December 9, 2008 12:47 AM
Posted by: Xjlittle
, linux security
, red hat
The other day after installing Ubuntu on one of my test machines I noticed that there was an ls -Z command which shows various selinux information about files and directories.
Running this command however gave some strange output, primarily ? marks. I thought this was a little strange but had other things that I needed to do at the time and decided that I would look into it later.
This weekend was that time. Let me say that I use SELinux on my Red Hat and CentOS machines and think that it is a very good way to help secure a machine. However it is anything but intuitive. If it weren’t for some very good documentation at Red Hat I probably never would have been successful at using this security tool. Mind you I’m no guru with it but I have six servers using it and I know how to troubleshoot SeLinux problems.
Which brings me to the part about Ubuntu and SELinux that I find disturbing. Doing some Google searching I ran across two pages regarding Ubuntu and SELinux. Both of them had no usable information in them other than how to install SELinux. Nothing about what to expect, how to troubleshoot, what a context or a boolean is nor did it mention if Ubuntu provided any troubleshoooting tools like setroubleshoot. You can find these two pages here and here.
The documentation only warned that SELinux is for experienced users. While that is an understatement how do they expect people to start using it to protect their machines? It would seem to indicate that they have no real interest in their users having the ability to use SELinux. I personally think that is a shame. I also believe that it is going to hurt their efforts at becoming enterprise ready especially with their server product. I certainly won’t be installing Ubuntu on any of my critical machines.
December 7, 2008 11:04 PM
Posted by: Xjlittle
, government spending
, open source
, President Obama
Did you know that there is a web site called http://USAspending.gov that was created and runs on an open source platform? I didn’t until recently.
Congress passed a law in 2006 that says that every government contract along with it’s sponsors and associated costs must be made available to the U.S. public. The only exemption are those areas which are classified. Open Source software helped bring this project in under budget and on time.
That said let’s get to the meat of this. President elect Obama vowed to go over every budget item line by line to find out where the excess spending is and cut it out of the budget. Good for him.
Now as proponents of Open Source and U.S. Citizens it is our responsibility to give him some help. Because of the law that Congress passed we also can go over every budget item line by line and speak to our representatives about the “fat”. In fact this President has invited all of us to participate in this great new Democratic Experiment. And participate we should.
With this tool and a president who promises to listen to us we should find all kind of dollars that we all know are not spent in the best interest of this country. I’m certainly going to and you should as well.
December 6, 2008 4:06 PM
Posted by: Xjlittle
, amazon music
, download mp3
, free mp3
Yes Amazon does give away free MP3 downoads, no charge and no strings attached. I have downloaded well over 100 songs from their website.
Some of the songs are singles and some are complete albums. There is all kinds of music here, some by well known artists and some either by not so well known artists or artists using a different name. The thing is that you can find some real jewels in their free lineup. You may have to do some trial and error listening but I can assure you that they are there.
A couple of my most favorite albums are This-Is-How-I-Roc-2008-Label-Sampler, Vice Gives You The Gift Of Good Music, and Fitzsimon & Brogan/Songs of Love and Revenge. You can listen to them on my site here or on Amazon’s site.
To get started go to Amazon’s website and in the left hand column slide your cursor to Digital Download>MP3 downloads. Scroll about a third of the way down and you will see a section called Special Deals: Free Songs and MP3 Albums as Low as $4.99. Read the text below the Album pictures and you will see a reference link to free gratis jams.
Click on that link and scroll to the bottom of the page to start looking at the gratis jams. Some will be singles and others are albums. If you want to see all 600+ in columnar format on the right hand side of the page find the link that says Top Free Songs See over 500 more free songs and click on this link. Once I am here I like to sort them either by Album Name or Artist Name. I like to do the album name as many of the albums contain various artists. Sorting them by Artist Name helps me find tunes that I may be missing from some of my favorite artists.
Once you find what you are looking for click on the Get MP3 in the left hand column. A page will open prompting you to install the Amazon downloader. This is available for Ubuntu 7.10, Debian 4, Fedora 8, OpenSuse 10.3, Windows and Mac OSx.
