Category Archives: Ubuntu

Easily Configure a Host-Based Firewall on Ubuntu to Block Incoming Connections

The default firewall configuration tool for Ubuntu is UFW (uncomplicated firewall). It was developed to ease iptables firewall configuration. By default UFW is disabled, and there are no packet filter rules in the Linux kernel:

# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

When you turn UFW on, it uses a default set of rules that should be fine for the average home user. In short, all incoming connections will be denied, thus protecting the system from intruders. To turn UFW on:

# ufw enable
Firewall is active and enabled on system startup

Once enabled, you are done! All future incoming connections will be denied. This configuration will be reloaded at boot.
You can easily view the status of ufw:

# ufw status
Status: active

If you are interested in seeing what UFW did, then run the following command to output the current UFW rules that are applied to your iptables. While it looks like UFW has done a lot, most of this is benign. UFW basically sets up a framework in order for it to easily add additional rules in the future, as well as faciliting logging.

# iptables -L -n --line-numbers
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
2    ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0
3    ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0
4    ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0
5    ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0
6    ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0
Chain FORWARD (policy DROP)
num  target     prot opt source               destination
1    ufw-before-logging-forward  all  --  0.0.0.0/0            0.0.0.0/0
2    ufw-before-forward  all  --  0.0.0.0/0            0.0.0.0/0
3    ufw-after-forward  all  --  0.0.0.0/0            0.0.0.0/0
4    ufw-after-logging-forward  all  --  0.0.0.0/0            0.0.0.0/0
5    ufw-reject-forward  all  --  0.0.0.0/0            0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ufw-before-logging-output  all  --  0.0.0.0/0            0.0.0.0/0
2    ufw-before-output  all  --  0.0.0.0/0            0.0.0.0/0
3    ufw-after-output  all  --  0.0.0.0/0            0.0.0.0/0
4    ufw-after-logging-output  all  --  0.0.0.0/0            0.0.0.0/0
5    ufw-reject-output  all  --  0.0.0.0/0            0.0.0.0/0
6    ufw-track-output  all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-after-forward (1 references)
num  target     prot opt source               destination
Chain ufw-after-input (1 references)
num  target     prot opt source               destination
1    ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137
2    ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138
3    ufw-skip-to-policy-input  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:139
4    ufw-skip-to-policy-input  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445
5    ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
6    ufw-skip-to-policy-input  udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
7    ufw-skip-to-policy-input  all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
num  target     prot opt source               destination
1    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
num  target     prot opt source               destination
1    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
num  target     prot opt source               destination
Chain ufw-after-output (1 references)
num  target     prot opt source               destination
Chain ufw-before-forward (1 references)
num  target     prot opt source               destination
1    ufw-user-forward  all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-before-input (1 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
3    ufw-logging-deny  all  --  0.0.0.0/0            0.0.0.0/0            state INVALID
4    DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID
5    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
6    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
7    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
8    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
9    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
10   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
11   ufw-not-local  all  --  0.0.0.0/0            0.0.0.0/0
12   ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353
13   ACCEPT     udp  --  0.0.0.0/0            239.255.255.250      udp dpt:1900
14   ufw-user-input  all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
num  target     prot opt source               destination
Chain ufw-before-logging-input (1 references)
num  target     prot opt source               destination
Chain ufw-before-logging-output (1 references)
num  target     prot opt source               destination
Chain ufw-before-output (1 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
3    ufw-user-output  all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-logging-allow (0 references)
num  target     prot opt source               destination
1    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state INVALID limit: avg 3/min burst 10
2    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
2    RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
3    RETURN     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
4    ufw-logging-deny  all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
5    DROP       all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-reject-forward (1 references)
num  target     prot opt source               destination
Chain ufw-reject-input (1 references)
num  target     prot opt source               destination
Chain ufw-reject-output (1 references)
num  target     prot opt source               destination
Chain ufw-skip-to-policy-forward (0 references)
num  target     prot opt source               destination
1    DROP       all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
num  target     prot opt source               destination
1    DROP       all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-track-input (1 references)
num  target     prot opt source               destination
Chain ufw-track-output (1 references)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state NEW
Chain ufw-user-forward (1 references)
num  target     prot opt source               destination
Chain ufw-user-input (1 references)
num  target     prot opt source               destination
Chain ufw-user-limit (0 references)
num  target     prot opt source               destination
1    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
2    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
num  target     prot opt source               destination
Chain ufw-user-logging-input (0 references)
num  target     prot opt source               destination
Chain ufw-user-logging-output (0 references)
num  target     prot opt source               destination
Chain ufw-user-output (1 references)
num  target     prot opt source               destination

This is the rule in the INPUT chain above that drops incoming connections:

DROP       all  --  0.0.0.0/0            0.0.0.0/0

You may want to install gufw. It is a graphical user interface for UFW that provides an easy and intuitive way to manage your Linux firewall. It supports common tasks such as allowing or blocking ports. There is a status switch that can be turned on and off, which basically performs the commands “ufw enable” and “ufw disable“.

My System Configuration

  • Linux Mint 16 Petra x86 64-bit

References

Configure Ubuntu to be Verbose at Boot

Configure Ubuntu to output more verbosely to the screen at boot.

GRUB 2

Configure GRUB 2 /etc/default/grub:

# How long to time out showing blank screen. Commenting this out or setting no value
# after the = sign means the menu will be displayed for the number of seconds
# designated by GRUB_TIMEOUT.
#GRUB_HIDDEN_TIMEOUT=
# Setting to false means grub menu will be displayed
GRUB_HIDDEN_TIMEOUT_QUIET=false
# How many seconds the grub menu will be displayed
# before defaulting the value set in GRUB_DEFAULT
GRUB_TIMEOUT=5
# Remove the kernel parameters "quiet" and "splash"
GRUB_CMDLINE_LINUX_DEFAULT=""
# Disable graphical terminal
GRUB_TERMINAL=console

After updating, run

update-grub

to create a new /boot/grub/grub.cfg file.

My System Configuration

  • Linux Mint 16 Petra x86 64-bit

References

RSSOwl was unable to create a browser for reading news

Unfortunately, I failed to solve this issue, but I got around it.
Initially I downloaded RSSOwl for Linux (64 Bit) from here: http://www.rssowl.org/download. However, I would start to get the error message:
Error Creating Browser: RSSOwl was unable to create a browser for reading news. Please refer to the FAQ for further help. Click 'Ok' to open the FAQ now..
This issue is described in RSSOwl’s FAQ (http://www.rssowl.org/help#item_6j). However, following those instructions did not resolve my problem. Ultimately I downloaed the Ubuntu 64-bit Debian package from here: http://www.ubuntuupdates.org/package/getdeb_apps/precise/apps/getdeb/rssowl. Executing that installation of RSSOwl did have this problem.

References

Shrinking an ext4 File System and the Logical Volume Containing It

The following procedure will reduce both the ext4 file system and logical volume sizes by 10 GB. Initially the file system uses the entire size of the logical volume. Obviously, there needs to be at least 10 GB of disk space currently available. This procedure needs to be done with the file system unmounted. This should also work fine on ext2 and ext3.

root@ubuntu:/tmp# df -h /dev/mapper/mysql_s1_prod1_raid10-data
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/mysql_s1_prod1_raid10-data
                      241G  647M  228G   1% /local/mysql-s1-prod1_data
root@ubuntu:/tmp# umount /local/mysql-s1-prod1_data
root@ubuntu:/tmp# pvscan
  PV /dev/mapper/mysql-s1-prod0-t1-v1_fujitsu2-27   VG mysql_s1_prod0_raid1    lvm2 [78.12 GiB / 0    free]
  PV /dev/mapper/mysql-s1-prod1-t1-v1_fujitsu2-32   VG mysql_s1_prod1_raid1    lvm2 [78.12 GiB / 0    free]
  PV /dev/mapper/mysql-s1-prod0-t1-v2_fujitsu2-28   VG mysql_s1_prod0_raid10   lvm2 [244.14 GiB / 10.00 GiB free]
  PV /dev/mapper/mysql-s1-prod1-t1-v2_fujitsu2-35   VG mysql_s1_prod1_raid10   lvm2 [244.14 GiB / 0    free]
  PV /dev/sda2                                      VG system                  lvm2 [135.84 GiB / 102.32 GiB free]
  Total: 5 [780.36 GiB] / in use: 5 [780.36 GiB] / in no VG: 0 [0   ]
root@ubuntu:/tmp# lvscan
  ACTIVE            '/dev/mysql_s1_prod0_raid1/data' [78.12 GiB] inherit
  ACTIVE            '/dev/mysql_s1_prod1_raid1/data' [78.12 GiB] inherit
  ACTIVE            '/dev/mysql_s1_prod0_raid10/data' [234.14 GiB] inherit
  ACTIVE            '/dev/mysql_s1_prod1_raid10/data' [244.14 GiB] inherit
  ACTIVE            '/dev/system/root' [9.31 GiB] inherit
  ACTIVE            '/dev/system/var' [4.66 GiB] inherit
  ACTIVE            '/dev/system/tmp' [2.79 GiB] inherit
  ACTIVE            '/dev/system/swap' [2.79 GiB] inherit
  ACTIVE            '/dev/system/home' [4.66 GiB] inherit
  ACTIVE            '/dev/system/opt' [9.31 GiB] inherit
root@ubuntu:/tmp# e2fsck -fy /dev/mysql_s1_prod1_raid10/data
e2fsck 1.41.11 (14-Mar-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mysql_s1_prod1_raid10/data: 127/16007168 files (2.4% non-contiguous), 1170118/63998976 blocks
root@ubuntu:/tmp# resize2fs -Mp /dev/mapper/mysql_s1_prod1_raid10-data
resize2fs 1.41.11 (14-Mar-2010)
Resizing the filesystem on /dev/mapper/mysql_s1_prod1_raid10-data to 291412 (4k) blocks.
Begin pass 2 (max = 88941)
Relocating blocks             XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 3 (max = 1954)
Scanning inode table          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 4 (max = 11)
Updating inode references     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/mapper/mysql_s1_prod1_raid10-data is now 291412 blocks long.
root@ubuntu:/tmp# e2fsck -fy /dev/mysql_s1_prod1_raid10/data
e2fsck 1.41.11 (14-Mar-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mysql_s1_prod1_raid10/data: 127/73728 files (2.4% non-contiguous), 160138/291412 blocks
root@ubuntu:/tmp# lvreduce -L -10G /dev/mapper/mysql_s1_prod1_raid10-data
  WARNING: Reducing active logical volume to 234.14 GiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce data? [y/n]: y
  Reducing logical volume data to 234.14 GiB
  Logical volume data successfully resized
root@ubuntu:/tmp# resize2fs /dev/mapper/mysql_s1_prod1_raid10-data
resize2fs 1.41.11 (14-Mar-2010)
Please run 'e2fsck -f /dev/mapper/mysql_s1_prod1_raid10-data' first.
root@ubuntu:/tmp# resize2fs /dev/mapper/mysql_s1_prod1_raid10-data
resize2fs 1.41.11 (14-Mar-2010)
Resizing the filesystem on /dev/mapper/mysql_s1_prod1_raid10-data to 61377536 (4k) blocks.
The filesystem on /dev/mapper/mysql_s1_prod1_raid10-data is now 61377536 blocks long.
root@ubuntu:/tmp# e2fsck -fy /dev/mysql_s1_prod1_raid10/data
e2fsck 1.41.11 (14-Mar-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mysql_s1_prod1_raid10/data: 127/15351808 files (2.4% non-contiguous), 1128998/61377536 blocks
root@ubuntu:/tmp# df -h /dev/mapper/mysql_s1_prod1_raid10-data
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/mysql_s1_prod1_raid10-data
                      231G  647M  219G   1% /local/mysql-s1-prod1_data
root@ubuntu:/tmp# pvscan
  PV /dev/mapper/mysql-s1-prod0-t1-v1_fujitsu2-27   VG mysql_s1_prod0_raid1    lvm2 [78.12 GiB / 0    free]
  PV /dev/mapper/mysql-s1-prod1-t1-v1_fujitsu2-32   VG mysql_s1_prod1_raid1    lvm2 [78.12 GiB / 0    free]
  PV /dev/mapper/mysql-s1-prod0-t1-v2_fujitsu2-28   VG mysql_s1_prod0_raid10   lvm2 [244.14 GiB / 10.00 GiB free]
  PV /dev/mapper/mysql-s1-prod1-t1-v2_fujitsu2-35   VG mysql_s1_prod1_raid10   lvm2 [244.14 GiB / 10.00 GiB free]
  PV /dev/sda2                                      VG system                  lvm2 [135.84 GiB / 102.32 GiB free]
  Total: 5 [780.36 GiB] / in use: 5 [780.36 GiB] / in no VG: 0 [0   ]
root@ubuntu:/tmp# lvscan
  ACTIVE            '/dev/mysql_s1_prod0_raid1/data' [78.12 GiB] inherit
  ACTIVE            '/dev/mysql_s1_prod1_raid1/data' [78.12 GiB] inherit
  ACTIVE            '/dev/mysql_s1_prod0_raid10/data' [234.14 GiB] inherit
  ACTIVE            '/dev/mysql_s1_prod1_raid10/data' [234.14 GiB] inherit
  ACTIVE            '/dev/system/root' [9.31 GiB] inherit
  ACTIVE            '/dev/system/var' [4.66 GiB] inherit
  ACTIVE            '/dev/system/tmp' [2.79 GiB] inherit
  ACTIVE            '/dev/system/swap' [2.79 GiB] inherit
  ACTIVE            '/dev/system/home' [4.66 GiB] inherit
  ACTIVE            '/dev/system/opt' [9.31 GiB] inherit

Installing Oracle Java on Ubuntu

If you already have Ubuntu packages of JRE and/or JDK already installed, then you may leave them installed. However, you must uninstall IcedTea. The IcedTea project provides a harness to build the source code from http://openjdk.java.net using free software build tools and adds a number of features to the upstream OpenJDK codebase.

root@ubuntu:~# aptitude search icedtea
i A icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
i A icedtea-6-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
i A icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
i A icedtea-netx - NetX - implementation of the Java Network
i A icedtea-plugin - web browser plugin based on OpenJDK and Ic
v icedtea6-jre-cacao -
v icedtea6-jre-cacao -
v icedtea6-plugin -
i icedtea6-plugin - web browser plugin to execute Java applets
root@ubuntu:~# aptitude remove icedtea6-plugin icedtea-plugin icedtea-netx icedtea-7-jre-jamvm icedtea-6-jre-jamvm icedtea-6-jre-cacao

Download Java from Java’s website: http://www.java.com. For 64-bit you want Linux x64 (the file name ending with x64.bin). In this example we downloaded jre-6u31-linux-x64.bin.
Then make a directory for Oracle Java. Move the downloaded file into this new directory:

root@ubuntu:~# mkdir -p /opt/java
root@ubuntu:~# cd /opt/java
root@ubuntu:/opt/java# mv /home/username/downloads/jre-6u31-linux-x64.bin .

Execute the file downloaded:

root@ubuntu:/opt/java$ sh jre-6u31-linux-x64.bin

This will create the directory /opt/java/jre1.6.0_31 containing your new instance of Java. Its name will match the version of Java downloaded. You may now delete the downloaded Java installation file:

root@ubuntu:/opt/java$ rm jre-6u31-linux-x64.bin

Tell the system that there is a new instance of Java available:

root@ubuntu:/opt/java# update-alternatives --install "/usr/bin/java" "java" "/opt/java/jre1.6.0_31/bin/java" 1
update-alternatives: using /opt/java/jre1.6.0_31/bin/java to provide /usr/bin/java (java) in manual mode.

Tell the system to default to the new Java instance:

root@ubuntu:/opt/java# update-alternatives --set java /opt/java/jre1.6.0_31/bin/java

Verify your system is now using this instance of Java:

root@ubuntu:/# java -showversion
java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b04)
Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)

References

APT Package Resource List for Old Ubuntu Releases

Package repositories for old Ubuntu releases are dropped from Ubuntu’s upstream package repository and are removed from Ubuntu package mirrors. However, Ubuntu still makes them available here: http://old-releases.ubuntu.com/ubuntu/. Here is an example /etc/apt/sources.list file for Ubuntu Dapper:

#
# /etc/apt/sources.list
# Ubuntu Dapper 6.06
#
#
# main and restricted:
#
#   These are the primary package archives.
#
deb     http://old-releases.ubuntu.com/ubuntu dapper main restricted
deb-src http://old-releases.ubuntu.com/ubuntu dapper main restricted
deb     http://old-releases.ubuntu.com/ubuntu dapper-updates main restricted
deb-src http://old-releases.ubuntu.com/ubuntu dapper-updates main restricted
deb     http://old-releases.ubuntu.com/ubuntu dapper-security main restricted
deb-src http://old-releases.ubuntu.com/ubuntu dapper-security main restricted
#
# universe:
#
#   Additional software from the larger pool of debian packages.  Gobs and
#   gobs of useful software lives here, however, software from this
#   repository is ENTIRELY UNSUPPORTED by the Ubuntu team.
#
#   Note: Some of the software in this repository may not be under a free
#         licence. Please satisfy yourself as to your rights to use the
#         software.
#
#   Note: Software in this repository WILL NOT receive any review or
#         updates from the Ubuntu security team.
#
deb     http://old-releases.ubuntu.com/ubuntu dapper universe
deb-src http://old-releases.ubuntu.com/ubuntu dapper universe
deb     http://old-releases.ubuntu.com/ubuntu dapper-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu dapper-updates universe
deb     http://old-releases.ubuntu.com/ubuntu dapper-security universe
deb-src http://old-releases.ubuntu.com/ubuntu dapper-security universe
#
# multiverse:
#
#  Additional software that is "not free", which means the licensing
#  requirements of this software do not meet the Ubuntu "main" Component
#  Licence Policy.
#
#  Note: This software is not supported and usually cannot be fixed or
#  updated. Use it at your own risk.
deb     http://old-releases.ubuntu.com/ubuntu dapper multiverse
deb-src http://old-releases.ubuntu.com/ubuntu dapper multiverse
deb     http://old-releases.ubuntu.com/ubuntu dapper-updates multiverse
deb-src http://old-releases.ubuntu.com/ubuntu dapper-updates multiverse
deb     http://old-releases.ubuntu.com/ubuntu dapper-security multiverse
deb-src http://old-releases.ubuntu.com/ubuntu dapper-security multiverse
#
# backports:
#
#   Software from a newer release of the distribution, or even from the
#   development branch of the distribution, but built against this release.
#   It may provide newer features, but should be considered untested.
#
#   Note: Software in this repository WILL NOT receive any review or
#         updates from the Ubuntu security team.
#
#deb     http://old-releases.ubuntu.com/ubuntu dapper-backports main restricted
#deb-src http://old-releases.ubuntu.com/ubuntu dapper-backports main restricted
#deb     http://old-releases.ubuntu.com/ubuntu dapper-backports universe
#deb-src http://old-releases.ubuntu.com/ubuntu dapper-backports universe
#deb     http://old-releases.ubuntu.com/ubuntu dapper-backports multiverse
#deb-src http://old-releases.ubuntu.com/ubuntu dapper-backports multiverse

Here is an example /etc/apt/sources.list file for Ubuntu Hardy:

#
# /etc/apt/sources.list
# Ubuntu Hardy 8.04
#
#
# main and restricted:
#
#   These are the primary package archives.
#
deb     http://old-releases.ubuntu.com/ubuntu hardy main restricted
deb-src http://old-releases.ubuntu.com/ubuntu hardy main restricted
deb     http://old-releases.ubuntu.com/ubuntu hardy-updates main restricted
deb-src http://old-releases.ubuntu.com/ubuntu hardy-updates main restricted
deb     http://old-releases.ubuntu.com/ubuntu hardy-security main restricted
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security main restricted
#
# universe:
#
#   Additional software from the larger pool of debian packages.  Gobs and
#   gobs of useful software lives here, however, software from this
#   repository is ENTIRELY UNSUPPORTED by the Ubuntu team.
#
#   Note: Some of the software in this repository may not be under a free
#         licence. Please satisfy yourself as to your rights to use the
#         software.
#
#   Note: Software in this repository WILL NOT receive any review or
#         updates from the Ubuntu security team.
#
deb     http://old-releases.ubuntu.com/ubuntu hardy universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy universe
deb     http://old-releases.ubuntu.com/ubuntu hardy-updates universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy-updates universe
deb     http://old-releases.ubuntu.com/ubuntu hardy-security universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security universe
#
# multiverse:
#
#  Additional software that is "not free", which means the licensing
#  requirements of this software do not meet the Ubuntu "main" Component
#  Licence Policy.
#
#  Note: This software is not supported and usually cannot be fixed or
#  updated. Use it at your own risk.
deb     http://old-releases.ubuntu.com/ubuntu hardy multiverse
deb-src http://old-releases.ubuntu.com/ubuntu hardy multiverse
deb     http://old-releases.ubuntu.com/ubuntu hardy-updates multiverse
deb-src http://old-releases.ubuntu.com/ubuntu hardy-updates multiverse
deb     http://old-releases.ubuntu.com/ubuntu hardy-security multiverse
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security multiverse
#
# backports:
#
#   Software from a newer release of the distribution, or even from the
#   development branch of the distribution, but built against this release.
#   It may provide newer features, but should be considered untested.
#
#   Note: Software in this repository WILL NOT receive any review or
#         updates from the Ubuntu security team.
#
#deb     http://old-releases.ubuntu.com/ubuntu hardy-backports main restricted
#deb-src http://old-releases.ubuntu.com/ubuntu hardy-backports main restricted
#deb     http://old-releases.ubuntu.com/ubuntu hardy-backports universe
#deb-src http://old-releases.ubuntu.com/ubuntu hardy-backports universe
#deb     http://old-releases.ubuntu.com/ubuntu hardy-backports multiverse
#deb-src http://old-releases.ubuntu.com/ubuntu hardy-backports multiverse

References

Encrypting a Directory using TrueCrypt

Create a password protected encrypted file container using TrueCrypt stored in the path ~/encrypted/encrypted.tc. The following script will decrypt this file and mount it as the directory ~/encrypted/encrypted. It will also unmount the directory when you are done.
 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/bin/sh
# truecrypt-encrypted
# Mount and unmount an encrypted TrueCrypt directory.
#
# Author: Dave Lehman <dave@nowherelan.com>; http://nowherelan.com
# Date Created: 2012-01-01
# Version: 1.0
################################################################################
SCRIPTNAME=truecrypt-encrypted
ENCRYPTED_FILE=$HOME/encrypted/encrypted.tc
DECRYPTED_MNT=$HOME/encrypted/encrypted
mount(){
    mkdir -p $DECRYPTED_MNT
    truecrypt --text $ENCRYPTED_FILE $DECRYPTED_MNT
    return 0
}
umount(){
    truecrypt --text --dismount $DECRYPTED_FILE
    return 0
}
status(){
    truecrypt --text --list $DECRYPTED_FILE
    return 0
}
case "$1" in
    --mount)
        mount
        ;;
    --umount)
        umount
        ;;
    --status)
        status
        ;;
    *)
        echo "Usage: $SCRIPTNAME {--mount|--umount|--status}" >&2
        exit 0
        ;;
esac
exit 0

curl: (60) SSL certificate problem, verify that the CA cert is OK

When using curl, you may receive the following error message if you are missing the CA certificate in the directory tree /usr/local/share/ca-certificates/ for the site you are trying to connect to:

user@hardy:/tmp$ curl https://example.com
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).

The easiest way around this is to turn off curl’s verification of the certificate, using the -k (or –insecure) option. However, the best way is to add the associated CA certificate to your system by following these directions: Adding Additional SSL CA certificates.
On Ubuntu Hardy, curl is compiled to use the file /etc/ssl/certs/ca-certificates.crt. You will see the following when executing curl against a site using HTTPS:

* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none

On Ubuntu Lucid, curl is compiled to use the CA certificate directory /etc/ssl/certs/. You will see the following when executing curl against a site using HTTPS:

* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs

You can override this with the –ca-cert or –capath options.

Adding Additional SSL CA certificates

On Ubuntu, SSL CA certificates are stored in subdirectories of /usr/local/share/ca-certificates. In order to add additional CA certificates, first create a new subdirectory to store your CAs:

sudo mkdir /usr/local/share/ca-certificates/added

Then add your CA certificates to this directory. These files should have a .crt extension (e.g., my_ca.crt). Then append a line for each certificate you add to the configuration file /etc/ca-certificates.conf (e.g., “added/my_ca.crt“). Finally, run

sudo update-ca-certificates --fresh

This command reads the file /etc/ca-certificates.conf, updates the directory /etc/ssl/certs to hold SSL certificates and generates the file /etc/ssl/certs/certificates.crt. The script update-ca-certificates will use the command c_rehash take a hash value of each .crt file. It then creates symbolic links in the directory /etc/ssl/certs for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. /etc/ssl/certs/certificates.crt is a concatenated single-file version of CA certificates. It contains all CA certificates that were activated in /etc/ca-certificates.conf.
Use the file command to verify that the .crt files you add use Unix newline characters, otherwise the /etc/ssl/certs/certificates.crt file may not be generated properly.

References

Convert text files between DOS and Unix

DOS text files traditionally have CR/LF (carriage return/line feed) pairs as their new line delimiters while Unix text files traditionally have LFs (line feeds) to terminate each line. Tofrodos comprises one program, “fromdos” alias “todos”, which converts text files to and from these formats. Use “fromdos” to convert DOS text files to the Unix format, and “todos” to convert Unix text files to the DOS format.
Homepage: http://www.thefreecountry.com/tofrodos/
To install on Ubuntu:

sudo aptitude install tofrodos