• Archives

  • Post Catagories

  • .::Admin Tools::.

  • I review for the O'Reilly Blogger Review Program

add-apt-repository: command not found

To start installing and using software from a Personal Package Archive (PPA) the easy way….. you will need to get add-apt-repository first

#sudo apt-get install python-software-properties

once installed we can add a ppa with, for example:

#sudo apt-add-repository ppa:ubuntu-clamav/ppa
#sudo apt-get update
Neat 🙂

Advertisements

Tech Notes: Ubuntu Server 10.04 LTS – Squid + Dansguardian + Webmin + ClamAV

PLEASE NOTE: The information listed here is purely for my convenience. Please feel free to use it any way that you like, but I will not take any responsibility for inaccuracies or damage resulting in the use of this information.

DansGuardian logo

Image via Wikipedia

Ubuntu Server 10.04.2 LTS + Squid + Dans Guardian + Webmin = Webfiltering Proxy with idiot proof perl frontend 🙂

1. Install Ubuntu Server 10.04.2 LTS in the usual manner. Slice disks up how you like! follow the install and select none of the options when you get to “tasksel”

2.(OPTIONAL) Install Apache with…Might need Apache later for zero config proxy.. client side

# sudo apt-get install apache2
3. If you don’t have a static IP then edit interfaces…
# sudo nano /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address    192.168.1.2     #Your IP
netmask    255.255.255.0     #Your Netmask
gateway    192.168.1.1    #Your Gateway

4. Save and Exit…duh 🙂

5. Restart Networking to bring the new config into play…

# sudo /etc/init.d/networking restart

6. Install and Config Squid….first up…

# sudo apt-get install squid
7. Backup our clean squid.conf file with…

# sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.backup

8. Edit squid.conf with…

# sudo nano /etc/squid/squid.conf

NOTE: If you want to change the default port that squid listens on [3128], change the http_port tag
Ctrl+W is your friend here…look for the “http_access” (No quotes) section on or around line 1860.

#Create an acl (Access Control List) with...
acl our_networks src 192.168.1.0/24 # Replace with your subnet!
#Then Create http access rule with....
http_access allow our_networks

OPTIONAL = if you get a startup error ‘FATAL: Could not determine fully qualified hostname.
Please set visible_hostname’ you will also need to modify the visible_hostname tag (Ctrl+W is your friend to find the bugger!!)

visible_hostname localhost

9. Save and Exit…really!! 🙂

10.Install Dansguardian with…

# sudo aptitude install dansguardian

11. We need to check /etc/dansguardian/dansguardian.conf for the following:
# UNCONFIGURED
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128

All of the above was present and correct in my dansguardian.conf…..but I still needed to Comment UNCONFIGURED

Also set reportinglevel=-1 as I wanted to log traffic at first rather than block it.

DANSGUARDIAN INFO:
To configure banned/exception sites based on either phrases, ip addresses, urls, mime type,
etc… you would need to edit one of the following files using nano. All files are located in /etc/dansguardian/

bannedextensionlist
bannediplist
bannedmimetypelist
bannedphraselist
bannedregexpurllist
bannedsitelist
bannedurllist
banneduserlist

exceptioniplist
exceptionphraselist
exceptionsitelist
exceptionurllist
exceptionuserlist
exceptionvirusextensionlist
exceptionvirusmimetypelist
exceptionvirussitelist
exceptionvirusurllist

REMEMBER: Whenever you edit these files it is good practice to restart both Squid and Dansguardian
# sudo /etc/init.d/dansguardian stop
# sudo /etc/init.d/squid stop
# sudo /etc/init.d/squid start
# sudo /etc/init.d/dansguardian start
# ps –e | grep dansguardian ## to see if the service is running

Now that Squid and DansGuardian are configured, test it by setting up your browser to use the proxy server
with port 8080. A site that is blocked by default in DansGuardian is http://tits.com if you get a page redirect then you’re good to go (See Image below) Note: you will not get a page redirect if you have set reporting level to -1 in dansguardian.conf like I did.

whitehouse.com in Firefox through Dan's Guardian

Image via Wikipedia

INSTALLING WEBMIN

Webmin is a web-based interface for system administration for Unix.
Using any browser that supports tables and forms (and Java for the File Manager module)

1. Install dependencies: Perl 5 interpreter and libnet-ssleay-perl

# sudo aptitude install perl5 libnet-ssleay-perl
2. Install Webmin
# cd /usr/local/src
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.550.tar.gz

NOTE: Check the URL to make sure you are getting the latest!!
…This is the big daddy of Webmin Packages….low fat it ain’t everything is included
….except DansGuardian 😦

# sudo tar -xvzf webmin-1.550.tar.gz
# cd /webmin-1.550
# sudo sh setup.sh

Setup script will run…Answer all questions correctly, I personally set up SSL but it’s up to you

3.Navigate to https://server-name:10000 and log in with the username and pass that you provided to
setup.sh.

4. NO DANSGUARDIAN!! WE HAVE BEEN ROBBED….not so…we need to install it!!
5. Navigate to Webmin | Webmin Configuration | Webmin Modules
6. Make sure the Install Tab is selected and then enter the following URL into the field marked “From ftp or http URL”
# http://sourceforge.net/projects/dgwebminmodule/files/dgwebmin-stable/0.7/dgwebmin-0.7.1.wbm/download
7. Click the “Install Module” cmd button
8. Almost done we now need to select our newly installed module
9. CRISIS there are errors!! never fear we just need to configure the module for the Ubuntu environment.

"Warning - DansGuardian binary file not found, maybe you need to update your module config (especially the directory paths).
(Expected location: /sbin/dansguardian)

Warning - the version of DansGuardian you have is not supported by this Webmin module version
Webmin Module Version 0.7.1 supports DG version 2.10 (& 2.9)
Currently installed DG version ?

Warning - running as root(superuser) may cause new files to be innaccessible by production DansGuardian"

10. Select the “module config” hyperlink and update the Configurable Options as follows:

Leave everything as it is except:

Full path to DG binary = /usr/sbin/dansguardian

Command to restart DG (if allowed) = /etc/init.d/dansguardian restart
Command to start DG (if allowed) = /etc/init.d/dansguardian start
Command to stop DG (if allowed) = /etc/init.d/dansguardian stop

Basically lose the rc.d directory listing in the three lines above!!

11. Add webmin startup file to /etc/init.d

If you installed webmin in the default folder
(/etc/webmin/) you follow these steps:

# cd /etc/init.d

# sudo nano webmin

#! /bin/sh
DEAMON=/etc/webmin/start
test -x $DEAMON || exit 0
./etc/webmin/start

Save the file and make it executable:
# chmod 755 /etc/init.d/webmin

It must be started on boot, we want to start it as root:

# sudo update-rc.d webmin defaults
Note: If something goes wrong and you want to
remove this addition in starting up, you
execute:

# update-rc.d -f webmin remove

INSTALL CLAMAV

1. Execute the following from a shell to install ClamAV:

sudo apt-get install clamav-daemon clamav-freshclam

2. We will get a warning!!

LibClamAV Warning:***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated.***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************

======================================================

NOTE: To keep Clam up to date I decided to add the ubuntu-clamav/ppa PPA

First up we need add-apt-repository

So…

#sudo apt-get install python-software-properties

once installed we can add a ppa with, for example:

#sudo add-apt-repository ppa:ubuntu-clamav/ppa
#sudo apt-get update/upgrade

If you prefer to roll your own take a look at this excellent post

=======================================================

3. Fresh-Clam will look for def updates every hour….if you need to change this behaviour then edit:

/etc/clamav/freshclam.conf
then...
sudo /etc/init.d/clamav-freshclam restart

4. Open dansguardian.conf and un-comment this line:

contentscanner = '/etc/dansguardian/contentscanners/clamav.conf'

NOTE: I have not been able to get Dansguardian and Clam Daemon to work together yet. I have listed some info below to remind me of a couple of key bits of info when I get time to look into this.

All looks ok so we can test the configuration with page: http://www.eicar.org/download/eicar.com.txt

You should see: Virus or bad content detected. Eicar-Test-Signature on page.

NOTE: Good Site for Blacklists and auto update scripts http://www.shallalist.de/ also http://contentfilter.futuragts.com/wiki/doku.php?id=downloadable_blacklists for general info and links to more blacklists.

INFO

When building DansGuardian, use the –enable-clamd ./configure option, but not the –enable-clamav option too. In an ideal world, all DansGuardian packages obtained from distribution repositories should already be built this way. However in the real (not ideal) world, repository errors are possible. Once DansGuardian is bult correctly, you can then control whether or not to use ClamAV purely through the configuration options in dansguardian.conf; in other words once the build/configure options are correct, you will never need to revisit them no matter what you do with anti-virus.

In dansguardian.conf, use the ‘clamdscan’ option rather than the ‘clamav’ option. The ‘clamdscan’ option interfaces to ClamAV through the interprocess named pipe socket provided by the clam daemon. (The old ‘clamav’ option tries to interface to ClamAV through a version dependent library [a *nix “shared object” (.so) is analogous to a Windows “dynamic link library” (.dll)]which is probably no longer supported nor even available.)

Zenwalk 6.2 and Micronet SP906/8gk PCI Cards

Recently I decided to purchase a cheap PCI Wireless Card as I wanted to experiment with some homemade antennas. I had a quick look around Maplin (Electronics Store here in the UK) and decided to purchase a Micronet SP906/8gk unit. It was an impulse purchase and I had no idea if it was even supported by Linux.

I had put aside a workstation for the purpose of using Zenwalk 6.2 and this wireless card. After installing the card I proceeded to install Zenwalk 6.2 in the usual manner. Installation went without fault until I rebooted the machine. I found Zenwalk would lockup during startup seemingly just after loading the keyboard driver!!

I removed the PCI Card and (what a suprise) Zenwalk booted fine. I placed the card back into the machine and then tried to boot Ubuntu 9.04 from CD, same problem ubuntu lockedup before getting to the Gnome desktop.

Well I could not be bothered with another trip under my desk (There are way to many cables and it hasn’t seen a vacuum cleaner for ages) so here is how I managed to fix this issue….with the card installed:

1. Booted up with my Zenwalk 6.2 cd, when I got to the install menu I chose “EXIT” to quit the installer and give me a terminal.

2. First I needed somewhere to mount my root “/” partition, so I entered the following commands to create a mount point.
# mkdir -p /mnt/linux

3. Next I needed to mount the root partition of my hardisk installation in my newly created mount point, you will need to replace /dev/yyzz with the root partition of you harddisk installation, e.g. /dev/sda1
# mount -w /dev/yyzz /mnt/linux

4. Now I needed to “chroot” into this partition:

# chroot /mnt/linux /bin/bash

5. Now I needed to blacklist the kernel driver modules that where causing the problems when “incorrectly” applied to the Micronet Wireless Card.

# vi /etc/modprobe.d/blacklist.conf

I then added these lines to blacklist.conf:

blacklist rtl8180

blacklist rtl8187

Save blacklist.conf and restart.

6. You should now be able to boot Zenwalk as normal…next we need to download and install the correct Kernel Module Drivers for this card, but before you do this you will need to use xnetpkg or netpkg or your chosen package manager to get and install the kernel source package. This is important as the driver package needs this in order to make!

7. Went over to the Realtek site and downloaded the correct Linux Kernel Driver, you can find the page here.

I downloaded the package “rt73-k2wrlz-3.0.3.tar”

I then (as root) untarred the tar ball and from a terminal window cd’d to ../rt73-k2wrlz-3.0.3

I then performed..

# make

# make install

This completed without errors, I bought the interface up with:

# ifconfig wlan0 up

and then connected to my wireless network here using WICD.

I hope this information is useful to someone. If it is, or if you get stuck just leave me a message and I will try to help.

Maplin CnM Book

cnmbook

The Maplin CnM Book is basically a webook computer that runs a custom version of Debian Linux. I have had my eyes on this bit of kit for a while now, but wanted to wait until I could play with one until I decided if it would be any good for me. I often commute between Dereham and Norwich on the X1 route. This journey can sometimes take up to an hour to complete (Depending on Traffic). I thought that this time could be better spent updating my blog or doing some research on the Web along with reading emails and other stuff. So with all this in mind it looked like the CnM Book could fill this role.

A mutual friend of my partners and I bought one of these Machines and I have the use of it while he is at work. My first thought where wow, its small. The screen is small but crisp and the machine itself is reasonably zippy at OS level. Bon Echo (A cut down version of Firefox) supplies browser functionality albeit basic and very incomplete. I have to say that I was a little ticked off with the fact that I could not download pictures from the web, I’m sure there is a patch out there to fix this and as always GIYF. I wrote this post using the CnM Book and to be honest it was painful. WordPress does not render correctly in the browser and Scripts seem to stop functioning, I eventually resorted to using Xip Word ( That’s Abi Word to you and me ) and even that was a painful experience due to the very small keyboard.

Installing Software was easy using the packages supplied on CnM’s site (http://194.150.201.35/cnmlifestyle/cnmbookdownloads.htm) There is even a package that gives you root access!! One application that did worry me was Video Online (http://www.skytone.net.cn/en/download_show.php?id=2&smallclass=12&article_id=132). I downloaded this for my friend that owns this machine because he is a big fan of Utube, unfortunately it looks like you have to register this program and pay for a registration key!! I wouldn’t mind this if there where Open Source alternatives but as far as I can tell there isn’t anything and there was no warning of this on the CnM Downloads Page. All in all I think I will steer clear of this machine. I think my friend will be happy with it as it does fulfill the purpose for which he bought it. I have spoken with my partner about this and she agrees with me that its a nice bit of kit.

The whole thing seems like it is a ‘concept’ or ‘beta’ product that is good conceptually but lacks in the delivery department. I know that Linux can be better than this, I just think it has been rushed rather than polished. If you want a new toy to hack around with and you are competent with Linux then go for it!! Otherwise I would recommend saving your money for a proper Laptop / Netbook.

I think Little Linux Laptop sum this product up perfectly “YES! If you want a small portable laptop to take on trips or whatever you want to surf the web, IM chat, send and receive e-mail, work on your Word / Excel files, read PDF’s and experiment a little with installing games and software then this is the laptop for you!