December 5, 2008 2:43 PM
Posted by: Xjlittle
, detach tabs
, duplicate tab
, firefox tabs
The ability to detach tabs in Firefox so that they are in their own window has long been a thorn in my side. Especially when using an application like Clipperz and Firefox is set to open everything in a new tab.
Opening in a new tab is generally my preference since I am researching one subject. With applications like Clippez that provide single sign on to various web sites that I don’t necessarily want grouped together and not being able to detach the tab to a new window is a real pain.
This morning I had had enough of opening up Clipperz, which is my home page, several times just to use the single sign on and keep the tabs separated. I prefer to do this rather than rack my brain trying to figure out which password some sites want. Here lately it seems like they all want something different, 6-16 alphanumeric, 8 with a special character and number, 8 that don’t have anything in them the remotely resembles a dictionary word and so on.
Back to my story. I went on Firefox’s add-ons page and began my search. After several searches using different terms I finally came up with Duplicate Tab 1.0.2. This does exactly what I want and is highly configurable.
With this little jewel you can copy or clone a tab complete with it’s back and forward history. You can merge windows so that all tabs are in one window and detach tabs that make a single window out of a tab.
Have you ever found yourself with different windows and several tabs open and each of them contained one or two tabs of your current research or information gathering? Those days are over! Simply detach the appropriate tabs and then merge them into one window.
The developer for this project has done a fantastic job of giving you the ability to manipulate your tabs in any way you see fit. Go and download it now-you will be glad that you did!
December 4, 2008 6:41 PM
Posted by: Xjlittle
, inventory tag
, Lotus Domino
, red hat
, tag your gear
Sun has a unique application on their web site called Sun Inventory that will track hardware, software and operating systems. It is unique in that it is, more or less, a cloud application. You can access your inventory anywhere that you have internet access.
The Sun Inventory application tracks these items by installing a small application on the machine that you want to inventory. Initially it will report back the hardware and operating system. As qualified applications are installed the agent will report these back to the Sun Inventory application without any interaction on your part.
Getting started is simple. Go here to get started. If you don’t have a Sun account go ahead and sign up. Once you are signed in it is a 3 step process to get started.
Step one is to download what are known as service tags. This is the application that you will install to “tag” your inventory so that it can be put into the application. Tags are available for Red Hat Enterprise Linux, Suse Enterprise Linux, Solaris and Windows. Download the appropriate tag for your operating system and install it on the machine on which you want to inventory. The tagging also works on Virtualized Machines from Red Hat Virtualization and from VMs using Virtual Box. I didn’t check any other virtualization applications.
Steps two and three are discovering and registering your “gear” as Sun calls it. This downloads a small java program onto your machine to help in finding and registering tag ready machines. With this application you can find your machines in various ways such as hostname, subnet and ip address. Below is a screen shot of the information that you can use to find your tagged your machines.
Once you have done this a screen will pop up showing the gear that the registration client found. You will then login to your Sun Account and choose which products that you want to register. Once they are registered what you will see is like the following screen shot.
As you can see I have my 1u server tagged along with the host and virtual operatings systems. The OpenSolaris machine is running on Virtual Box. The OpenOffice application was installed after I tagged and registered the machine. Since the tag runs as a service it picked up the OpenOffice application and registered it as part of the OpenSolaris machine.
This is a great way to get your machines and related software inventoried and get control of it.
November 30, 2008 11:02 PM
Posted by: Xjlittle
install to usb
, linux installer
, live cd
, windows installer
I ran across UNetbootin after pulling out my old tablet pc and found the Windows OS full of viruses, malware and whatever someone could put on there.
After looking around for the most viable distribution to install on a tablet pc I landed on Ubuntu 8.10. I realised while I was downloading it that I would have to use a usb drive to get it installed. Enter UNetbootin. Which by the way stands for Universal Netboot Installer.
It took me all of five minutes to read the instructions and I was off and away! I downloaded UNetbootin for Windows to get started. I plugged in my 1GB usb stick and formatted it to FAT 32. I doubled clicked on the UNetbootin installer, pointed it to the Ubuntu iso file that I had downloaded, made sure it was installing to my usb stick and started the install.
Here is an image of the UNetbootin installer from their web site to set up and kick off your installation:
After Ubuntu was installed to the usb stick I rebooted and chose the usb stick as my boot media. Up pops the normal menu that you normally see from running a live cd. I chose the default option to run from the usb. One thing I noticed is that a live cd runs considerably faster from usb than it does from cd.
The nice thing about UNetbootin is that they did a thorough job on everything that needed to be done. You can install virtually any Linux or BSD distribution with this application. You can see a list of the built in Linux and BSD applications here. They also have a list of supported distributions here.
UNetbootin provides a Linux and Windows installer so that you can use whatever OS that you have available to create your live usb stick. It will work on almost any version of Windows or Linux.
UNetbootin is a very impressive application. Because of it’s ease of use and wide range of distributions that it will install without any fuss I am writing this post from my newly installed Ubunty on my tablet pc. Start to finish UNetbootin took about 10 minutes to install to the usb stick. Another 30-40 minutes and here I am typing this post.
Try out UNetbootin on a distribution for which you’ve been wanting to try. Download time plus about 10 minutes and you should be playing with the live usb stick version.
November 26, 2008 5:10 PM
Posted by: Xjlittle
, mp3 server
, straming video
, streaming mp3
, streaming music
KPlaylist is what I call an MP3 server although it can stream just about any format of music or video.
I have used KPlaylist for several years now. It is an application that I thoroughly enjoy using for listening to my music anywhere that I have an internet or network connection.
KPlaylist is a PHP based script. It requires Apache (or some web server) and MySQL to function properly.
Set up is a breeze with the exeption of running SELinux on your web server. See my previous post about working around these difficulties.
SELinux aside download and extract KPlaylist wherever your document root is for the web server that you plan to use. I have a virtual host setup for KPlaylist so that is where I extract the files. The virtual host DNS is provided by no-ipin case you are interested.
After you have extracted the file open the index.php file. You will need to answer a few questions here.
[root@web multimedia]# vi index.php
$db = array(
'host' => 'mysql0.home.local', # MySql server
'name' => 'kplaylist', # Database name
'user' => 'kplaylist', # MySql user
'pass' => 'kplaylist', # MySql password
'prepend' => 'KPL_' # To prepend before the table names
Once you have the questions answered simply browse to the directory on your machine where you extracted the files. You will probably need to make a host entry in your /etc/hosts file with your inside address. I would also use a server alias in your http document root or virtual host container that you will use for access your server when at home.
At this point all of the values should already be filled in for you so you simply need to click continue. Once the database is created you will need to tell KPlaylist where your music is located. You do this by clicking on settings=>File Handling and filling in the path where is asks for "Base Directory". The settings menu is found on the left hand side of the screen.
Once you set this path you should see the titles of your music show up in the right hand screen. Be sure and go through all of the admin and user settings so that you can define the look and feel of KPlaylist. You can also set it up so that it will only stream music or give your users the ability to download from your site.
Have fun keeping and sharing your music wherever you go! Send a note to all of your friends and family about your site. Not only will they enjoy it they will upload or send you their music to place on the site as well.
November 23, 2008 11:49 PM
Posted by: Xjlittle
linux photo editing
, mac photo editing
, photo editing
, picnik photo editing
, windows photo editing
Picnik is a photo editing application that is provided over the internet through your browser. In other words it is an application that is in the cloud.
It is a cross platform application that works with Linux, Windows and Mac. For Linux there are two addons available. The first is through firefox and gives you the ability to right click on a photo to bring up the context menu. Simply choose edit with picnik and the application opens the picnik editor with the photo ready to edit. You can also choose to take a screen shot of the visible page or the full page for editing in picnik. The second is a button that attaches to your bookmarks toolbar.
Here is a single photo and a partial page photo from Yahoo that I sent directly to picnik using the right click context menu from the firefox addon.
