terminal type:

(You will need root for this since we’re changing a file in the /etc/ directory, so issue this command as sudo if you need to or commit a su just before)

The file will probably have some text in there, which you can leave as is, or change to your desires. The purpose if this file is to be read into the /etc/motd file by the terminal command update-motd. Once you have edited the /etc/motd.tail file, run the update-motd command and now your /etc/motd file will be updated with the contents of the /etc/motd.tail file. Pretty simple right?

Additional Tip:

If you want to have some pretty ascii-art in your MOTD, it can be done easily in two distinct ways. You can either install a program called ‘figlet’ (sudo apt-get install figlet) or you can go to this website, which is basically a souped up figlet with an HTML frontend. The website is the one I used to create my MOTD. I named my PC FooBuntu and this is how it looks in my MOTD file, every time I log into my PC with SSH:

 _______          ______
(_______)        (____  \              _
 _____ ___   ___  ____)  )_   _ ____ _| |_ _   _
|  ___) _ \ / _ \|  __  (| | | |  _ (_   _) | | |
| |  | |_| | |_| | |__)  ) |_| | | | || |_| |_| |
|_|   \___/ \___/|______/|____/|_| |_| \__)____/

With figlet you can get the same thing, but the website makes it much less hassle. Just copy and paste right into your /etc/motd.tail file and run update-motd. Et voila!

This tutorial will be written using Ubuntu 9.04 for its examples, but these tactics will work with most if not all Linux distros. You will however need to have root access to the machine you are running all of this on.

Backing up data is nothing new, and it is often overlooked. Sad really since it’s relatively easy to do in Linux. (Windows too, but we’re not discussing Windows here :) ).

You will not need to install any software to get this working in Ubuntu 9.04. Probably won’t need it for any other mainstream linux distro. We’re going to be using the tar command here, and vixie-cron, both of which come bundled with Jaunty (Ubuntu 9.04).

Alright, let’s get started. The tar command in Linux is used to store and extract files in a tarfile. Essentially it’s just a container for all of the other files. Asfar as I’ve been able to tell a tarfile is not compressed in any way. But you can force compression by passing an option to the tar command, the ‘z’ option to be precise. This causes the file to become a gzip file and uses gzip compression. Smaller filesize, more backups that fit on your backup media :)

The command to ‘tar’ a directory into a backup is as follows. I’ll give you my example tar command from my backup:

To break down the above command, the tar portion is self explanatory, we are invoking the tar command there, the -czpf is the options section. ‘c’ tells tar we are creating an archive here, as opposed to ‘x’ which would be extracting from an existing archive. ‘z’ is the option to use gzip compression. ‘p’ tells tar to preserve file permissions in the archive. And ‘f’ tells tar that we wish to store the archive to a file we will specify. /mnt/mybook/backups/homedir.tar.gz is the name of a mounted network drive on my home network where I store the backups. and the filename homedir.tar.gz, and /home/adam is the directory I am backing up.

If you run that command in your terminal right now, after changing the directories of course, it will create a permission-correct copy of your home directory where you tell it to. Something important to remember is the destination goes first, and THEN the directory or file you wish to back up.

Another example, let’s say you wanted to backup your log directory to a backup directory you created in root, /backups/.

This will create a file called varlog.tar.gz in the directory /backups/, and fill it with the contents of your /var/log directory. This is the reason you will need to run this command as root, because in a secure environment, you will not be able to access all of the files in the /var/log directory, and many other directories on your ubuntu install, because your username will lack permission to do so. This could cause your tarfile to be missing some files, making your backup fairly useless.

So, now we know HOW to make a backup, but what about scheduling it so your machine automatically backs up your files without your intervention? This is where CRON comes in. Cron in Linux was very intimidating to me as a new linux user. And I could write a whole mile-long tutorial on just CRON, but for the purposes of this tutorial, we’ll just stick to the basics.

You first want to become root, so type

and then enter your system’s root password when it asks. If you have not yet enabled your root account, here is a quick way to do so: http://www.adamsmash.com/?p=266. The reason you want to become root, is because we’re going to edit root’s cron table. Root will have no permission issues backup any directories or running any scripts, so root’s cron is where we’re going to create the cron job to call our backup.

You will now be in a root terminal. From here, type:

This will allow you to edit the root cron table. In ubuntu they do an ok job of explaining what all the *s mean, essentially there are 5 places to enter times, and then a command goes at the end. Cron looks at those times and runs the command if it matches.

