cat brain.stuff > wordpress

I wanted to encrypt the disks that I use to regularly make a backup so I can put it offsite without that nagging thought that just about anyone can read it’s contents when it gets stolen/lost.

Find out the name of the disk you want to encrypt. I usually use a ‘sudo fdisk -l’ to find out which disk. In my case /dev/sdc3 so I will use that in this example. Substitute with your own unless you want to lose data.

Make sure your disk is not mounted:

sudo umount /dev/sdc3

It is good practice to fill the disk with some initial garbage to make any decryption attempts harder.

sudo dd if=/dev/urandom of=/dev/sdc3

Initial creation:

# Login as root
sudo -i
# Install cryptsetup
apt-get install cryptsetup
# I am using a passphrase to setup the encryption you could optionally use a keyfile. Check out the manual for more info.
cryptsetup -y create crypt /dev/sdc3
# Create an ext4 filesystem. (-m 0 -> No reserved blocks for root, this is an external disk)
mkfs.ext4 -m 0 /dev/mapper/crypt
# Create a directory to mount to and mount
mkdir /mnt/crypt && mount /dev/mapper/crypt /mnt/crypt

Remounting:

sudo cryptsetup create crypt /dev/sdc3
sudo mount /dev/mapper/crypt /mnt/crypt

That did it for me. I just wanted a small barrier to chase away curious people.

1. Edit /etc/modprobe.d/options.conf
2. Add the following line:

options dme1737 probe_all_addr=1

3. Save and exit
4. Load the module

modprobe dme1737

5. Check that it loaded succesfully:

lsmod

6. Edit the /etc/sysconfig/lm_sensors file

HWMON_MODULES="dme1737"
MODULE_0=dme1737

7. Run sensors to check the output

sensors

8. I also compiled the c7temp module because the in0 didn’t show and loaded it.

mkdir -p /usr/src/c7temp
(I extracted the c7temp.c file from the patch which is placed here:
http://lists.lm-sensors.org/pipermail/lm-sensors/attachments/20080619/0dccdaf0/attachment.bin)
touch /usr/src/c7temp/c7temp.c
filled the contents of c7temp.c with those of the patch

Created a makefile in the c7temp dir.

obj-m    := c7temp.o
 
KDIR    := /lib/modules/$(shell uname -r)/build
PWD    := $(shell pwd)
 
default:
	$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules

And ran make in the c7temp dir. This will get you a .ko file. Install it.

install -m 644 c7temp.ko /lib/modules/`uname -r`/kernel/drivers/hwmon/c7temp.ko

Generate the modules.dep and map files

depmod -a

And load the module

modprobe c7temp

And check that the module loaded with lsmod

lsmod

Modified the /etc/sysconfig/lm_sensors file a bit again

# Generated by sensors-detect on Wed Jul  1 08:43:13 2009
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
# be loaded/unloaded.
#
# The format of this file is a shell script that simply defines variables:
# HWMON_MODULES for hardware monitoring driver modules, and optionally
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
 
HWMON_MODULES="dme1737 c7temp"
 
# For compatibility reasons, modules are also listed individually as variables
#    MODULE_0, MODULE_1, MODULE_2, etc.
# You should use BUS_MODULES and HWMON_MODULES instead if possible.
 
MODULE_0=dme1737
MODULE_1=c7temp

Done.
9. I edited the /etc/sensors3.conf file on my machine

chip "sch311x-*"
    ignore in0
 
    label in1 "Vcore"
    label in2 "+3.3V"
    label in3 "+5V"
    label in4 "+12V"
    label in5 "3VSB"
    label in6 "Vbat"
 
    label temp1 "CPU"
    label temp2 "SIO Temp"
    label temp3 "M/B Temp"
 
    set in2_min  3.3 * 0.90
    set in2_max  3.3 * 1.10
    set in3_min  5.0 * 0.90
    set in3_max  5.0 * 1.10
    set in4_min 12.0 * 0.90
    set in4_max 12.0 * 1.10
    set in5_min  3.3 * 0.90
    set in5_max  3.3 * 1.10
    set in6_min  3.0 * 0.90
    set in6_max  3.0 * 1.10
 
chip "c7temp-*"
    ignore temp1

Step one: You will need samba

apt-get install samba

Step two: Check if you have a group for your samba users.

cat /etc/group | grep samba

On my system this resulted in “sambashare:x:107:” which means we have a group called sambashare with gid 107.

