The Blog of Tom Webster

Server-Bits: Tip #2

2010-04-19 02:57:00 PDT

Just a cool tip I found to hide the user list on the logon screen. I have a great number of users, and the list was getting pretty ridiculous... This command will restart your xserver. Save your work beforehand.

**sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type Boolean --set /apps/gdm/simple-greeter/disableuserlist True

sudo /etc/init.d/gdm restart**

And that will give you a nice clean username/password box.

Via: Ubuntu Geek: http://www.ubuntugeek.com/how-to-remove-hide-users-list-at- login-screen-in-ubuntu-9-10-karmic.html

About Server-Bits:

If you've ever wanted to get started building a server, right in your own backyard, kitchen, closet, mother's closet, mother's basement, then this is the read for you. Aimed at the not-so-technical-but-willing-to-learn, this will give you everything you need to build... that monster-server you've dreamed of. My goal: To give you a working, rocking server, for free, that you can use daily.

Server-Bits #6: Duck and Cover or: Protecting your users with VPN

2010-02-26 18:53:00 PST

In this world of turmoil, uncertainty, and Wireshark, web browsing in a public place is like putting on an 80's hair metal concert, completely unsafe and everyone can see what's going on. Unsecured wifi access points (And even those secured, but using older protection) will show a great deal of your traffic in plain text to anyone who loads up a program and 'sniffs' the air. Too embarrassed about still using Friendster? Then set your server up as a VPN proxy and route all of your traffic through encrypted SSH. Completely secured internet, on all of those untrusted networks. What are you waiting for? Get to it!

The first thing to do is set up a new user account that will only have VPN access. - 'sudo adduser vpnbuddy' (You can set this up with any user account you wish)
Set up a new password for the user account (Make sure it is a lengthy/complicated password, the user will not be able to log in and change it.
Next, we need to disable shell access for this account. We can change shells in /etc/passwd - 'sudo nano /etc/passwd'
1. NOTE! This is if you would like the user to have only VPN access, for standard SSH accounts, you don't need to change anything on their account, VPN is already available to them.
Navigate to the bottom of the file, to the line with the new username, go to the end of the line and change the '/bin/bash' to '/bin/false'.
Ctrl+O to save, hit enter.
Ctrl+X to exit.

That should be all the server-side work you have to do. With SSH already set and configured, your newly created VPN user is ready to go! But.... That's the easy part... Next, we have to work on deploying and setting up VPN for your new users.

Possibly the easiest way to accomplish this goal is to make a nice zip file of the things we will be building, and give people a foolproof way to set up their programs to take advantage of the secured connection.

The first thing to do is go download Putty. Realistically, most of your users will be on Windows, so we need an SSH client to connect them over to your server and open up the VPN port. The perfect program to do the job would be Putty.
create a new text file. You can do this in notepad, nano, gedit, Notepad++, whatever plain text editor you please.
You want to put this in your text file:

putty.exe -N -D 8888 CLIENTUSERNAMEHERE@pastanet.homelinux.com

Save the file as "Connect.bat"
Make a new folder somewhere and put the 'putty.exe' file in it. Next, throw your new 'Connect.bat' file in it.
Now... its time for some documentation... One of the slowest parts of running your own server. Yes... we all know you know how to connect to SSH and make everything just work, but your users need you to hold their hands as they walk through this desolate land of technology. Take a look at the documentation I've given my users...(Google Docs Link)

As you can see, its easy to understand, easy to distribute, and in a format that most anyone can open (PDF).

Now users need to set up FireFox and Pidgin to use the VPN access. You can head HERE to run through the Flickr screenshot tour of setting up FireFox and Pidgin (Feel free to take my screenshots/documentation and use it for your own server, everything I make is under a free-to-share Creative Commons license)
After that, the only thing that is left is to acquire users and remain encrypted online. VPN works wonders for thwarting wifi eavesdroppers, suspicious network admins, and poorly built web filtering software. Have fun with it!

Again: Sorry this took so long to publish, its been a great deal of work getting all of the documentation kinks worked out. Its a bit difficult to make things perfectly easy and usable for standard users, and while running your own server, you'll figure that out as well. Next up: Remote torrent administration with Transmission.

About Server-Bits:

Server-Bits: Interlude

2010-02-15 21:44:00 PST

I really have been working on the next set of posts, really... For two weeks. The next post will include something equally different, but just as important as sheer technical skill: The ability to work with users. Deployment, documentation, dumbing-things-down. If you always count on the super-nerdy to use what you build, you won't go very far, things need to be documented and easy to use. Stay tuned, there is a lot to go through.

Server-Bits #5: Sockso Music Server and the Joys of SSL

2010-01-16 16:43:00 PST

Sockso!! Sockso is a music streaming server program. It will take into account any folders you have on your computer, index the music from them, then create an online-accessible database which you can stream from. Your entire music collection: Working anywhere the internet and flash will. Lets get started:

