How to format a usb pen or mp3 player the right way

In a short line:

# mkfs.vfat -vc -F 32 -n “zen stone” -S 2048 /dev/yourdevice

The explanation:

free the gnu - lego mp3 player

-v Verbose execution.

-c Check the device for bad blocks before creating the file system.

-F FAT-size
Specifies the type of file allocation tables used (12, 16 or 32 bit).
If nothing is specified, mkdosfs will automatically select between 12 and 16 bit, whatever fits better for the filesystem size.  32 bit FAT (FAT32 format) must (still) be selected explicitly if you want it.

-n volume-name
Sets  the volume name (label) of the filesystem.  The volume name can be up to 11 characters long.  The default is no label.

-S logical-sector-size
Specify the number of bytes per logical sector.  Must be a power of 2 and  greater  than or equal to 512, i.e. 512, 1024, 2048, 4096, 8192, 16384, or 32768.

change “youdevice” for your own. Find out which is by checking your dmesg after plug-in the usb device for  something like:

• sde: sde1
• sdb
• etc…

You might want to try this flag too:

-I Normally you are not allowed to use any ‘full’  fixed  disk  devices.
mkdosfs  will complain and tell you that it refuses to work.  This is different when usind MO disks.  One doesn’t always need partitions on
MO  disks.   The  filesytem can go directly to the whole disk.  Under other OSes this is known as the ‘superfloppy’ format.

This switch will force mkdosfs to work properly.

Yet another ssh brute force attack and how to protect against it with iptables and sshguard

By chance, i looked into syslog ( /var/log/syslog ) and saw a ssh attempt to login from a ip outside local network. It was a brute force attack that started 7 days ago.. See down the post how to protect ssh from further attacks.

Looking at the logs ( tail -n 200000 /var/log/syslog ) noticed that the attack started on:

Sep 15 21:01:37 cerval sshd[13101]: Failed password for root from 114.80.94.183 port 42023 ssh2

then the attack went on …

I checked the logs and saw the attack. stopped ssh. no more fun for you :(

I decided finally, after 6 years of laziness to build up some security.

Getting started with iptables

The guys at netfilter created, omnipresent on most of Linux machines, a packet filtering system called iptables.

The iptables Rules

For creating a bash script to create all the rules need, i used this online iptables wizard. (don’t forget to remove “LINWIZ-” from the script created)

Running iptables

Next run the script sh iptables.sh, save it /etc/init.d/iptables save, and then start, stop and start iptables again ( /etc/init.d/iptables start; /etc/init.d/iptables stop; /etc/init.d/iptables start )

and check if the rules are active with iptables -L -v

To get a better understanding check Stateful Firewall and Masquerading on Linux

Protecting ssh

Luckly gentoo portage has sshguard, which has lots of nice features!
Unmasked it to use a decent version (portage has 1.0 as stable, 1.4 as latest, but sshguard is v1.5rc4, which is the last RC planned before 1.5 stable. )

and then, emerge -av sshguard.
Its FAQ has the script to use for booting but the “-l” option wasn’t working on this version, so i used this instead

#! /bin/sh
case $1 in
start)
    tail -n0 -F /var/log/auth.log | /usr/local/sbin/sshguard &
    ;;
stop)
    killall sshguard
;;
*)
    echo "Use start or stop"
    exit 1
;;
esac

Add to the rc levels to ensure it starts at every boot:

rc-update add sshguard default

If you are using syslog-ng with sshguard

On Gentoo, just add  this to /etc/syslog-ng/syslog-ng.conf:

#create a new destination for sshguard
destination sshguardproc {
    program("/usr/sbin/sshguard"
        template("$DATE $FULLHOST $MESSAGE\n"));
};
#creates a filter called f_sshlogs for auth and authpriv system logs
filter f_sshlogs { facility(auth, authpriv) and match("sshd"); }; # for sshguard

log { source(src); filter(f_sshlogs); destination(sshguardproc); };

Restart sshd

Start ssh again! /etc/init.d/sshd start

How to change sound from two sound cards

I have two sound cards. One is the inboard and the other is a USB card.