If you don’t have a group you can create it. I recommend specifying an own gid which you can use on multiple systems.

groupadd -g 2000 share

Step three: Create some basic users.

If the user doesn’t exist on the system you will need to create it. I assume this new user will only be used with samba.
So we will force it into the sambashare group and disable the shell. (If you didn’t have the sambashare group use share or whatever name you choose in the previous step)

useradd -g sambashare -s /bin/false yourusername

-g sets the main group for this user
-s sets the shell login

After this we set a samba password

smbpasswd -a yourusername

-a adds a new user and sets the password

Do a round trip of this step for all the users you need.

Step four:

Create some basic shares. Here is a short snippet to make a new share. Edit /etc/samba/smb.conf and add something like the following:

[sharename]
valid users = user1, user2
path = /share
browsable = yes
write list = user2
create mask = 0664
directory mask = 0775
force user = root
force group = sambashare

That’s it. Save it and then restart the server to be sure the settings are picked up.
/etc/init.d/samba restart

In order to synchronize the time on your debian machine you can use ntp. (apt-get install ntp) This will install ntp and the ntp daemon. Edit your configuration found in /etc/ntp.conf and add some ntp servers close to your current location.

I added some ntp servers for the Netherlands.

# pool.ntp.org maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#  *** Please consider joining the pool! ***
#  *** <http://www.pool.ntp.org/join.html> ***
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
server 2.nl.pool.ntp.org
server 3.nl.pool.ntp.org
# server 0.debian.pool.ntp.org iburst
# server 1.debian.pool.ntp.org iburst
# server 2.debian.pool.ntp.org iburst
# server 3.debian.pool.ntp.org iburst

Test afterwards by calling the ntptime command (run as root). It should look like this:

ntp_gettime() returns code 0 (OK)
  time cc5e6a21.5f5d5000  Tue, Aug 26 2008 13:40:17.372, (.372518),
  maximum error 1299815 us, estimated error 646 us
ntp_adjtime() returns code 0 (OK)
  modes 0x0 (),
  offset -141.000 us, frequency -36.781 ppm, interval 1 s,
  maximum error 1299815 us, estimated error 646 us,
  status 0x1 (PLL),
  time constant 6, precision 1.000 us, tolerance 512 ppm,

You can verify that your system clock was set ok now by calling the date command.

1. Follow the basic guide posted here.
2. Be sure to install python-mysqldb package.
3. Create MySQL database and user for trac.

CREATE DATABASE trac;
CREATE USER trac IDENTIFIED BY 'trac';
GRANT ALL privileges ON trac.* TO 'trac'@'%';

4. Run the following command:

trac-admin <Your project dir> initenv

5. When asked for the MySQL connection url enter something like the following:

#form: db-type://username:password@mysql-host:mysql-port/databasename
mysql://trac:trac@localhost:3306/trac

6. Configuring Apache2 (Make sure you have mod_python)

        <Location /trac/test>
                SetHandler mod_python
                PythonInterpreter main_interpreter
                PythonHandler trac.web.modpython_frontend
                PythonOption TracEnv /var/trac/test
                PythonOption TracUriRoot /trac/test
        </Location>
 
        <LocationMatch "/trac/[^/]+/login">
                AuthType Basic
                AuthName "Trac"
                AuthUserFile /var/trac/trac.htpasswd
                Require valid-user
        </LocationMatch>

