M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | ||
6 | 7 | 8 | 9 | 10 | 11 | 12 |
13 | 14 | 15 | 16 | 17 | 18 | 19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 | 28 | 29 | 30 | 31 |
Recent Posts
Archives
- January 2016 (2)
- October 2014 (2)
- September 2014 (15)
Live and Learn
No additional software needs to be installed on OpenWrt, as it already has the crond binary included.
Cron jobs need to be specified in /etc/crontabs/root. For now, just create an empty file:
# touch /etc/crontabs/root
Create a symbolic link to the crontab file:
# ln -sf /etc/crontabs/root /etc/crontab
it allows me to reference the crontab file using /etc/crontab.
Enable and start crond:
# /etc/init.d/crond start # /etc/init.d/crond enable
Verify that crond successfully started by checking the syslog using:
# logread
and you should see something similar to this at the end of the logread output
Sep 11 17:26:40 OpenWrt cron.info crond[634]: crond: crond (busybox 1.19.4) started, log level 8
Now that you have crond running on OpenWrt, it can be used to periodically run any task that you want. Just add an entry to/etc/crontab for each task that you want periodically executed.
For example, if you want to run a script (/usr/bin/demo) daily at 23:30, the following would be added to crontab:
30 23 * * * /usr/bin/demo >/dev/null 2>&1
Restart crond to make this change take effect:
# /etc/init.d/cron restart
Archey is a tool written in Python that allows users to preview system information along with your Linux distribution logo on the terminal. Another similar tool is screenFetch.
Firstly we need to install the necessary dependencies:
$ sudo apt-get install scrot lsb-release
Download Archey and install:
$ wget https://github.com/downloads/djmelik/archey/archey-0.2.8.deb
$ sudo dpkg -i archey-0.2.8.deb
Run command:
$ archey
you will get this for ubuntu
If you want to start Archey automatically once you launch the terminal, add this to the end of your .bashrc
# Archey
archey
Save and open a new terminal to test it.
Let us try to get the ip of twitter from the default port (53) of OpenDNS:
# dig @208.67.222.222 twitter.com ; <<>> DiG 9.9.1-P3 <<>> @208.67.222.222 -p 53 twitter.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28025 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;twitter.com. IN A ;; ANSWER SECTION: twitter.com. 300 IN A 37.61.54.158 ;; Query time: 8 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Wed Sep 10 07:51:57 2014 ;; MSG SIZE rcvd: 56
Obviously 37.61.54.158 is not what we want.
Let us try with port 5353 and 443:
# dig @208.67.222.222 -p 5353 twitter.com ; <<>> DiG 9.9.1-P3 <<>> @208.67.222.222 -p 5353 twitter.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64372 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;twitter.com. IN A ;; ANSWER SECTION: twitter.com. 15 IN A 199.59.148.82 twitter.com. 15 IN A 199.59.149.230 twitter.com. 15 IN A 199.59.150.7 twitter.com. 15 IN A 199.59.149.198 ;; Query time: 85 msec ;; SERVER: 208.67.222.222#5353(208.67.222.222) ;; WHEN: Wed Sep 10 08:03:49 2014 ;; MSG SIZE rcvd: 104
# dig @208.67.222.222 -p 443 twitter.com ; <<>> DiG 9.9.1-P3 <<>> @208.67.222.222 -p 443 twitter.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2939 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;twitter.com. IN A ;; ANSWER SECTION: twitter.com. 4 IN A 199.59.148.10 twitter.com. 4 IN A 199.59.149.198 twitter.com. 4 IN A 199.59.148.82 twitter.com. 4 IN A 199.59.150.7 ;; Query time: 294 msec ;; SERVER: 208.67.222.222#443(208.67.222.222) ;; WHEN: Wed Sep 10 08:04:53 2014 ;; MSG SIZE rcvd: 104
Now we got it !!!
In OpenWrt, edit /etc/config/dhcp, change dnsmasq section
config dnsmasq option domainneeded '1' option boguspriv '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' # option resolvfile '/tmp/resolv.conf.auto' option noresolv 1 list server '208.67.222.222#5353' list server '/pool.ntp.org/208.67.222.222'
Shadowsocks is a fast tunnel proxy that helps you bypass firewalls.
Add debian sid to your source list:
$ sudo echo "deb http://shadowsocks.org/debian wheezy main" >> /etc/apt/sources.list
Install shadowsocks:
$ sudo apt-get update $ sudo apt-get install shadowsocks
Edit shadowsocks config file /etc/shadowsocks/config.json:
$ sudo vi /etc/shadowsocks/config.json
Here is my config file
{ "server":"0.0.0.0", "server_port":8388, "local_port":0, "password":"demo", "timeout":600, "method":"aes-256-cfb" }
Explanation of the fields:
Name | Explanation |
---|---|
server | the address your server listens |
server_port | server port |
local_address | the address your local listens |
local_port | local port |
password | password used for encryption |
timeout | in seconds |
method | encryption method, “aes-256-cfb” is recommended |
fast_open | use TCP_FASTOPEN, true / false |
workers | number of workers, available on Unix/Linux |
Start shadowsocks:
$ sudo /etc/init.d/shadowsocks start
On your client machine, use the same configuration as your server, and start your client.
If you use Chrome, it’s recommended to use SwitchySharp. Change the proxy settings to
protocol: socks5 hostname: 127.0.0.1 port: your local_port
https://github.com/clowwindy/shadowsocks/wiki
OpenWrt is described as a Linux distribution for embedded devices.
Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
The latest stable release is AttitudeAdjustment 12.09.
To install pdnsd, run command:
# opkg update # opkg install pdnsd
Edit configuration file /etc/pdnsd.conf.
The global section specifies parameters that affect the overall behaviour of the server. If you specify multiple global sections, the settings of those later in the file will overwrite the earlier given values.
The detailed description of the options can be found here.
Here is my global section
global { perm_cache=2048; cache_dir="/var/pdnsd"; # pid_file = /var/run/pdnsd.pid; # run_as="nobody"; server_port = 5353; server_ip = any; status_ctl = on; # paranoid=on; query_method=tcp_udp; min_ttl=15m; # Retain cached entries at least 15 minutes. max_ttl=1w; # One week. timeout=10; # Global timeout option (10 seconds). neg_domain_pol=on; udpbufsize=1024; # Upper limit on the size of UDP messages. }
Each server section specifies a set of name servers that pdnsd should try to get resource records or authoritative name server information from. The servers are queried in the order of their appearance (or parallel to a limited extend). If one fails, the next one is taken and so on.
You probably want to specify the dns server in your LAN, the caching dns servers of your internet provider or even a list of root servers in one or more server sections.
The detailed description of the options can be found here.
I added opendns server in my configuration file
server { label= "opendns"; ip = 208.67.222.222; port = 5353; root_server = on; uptest = none; }
You can also add Google Public DNS. More DNS can be found here.
Enable and start pdnsd:
# /etc/init.d/pdnsd enable # /etc/init.d/pdnsd start
Test with:
# dig @127.0.0.1 -p 5353 youtube.com ; <<>> DiG 9.9.1-P3 <<>> @127.0.0.1 -p 5353 youtube.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49334 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;youtube.com. IN A ;; ANSWER SECTION: youtube.com. 300 IN A 173.194.127.135 youtube.com. 300 IN A 173.194.127.137 youtube.com. 300 IN A 173.194.127.142 youtube.com. 300 IN A 173.194.127.136 youtube.com. 300 IN A 173.194.127.133 youtube.com. 300 IN A 173.194.127.132 youtube.com. 300 IN A 173.194.127.128 youtube.com. 300 IN A 173.194.127.131 youtube.com. 300 IN A 173.194.127.130 youtube.com. 300 IN A 173.194.127.129 youtube.com. 300 IN A 173.194.127.134 ;; Query time: 311 msec ;; SERVER: 127.0.0.1#5353(127.0.0.1) ;; WHEN: Fri Sep 5 20:58:07 2014 ;; MSG SIZE rcvd: 216
To change time zone from terminal, run the command:
$ sudo dpkg-reconfigure tzdata
Follow the directions in the terminal.
FlexGet is a multipurpose automation tool for content like torrents, nzbs, podcasts, comics, series, movies, etc. It can use different kinds of sources like RSS-feeds, html pages, csv files, search engines and there are even plugins for sites that do not provide any kind of useful feeds.
There are numerous plugins that allow utilizing FlexGet in interesting ways and more are being added continuously.
FlexGet is extremely useful in conjunction with applications which have watch directory support or provide interface for external utilities like FlexGet.
Make sure you have Python 2.6.x – 2.7.x available. Try running commands:
$ python -V
If you don’t have required version already available, install it from your distribution package manager:
$ sudo apt-get install python2.7 $ sudo apt-get install python-dev
If you do not have pip already available, you need to install it:
$ sudo apt-get install python-pip
Download latest LibYAML yaml-0.1.6.tar.gz.
Compile and install it:
$ ./configure $ make $ sudo make install
Install transmissionrpc
$ sudo pip install transmissionrpc
Install FlexGet:
$ sudo pip install flexget
Verify installation:
$ flexget -V
Detailed configuration tutorial can be found here.
FlexGet is meant to be executed from users own crontab, not from /etc/crontab (root).
To edit user crontab execute command:
$ crontab -e
Enter one new line on crontab:
*/30 * * * * /usr/local/bin/flexget execute --cron
This will run FlexGet every thirty minutes.
Dnscrypt-proxy is a protocol for securing communications between a client and a DNS resolver.
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more.
Download the latest libsodium version libsodium-0.7.0.tar.gz and extract it:
$ tar -xzvf libsodium-0.7.0.tar.gz
Compile and install it:
$ ./configure $ make && make check $ sudo make install
Download the latest dnscrypt-proxy version dnscrypt-proxy-1.4.0.tar.gz and extract it:
$ tar -xzvf dnscrypt-proxy-1.4.0.tar.gz
Compile and install it:
$ ./configure $ make $ sudo make install
The proxy will be installed as /usr/local/sbin/dnscrypt-proxy
by default.
Start the daemon:
$ dnscrypt-proxy --daemonize --local-address=0.0.0.0:5353 --resolver-name=opendns
Now we test it:
$ dig @127.0.0.1 -p 5353 youtube.com ; <<>> DiG 9.9.5-3-Ubuntu <<>> @127.0.0.1 -p 5353 youtube.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28830 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;youtube.com. IN A ;; ANSWER SECTION: youtube.com. 300 IN A 74.125.225.198 youtube.com. 300 IN A 74.125.225.200 youtube.com. 300 IN A 74.125.225.201 youtube.com. 300 IN A 74.125.225.192 youtube.com. 300 IN A 74.125.225.194 youtube.com. 300 IN A 74.125.225.193 youtube.com. 300 IN A 74.125.225.206 youtube.com. 300 IN A 74.125.225.195 youtube.com. 300 IN A 74.125.225.196 youtube.com. 300 IN A 74.125.225.199 youtube.com. 300 IN A 74.125.225.197 ;; Query time: 56 msec ;; SERVER: 127.0.0.1#5353(127.0.0.1) ;; WHEN: Wed Sep 03 02:31:44 UTC 2014 ;; MSG SIZE rcvd: 216
Msmtp is an SMTP client.
In the default mode, it transmits a mail to an SMTP server (for example at a free mail provider) which takes care of further delivery.
To use this program with your mail user agent (MUA), create a configuration file with your mail account(s) and tell your MUA to call msmtp instead of /usr/sbin/sendmail.
Features include:
Mutt is a small but very powerful text-based mail client for Unix operating systems.
Some of Mutt’s features include:
$ sudo apt-get update $ sudo apt-get install msmtp mutt
Create the file .msmtprc in your home directory, with no more permissions than user read/write (0600).
# Set default values for all following accounts defaults #tls_trust_file /etc/ssl/certs/ca-certificates.crt logfile ~/.msmtp.log # Default account account default host smtp.qq.com from demo@qq.com auth plain user demo password demo
This is a simple configuration file and usuallly is sufficient.
Try to send a mail to test it:
$ msmtp demo@gmail.com
Input message and ctrl + D to send it.
Using TLS encryption is always a good idea.
If you are not sure whether the SMTP server supports authentication and/or TLS encryption, find it out with:
$ msmtp --host=smtp.demo.com --serverinfo
To use TLS, it is required to either enable full server certificate verification using the ‘tls_trust_file’ command or ‘–tls-trust-file’ option, or to trust one particular peer certificate using the ‘tls_fingerprint’ command or ‘–tls-fingerprint’ option, or to disable all certificate checks using ‘tls_certcheck off’ or ‘–tls-certcheck=off’.
If your system has a file that collects all system-wide trusted CA certificates, it is easiest to just use this in the ‘defaults’ section of your configuration file. On Debian-based systems, for example, the adequate command would be
tls_trust_file /etc/ssl/certs/ca-certificates.crt
But you can also find out manually which CA certificate you need to trust.
First, issue the following command:
$ msmtp --serverinfo --host=smtp.demo.com --tls=on --tls-certcheck=off
The option ‘–tls-certcheck=off’ allows msmtp to accept any certificate, so that it can print some information about it. The output of this command tells you the common name of the server certificate issuer. You have to trust this issuer to use full TLS security. Usually you can find the CA certificate on the issuer’s homepage.
Now let us add gmail account to configuration file.
First we need to get CA certificate:
$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-certcheck=off SMTP server at smtp.gmail.com (ig-in-x6c.1e100.net [2607:f8b0:4001:c05::6c]), port 25: mx.google.com ESMTP ga10sm76109igd.0 - gsmtp TLS certificate information: Owner: Common Name: smtp.gmail.com Organization: Google Inc Locality: Mountain View State or Province: California Country: US Issuer: Common Name: Google Internet Authority G2 Organization: Google Inc Country: US Validity: Activation time: Tue 15 Jul 2014 08:40:38 AM UTC Expiration time: Sat 04 Apr 2015 03:15:55 PM UTC Fingerprints: SHA1: 9C:0A:CC:93:1D:E7:51:37:90:61:6B:A1:18:28:67:95:54:C5:69:A8 MD5: E7:48:1D:0B:99:4A:C3:A8:31:86:E5:8F:E5:EE:4F:2A Capabilities: SIZE 35882577: Maximum message size is 35882577 bytes = 34.22 MiB PIPELINING: Support for command grouping for faster transmission STARTTLS: Support for TLS encryption via the STARTTLS command AUTH: Supported authentication methods: PLAIN LOGIN
The issuer name is Google Internet Authority G2, we got the CA certificate here.
Convert the CA certificate to readable format:
$ openssl x509 -inform DER -in GIAG2.crt -outform PEM -out gmail-smtp.crt
With this CA certificate, the following should succeed:
$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-trust-file=gmail-smtp.crt
Now we add gmail account to configuration file
# Gmail account gmail host smtp.gmail.com from demo@gmail.com auth on user demo@gmail.com password demo tls on tls_starttls on tls_certcheck on tls_trust_file ~/.ssl/certs/gmail-smtp.crt
Create the file .muttrc in your home directory
set sendmail="/usr/bin/msmtp" set use_from=yes set realname="demo" set from=demo@outlook.com set envelope_from=yes
Send a mail to test mutt:
$ echo "Hello World" | mutt -s "Hello" -c demo@outlook.com demo@gmail.com
Send a mail with attachment:
$ echo "Hello World" | mutt -s "Hello" -a ~/tmp/demo.tar.gz demo@gmail.com
Recent Comments