Skip navigation

Category Archives: Ubuntu

We’ve been having problems with Microsoft Office Format files opening as read only from our NAS here on Fedora 10 clients. OpenOffice 3 creates file locks on opening the file, resulting in users being unable to save files.

On doing some reading, this can be alleviated by mounting the share using cifs rather than smbfs. On the client machines we have created a folder in media called N (mkdir /media/N), then mounted using the following:

mount -t cifs //10.204.6.5/N /media/N -o username=<username>,password=<password>,rw,iocharset=utf8,nobrl,nounix,sfu,file_mode=0777,dir_mode=0777

note the nounix option – this prevents the file locks from causing problems within OpenOffice.  The sfu option preserves the date and time modifcation values.

Bit of an awkward fix, unfortunately, as this involves having access to a Windows/Outlook setup, but to add a Public folder that exists on Exchange, it needs to be bookmarked as a favourite for Evolution to pick it up.

For example, we use a public folder for shared (company-wide) contacts here.  To add the folder I just log onto my account on a Windows machine, then added that public folder as a favourite.

After logging out of evolution and back in, I could then see these “public” contacts under the contact folder (CTRL+2).

Occasionally you find a piece of software that makes life infinitely easier….this has been a very good week, I’ve found 2!

I’ve just installed GLPI as a trouble ticketing system to assist with management of workflow and to track recurring faults.  It’s an open-source, web based tool that uses apache, php and mysql to track issues and produce good quality reports.

It seems extremely stable in trials so far, but I will keep on using for the next few weeks before I roll out to users in our organisation for fault reporting.

Available from here: http://www.glpi-project.org/spip.php?lang=en

The next find was a tool called OCS Inventory.  It’s another web/mysql app that is used for asset management.  The useful thing about this tool is that it uses an agent installed as a service on workstations that can be deployed using a login script.  This then updates the server on workstation boot with an abundance of information about the workstation, such as hardware info, serial number, installed software, installed printers, logged on user, etc

This has turned into a real time-saver for me! It’s available for download from http://www.ocsinventory-ng.org/

Managing a Windows environment (2 separate domains, one running a couple of 2003 Servers and Exchange, the other running SBS2003), there are times when I need to run a Windows client.  Not least because the management tools required for our PBX phone systems (an Avaya IP Office and an Alcatel OmniPCX), our CCTV system (RMC), our photographic archive (iBase), our EPOS system and Sage Line 50 require windows to run and Wine is insensitive to. There are various other windows specific tools that effectively mean that I need a functional copy of windows to work, rather than beng able to switch over to linux as my sole desktop machine.

At the moment I use a KVM switch to swap between the 2 desktops I use (one is XP the other Ubuntu Hardy Beta).  I spend about 99% of my day in Ubuntu, but can’t escape windows completely….this means 2 machines under the desk – which at best is not very environmentally sound, and at worst is downright inconvenient.

The solution? well a virtualised copy of Windows running on the Linux box is the obvious solution, but what about all the apps and data accumulated on the Windows machine over the last x years…..this may seem like a small concern, but it would take a LONG time to reinstall these apps – because of the custom nature of them they are heavy on configuration time, and while they could be installed, it would be a pain in the backside….

Along come the nice people at VMWare though with the Vmware Converter (http://www.vmware.com/products/converter/) a tool that simply installs and then allows you to convert a physical install of an OS into a Virtual OS that can then be opened in VMware Workstation, Server or Player!

While it is designed to allow for the virtualisation of server environments this is the perfect solution for the likes of myself who still need to use Windows apps, that aren’t Wine compatible but REALLY want to ditch the spare Windows machine sat under the desk…

Working for a number of clients, it’s surprising how many people assume that an email sent is secure by default.  The number of people (including e-commerce providers) who feel comfortable sending (and requesting) credit card information via email is quite shocking…

It’s worth clarifying that sending an email is the digital equivalent of sending a postcard….anyone, on any number of the hops between the sender and the recipient, could read the contents of that email with relative ease, in the same way that if you sent a postcard, anyone en route between the sender and the recipient who handles that card could read the contents.  Worse yet, there are methods of spoofing (pretending to be) the recipient mail server – causing all emails that are destined for the recipient to be captured then forwarded on without the recipient even knowing that this has happened….

There are methods of securing email, however – one of these is worth noting as a free solution – GNUPG http://www.gnupg.org/ and it is worth considering if you need to send any information that you feel is sensitive.  GNUPG can be used for digital signing of emails (proving that the email is really from you) and also for the encryption of emails using a private key pair.

There are resources on the use of GNUPG on the site, and it can be used on a variety of platforms (Windows, Linux, Mac) etc.