Now that I have my photos or screen shots in picnik I can crop them, apply special effects, get rid of red eye and just about anything else you would expect from a standard photo editor. The best part of this is that picnik remembers the last five photos that I edited so that I can edit them further from anyplace that I have an internet connection.
With picnik I can save photos to my computer or connect to many social networking sites including Flickr, Facebook, MySpace, PhotoBucket and more and place my photos there. I can email my photo to a site that accepts photos by email or to any person to whom I want to send it.
All of that is with the free version. Picnik also has a commercial service for $24.95 per year that allows you to batch upload 100 photos, unlimited photo history and unlimited connections to social networking and photo sites. You also get some proprietary fonts, no ads, priority support and fullscreen support.
After trying it for about 30 minutes I was very impressed with what the free capabilities can do which is more than enough for someone who only edits a photo every now and then. It was extremely easy to use and work with. If photo editing is something that you do on a continual basis you should look into the premium service that has a lot of extra content and some editing tools not available in the free version.
I hope that you enjoy using this “Cloud Computing” application to edit your photos.
November 21, 2008 8:28 PM
Posted by: Xjlittle
, selinux apache
, selinux httpd
, selinux mysql
, selinux nfs
I am bringing up a new Virtual Host with VMs of MySQL, music-repo and a webserver. All of these are on CentOS with SELinux enabled. No, I’m not a glutton for punishments using SELinux for all of these machines that are interconnected to each other. I believe the time is coming when organizations are going to insist on the type of security that SELinux provides.
Moving on I mentioned that my MySQL server is on one box and my web server on another. One of the applications that I use is KPlaylist. This is a streaming server for mp3s, movies or just about anything you want to stream. My first snag was getting it to log into MySQL and create the database.
After about an hour of looking for normal causes I decided to turn on setroubleshoot. This is a great tool when looking for SELinux problems. After I turned it on I found this in /var/log/messages:
Nov 20 15:40:47 web setroubleshoot: SELinux is preventing the http daemon from connecting to network port 3306 For complete SELinux messages. run sealert -l 65919ff0-ddd1-4a4b-801d-f54023da86ac
So then I ran the sealert command shown in the message:
sealert -l 65919ff0-ddd1-4a4b-801d-f54023da86ac
This gave me the following along with some other information:
setsebool -P httpd_can_network_connect=1
Voila! My problem was fixed. Well almost. I then discovered that iptables was blocking the port. After opening the port using the gui “system-config-securitylevel” all was well. KPLaylist installed it’s database just like it was supposed to.
My next hurdle was getting the nfs share on the music-repo server to mount on to the web server. Checking for another sealert I found one on the webserver called
Nov 20 23:57:33 web setroubleshoot: SELinux prevented the http daemon from reading files stored on a NFS filesytem. For complete SELinux messages. run sealert -l f76bd0be-d375-436f-9c09-2086da0d7a39
After running this I got the following information:
setsebool -P httpd_use_nfs=1
Well this didn’t totally solve my problem but I did notice that things were getting fixed with the setsebool command. I went looking around the net to see what I could learn about it.
What I learned is that if you are having a problem with a service is that you should run the command getsebool -a |grep someservice. I decided to try that with NFS and this is what I got:
[root@music-repo ~]# getsebool -a |grep nfs
allow_ftpd_use_nfs --> off
allow_nfsd_anon_write --> off
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nfsd_disable_trans --> off
samba_share_nfs --> off
use_nfs_home_dirs --> off
The last line was what I found interesting. I had originally had my music directory on the music-repo machine at the root of the system. My thought was OK let’s create a user with a home directory and enable that boolean. I created a user on the musiic-repo system called apache and moved the /music directory into /home/apache. I then ran the command:
setsebool -P use_nfs_home_dirs=on
I also moved my music directory that I was mounting to under /var/www which is apache’s home and ran the same command. Now everything was connected and working like it is supposed to be.
A note of interest to those of you who would prefer a gui..you should install policycoreutils-gui. This will give you a nice gui called system-config-selinux. In this gui you can browse through everthing SELinux has to say and can change.
Now to get that setup as a share for the Windows users so that they can store their music and get it backed up.