Head over to http://sockso.pu-gh.com/ and download Sockso. If you're running this through ssh, use this command to download it: wget http://sockso.googlecode.com/files/sockso-1.2.1.zip
Then extract the files - unzip sockso-1.2.1.zip
Then we'll move it to the /var directory - mv sockso-1.2.1 /var
Next, we'll jump into the sockso directory - cd /var/sockso-1.2.1/
But we can't run it just yet, we don't have the java runtime environment install on our server, but don't fret, its but a command away.
sudo apt-get install openjdk-6-jre
Now we can launch Sockso *[This method of launching will launch Sockso with https forced and without a graphical interface, if you want to run unsecured or with a graphical interface, just remove either (or both) of those switches] *-** cd /var/sockso-1.2.1 && java -jar /var/sockso-1.2.1/sockso.jar "$@" --ssl --nogui**
Now you can type 'help' to see your choice of commands. Running Sockso through the terminal limits you in some ways, to gain the full feature set, plug in a monitor and check out the sockso GUI. [The easiest way of launching the Sockso GUI is by running 'sh /var/sockso-1.2.1/linux.sh]
Now lets add a folder for Sockso to watch - coladd /home/username/Music/
This could take a while to add to Sockso... When it adds a folder, it indexes all of the files into a database that it can then pull from.
Next, we should add a user to the system - useradd username password emailaddress@hostnamehere.com
The default port for Sockso is 4444, but you can change this with - propset server.port [port number]
All of the settings can be shown with proplist and changed with propset.
The only thing left to do now is test it! Head over to https://yourhostnamehere.com:4444 to test it out! [You must use https if you have --ssl enabled, otherwise, use http].
I recommend using the commands "propset users.disableRegistration yes" *and *"propset users.requireLogin yes" to lock down your media streaming to only those users you specify, but this is up to you.
Have fun streaming!

One of the cooler parts about running a linux box is the ability to add things to what's called your .bashrc _file. This file can do anything from setting environment variables, to running a startup command when you log in, to setting program aliases. We we be doing the latter with Sockso. The command to run Sockso securely is long, arduous, and complicated, by adding a single line to the .bashrc file, we'll turn this command into a single word. **[NOTE: You will have to restart your bash session for the changes to take effect. This means either logging out of ssh and logging back in, or closing the terminal and opening a new one.]_**

To add a line to your .bashrc file, use the following command: echo "*cd /var/sockso-1.2.1 && java -jar /var/sockso-1.2.1/sockso.jar "$@" --ssl --nogui" >> ~/.bashrc
*

Ok, let me explain this one.. The echo command just throws text on the screen, but it can also be used with a redirect to throw text in a file as well. Right now, you are throwing that big long command in quotes into the file ~/.bashrc. "~" or "Tilde" is a very short way to say "My Home Directory" and the .bashrc is the text file located in your home directory. Now, the part in the middle of these two, ">>", this is output redirection. Instead of echo throwing text into the terminal, it will instead append that text into the file of your choice (in this case, your .bashrc file). Doubles (>>) will add the output to the end of the file, while a single redirect (>) will completely replace the file. You should probably be careful with this one. You can redirect output for just about any program in a bash shell, it comes in hand for many many things. For further reading on Bash Redirection head over here, a wonderful noobie-friendly post.

And that's it for Sockso. In the future, we'll be covering remote BitTorrent administration, URL-rewriting, and Wiki's!

About Server-Bits:

Server-Bits #4: Apache and Wordpress

2010-01-07 21:14:00 PST

In this tutorial, I'll walk you through how to get your server hosting webpages powered by Wordpress. Wordpress is the most powerful free blogging software suite out there. Powering everything from CNN and BBC blogs to 72pc.com [Shameless Plug], Wordpress is as easy as you want to make it, or as complex and extendable as you want it to be.

The first thing we need to do is install a web server and supporting server applications. Apache2 will serve up webpages, mySQL will contain the wordpress database and any posts you make, PHP will handle the web-side scripting needed by Wordpress.

For these commands, you should run these in a Bash shell, either via a terminal window or ssh.

'sudo apt-get install apache2 mysql-server-5.1 php5 php5-mysql'
You should then make a password for the mySQL root user (The installer will automatically prompt you). Remeber: Passwords should be lengthy and complicated.
'wget http://wordpress.org/latest.tar.gz' - This will download the very latest build of Wordpress to your home directory.
'sudo mv latest.tar.gz /var/www' - This will move the tarball (This is essentially the linux equivalent of a zip file) to the directory /var/www.
'cd /var/www' - This will change your current directory to /var/www.
'sudo tar xvvf latest.tar.gz' - This will extract the contents of latest.tar.gz.
'sudo mysqlinstalldb' - This will install the database platform on your machine.
'sudo mysql -u root -p' - This will bring you to the mysql prompt logged in as root.
'CREATE DATABASE wordpress;' - This will create the wordpress database we will later use.
'CREATE USER [enter your own username here];' - Creates a database user with the name you specify. Remember this username!
'SET PASSWORD FOR [your username] = PASSWORD("[enter your own password here] ");' - This will set a password for the user you just created.
'GRANT ALL PRIVILEGES ON wordpress.* TO [your username]@localhost IDENTIFIED BY '_[enter your own password here] _';' - This will grant the user you just created privileges to do whatever he/she wants on the wordpress database.
'exit' - I think this command is self explanatory.
Next, open up FireFox and, if you are on your server, go to http://localhost/wordpress/wp-admin/install.php, otherwise use http://your.domain.com/wordpress/wp-admin/install.php.
The database name should be wordpress by default, so you shouldn't have to change this. Fill in your username and password (The one you created at the mySQL promp), you can leave the Database Host and Table Prefix at their default values.
Log in with the randomly generated password, then change the admin password to something you will remember easier.
For security purposes, you should create a new wordpress user and use that to post.
To finish the install procedure, we need to change file permissons to be viewable externally. Run the command 'sudo chmod -R 755 /var/www/wordpress/'.
In FireFox, navigate to http://localhost/wordpress/. You should see the front page of your blog pop up!

Now... Wordpress is one of the most extendible platforms on the web, you can re-theme it, add plugins and widgets, control how editors/authors/readers interact with your page, and a ton of other stuff.

For themes, go here, for plugins, here.

Now for the most important part: Content. Get to writing, building, posting, uploading content that people will care about. This is now a public facing web-server (As long as you have forwarded port 80), so get to building!

Thanks to Jonathan Moeller for parts of this guide!

_About Server-Bits: