Category: Linux

Categories
Computers Linux

Problem installing MySQL Ruby bindings

In a previous article I outlined the installation of a Rails environment on Ubuntu 8.04. That article fails when the target system is a clean installation of Ubuntu 8.04 since it would then be lacking the essential build environment. This is manifested when installing the native extensions for MySQL using “gem install mysql” and the error message shown is:

root@hobbit:~# gem install mysql
Building native extensions. This could take a while...
ERROR: Error installing mysql:
ERROR: Failed to build gem native extension.


/usr/bin/ruby1.8 extconf.rb install mysql
checking for mysql_query() in -lmysqlclient... no
checking for main() in -lm... no
checking for mysql_query() in -lmysqlclient... no
checking for main() in -lz... no
checking for mysql_query() in -lmysqlclient... no
checking for main() in -lsocket... no
checking for mysql_query() in -lmysqlclient... no
checking for main() in -lnsl... no
checking for mysql_query() in -lmysqlclient... no
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of
necessary libraries and/or headers. Check the mkmf.log file for more
details. You may need configuration options.

To fix this, just install build-essential, i.e. “apt-get install build-essential”.

Categories
Computers Linux

Make SVN trust a new CA

I routinely use Subversion to host all my software projects. For a long time I just got used to permanently accept the certificate warning when checking out a certain project – even though what I really wanted was for SVN to trust my home-made root CA certificate. Finally, I have found time to learn how to make SVN trust my CA and here is how:

  1. Download the root CA certificate
  2. Check that the certificate is in PEM form by issuing “openssl x509 -text -in certificate.crt”. If the output doesn’t make sense, then try with “openssl x509 -text in certificate.crt -inform der”
  3. To convert a DER certificate to PEM, issue “openssl x509 -in certificate-der.crt -inform der -out certificate-pem.crt -outform pem”
  4. You may want to copy the CA certificate to /etc/ssl/certs – although it is not required
  5. Edit your ./subversion/servers file. Change or add the value ssl-authority-files in the [globals] section so that it includes the CA certificate (in PEM form). The ssl-authority-files value is colon separated.
Categories
Computers Linux

Combine subversion, WebSVN and a web page in one Apache site

In my last post I wrote about how to get libapache_mod_auth_pam to play nicely with Apache2. This post is about putting it all together, complete with WebSVN and a default web page so that one can write an introductory text to the users using the site.

Getting subversion up and running on Apache was explained in the last post. The problem with that, however, is that the Location directive means that all content on the site is directed to dav_svn. Hence, it is not possible to access an index.html page in the root, nor the /websvn folder. If you try, you will just get the message “Could not open the requested SVN filesystem”.

Of course, the simple solution to this would be to put the dav_svn module one folder down in the site structure (e.g. http://svn.example.com/repositories/<repository>) by changing the Location directive to <Location /repositories/>. But that is ugly.

I assume there are many ways to solve this but here is how I did it.

  1. First, create two sites – svn.example.com and websvn.example.com (or whatever you want to call them).
  2. Configure the site svn.example.com as explained in the previous post
  3. Configure the site websvn.example.com as you would any other static site, adding a index.html file in the root with whatever content you want to have there
  4. Now, before the Location directive in the svn.example.com site definition, add the following:


    5. RewriteEngine on
    RewriteRule ^/$ index.html [R]
    ProxyPass /websvn/ http://websvn.example.com/websvn/
    ProxyPassReverse /websvn/ http://svn.example.com/websvn/
    ProxyPass /index.html http://websvn.example.com/index.html

  5. Finally, you may also want to add SSL support for the svn.example.com site but I won’t go into that here

To make this work, a couple of Apache2 modules must be enabled, namely: proxy, proxy_http and rewrite.

What the above does is that it rewrites accesses to the root URL / to /index.html. Then, all requests to either /index.html or /websvn are proxied to the other site (which does not have dav_svn enabled so they work fine there).

With everything in place, you should be able to access http://svn.example.com for the index.html page, http://svn.example.com/websvn for the WebSVN interface to the repositories – and anything else for the real repositories.

A prettier solution would be if the Location directive for Apache supported negated regular expressions but I have come to the conclusion that it doesn’t – at least not the version I am using (2.2.8).

Categories
Computers Linux

Apache >

Categories
Computers Linux

Install Rub

Categories
Computers Linux

Trackpad issue on Acer Aspire One under Ubuntu 8.4.1

I am holding out for the OneLinux distribution specifically targeted for the Acer Aspire One. Meanwhile I have installed Ubuntu 8.4.1 according to the instructions on the Ubuntu community forums. Everything works fine apart from the trackpad which just dies on me sometimes. And when it dies it will not come back. As a matter of fact it doesn’t even help to restart the computer. I have to boot Ubuntu 8.4.1 from the CD and the reboot from the internal HD to get the trackpad operational again.

