Saturday, September 11, 2010

Customizing / Remastering Fedora Using Kickstart

Today we'll talk about Fedora customization but first off lemme warn you that this game is not for the people who don't know the basics of shell scripting and don't understand the basics of rpm. If you are a total newbie and still wanna customize a Linux, check out this post I wrote some time back.

First of all let me tell you what is a Kickstart file. Red Hat introduced Kickstart installation so that mass install can be done smoothly with minimum effort form the system admin. So, Kickstart is nothing but an ordinary file having some configuration settings written on it so that you can sit back and enjoy you coffee and impress your boss by installing Fedora or Red Hat in 100 of computers in less than an hour. But we are going to create live CD using kickstart file and livecd tools.

So now you need to install spin-kickstarts and livecd-creator. You know the usual yum command to get these packages, right? Cool. Now go to /usr/share/spin-kickstarts. This is the folder where the kickstart files with the .ks extensions will be. There is one for every Fedora spin.

The easiest way to build the Live CD is to modify one of the .ks already present but be smart and copy your favorite kickstart along with fedora-live-base.ks to a new folder, say myks. In case you are curious about which kickstart to pick and what is there in it, lemme tell you, it is mostly the desktop environment that'll change with the different ks files.

Now I am assuming that you have picked fedora-livecd-kde.ks for the building, open the file in your favorite editor (kate for me!). First of all I suggest that you just have a look around. Read it and I am sure that you'll understand a lot of stuff. Done?

Cool. Now you can add some repo if you want like this:
repo --name=MyRepo --baseurl=file:///repo/

Add repo in the beginning of the Kickstart after the "%include" tag. Now time to add and remove stuff. Since you have decided to use KDE environment, stuff like kde-desktop will already be there. To add packages, simply write the name of the package and it'll be added there. To remove make a minus sign (-) and write the package name. Don't remove libraries unless you are absolutely sure that it is not a dependency for anything but you can always remove applications, like I remove k3b (-k3b to get rid of it) for my Netbook spin iso. You can also do some configurations if you are good at shell scripting. Check out the KDE Netbook spin Kickstart file I wrote sometime ago here.

Now to create the live cd just fire the command below:
livecd-creator --config=./fedora-livecd-kde.ks --cache=/var/cache/live

Replace ./fedora-livecd-kde.ks with the path to your kickstart and create the cache directory manually, if it is not there already.

Wednesday, August 11, 2010

MySQL Beginners' Guide

MySQL is the world's most popular GPL'ed open source database. You can imagine its popularity by the fact that its newsletter has over 1 million subscribers! Now, MySQL is fairly easy to install and operate provided you know the basic SQL queries. If not, then read on.
Following are some of the most basic MySQL queries.Check them out:

  • Database Operations:
    1. CREATE DATABASE: To create a database simply fire CREATE DATABASE database_name;
    2. SHOW DATABASES: This command lists all the databases in your MySQL server. Use it as SHOW DATABASES;
    3. USE: This query selects the database to be used for further operations. USE database_name;
    4. DROP DATABASE: This query will delete a database for the server. You can fire DROP DATABASE database_name;

  • Table Creation Operations:
    1. It'll be easier to explain if you can check out the example below first:
    CREATE TABLE payments (
    customerNumber int(11) NOT NULL,
    checkNumber (50)NOT NULL,
    paymentDate datetime NOT NULL,
    amount double NOT NULL,
    PRIMARY KEY(customerNumber, checkNumber)
    );

    Here CREATE TABLE is being used to create a table named "payments". "int", "varchar", "double" and "datetime" are some of the most commonly used data types. Integers are denoted by "int" where as  "varchar" stands for variable length character string with the quantity in bracket signifying the maximum length of the same. Check out an advanced SQL tutorial if you are interested in knowing more details.
    2. SHOW TABLES: This query will display a list of all the tables present in the current database. For this fire SHOW TABLES; 
    3. DESCRIBE: If you are interested in knowing the details of a particular table just fire the query DESCRIBE table_name;


  • Data Operations on Table:
    1. INSERT: To insert data into table you can simply do INSERT INTO table_name ( field1, field2,...fieldN )VALUES (value1, value2,...valueN );
    2. DELETE: This query will delete certain tuples. Fire DELETE FROM table_name [WHERE Clause];
    3. SELECT: This is the most used query. It returns the tuples satisfying the given query. Fire SELECT field1, field2,...fieldN table_name1, table_name2...[WHERE Clause] [OFFSET M ] [LIMIT N];. Here LIMIT signify the number of tuples returned and OFFSET will set the point from where the tuples would be processed.