I’m toggling often between them so i created this simple script: (see the end for link to files)


#!/bin/bash
dir=/home/username/
if [[ "$1" = "-l" ]] || [[ ! -n "$1" ]]; then
cat /proc/asound/cards
exit
fi
card=`grep "^ $1" /proc/asound/cards`
echo "Changing to sound card $card"
ln -fs $dir.asoundrc_"$1"0 $dir.asoundrc


The dir variable has to be changed to the user’s name.
This script moves around the .asoundrc files. there’s one for each card available or for each card used:

Example of different Alsa setups:

i have 4 entries in /proc/asound/cards:


0 [VirMIDI ]: VirMIDI - VirMIDI
Virtual MIDI Card 1
1 [NVidia ]: HDA-Intel - HDA NVidia
HDA NVidia at 0xfbf78000 irq 21
2 [hercdjrmx0 ]: hdj_mod - Hercules DJ Console RMX
Hercules Hercules DJ Console RMX at usb-0000:00:04.0-1, full speed
3 [RMX ]: USB-Audio - Hercules DJ Console RMX
Hercules Hercules DJ Console RMX at usb-0000:00:04.0-1, full speed


so i have .asoundrc_00 , .asoundrc_10 , .asoundrc_20 and .asoundrc_30

this is the basic model: (for sound card 1)


# File: ~/.asoundrc (nvidia nforce setup)
pcm.!default {
type plug
slave.pcm "dmixer"
}
pcm.dsp0 {
type plug
slave.pcm "dmixer"
}
pcm.dmixer {
type dmix
ipc_key 1024
slave {
pcm "hw:1,0"
period_time 0
period_size 1024
buffer_size 8192
rate 48000 #many new cards are 48000 only
}
bindings {
0 0
1 1
}
}
ctl.dmixer {
type hw
card NVidia
# card RMX
}
#end.
# for 5.1 speakers
pcm.ch51dup {
slave.pcm surround51
slave.channels 6
type route
ttable.0.0 1
ttable.1.1 1
ttable.0.2 1
ttable.1.3 1
ttable.0.4 0.5
ttable.1.4 0.5
ttable.0.5 0.5
ttable.1.5 0.5
}

Then i just have to create the other 3 files changing the line in red to pcm “hw:0,0“ (for sound card 0),  pcm “hw:2,0″ (for sound card 2) and pcm “hw:3,0″ (for sound card 3)

The lines in blue can be changed too, but i’ve found that they are ignored. After a reboot, the ordering of the cards might change so its useful to have a file for each slot.

Installing the script in your home

The .asoundrc* files are placed in the user’s home directory
The script goes to /usr/local/bin.

files needed

• .asoundrc_00
• .asoundrc_10
• .asoundrc_20
• .asoundrc_30
• chsnd

Allow other users to use X

Quick, unsafe but effective way to allow a certain user to use your running xserver (xorg).

xhost +local:username

well.. that’s it really. That user can now open any application that needs a display window.

How to start a new X server with Quake wars to work as a minimizer for GNU/Linux

I’ve played Enemy territory since early 2006 in GNU/Linux and one of the things i missed from the beginning was the lack of a good minimiser. There was a ET minimiser ( ET Switch ) but it didn’t worked very well. So an alternate solution was the even more elegant solution of launching a new X server, i.e., a new graphical terminal. I’ve been using it for ages and it provides a great solution. It’s even more useful to those who want all the computer power dedicated to the game, so you can log out of your Desktop environment, and launch that X server with just the game. To start using this new X server, one must, first of all, set the right permissions to use the new x server. (more…)

How to create and remove a soft link, symlink or symbolic link

A soft link, or more common, a symlink, is link a shortcut to the targeted file or directory. So when is removed the original target stays present. This is the opposite of a hard link which is a reference to the target and so, if the hard link is removed, so is the target.

A symlink can be created like: (more…)

Convert mp3 to ogg (to fix bitrate)

I was having troubles with an album a friend gave to me in mp3 format. Amarok wasn’t figuring out the lenght of the tracks so it wasn’t scrobbling them! It was like i wasn’t listening them at all! :P

The solution was simple: convert it to ogg. This is how i did it: (more…)