Tag Archives: linux

Linux

Exim Cheat Sheet

Here are some useful things to know for managing an Exim 4 server. This assumes a prior working knowledge of SMTP, MTAs, and a UNIX shell prompt.

Message-IDs and spool files

The message-IDs that Exim uses to refer to messages in its queue are mixed-case alpha-numeric, and take the form of: XXXXXX-YYYYYY-ZZ. Most commands related to managing the queue and logging use these message-ids.

There are three -- count 'em, THREE -- files for each message in the spool directory. If you're dealing with these files by hand, instead of using the appropriate exim commands as detailed below, make sure you get them all, and don't leave Exim with remnants of messages in the queue. I used to mess directly with these files when I first started running Exim machines, but thanks to the utilities described below, I haven't needed to do that in many months.

Files in /var/spool/exim/msglog contain logging information for each message and are named the same as the message-id.

Files in /var/spool/exim/input are named after the message-id, plus a suffix denoting whether it is the envelope header (-H) or message data (-D).

These directories may contain further hashed subdirectories to deal with larger mail queues, so don't expect everything to always appear directly in the top /var/spool/exim/input or /var/spool/exim/msglog directories; any searches or greps will need to be recursive. See if there is a proper way to do what you're doing before working directly on the spool files.

Basic information

Print a count of the messages in the queue:

root@localhost# exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):

root@localhost# exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

root@localhost# exim -bp | exiqsumm

Print what Exim is doing right now:

root@localhost# exiwhat

Test how exim will route a given address:

root@localhost# exim -bt alias@localdomain.com
user@thishost.com
    <-- alias@localdomain.com
  router = localuser, transport = local_delivery
root@localhost# exim -bt user@thishost.com
user@thishost.com
  router = localuser, transport = local_delivery
root@localhost# exim -bt user@remotehost.com
  router = lookuphost, transport = remote_smtp
  host mail.remotehost.com [1.2.3.4] MX=0

Run a pretend SMTP transaction from the command line, as if it were coming from the given IP address. This will display Exim's checks, ACLs, and filters as they are applied. The message will NOT actually be delivered.

root@localhost# exim -bh 192.168.11.22

Display all of Exim's configuration settings:

root@localhost# exim -bP

Searching the queue with exiqgrep

Exim includes a utility that is quite nice for grepping through the queue, called exiqgrep. Learn it. Know it. Live it. If you're not using this, and if you're not familiar with the various flags it uses, you're probably doing things the hard way, like piping `exim -bp` into awk, grep, cut, or `wc -l`. Don't make life harder than it already is.

First, various flags that control what messages are matched. These can be combined to come up with a very particular search.

Use -f to search the queue for messages from a specific sender:

root@localhost# exiqgrep -f [luser]@domain

Use -r to search the queue for messages for a specific recipient/domain:

root@localhost# exiqgrep -r [luser]@domain

Use -o to print messages older than the specified number of seconds. For example, messages older than 1 day:

root@localhost# exiqgrep -o 86400 [...]

Use -y to print messages that are younger than the specified number of seconds. For example, messages less than an hour old:

root@localhost# exiqgrep -y 3600 [...]

Use -s to match the size of a message with a regex. For example, 700-799 bytes:

root@localhost# exiqgrep -s '^7..$' [...]

Use -z to match only frozen messages, or -x to match only unfrozen messages.

There are also a few flags that control the display of the output.

Use -i to print just the message-id as a result of one of the above two searches:

root@localhost# exiqgrep -i [ -r | -f ] ...

Use -c to print a count of messages matching one of the above searches:

root@localhost# exiqgrep -c ...

Print just the message-id of the entire queue:

root@localhost# exiqgrep -i

Managing the queue

The main exim binary (/usr/sbin/exim) is used with various flags to make things happen to messages in the queue. Most of these require one or more message-IDs to be specified in the command line, which is where `exiqgrep -i` as described above really comes in handy.

Start a queue run:

root@localhost# exim -q -v

Start a queue run for just local deliveries:

root@localhost# exim -ql -v

Remove a message from the queue:

root@localhost# exim -Mrm <message-id> [ <message-id> ... ]

Freeze a message:

root@localhost# exim -Mf <message-id> [ <message-id> ... ]

Thaw a message:

root@localhost# exim -Mt <message-id> [ <message-id> ... ]

Deliver a message, whether it's frozen or not, whether the retry time has been reached or not:

root@localhost# exim -M <message-id> [ <message-id> ... ]

Deliver a message, but only if the retry time has been reached:

root@localhost# exim -Mc <message-id> [ <message-id> ... ]

Force a message to fail and bounce as "cancelled by administrator":

root@localhost# exim -Mg <message-id> [ <message-id> ... ]

Remove all frozen messages:

root@localhost# exiqgrep -z -i | xargs exim -Mrm

Remove all messages older than five days (86400 * 5 = 432000 seconds):

root@localhost# exiqgrep -o 432000 -i | xargs exim -Mrm

Freeze all queued mail from a given sender:

root@localhost# exiqgrep -i -f luser@example.tld | xargs exim -Mf

View a message's headers:

root@localhost# exim -Mvh <message-id>

View a message's body:

root@localhost# exim -Mvb <message-id>

View a message's logs:

root@localhost# exim -Mvl <message-id>

Add a recipient to a message:

root@localhost# exim -Mar <message-id> <address> [ <address> ... ]

Edit the sender of a message:

root@localhost# exim -Mes <message-id> <address>

Access control

Exim allows you to apply access control lists at various points of the SMTP transaction by specifying an ACL to use and defining its conditions in exim.conf. You could start with the HELO string.

# Specify the ACL to use after HELO
acl_smtp_helo = check_helo

# Conditions for the check_helo ACL:
check_helo:

    deny message = Gave HELO/EHLO as "friend"
    log_message = HELO/EHLO friend
    condition = ${if eq {$sender_helo_name}{friend} {yes}{no}}

    deny message = Gave HELO/EHLO as our IP address
    log_message = HELO/EHLO our IP address
    condition = ${if eq {$sender_helo_name}{$interface_address} {yes}{no}}

    accept

NOTE: Pursue HELO checking at your own peril. The HELO is fairly unimportant in the grand scheme of SMTP these days, so don't put too much faith in whatever it contains. Some spam might seem to use a telltale HELO string, but you might be surprised at how many legitimate messages start off with a questionable HELO as well. Anyway, it's just as easy for a spammer to send a proper HELO than it is to send HELO im.a.spammer, so consider yourself lucky if you're able to stop much spam this way.

Next, you can perform a check on the sender address or remote host. This shows how to do that after the RCPT TO command; if you reject here, as opposed to rejecting after the MAIL FROM, you'll have better data to log, such as who the message was intended for.

# Specify the ACL to use after RCPT TO
acl_smtp_rcpt = check_recipient

# Conditions for the check_recipient ACL
check_recipient:

    # [...]

    drop hosts = /etc/exim_reject_hosts
    drop senders = /etc/exim_reject_senders

    # [ Probably a whole lot more... ]

This example uses two plain text files as blacklists. Add appropriate entries to these files - hostnames/IP addresses to /etc/exim_reject_hosts, addresses to /etc/exim_reject_senders, one entry per line.

It is also possible to perform content scanning using a regex against the body of a message, though obviously this can cause Exim to use more CPU than it otherwise would need to, especially on large messages.

# Specify the ACL to use after DATA
acl_smtp_data = check_message

# Conditions for the check_messages ACL
check_message:

    deny message = "Sorry, Charlie: $regex_match_string"
    regex = ^Subject:: .*Lower your self-esteem by becoming a sysadmin

    accept

Fix SMTP-Auth for Pine

If pine can't use SMTP authentication on an Exim host and just returns an "unable to authenticate" message without even asking for a password, add the following line to exim.conf:

  begin authenticators

  fixed_plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${perl{checkuserpass}{$1}{$2}{$3}}"
  server_set_id = $2
> server_prompts = :

This was a problem on CPanel Exim builds awhile ago, but they seem to have added this line to their current stock configuration.

Log the subject line

This is one of the most useful configuration tweaks I've ever found for Exim. Add this to exim.conf, and you can log the subject lines of messages that pass through your server. This is great for troubleshooting, and for getting a very rough idea of what messages may be spam.

log_selector = +subject

Reducing or increasing what is logged.