Friday, May 14, 2010

Fedora RPM Packaging In A Nutshell

I have talked about RPM and DEB in some of my older posts. Actually RPM and and DEB are installable packages analogous to .exe files for windows. In this post I won't teach you how to build an rpm but I will give you a vague idea and point out some resources and tutorial to get you started. Let us do it in a question-answer way.

Q. What do I need to build a rpm package?
A. The most important thing you need is the source code of the application. You will also need the packages required to build the application from the source a.k.a. the dependencies.

Q. Why should I build an rpm?
A. Not everyone is a techie like you. People have the habit of double clicking the stuff. rpm is for those people and it saves the effort of installing everything from scratch and remembering dependencies.

Q. How hard is it?
A. The general packaging procedure is not very hard but still sometimes packaging can take quite sometime. More dependencies increase difficulty of the package.

Q. From where should I start?
A. You can start by checking out the tutorial at https://fedoraproject.org/wiki/A_Short_RPM_Tutorial. A more advanced tutorial can be found at https://fedoraproject.org/wiki/How_to_create_an_RPM_package but if you are looking for a summary then this post will suffice.

Q. So, tell me how do I build rpm for an application?
A. That depends somewhat on the distro because every distro has different packaging guidelines. I will talk about Fedora here.
To create a package, you need to have a spec file first. Spec file consist of details about the package such as its name, version, dependencies, the way it is going to install etc. You can check out some spec files created by me here. Once you have created a spec file properly, you can easily create a package by rpmbuild command.

Q. How do I set up a nice packaging environment on my distro?
A. Again that is distro dependent. Being a hard core Fedora fan I will tell you how do setup the packaging environment on Fedora. Just fire the following commands:
yum install @development-tools
yum install rpm-build rpmdevtools
rpmdev-setuptree

Q. I have the setup the packaging environment, what next?
A. Once you have created a packaging environment, you'll get a directory named rpmbuild in your home folder. Inside this folder you'll see several other folders. You need to put the archived source code along with relevant patches in SOURCE folder. After that you need to fire the following commands assuming that you are currently in SOURCES folder:
cd ../SPECS
rpmdev-newspec

This will create a spec file for the corresponding app. Now you need to fill the spec file with correct details. For this check out http://fedoraproject.org/wiki/PackagingGuidelines

Q. I have written a spec file. How do I get src.rpm and rpm from it?
A. Once you are sure about your spec file then you can get rpms using a very simple command:
rpmbuild -ba

You can find the rpm and src.rpm in relevant folders inside rpmbuild directory.

Well, there you go! You have the rpms ready to be used. Have fun!

Sunday, April 25, 2010

Automating Your Job, The CRON Way!

Often you require to do some stuff periodically like backups or maintenance work. It might be a bit difficult if you have to do it manually every time. You have to have a working net connection if you are doing it remotely or you need to be physically present in front of your computer system. Then you have to repeat certain tasks which you do every day. Won't it be nice if you could just put everything in a simple script that could run automatically every time. CRON comes to your rescue here. CRON is nothing but a text file consisting of the path of scripts to be executed and the time according to which it'll be executed. First of all let me tell you some of the most general commands for setting up a cron table.

crontab -e --> Edit your crontab file.
crontab -l --> Show your crontab file.
crontab -r --> Remove your crontab file.
crontab -v --> Display the last time you edited your crontab file

There is a fixed format for the way an entry has to be made in a cron file. I found an interesting way of showing it here which I am replicating.

* * * * * command to be executed
- - - - -
| | | | |
| | | | +----- day of week (0 - 6) (Sunday=0)
| | | +------- month (1 - 12)
| | +--------- day of month (1 - 31)
| +----------- hour (0 - 23)
+------------- min (0 - 59)

You can also use special entries. Below is a list for them:

Entry          Description             Equivalent To

@reboot  Run once, at startup.  None

@yearly  Run once a year  0 0 1 1 *

@annually  (same as @yearly)  0 0 1 1 *

@monthly  Run once a month  0 0 1 * *

@weekly  Run once a week  0 0 * * 0

@daily          Run once a day          0 0 * * *

@midnight  (same as @daily)  0 0 * * *

@hourly  Run once an hour  0 * * * *

A sample cron file looks like this.

Monday, April 5, 2010

Git For Newbies

Note: This is not a complete guide for git. It will just help you getting started and using gitorious.org smoothly.


Introduction

Git is a versioning system. It is an ideal tool for managing projects, revisions and stuff like that. Anyone who wants to contribute can clone the code repository, make the changes or add some code and request for merge. This way bug fixes can be done and new features can be added. Gitorious provides open source infrastructure for hosting open source projects that use Git. The central entity in Gitorious is the project, which contains one or more top-level repositories and any repositories managed by the project's contributors.


Cloning A Repository on gitorious.org

We will use gitorious.org's hosted git for example. First of all you need to register yourself with gitorious.org which is a straight forward step. We are going to use ownCloud, a KDE project, for illustration. Next, go to http://gitorious.org/owncloud/owncloud and click on "Clone this repository on Gitorious" from the right sidebar. Congrats! you have created a clone for yourself.


Cloning A Repository On Your Local Machine

We have to do this the hard way. I am considering the Ubuntu Linux in my mind. First of all we need to install git. For that fire the following command
sudo apt-get install git-core

Once you get the git on your system, let us now create the clone. For that fire:
git clone git://gitorious.org/owncloud/owncloud.git

Now that you have the code, you can start with the bug-fixes and contribute code.


Commit To Local Git

After you make the changes to the code or add some file, you'll need to commit that to your local git repo. If you have added some files then you have to tell git to track the new files by using the following command:
git add file-name.

Once the files are added then you can commit to the git repo by firing the following command:
git commit -a

You'll be presented with a file where you have to describe the changes you made. Keep it short and to the point.


Pushing To Gitorious

Now you can push the changed repository to the gitorious.org repo by:
git push git@gitorious.org:path-to-your-repo.git master

This will push the repo from your system to gitorious.org. Now request a merge from the right sidebar. Someone will look at your request and your work will be added to the main repo if found fit.

Sunday, March 7, 2010

Networking with Linux: Encryption Using GnuPG

Transferring data securely is one of greatest challenges which you will face as a network administrator. New spywares are being developed everyday. Any one can capture and modify unencrypted data packets and can cause severe damage to you. So, today I will talk about encrypting data. We will encrypt data with two of the most well known algorithms, namely DES and RSA using a very popular and robust tool called GnuPG (GNU Privacy Guard) but first let us talk about these algorithms a bit. Encryption algorithms are classified in two categories, namely symmetric key cryptography and asymmetric key cryptography. A natural question arises "what is a key?". A key is a string which is used to encrypt and decrypt the data. Fir symmetric key cryptography we have only one key for encryption and decryption while asymmetric key cryptography uses two keys, one for encryption and another for decryption.

Now let us start talking about GnuPG. First of all we will install GnuPG. Fedora users can use yum to install the GnuPG:
yum install gnupg
while Ubuntu users can fire the following command:
sudo apt-get install gnupg

Now we have a working instance of GnuPG, lets create a key. On command prompt type:
gpg --gen-key
This will prompt you to choose the algorithm you want. Let us begin with RSA. It is an asymmetric cryptographic algorithm.  It has two different key, namely a public key and a private key. Anything encrypted with a public key can only be decrypted by the private key and vice versa. The idea is to share the public key with entire world and keep private key secret. So if anyone wants to send you some data he/she will encrypt it with your public key and send it. Only your private key will be able to decrypt it.
Next you have to decide the key size. While longer key give more security, it also adds to the computational cost. For now we will go with the default key size, that 2048 bits. So, write the key size and press enter.
Now you have to decide the validity period of the key. Usually people choose the option "key does not expire" but at times it is advisable to set a time period for expiration, specially in the scenarios where you have a contract with someone for a definite period of time. Let us choose "key does not expire" and hit enter. You will be asked to confirm the same.
Now you will be asked to enter a user ID. The required credentials are your Real Name, Comment and Email Address. Enter these details one by one.
Next you are required to create a passphrase. Passphrase is just a fancy name for password. So enter a secure password.
Now the key will be generated. You are required to do a lot of random stuff. Open some file, do some random clicks or type in a few characters. After all this pain you have created a key finally.

Now let us create a revoke certificate. A revocation certificate come handy when you loose your key or it gets stolen. To create the certificate fire the following command.
gpg --output revoke.asc --gen-revoke key-name
Here key name is any specifier of the key. It can be your name, comment or the email id.