The 5 asterisks correspond to 5 different time entries. First is Minute, Second is Hour, Third is Day of Month, Fourth is Month, and Fifth is Day of Week.

A Cron entry of:

Would run the command FOO every minute, of every hour, of every day, of every month, all week long for the rest of eternity :) You do not want to leave them all as stars. The * is a wildcard in Linux signifying “Everything”

A better examplee:

This cron entry would run the command every hour on the 1st minute after that hour. So 1:01, 2:01, 3:01 and so on, and it would do it every hour, every single day.

This cron entry would run the command every day at 3:01 am. (Hour is in military time, 15 would be 3pm)

So now that we got that squared, we need to pick a time for backups. Depending on when you sleep, or when your computer will not be in use, you’ll need to figure out what time to tell Cron to execute your backup.

For me, I chose midnight to do mine. I’m well asleep by then, and my PC is not doing much else, so it’s a perfect time. The cron entry to run something at midnight every single day is:

The first 0 is to tell Cron to run on the 0th minute, and the second 0 is the zeroth hour, which is 12:00. 24 also works I think, so 0 24 * * * FOO would be permissible as well.

Now you have a good foundation for scheduling backup jobs using CRON. If anything is unclear, please feel free to comment, I’ll clear it up as best I can. :)

You may have noticed when you installed Ubuntu, it never asks you to specify a root password. That’s because it generates a random one and basically disables login with the root account. Here’s how to re-enable it.

In a terminal window type:

And then enter the password you wish root to have. Et voila, your Ubuntu install now has its root account back like any other linux install.

If you use Usenet at all to get your linux distributions or apps for linux etc, then you may benefit from an application called HellaNZB. It is a daemon that runs in linux and looks in a certain directory in your home folder for NZB files. NZB files are basically an XML file that tells a program that can handle NZB files which newsgroup to look in and which posts to grab.

HellaNZB does much more than just grab the files from usenet however. It will use Par2 to check the validity of the files if PARs were included in the NZB, and then unRAR the files if they were archived on usenet, (they usually are) and then it will delete the downloaded RAR and PAR files leaving only the extracted file. When I first found HellaNZB, it made my linux/usenet experience MUCH better. I was dissatisfied with Pan and a couple other newsreaders I had tried, and getting Newsleecher to work in Wine was more hassle than it was worth usually.

To get started on Ubuntu, you will need to issue the following command in your terminal:

This will install HellaNZB and UNRAR from the repos, and once it’s done, you’re done, it’s installed. However you do need to configure it, inserting your usenet server name and login, which I’ll show you next.

The configuration file is located at /etc/hellanzb.conf. Before we start HellaNZB we’ll want to make some changes in here, so issue the command to edit the file in terminal:

I am using GEdit, but you can use nano or vi or whatever editor you’re most comfortable with.

The configuration file that HellaNZB comes with is pretty much ready to go except for one small detail. It will need to be told your usenet server name and login at the very least. Find the line in the configuration file that starts with defineServer. This is where we will be entering our info. I use astraweb, so:

If your usenet server requires no authentication, then you would comment the first username and password lines and uncomment the second ones. Many ISP based, non-premium servers require no authentication. Premium servers like Astraweb and Giganews do however. I highly recommend Astraweb, $11 a month and a full year’s retention. Hard to beat.

You can also set your connections below the server and login information. If your usenet server allows you to make multiple connections to their server, then you would adjust this by changing the default value for connections to whatever number you want. I personally leave mine at 5. Also, if you are using SSL to connect as I am in my example above, you will want to change the SSL setting to True, it’s default is False and it may error out when trying to connect.

One more setting to change, if you want HellaNZB to UNRAR the files it downloads (if they are RARed to begin with), then change the Hellanzb.SKIP_UNRAR setting to False

Now your HellaNZB is basically ready to go. There are some other settings however, and the .conf file is pretty self-explanitory on these. You may configure it to your liking. It is a bit beyond the scope of this guide to explain all of the settings in the .conf file however, so for now I will just show you how to start the program once the config file is all done.

You can start HellaNZB as a standalone program, or as a daemon. The daemon option is the one I use, since I like to just drop an NZB file into the queue directory and let Hella do its thing, so this is the option I will illustrate here.