7. Add admin login data

htpasswd -c /var/trac/trac.htpasswd admin

8. Grant TRAC_ADMIN to admin user

trac-admin /var/trac/test permission add admin TRAC_ADMIN

Sometimes you want to change specific settings to either files or directories on your debian machine. To be able to do this I use the find command combined with the xargs command. Have a look at some possible commands:

find /share/ -type f -print0 | xargs -0 chmod 664
find /share/ -type d -print0 | xargs -0 chmod 775

The first line tries to find files only with -type f. And prints them to the stream with -print0 so xargs can process them with the -0 command. -print0 will put a NUL value between pathnames. This way paths that contain spaces can be parsed correctly by xargs.
I think it is pretty nifty and once again shows the power of the console!

Well there you have it. I wanted to save some more power on my debian server. So I installed a flash disk and copied my debian install from hd to it.

After that I made my hd spin down automatically by using hdparm.

At the moment flash-memory is limited to ~10.000 write/erase cycles. By spreading the writes to disk the manufacturers try to avoid this problem. With a 24/7 server writing regularly to log files this might become a problem on the long run. That’s why I decided to put /var completely into memory by using a ramdisk. Note that you should not do/use this when you are running enterprise critical applications where a system crash might result in serious data loss.

First things first. First create a directory where we will persist our /var directory to in case of shutdown/reboot. I created a directory var-bak for this.

mkdir /var-bak

I then copied the /var directory to this /var-bak directory with cp -a.
After that I removed the /var-bak/run directory which should not be stored.

cp -a /var/* /var-bak/
rm -rf /var-bak/run

Ok, so now we have a copy of our contents in /var. Let’s mount the ramdisk. And copy the contents of /var-bak back to the ramdisk.

mount -t ramfs ramfs /var
cp -a /var-bak/* /var/

Ok there we have it. It’s all set up now. Using this method might cause some trouble. Try a df command to see what I mean.

router:~# df -h /var
Filesystem            Size  Used Avail Use% Mounted on
ramfs                    0     0     0   -  /var

That’s right it lists 0 as available space. Programs which perform space checks might report an ‘insufficient diskpace’ error. I had to fix the mysql init script to ignore this.

To be able to copy and synch the disks automatically on startup/shutdown/reboot I created a init script.
I called it ramdisk.sh and placed it in the /etc/init.d directory.

RSync makes sure the /var-bak directory keeps correctly synched with the /var directory. Also it makes sure the run directory is ignored during the synch process.

#! /bin/sh
# /etc/init.d/ramdisk.sh
#
 
case "$1" in
  start)
    echo "Copying files to Ramdisk"
    cp -a /var-bak/* /var/
    echo [`date +"%Y-%m-%d %H:%M"`] Ramdisk Synched from HD >> /var/log/ramdisk_sync.log
    ;;
  sync)
    echo "Synching files to Harddisk"
    echo [`date +"%Y-%m-%d %H:%M"`] Ramdisk Synched to HD >> /var/log/ramdisk_sync.log
    rsync -av --delete --exclude=run/ --exclude=run/** /var/ /var-bak/
    ;;
  stop)
    echo "Synching logfiles to Harddisk"
    echo [`date +"%Y-%m-%d %H:%M"`] Ramdisk Synched to HD >> /var/log/ramdisk_sync.log
    rsync -av --delete --exclude=run/ --exclude=run/** /var/ /var-bak/
    ;;
  *)
    echo "Usage: /etc/init.d/ramdisk.sh {start|stop|sync}"
    exit 1
    ;;
esac
 
exit 0

After that I wanted it to be started as early as possible. So I placed it as early in the process as possible.
Maybe this still needs some more tweaking but this works ok for me at this point. You can use the sync command to manually sync the ramdisk to disk.

update-rc.d ramdisk.sh defaults 00 99

That’s it. You could optionally run a cron job to synch the ramdisk every once in a while if you like. It will at least save quite some write cycles.