Archive for the ‘Linux’ Category

Load iptables on startup, save on shutdown

November 23rd, 2012 No comments

Wrote some scripts that store iptables automatically after interface goes down and reloads after startup.

sudo su -
mkdir /etc/network/firewall-backup
touch /etc/network/if-pre-up.d/firewall-up && chmod +x /etc/network/if-pre-up.d/firewall-up
touch /etc/network/if-post-down.d/firewall-down && chmod +x /etc/network/if-post-down.d/firewall-down

Add the following to the firewall-up script:

#!/bin/sh -e
/sbin/iptables-restore < /etc/network/firewall-ip4.conf
/sbin/ip6tables-restore < /etc/network/firewall-ip6.conf

Create the initial config:

/sbin/iptables-save > /etc/network/firewall-ip4.conf
/sbin/ip6tables-save > /etc/network/firewall-ip6.conf

Add the following to the firewall-down script:

#!/bin/sh -e
now=`date +%F_%H:%M:%S`
# Backup ipv4 config if necessary
md5sum_old=$(cat /etc/network/firewall-ip4.conf | sed -e '1,7d;$d;' | md5sum)
md5sum_new=$(/sbin/iptables-save | sed -e '1,7d;$d;' | md5sum)
if [ "$md5sum_old" != "$md5sum_new" ]; then
        cp /etc/network/firewall-ip4.conf /etc/network/firewall-backup/firewall-ip4_$now.conf
# Always save because we want to retain stats
/sbin/iptables-save > /etc/network/firewall-ip4.conf
# Backup ipv6 config if necessary
md5sum_old=$(cat /etc/network/firewall-ip6.conf | sed -e '1,7d;$d;' | md5sum)
md5sum_new=$(/sbin/ip6tables-save | sed -e '1,7d;$d;' | md5sum)
if [ "$md5sum_old" != "$md5sum_new" ]; then
        cp /etc/network/firewall-ip6.conf /etc/network/firewall-backup/firewall-ip6_$now.conf
# Always save because we want to retain stats
/sbin/ip6tables-save > /etc/network/firewall-ip6.conf

Your iptables will now be stored when the interface is brought down and a backup of your config is made if any rules have changed in the meanwhile.

Categories: Linux Tags: , , , ,

Transmission, move completed downloads/torrents

November 23rd, 2012 3 comments

I wanted to be able to move torrents that were completed and had a stopped state. (Which would occur when you stop them from the interface or when the seed ratio has been met) I was inspired by this script. I fixed it a bit and I am now using it to move completed torrents from my SSD to my larger platter based disks so that I don’t have to keep them spinning while downloading/uploading. I first used awk to get the columns but then switched to cut. Use whatever you like or just copy-paste and modify the MOVEDIR and BASE_COMMAND params. Make sure that the user transmission is running on has write permissions on the folder the data is moved to.

BASE_COMMAND="transmission-remote -n yourusername:yourpassword"
TORRENT_ID_LIST=$($BASE_COMMAND -l | sed -e '1d;$d;s/^ *//' | cut -d ' ' -f 1)
        NAME=$($BASE_COMMAND -t $TORRENT_ID -i | grep -i "Name:" | sed 's/^ *//' | cut -d ' ' -f 2-)
        PERCENT_COMPLETE=$($BASE_COMMAND -t $TORRENT_ID -i | grep -i "Percent Done:" | sed 's/^ *//' | cut -d ' ' -f 3)
        STATE=$($BASE_COMMAND -t $TORRENT_ID -i | grep -i "State:" | sed 's/^ *//' | cut -d ' ' -f 2)
        RATIO=$($BASE_COMMAND -t $TORRENT_ID -i | grep -i "Ratio:" | sed 's/^ *//' | cut -d ' ' -f 2)
        if [ "$PERCENT_COMPLETE" = "100%" ] && ( [ "$STATE" = "Stopped" ] || [ "$STATE" = "Finished" ] ); then
                echo "Torrent $NAME is completed"
                $BASE_COMMAND -t $TORRENT_ID --move $MOVEDIR
                $BASE_COMMAND -t $TORRENT_ID -r
                echo "\tTorrent data moved and removed from transmission"

VLC Radiostation Bash script

October 17th, 2011 No comments

We use the following script to have our linux machine automatically start playing audio at startup. Every day another radio station will be played with a random choice for some days. It could use some functions to make it a bit tidier, but I’m satisfied with it at this point. 🙂

# Arrow Classic Rock
# City FM
# QMusic
# Eagle FM
#current day of week, 0 is sunday
curr_day_of_week=$(date +%w)
case $curr_day_of_week in
                let "number %= ${#radio_stations[@]}"
                /usr/bin/vlc ${radio_stations[$number]}
                /usr/bin/vlc ${radio_stations[0]}
                /usr/bin/vlc ${radio_stations[1]}
                /usr/bin/vlc ${radio_stations[2]}
                /usr/bin/vlc ${radio_stations[3]}
                let "number %= ${#radio_stations[@]}"
                /usr/bin/vlc ${radio_stations[$number]}
                let "number %= ${#radio_stations[@]}"
                /usr/bin/vlc ${radio_stations[$number]}
Categories: Linux Tags: , ,

Basic iptables configuration

January 20th, 2010 1 comment

Here is a small basic example allowing you to setup your iptables.

First we reset everything. See the man page for exact details on the parameters we use.

iptables -F
iptables -Z
iptables -X

Create some chains that will provide us with some logging.

iptables -N logdrop
iptables -N logreject
iptables -N logaccept

Add some rules to these chains.

iptables -A logdrop -j LOG --log-prefix 'DROP: ' --log-level warning
iptables -A logdrop -j DROP
iptables -A logreject -j LOG --log-prefix 'REJECT: ' --log-level warning
iptables -A logreject -j REJECT
iptables -A logaccept -j LOG --log-prefix 'ACCEPT: ' --log-level warning
iptables -A logaccept -j ACCEPT

Now you have a basic setup with some logging.
The next step will be to apply your rules and jump to the corresponding chain on a positive match.
You could set the default policies for the INPUT, FORWARD and OUTPUT chains to ACCEPT and add a jump to logdrop at the end of each chain so that any non-matching rules will be automatically dropped.

Small example:

# Accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Accept traffic from established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Accept new SSH connections
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j logaccept -m comment --comment "Allow SSH"
# Accept new SSL connections
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j logaccept -m comment --comment "Allow SSL"
# Accept new HTTP connections
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j logaccept -m comment --comment "Allow HTTP"
# Drop and log everything else incoming
iptables -A INPUT -j logdrop
iptables -A FORWARD -j logreject

You could then add a small piece of configuration to rsyslog to split these files out into separate log files: /etc/rsyslog.d/iptables.conf

:msg,contains,"ACCEPT: " /var/log/iptables-accept.log
:msg,contains,"REJECT: " /var/log/iptables-reject.log
:msg,contains,"DROP: " /var/log/iptables-drop.log
Categories: Linux Tags:

Some bash stuff

August 18th, 2009 No comments

I just need a cheat sheet because I keep forgetting all these bash things.

Number of parameters: $#
All parameters: $@
String length: ${#foo}
Remove trailing slash: ${foo%/}
Check return value from last command: $?
Categories: Linux Tags:

lm-sensors on the VIA EPIA SN10000EG and SN18000g

July 1st, 2009 7 comments

1. Edit /etc/modprobe.d/options.conf
2. Add the following line:

options dme1737 probe_all_addr=1

3. Save and exit
4. Load the module

modprobe dme1737

5. Check that it loaded succesfully:


6. Edit the /etc/sysconfig/lm_sensors file


7. Run sensors to check the output


8. I also compiled the c7temp module because the in0 didn’t show and loaded it.

mkdir -p /usr/src/c7temp
(I extracted the c7temp.c file from the patch which is placed here:
touch /usr/src/c7temp/c7temp.c
filled the contents of c7temp.c with those of the patch

Created a makefile in the c7temp dir.

obj-m    := c7temp.o
KDIR    := /lib/modules/$(shell uname -r)/build
PWD    := $(shell pwd)
	$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules

And ran make in the c7temp dir. This will get you a .ko file. Install it.

install -m 644 c7temp.ko /lib/modules/`uname -r`/kernel/drivers/hwmon/c7temp.ko

Generate the modules.dep and map files

depmod -a

And load the module

modprobe c7temp

And check that the module loaded with lsmod


Modified the /etc/sysconfig/lm_sensors file a bit again

# Generated by sensors-detect on Wed Jul  1 08:43:13 2009
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
# be loaded/unloaded.
# The format of this file is a shell script that simply defines variables:
# HWMON_MODULES for hardware monitoring driver modules, and optionally
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
HWMON_MODULES="dme1737 c7temp"
# For compatibility reasons, modules are also listed individually as variables
#    MODULE_0, MODULE_1, MODULE_2, etc.
# You should use BUS_MODULES and HWMON_MODULES instead if possible.

9. I edited the /etc/sensors3.conf file on my machine

chip "sch311x-*"
    ignore in0
    label in1 "Vcore"
    label in2 "+3.3V"
    label in3 "+5V"
    label in4 "+12V"
    label in5 "3VSB"
    label in6 "Vbat"
    label temp1 "CPU"
    label temp2 "SIO Temp"
    label temp3 "M/B Temp"
    set in2_min  3.3 * 0.90
    set in2_max  3.3 * 1.10
    set in3_min  5.0 * 0.90
    set in3_max  5.0 * 1.10
    set in4_min 12.0 * 0.90
    set in4_max 12.0 * 1.10
    set in5_min  3.3 * 0.90
    set in5_max  3.3 * 1.10
    set in6_min  3.0 * 0.90
    set in6_max  3.0 * 1.10
chip "c7temp-*"
    ignore temp1
Categories: Debian Tags:

Samba basic config

May 7th, 2009 No comments

Step one: You will need samba

apt-get install samba

Step two: Check if you have a group for your samba users.

cat /etc/group | grep samba

On my system this resulted in “sambashare:x:107:” which means we have a group called sambashare with gid 107.

If you don’t have a group you can create it. I recommend specifying an own gid which you can use on multiple systems.

groupadd -g 2000 share

Step three: Create some basic users.

If the user doesn’t exist on the system you will need to create it. I assume this new user will only be used with samba.
So we will force it into the sambashare group and disable the shell. (If you didn’t have the sambashare group use share or whatever name you choose in the previous step)

useradd -g sambashare -s /bin/false yourusername

-g sets the main group for this user
-s sets the shell login

After this we set a samba password

smbpasswd -a yourusername

-a adds a new user and sets the password

Do a round trip of this step for all the users you need.

Step four:

Create some basic shares. Here is a short snippet to make a new share. Edit /etc/samba/smb.conf and add something like the following:

valid users = user1, user2
path = /share
browsable = yes
write list = user2
create mask = 0664
directory mask = 0775
force user = root
force group = sambashare

That’s it. Save it and then restart the server to be sure the settings are picked up.
/etc/init.d/samba restart

Categories: Debian Tags:


March 12th, 2009 2 comments

Having multiple jvm’s on your linux machine can be a pain in the ass. To select which jvm to use you can use the update-alternatives command. A small example of how to add a jvm to the alternatives here:

update-alternatives --install /usr/bin/java java /usr/java/jdk1.6.0_11/bin/java 16011

This will add an entry for your jdk into the alternatives. The last number assigns the priority to this alternative. Which is the version and build number of the relase.

After adding you can use the following command to select the java version you want to use:

update-alternatives --config java

If you switch the java update-alternatives to auto it will automatically pick the java alternative with the highest priority.

Time synchronization on your debian machine

August 26th, 2008 No comments

In order to synchronize the time on your debian machine you can use ntp. (apt-get install ntp) This will install ntp and the ntp daemon. Edit your configuration found in /etc/ntp.conf and add some ntp servers close to your current location.

I added some ntp servers for the Netherlands.

# maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#  *** Please consider joining the pool! ***
#  *** <> ***
# server iburst
# server iburst
# server iburst
# server iburst

Test afterwards by calling the ntptime command (run as root). It should look like this:

ntp_gettime() returns code 0 (OK)
  time cc5e6a21.5f5d5000  Tue, Aug 26 2008 13:40:17.372, (.372518),
  maximum error 1299815 us, estimated error 646 us
ntp_adjtime() returns code 0 (OK)
  modes 0x0 (),
  offset -141.000 us, frequency -36.781 ppm, interval 1 s,
  maximum error 1299815 us, estimated error 646 us,
  status 0x1 (PLL),
  time constant 6, precision 1.000 us, tolerance 512 ppm,

You can verify that your system clock was set ok now by calling the date command.

Installing Trac with MySQL database

August 20th, 2008 1 comment

1. Follow the basic guide posted here.
2. Be sure to install python-mysqldb package.
3. Create MySQL database and user for trac.

GRANT ALL privileges ON trac.* TO 'trac'@'%';

4. Run the following command:

trac-admin <Your project dir> initenv

5. When asked for the MySQL connection url enter something like the following:

#form: db-type://username:password@mysql-host:mysql-port/databasename

6. Configuring Apache2 (Make sure you have mod_python)

        <Location /trac/test>
                SetHandler mod_python
                PythonInterpreter main_interpreter
                PythonHandler trac.web.modpython_frontend
                PythonOption TracEnv /var/trac/test
                PythonOption TracUriRoot /trac/test
        <LocationMatch "/trac/[^/]+/login">
                AuthType Basic
                AuthName "Trac"
                AuthUserFile /var/trac/trac.htpasswd
                Require valid-user

7. Add admin login data

htpasswd -c /var/trac/trac.htpasswd admin

8. Grant TRAC_ADMIN to admin user

trac-admin /var/trac/test permission add admin TRAC_ADMIN