Execute the following command in your terminal:

This forks the HellaNZB daemon and exits. Now HellaNZB is running and monitoring its queue directory for NZB files. the queue directory by default is located at /home/username/.hellanzb/nzb/daemon.queue NOTE: This directory will not be created until you start HellaNZB for the first time.

All you do is drop a NZB file in the above directory, and HellaNZB will begin downloading it. And it wil UNRAR the resulting files into the /home/username/.hellanzb/done directory.

You can monitor HellaNZB from the command line by issuing the command:

And that’s it. You can feel free to add the command “hellanzb -D” to your ubuntu startup programs so that it will start when Ubuntu starts, or you can just start it manually whenever you want to download from usenet.

PROTIP: in the configuration file, there is a setting titled Hellanzb.LIBNOTIFY_NOTIFY, set this to True to enable little popups in your desktop to tell you what HellaNZB is doing. It’ll let you know when it’s done with a queue so you don’t have to keep checking ever 5 seconds with hellanzb status

EDIT:
If you ever happen to drop a new NZB in the daemon.queue directory and hellanzb shows it queued but does not download it, check the other subdirectories in the .hellanzb/nzb dir. daemon.current might have a corrupt NZB in there that hellanzb doesn’t know what to do with. It happened to me today and I spent about an hour troubleshooting python settings and Twisted and some other stuff before I looked there. Just a public service announcement from your local usenet expert! :)

I switched to Ubuntu a couple weeks ago, because I like trying the different flavors of Linux. I used Fedora Core 10 before, and Ubuntu has some differences, but it’s still basically the same thing. Plus the information about Ubuntu on the internet is staggering. Not sure why it’s the most popular, but that popularity puts lots of information out there.

If you’re new to Linux I definitely recommend starting with Ubuntu, it’ll be a much easier transition I think.

The point of this announcement is that the next few articles will be based on Ubuntu 9.04.

A couple of days ago I made a post extolling the virtues of using the route command to block IP addresses. While this works, there is an even more powerful firewall actually built right into linux. It’s called iptables.

Iptables is an extremely powerful firewall built into linux, and can be a bit daunting to use at first. There are lots of GUIs available for iptables, but I told myself I would figure out most of linux through the CLI (command line interface) since at some point my x-windows may fail to load for whatever reason and I may be forced into runlevel 3 to fix it. (runlevel 3 is pure CLI, no gui whatsoever. If you ever used a DOS based computer, it’s like that, but way more powerful. If you want to try it out, open up a terminal and type init 3, to get back to x-windows environment, type init 5)

At any rate, you can add ips to iptables and tell it what to do with them. If you type iptables -L (might need to be su) in terminal, then you will see your current firewall setup.

To add an IP address to be blocked, you will need to issue this command(again might need to be su):

Here is a breakdown of the command. Iptables is broken down into 3 chains. INPUT, FORWARD, and OUTPUT. INPUT is the connections your PC receives, FORWARD is connections or packets that it forwards to another host or IP (if your pc was functioning as a firewall or router for your network) and OUTPUT is connections or packets leaving your PC to the outside world. In my above example, the -I INPUT flag is telling it to insert the following rule in the INPUT chain. the -s flag is to tell it the source IP address or host you are making the rule for. the -j flag stands for jump, and tells iptables what to do if the packet received matches the rule. In this case we want to DROP the packet, or stop it from being received.

So for instance, if I wanted to block IP 25.25.25.25 from connecting to my pc, then I would enter this command as su in the terminal:

That would enter a rule in my firewall to take any packet coming into my PC from 25.25.25.25 and drop refuse it.

I have also written a simple shell script that will do this for me so I don’t have to enter the whole command every time, I just named the scriopt ipblock and I can type ipblock 25.25.25.25 and it will automatically enter the rule in iptables.

Here is the script in case anyone might find it useful. I use the sudo command in my script, so if you don’t have sudo on your system for whatever reason, you can run it as su -c, but you will need root access to manipulate the iptables.

ipblock.sh

Now just save that as ipblock, and execute a

to make it executable. Then you can execute it with ./ipblock [ip address], et voila, ip address blocked. You can verify by executing iptables -L from the terminal, which will list the rules in your iptables firewall.

EDIT: Almost forgot, you’ll need to save these changes or they go away on your next reboot, which is a huge pain. The best way to do this on Fedora Core 10 is with a service call to the iptables service. As root: