Wenjian's Blog

Live and Learn

HOWTO: Schedule jobs with cron on OpenWrt

Leave a comment Posted by on September 11, 2014

No additional software needs to be installed on OpenWrt, as it already has the crond binary included.

Configuration

Cron jobs need to be specified in /etc/crontabs/root. For now, just create an empty file:

# touch /etc/crontabs/root

Create a symbolic link to the crontab file:

# ln -sf /etc/crontabs/root /etc/crontab

it allows me to reference the crontab file using /etc/crontab.

Enable and start crond:

# /etc/init.d/crond start
# /etc/init.d/crond enable

Verify that crond successfully started by checking the syslog using:

# logread

and you should see something similar to this at the end of the logread output

Sep 11 17:26:40 OpenWrt cron.info crond[634]: crond: crond (busybox 1.19.4) started, log level 8

Usage

Now that you have crond running on OpenWrt, it can be used to periodically run any task that you want. Just add an entry to/etc/crontab for each task that you want periodically executed.

For example, if you want to run a script (/usr/bin/demo) daily at 23:30, the following would be added to crontab:

30 23 * * * /usr/bin/demo >/dev/null 2>&1

Restart crond to make this change take effect:

# /etc/init.d/cron restart
OpenWrt ,

HOWTO: Install Archey on Ubuntu

Leave a comment Posted by on September 10, 2014

Introduction

Archey is a tool written in Python that allows users to preview system information along with your Linux distribution logo on the terminal. Another similar tool is screenFetch.

Installation

Firstly we need to install the necessary dependencies:

$ sudo apt-get install scrot lsb-release

Download Archey and install:

$ wget https://github.com/downloads/djmelik/archey/archey-0.2.8.deb
$ sudo dpkg -i archey-0.2.8.deb

Usage

Run command:

$ archey

you will get this for ubuntu

archey

If you want to start Archey automatically once you launch the terminal, add this to the end of your .bashrc

# Archey
archey

Save and open a new terminal to test it.

 

Ubuntu , ,

HOWTO: Prevent DNS cache pollution

3 Comments Posted by on September 10, 2014

Let us try to get the ip of twitter from the default port (53) of OpenDNS:

# dig @208.67.222.222 twitter.com
; <<>> DiG 9.9.1-P3 <<>> @208.67.222.222 -p 53 twitter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28025
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;twitter.com. IN A

;; ANSWER SECTION:
twitter.com. 300 IN A 37.61.54.158

;; Query time: 8 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Sep 10 07:51:57 2014
;; MSG SIZE rcvd: 56

Obviously 37.61.54.158 is not what we want.

Let us try with port 5353 and  443:

# dig @208.67.222.222 -p 5353 twitter.com

; <<>> DiG 9.9.1-P3 <<>> @208.67.222.222 -p 5353 twitter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64372
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;twitter.com. IN A

;; ANSWER SECTION:
twitter.com. 15 IN A 199.59.148.82
twitter.com. 15 IN A 199.59.149.230
twitter.com. 15 IN A 199.59.150.7
twitter.com. 15 IN A 199.59.149.198

;; Query time: 85 msec
;; SERVER: 208.67.222.222#5353(208.67.222.222)
;; WHEN: Wed Sep 10 08:03:49 2014
;; MSG SIZE rcvd: 104
# dig @208.67.222.222 -p 443 twitter.com

; <<>> DiG 9.9.1-P3 <<>> @208.67.222.222 -p 443 twitter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2939
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;twitter.com. IN A

;; ANSWER SECTION:
twitter.com. 4 IN A 199.59.148.10
twitter.com. 4 IN A 199.59.149.198
twitter.com. 4 IN A 199.59.148.82
twitter.com. 4 IN A 199.59.150.7

;; Query time: 294 msec
;; SERVER: 208.67.222.222#443(208.67.222.222)
;; WHEN: Wed Sep 10 08:04:53 2014
;; MSG SIZE rcvd: 104

Now we got it !!!

In OpenWrt, edit /etc/config/dhcp, change dnsmasq section

config dnsmasq
    option domainneeded '1'
    option boguspriv '1'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
#   option resolvfile '/tmp/resolv.conf.auto'
    option noresolv 1
    list server '208.67.222.222#5353'
    list server '/pool.ntp.org/208.67.222.222'
Network, OpenWrt ,

HOWTO: Install and configure shadowsocks on VPS/Ubuntu

3 Comments Posted by on September 7, 2014

Introduction

Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.

Installation

Add debian sid to your source list:

$ sudo echo "deb http://shadowsocks.org/debian wheezy main" >> /etc/apt/sources.list

Install shadowsocks:

$ sudo apt-get update
$ sudo apt-get install shadowsocks

Configuration

Edit shadowsocks config file /etc/shadowsocks/config.json:

$ sudo vi /etc/shadowsocks/config.json

Here is my config file

{
   "server":"0.0.0.0",
   "server_port":8388,
   "local_port":0,
   "password":"demo",
   "timeout":600,
   "method":"aes-256-cfb"
}

Explanation of the fields:

Name Explanation
server the address your server listens
server_port server port
local_address the address your local listens
local_port local port
password password used for encryption
timeout in seconds
method encryption method, “aes-256-cfb” is recommended
fast_open use TCP_FASTOPEN, true / false
workers number of workers, available on Unix/Linux

Usage

Start shadowsocks:

$ sudo /etc/init.d/shadowsocks start

On your client machine, use the same configuration as your server, and start your client.

If you use Chrome, it’s recommended to use SwitchySharp. Change the proxy settings to

protocol: socks5
hostname: 127.0.0.1
port: your local_port

Reference

https://github.com/clowwindy/shadowsocks/wiki

 

 

Network, Ubuntu, VPS , , ,

HOWTO: Install and configure pdnsd on OpenWrt

Leave a comment Posted by on September 5, 2014

Introduction

OpenWrt is described as a Linux distribution for embedded devices.
Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.

The latest stable release is AttitudeAdjustment 12.09.

Installation

To install pdnsd, run command:

# opkg update
# opkg install pdnsd

Configuration

Edit configuration file /etc/pdnsd.conf.

The global section specifies parameters that affect the overall behaviour of the server. If you specify multiple global sections, the settings of those later in the file will overwrite the earlier given values.

The detailed description of the options can be found here.

Here is my global section

global {
        perm_cache=2048;
        cache_dir="/var/pdnsd";
#       pid_file = /var/run/pdnsd.pid;
#       run_as="nobody";
        server_port = 5353;
        server_ip = any; 
        status_ctl = on;
#       paranoid=on; 
        query_method=tcp_udp;
        min_ttl=15m; # Retain cached entries at least 15 minutes.
        max_ttl=1w; # One week.
        timeout=10; # Global timeout option (10 seconds).
        neg_domain_pol=on;
        udpbufsize=1024; # Upper limit on the size of UDP messages.
}

Each server section specifies a set of name servers that pdnsd should try to get resource records or authoritative name server information from. The servers are queried in the order of their appearance (or parallel to a limited extend). If one fails, the next one is taken and so on.
You probably want to specify the dns server in your LAN, the caching dns servers of your internet provider or even a list of root servers in one or more server sections.

The detailed description of the options can be found here.

I added opendns server in my configuration file

server {
        label= "opendns";
        ip = 208.67.222.222;
        port = 5353;
        root_server = on;
        uptest = none;
}

You can also add Google Public DNS. More DNS can be found here.

Usage

Enable and start pdnsd:

# /etc/init.d/pdnsd enable
# /etc/init.d/pdnsd start

Test with:

# dig @127.0.0.1 -p 5353 youtube.com
; <<>> DiG 9.9.1-P3 <<>> @127.0.0.1 -p 5353 youtube.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49334
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;youtube.com. IN A

;; ANSWER SECTION:
youtube.com. 300 IN A 173.194.127.135
youtube.com. 300 IN A 173.194.127.137
youtube.com. 300 IN A 173.194.127.142
youtube.com. 300 IN A 173.194.127.136
youtube.com. 300 IN A 173.194.127.133
youtube.com. 300 IN A 173.194.127.132
youtube.com. 300 IN A 173.194.127.128
youtube.com. 300 IN A 173.194.127.131
youtube.com. 300 IN A 173.194.127.130
youtube.com. 300 IN A 173.194.127.129
youtube.com. 300 IN A 173.194.127.134

;; Query time: 311 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Fri Sep 5 20:58:07 2014
;; MSG SIZE rcvd: 216

 

Network, OpenWrt , ,

HOWTO: Change time zone from terminal on ubuntu

Leave a comment Posted by on September 5, 2014

To change time zone from terminal, run the command:

$ sudo dpkg-reconfigure tzdata

Follow the directions in the terminal.

Ubuntu

HOWTO: Install FlexGet on ubuntu

Leave a comment Posted by on September 5, 2014

Introduction

FlexGet is a multipurpose automation tool for content like torrents, nzbs, podcasts, comics, series, movies, etc. It can use different kinds of sources like RSS-feeds, html pages, csv files, search engines and there are even plugins for sites that do not provide any kind of useful feeds.
There are numerous plugins that allow utilizing FlexGet in interesting ways and more are being added continuously.
FlexGet is extremely useful in conjunction with applications which have watch directory support or provide interface for external utilities like FlexGet.

Installation

Make sure you have Python 2.6.x – 2.7.x available. Try running commands:

$ python -V

If you don’t have required version already available, install it from your distribution package manager:

$ sudo apt-get install python2.7
$ sudo apt-get install python-dev

If you do not have pip already available, you need to install it:

$ sudo apt-get install python-pip

Download latest LibYAML yaml-0.1.6.tar.gz.

Compile and install it:

$ ./configure
$ make
$ sudo make install

Install transmissionrpc

$ sudo pip install transmissionrpc

Install FlexGet:

$ sudo pip install flexget

Verify installation:

$ flexget -V

Detailed configuration tutorial can be found here.

Usage

FlexGet is meant to be executed from users own crontab, not from /etc/crontab (root).

To edit user crontab execute command:

$ crontab -e

Enter one new line on crontab:

*/30 * * * * /usr/local/bin/flexget execute --cron

This will run FlexGet every thirty minutes.

 

Ubuntu

HOWTO: Install dnscrypt-proxy on ubuntu

Leave a comment Posted by on September 3, 2014

Description

Dnscrypt-proxy is a protocol for securing communications between a client and a DNS resolver.

dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server.

The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.

While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.

Installation

Install libsodium

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more.

Download the latest libsodium version libsodium-0.7.0.tar.gz and extract it:

$ tar -xzvf libsodium-0.7.0.tar.gz

Compile and install it:

$ ./configure
$ make && make check
$ sudo make install

Install dnscrypt-proxy

Download the latest dnscrypt-proxy version dnscrypt-proxy-1.4.0.tar.gz and extract it:

$ tar -xzvf dnscrypt-proxy-1.4.0.tar.gz

Compile and install it:

$ ./configure
$ make
$ sudo make install

The proxy will be installed as /usr/local/sbin/dnscrypt-proxy by default.

Usage

Start the daemon:

$ dnscrypt-proxy --daemonize --local-address=0.0.0.0:5353 --resolver-name=opendns

Now we test it:

$ dig @127.0.0.1 -p 5353 youtube.com

; <<>> DiG 9.9.5-3-Ubuntu <<>> @127.0.0.1 -p 5353 youtube.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28830
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;youtube.com. IN A

;; ANSWER SECTION:
youtube.com. 300 IN A 74.125.225.198
youtube.com. 300 IN A 74.125.225.200
youtube.com. 300 IN A 74.125.225.201
youtube.com. 300 IN A 74.125.225.192
youtube.com. 300 IN A 74.125.225.194
youtube.com. 300 IN A 74.125.225.193
youtube.com. 300 IN A 74.125.225.206
youtube.com. 300 IN A 74.125.225.195
youtube.com. 300 IN A 74.125.225.196
youtube.com. 300 IN A 74.125.225.199
youtube.com. 300 IN A 74.125.225.197

;; Query time: 56 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Wed Sep 03 02:31:44 UTC 2014
;; MSG SIZE rcvd: 216

 

Network, Ubuntu , , ,

HOWTO: Install/Configure msmtp and mutt on ubuntu

Leave a comment Posted by on September 3, 2014

Introduction

Msmtp is an SMTP client.

In the default mode, it transmits a mail to an SMTP server (for example at a free mail provider) which takes care of further delivery.
To use this program with your mail user agent (MUA), create a configuration file with your mail account(s) and tell your MUA to call msmtp instead of /usr/sbin/sendmail.

Features include:

  • Sendmail compatible interface (command line options and exit codes).
  • TLS/SSL support, including client certificates.
  • Authentication methods PLAIN, LOGIN, CRAM-MD5, EXTERNAL, GSSAPI, SCRAM-SHA-1, DIGEST-MD5, and NTLM.
  • PIPELINING support for increased transmission speed.
  • DSN (Delivery Status Notification) support.
  • RMQS (Remote Message Queue Starting) support (ETRN keyword).
  • IPv6 support.
  • LMTP support.
  • Support for multiple accounts.

Mutt is a small but very powerful text-based mail client for Unix operating systems.

Some of Mutt’s features include:

  • color support
  • message threading
  • MIME support (including RFC2047 support for encoded headers)
  • PGP/MIME (RFC2015)
  • various features to support mailing lists, including list-reply
  • active development community
  • POP3 support
  • IMAP support
  • full control of message headers when composing
  • support for multiple mailbox formats (mbox, MMDF, MH, maildir)
  • highly customizable, including keybindings and macros
  • change configuration automatically based on recipients, current folder, etc.
  • searches using regular expressions, including an internal pattern matching language
  • Delivery Status Notification (DSN) support
  • postpone message composition indefinetly for later recall
  • easily include attachments when composing, even from the command line
  • ability to specify alternate addresses for recognition of mail forwarded from other accounts, with ability to set the From: headers on replies/etc. accordingly
  • multiple message tagging
  • reply to or forward multiple messages at once
  • .mailrc style configuration files
  • easy to install (uses GNU autoconf)
  • compiles against either curses/ncurses or S-lang
  • translation into at least 20 languages
  • small and efficient
  • It’s free! (no cost and GPL’ed)

Install msmtp and mutt

$ sudo apt-get update
$ sudo apt-get install msmtp mutt

Configure msmtp

Create the file .msmtprc in your home directory, with no more permissions than user read/write (0600).

# Set default values for all following accounts defaults
#tls_trust_file /etc/ssl/certs/ca-certificates.crt 
logfile ~/.msmtp.log

# Default account
account default
host smtp.qq.com
from demo@qq.com
auth plain
user demo
password demo

This is a simple configuration file and usuallly is sufficient.

Try to send a mail to test it:

$ msmtp demo@gmail.com

Input message and ctrl + D to send it.

Using TLS encryption is always a good idea.

If you are not sure whether the SMTP server supports authentication and/or TLS encryption, find it out with:

$ msmtp --host=smtp.demo.com --serverinfo

To use TLS, it is required to either enable full server certificate verification using the ‘tls_trust_file’ command or ‘–tls-trust-file’ option, or to trust one particular peer certificate using the ‘tls_fingerprint’ command or ‘–tls-fingerprint’ option, or to disable all certificate checks using ‘tls_certcheck off’ or ‘–tls-certcheck=off’.

If your system has a file that collects all system-wide trusted CA certificates, it is easiest to just use this in the ‘defaults’ section of your configuration file. On Debian-based systems, for example, the adequate command would be

tls_trust_file /etc/ssl/certs/ca-certificates.crt

But you can also find out manually which CA certificate you need to trust.

First, issue the following command:

$ msmtp --serverinfo --host=smtp.demo.com --tls=on --tls-certcheck=off

The option ‘–tls-certcheck=off’ allows msmtp to accept any certificate, so that it can print some information about it. The output of this command tells you the common name of the server certificate issuer. You have to trust this issuer to use full TLS security. Usually you can find the CA certificate on the issuer’s homepage.

Now let us add gmail account to configuration file.

First we need to get CA certificate:

$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-certcheck=off
SMTP server at smtp.gmail.com (ig-in-x6c.1e100.net [2607:f8b0:4001:c05::6c]), port 25:
    mx.google.com ESMTP ga10sm76109igd.0 - gsmtp
TLS certificate information:
    Owner:
        Common Name: smtp.gmail.com
        Organization: Google Inc
        Locality: Mountain View
        State or Province: California
        Country: US
    Issuer:
        Common Name: Google Internet Authority G2
        Organization: Google Inc
        Country: US
    Validity:
        Activation time: Tue 15 Jul 2014 08:40:38 AM UTC
        Expiration time: Sat 04 Apr 2015 03:15:55 PM UTC
    Fingerprints:
        SHA1: 9C:0A:CC:93:1D:E7:51:37:90:61:6B:A1:18:28:67:95:54:C5:69:A8
        MD5: E7:48:1D:0B:99:4A:C3:A8:31:86:E5:8F:E5:EE:4F:2A
Capabilities:
    SIZE 35882577:
        Maximum message size is 35882577 bytes = 34.22 MiB
    PIPELINING:
        Support for command grouping for faster transmission
    STARTTLS:
        Support for TLS encryption via the STARTTLS command
    AUTH:
        Supported authentication methods:
        PLAIN LOGIN

The issuer name is Google Internet Authority G2, we got the CA certificate here.

Convert the CA certificate to readable format:

$ openssl x509 -inform DER -in GIAG2.crt -outform PEM -out gmail-smtp.crt

With this CA certificate, the following should succeed:

$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-trust-file=gmail-smtp.crt

Now we add gmail account to configuration file

# Gmail
account gmail
host smtp.gmail.com
from demo@gmail.com
auth on
user demo@gmail.com
password demo
tls on
tls_starttls on
tls_certcheck on
tls_trust_file ~/.ssl/certs/gmail-smtp.crt

Configure mutt

Create the file .muttrc in your home directory

set sendmail="/usr/bin/msmtp"
set use_from=yes
set realname="demo"
set from=demo@outlook.com
set envelope_from=yes

 Usage

Send a mail to test mutt:

$ echo "Hello World" | mutt -s "Hello" -c demo@outlook.com demo@gmail.com

Send a mail with attachment:

$ echo "Hello World" | mutt -s "Hello" -a ~/tmp/demo.tar.gz demo@gmail.com
Network, Ubuntu , ,

Newer posts