Now let us try to encrypt a file named aditya.txt. For this you need to fire the following command.
gpg --output enaditya.txt --encrypt aditya.txt
Now you will be asked to pick a key for the encryption. Specify the key by using a key-name/specifier.

To decrypt the data use:
gpg --output deaditya.txt --decrypt enaditya.txt
and enter your passphrase.

DES key generation, encryption and decryption follows the same process. I will talk about key exchange and importing the keys in a later post.

Friday, February 12, 2010

Networking with Linux : Securing Apache

Lets talk about the security of Apache web server a bit. One of the standard way is to use SSL but there are lot many tutorials available for that. So I will discuss hardening of Apache by changing configurations in relevant files.
When I say configuration file I mean /etc/apache2/httpd.conf in Fedora and similar distros or /etc/apache2/apache2.conf in Ubuntu and similar distros.

One of the major issues you might face is that your server might send some critical information about your OS and version to client. Hackers can utilize vulnerabilities of the OS and can play with your server. So first of all lets turn off the signature of your server. Open /etc/apache2/conf.d/security. Change ServerTokens Full or ServerTokens OS to ServerTokens Prod. Next switch Off your ServerSignature by ServerSignature Off.

Now let us try to ban a misbehaving IP. Go to /etc/apache2/sites-enabled/ and open the default configuration file. Locate the following lines:

      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all

Now all you have to do is to insert the following line after allow from all to ban a particular ip:
      deny from xxx.xxx.xxx.xxx
Insert the IP in place of x's. You can also ban a particular range of IP addresses by using netmask.
example :       deny from xxx.xxx.xxx.xxx/24


Now lets check out how secure your server is. We are going to install a tool named Nikto. It checks the vulnerabilities of the servers. Ubuntu users can simply fire the following command to get Nikto while other Linux users might have to user the tar ball from the Nikto website. The command is:
sudo apt-get install nikto
Now on the terminal just write sudo nikto -host localhost. Nikto will give you all the holes present in your Apache server.
Check out the vulnerabilities and try to remove them. Have fun!

Thursday, January 21, 2010

Networking with Linux : The Mail Server, OpenWebMail

We now know how to set up a Postfix mail server, now let us talk about the User Interfaces. The Postfix server is a very robust MTA but sending mail everytime using telnet is not what we are looking forward to. So, let us talk about setting up a nice user interface. My two favorite interfaces are that of SquirrelMail and OpenWebMail. For a beginner I would recommend later because it is extremely easy to setup.
Now, I might show SquirrelMail set up in some other post. For now, let us talk about setting up of OpenWebMail. Download the package from here and install it (just double clicking it in Ubuntu will be enough). You might need to install some perl packages. Fire the command if you need Perl:
sudo apt-get install perl 
Once the OpenWebMail is installed, well, thats it. You got it!
http://localhost/openwebmail/ will open the documentation and http://localhost/openwebmail/redirect.html will open the login page. Sweet and easy!

Sunday, January 10, 2010

Networking with Linux : The Mail Server, Postfix MTA

First and foremost question. What is a MTA?
Well, MTP is Mail Transfer Agent. It is used as a mail server to transfer e-mails. This post will teach you basic installation of Postfix and its configuration. But let me tell you this well in advance, what I am going to teach you in this post is a very minimal configuration without any security and UI (I am leaving UI for my next post and security for you to Google!).
Now let us start with the installation. Install the Postfix by firing the following command:
sudo aptitude install postfix
 
Accept any dependencies, if presented. Now after the installation we need to configure it a little. On the terminal fire the following command:
sudo dpkg-reconfigure postfix
 
You will see some options. Choose the most appropriate one, they are self explainatory. I will continue with the option "Internet Site" and follow the steps below.
  • Choose the system mail name. If you are setting up server for aditya@adityapatawari.com then set the name as adityapatawari.com and hit OK
  • Put a root recipient name or leave it blank if you want and hit OK
  • Use this field to setup the server for other domains or your TLD.
  • This option is used in case of system crash but you will not need it as you are using ex3 or ext4 file system having journaling capability and hit NO.
  • Put up your local network. I use 127.0.0.0/8 and hit OK.
  • Set the disk limit for the users. 0 stands for unlimited and hit OK.
  • Use default at this screen and hit OK.
  • Choose the Internet protocols you want and hit OK.
Now your postfix server is good to go. Start it by firing:
sudo /etc/init.d/postfix start
 
You can check it out by using the following command:
telnet localhost 25
HELO localhost

There you go with your Postfix server. Now next post on WebMail UI.