Ok, well I’ve just had my first unpleasant surprise with Ubuntu Gutsy. Just checked my IPtables rules as i’m at home effectively outside my firewall just testing my security, and it seems that by default, the ruleset is set to allow all traffic…..I’m pretty shocked….. when stacked side by side with Fedora, which i’ve been using at work, which is downright agressive about security from the word go. Ubuntu by it’s very nature is aimed at making Linux more accessible, and from reading the Ubuntu forums the majority of new users wouldn’t even consider checking…

I appreciate that most people seem to think that a firewall is unnecessary on a Linux box, as no daemons are running on a default install – but suppose (as I do) you then install an SSH server, and you want Windows machines on your network to access files….and a plethora of other bits and pieces – eventually you end up with loads of holes.  I’d rather find out an application doesn’t work until I open corresponding ports than have data visible from the public internet…

My untouched IPtables config looked like this:

roachy@roachy-laptop:~$ sudo iptables –list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Then after modification (yes I cheated and used Firestarter!)

roachy@roachy-laptop:~$ sudo iptables –list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp — 192.168.2.1 anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp — 192.168.2.1 anywhere
ACCEPT 0 — anywhere anywhere
ACCEPT icmp — anywhere anywhere limit: avg 10/sec burst 5
DROP 0 — anywhere 255.255.255.255
DROP 0 — anywhere 192.168.2.255
DROP 0 — BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 — anywhere 224.0.0.0/8
DROP 0 — 255.255.255.255 anywhere
DROP 0 — anywhere 0.0.0.0
DROP 0 — anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 — anywhere anywhere
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere LOG level info prefix `Unknown Input’

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp — anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere LOG level info prefix `Unknown Forward’

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp — 192.168.2.11 192.168.2.1 tcp dpt:domain
ACCEPT udp — 192.168.2.11 192.168.2.1 udp dpt:domain
ACCEPT 0 — anywhere anywhere
DROP 0 — 224.0.0.0/8 anywhere
DROP 0 — anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 — 255.255.255.255 anywhere
DROP 0 — anywhere 0.0.0.0
DROP 0 — anywhere anywhere state INVALID
OUTBOUND 0 — anywhere anywhere
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere LOG level info prefix `Unknown Output’

Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp — anywhere anywhere state RELATED,ESTABLISHED
LSI 0 — anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 — anywhere anywhere
LOG tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ‘
DROP tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ‘
DROP tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp — anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ‘
DROP icmp — anywhere anywhere icmp echo-request
LOG 0 — anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ‘
DROP 0 — anywhere anywhere

Chain LSO (1 references)
target prot opt source destination
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ‘
REJECT 0 — anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp — anywhere anywhere
ACCEPT tcp — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp — 192.168.2.11 anywhere tcp dpt:www
ACCEPT udp — 192.168.2.11 anywhere udp dpt:www
ACCEPT tcp — 192.168.2.11 anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp — 192.168.2.11 anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp — 192.168.2.11 anywhere tcp dpt:microsoft-ds
ACCEPT udp — 192.168.2.11 anywhere udp dpt:microsoft-ds
ACCEPT tcp — 192.168.2.11 anywhere tcp dpt:https
ACCEPT udp — 192.168.2.11 anywhere udp dpt:https
LSO 0 — anywhere anywhere

Quite a significant difference…..

I frequently flit between using a laptop and a desktop for work (both Ubuntu),

and I use a lot of files on the go. I’ve always just copied the files across from the

laptop when I returned to the office, but it’s not really efficient, as I had to either

a) copy all data – which could be several GB

b) select individual files, of which there were often loads.

I just stumbled across a small application called Unison though, and it’s pretty easy toinstall and configure. Potentially using this method, you could even sync securely over the web, as it uses SSH :)

First install OpenSSH server

$sudo apt-get install openssh-server

Then install unison :

$ sudo apt-get install unison unison-gtk

You then need to modify the profile (you can either set up a new one or modify the default) in ~/.unison

$sudo pico default.prf

Under the profile, you should have the local root path, remote (SSH) root path, and then any paths that you want to include, followed by any paths to exclude:

# Unison preferences file

root = /home/roachy/ root = ssh://roachy@10.204.4.35/ path = work/ path = Music/ ignore = Path work/archive/*

Save the file and either run the GUI version

$unison-gtk

or the command line version

$unison

:)

Just been rebuilding my Ubuntu Gutsy box after it had really started to crawl – mainly due to me playing with too many bits of software trying to learn new things. The advantages of hosting a separate partition for /home have saved me loads of time and effort as all my data is separate to the OS, so a quick format and within 10 mins I have a shiny new system.

Anyway, one of the things I find essential now on a desktop is AWN (Avant Window Navigator) – it adds that nice Mac dock at the bottom of the screen. The steps to install are as follows:

First add the repository containing AWN:

$sudo pico /etc/apt/sources.list

Add the following lines:

## Avant Window Navigator

deb http://download.tuxfamily.org/syzygy42/ gutsy avant-window-navigator

deb-src http://download.tuxfamily.org/syzygy42/ gutsy avant-window-navigator

Download/install/remove the reaocard

$wget http://download.tuxfamily.org/syzygy42/reacocard.asc

$sudo apt-key add reaocard.asc

$rm reaocard.asc

Install Avant Window Navigator

$sudo apt-get install avant-window-navigator-bzr

For extra applets, just add

$sudo apt-get install awn-core-applets-bzr

Done :)