First I thought I had managed to mess things up when I opened up the AAO to insert more memory but the more I studied it the more convinced I became that the issue is in fact software related.

The trackpad never stops working in the middle of something – only when the computer has been suspended (but not every time). When the system boots up OK I can see the following two lines in the output to dmesg:


[ 25.547798] Synaptics Touchpad, model: 1, fw: 7.2, id: 0x1c0b1, caps: 0xd04771/0xa40000
[ 25.601159] input: SynPS/2 Synaptics TouchPad as /devices/platform/i8042/serio2/input/input7

However, on occasions when the mouse is not operational after a reboot, these lines are absent and instead there is one line:


[ 24.997164] psmouse.c: Failed to reset mouse on isa0060/serio2

Clearly something is not working as it should. This is really annoying and I do hope that the 8.10 release will fix it. Meanwhile, if anyone is experiencing the same issue – please let me know.

Categories
Computers Linux

Prevent ssh dictionary attacks

If you are like me you may be running a few Linux servers that are exposed to the Internet. To manage them you have probably enabled ssh login and opened up your firewall for such traffic. Maybe you have been thinking of the risk of being attacked and perhaps you have glanced at /var/log/auth.log. Chances are that you then realised that the Internet is not the friendly place it used to be.

Now, the risk of this may be minor. Naturally you are using complex passwords (who are not?) and of course you have disabled any logins by the root account. Naturally, you use certificates instead of passwords when logging in remotely. And while on the subject – may I add a feature request for openssh to restrict remote login using password on the basis of IP range?

So, I had done all that and still felt a little uneasy. Then I found the project Denyhosts. It is a Python based tool written by Phil Schwartz that tails the auth.log file, acting on multiple incorrect logins from the same host. Suspicious hosts are added to /etc/deny.hosts so that they can’t even connect to the ssh server.

I have been running the script on two computers for a couple of weeks. On average, one or two attackers are caught each day. Currently I am running both systems stand-alone but shortly I may join up with the large number of sites that aggregate attacker information to foil them before they even start attacking my machines.

Denyhosts is not new. In fact, the latest release is almost two years old. But it is small, can be configured in a jiffy and gets the job done. To install on a Ubuntu box, just type “sudo apt-get install denyhosts”.

Good job, Phil!

Categories
Computers Linux

Making a movie out of a set of images

Images captured at a certain interval (e.g. from a network camera in your home) can easily be converted into a movie. The simplest way to do this is to use the Linux package mencoder available as a package for most standard distributions.

For Ubuntu 8.04, mencoder can be installed just by typing

sudo apt-get install mencoder

Some tutorials on mencoder are based on an old version of the software and following them will not work. Instead the errors from mencoder will appear to indicate that some codecs are missing on the system. Installing them may solve the issue (it didn’t in my case) but will probably just waste your time.

The correct command to convert all JPEG images in a folder into a movie is

mencoder "mf://*.jpg" -mf fps=30 -o output.avi

Adjust the frame rate according to the frequency the images were taken or to make the movie go faster or slower. It is also possible to use the -speed parameter.

Categories
Computers Gadgets Linux

No wireless on Acer Aspire One using OneLinux

Acer Aspire One is a cool little device but out of the box it is somewhat crippled. I have tried to install the standard Ubuntu and Xubuntu 8.4.1 distributions with the help from the information on the Ubuntu community pages. For some reason, the system started behaving erratically – the trackpad worked only intermittently, the computer could sometimes appear to hang for a few seconds etc. I then restored the system using the CD that came with it and noticed that everything was working as normal. Clearly, all my problems were software related.

I started looking for an alternative OS and found OneLinux, a distribution based on Ubuntu specifically targeted for the Acer Aspire One. Perfect! Only problem is that the wireless network doesn’t work. The hardware driver dialog shows the following (my AAO model is 110-Ab, using an Atheros AR5BXB63):

OneLinux beta 1 wireless hardware issue

While I am writing this I am downloading (all too slowly) the updated beta of OneLinux. Hopefully it will correct the wireless issue. Stay tuned.

Categories
Computers Linux

File permission error with bind on Ubuntu 8.04

Starting with Ubuntu 8.04 slave zones under bind9 may not work as well as you may think – depending on where you believe you should save your zone files. The syslog shows permission error when bind tries to write to any folder under /etc/bind. That is where I had kept such files before – I realise now that this was a mistake – or at least not in line with common best practice.

This is the error you may see:


dumping master file: /etc/bind/slave/tmp-31s25Singg: open: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: failed while receiving responses: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: end of transfer

Starting with Ubuntu 8.04, apparmor is included by default in the installation. This was a new feature for me. In short, apparmor prevents unauthorised file activities and the reason for my file permission problem with bind was that I tried to write slave zone files to /etc/bind/slave. But, by definition, the local host does not hold the master copy of a slave zone. Such data should instead be saved in /var/cache/bind. Once I changed my zone definition and restarted bind it went well.

css.php