Disable identd lookups

Frankly, I don't think identd has been useful for a long time, if ever. Identd relies on the connecting host to confirm the identity (system UID) of the remote user who owns the process that is making the network connection. This may be of some use in the world of shell accounts and IRC users, but it really has no place on a high-volume SMTP server, where the UID is often simply "mail" or whatever the remote MTA runs as, which is useless to know. It's overhead, and results in nothing but delays while the identd query is refused or times out. You can stop your Exim server from making these queries by setting the timeout to zero seconds in exim.conf:

rfc1413_query_timeout = 0s

Disable Attachment Blocking

To disable the executable-attachment blocking that many Cpanel servers do by default but don't provide any controls for on a per-domain basis, add the following block to the beginning of the /etc/antivirus.exim file:

if $header_to: matches "example\.com|example2\.com"
then
  finish
endif

It is probably possible to use a separate file to list these domains, but I haven't had to do this enough times to warrant setting such a thing up.

Searching the logs with exigrep

The exigrep utility (not to be confused with exiqgrep) is used to search an exim log for a string or pattern. It will print all log entries with the same internal message-id as those that matched the pattern, which is very handy since any message will take up at least three lines in the log. exigrep will search the entire content of a log entry, not just particular fields.

One can search for messages sent from a particular IP address:

root@localhost# exigrep '<= .* \[12.34.56.78\] ' /path/to/exim_log

Search for messages sent to a particular IP address:

root@localhost# exigrep '=> .* \[12.34.56.78\]' /path/to/exim_log

This example searches for outgoing messages, which have the "=>" symbol, sent to "user@domain.tld". The pipe to grep for the "<=" symbol will match only the lines with information on the sender - the From address, the sender's IP address, the message size, the message ID, and the subject line if you have enabled logging the subject. The purpose of doing such a search is that the desired information is not on the same log line as the string being searched for.

root@localhost# exigrep '=> .*user@domain.tld' /path/to/exim_log | fgrep '<='

Generate and display Exim stats from a logfile:

root@localhost# eximstats /path/to/exim_mainlog

Same as above, with less verbose output:

root@localhost# eximstats -ne -nr -nt /path/to/exim_mainlog

Same as above, for one particular day:

root@localhost# fgrep YYYY-MM-DD /path/to/exim_mainlog | eximstats

Bonus!

To delete all queued messages containing a certain string in the body:

root@localhost# grep -lr 'a certain string' /var/spool/exim/input/ | \
                sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm

Note that the above only delves into /var/spool/exim in order to grep for queue files with the given string, and that's just because exiqgrep doesn't have a feature to grep the actual bodies of messages. If you are deleting these files directly, YOU ARE DOING IT WRONG! Use the appropriate exim command to properly deal with the queue.

If you have to feed many, many message-ids (such as the output of an `exiqgrep -i` command that returns a lot of matches) to an exim command, you may exhaust the limit of your shell's command line arguments. In that case, pipe the listing of message-ids into xargs to run only a limited number of them at once. For example, to remove thousands of messages sent from joe@example.com:

root@localhost# exiqgrep -i -f '<joe@example.com>' | xargs exim -Mrm

Speaking of "DOING IT WRONG" -- Attention, CPanel forum readers

I get a number of hits to this page from a link in this post at the CPanel forums. The question is:

Due to spamming, spoofing from fields, etc., etc., etc., I am finding it necessary to spend more time to clear the exim queue from time to time. [...] what command would I use to delete the queue

The answer is: Just turn exim off, because your customers are better off knowing that email simply isn't running on your server, than having their queued messages deleted without notice.

Or, figure out what is happening. The examples given in that post pay no regard to the legitimacy of any message, they simply delete everything, making the presumption that if a message is in the queue, it's junk. That is total fallacy. There are a number of reasons legitimate mail can end up in the queue. Maybe your backups or CPanel's "upcp" process are running, and your load average is high -- exim goes into a queue-only mode at a certain threshold, where it stops trying to deliver messages as they come in and just queues them until the load goes back down. Or, maybe it's an outgoing message, and the DNS lookup failed, or the connection to the domain's MX failed, or maybe the remote MX is busy or greylisting you with a 4xx deferral. These are all temporary failures, not permanent ones, and the whole point of having temporary failures in SMTP and a mail queue in your MTA is to be able to try again after awhile.

Exim already purges messages from the queue after the period of time specified in exim.conf. If you have this value set appropriately, there is absolutely no point in removing everything from your queue every day with a cron job. You will lose legitimate mail, and the sender and recipient will never know if or why it happened. Do not do this!

If you regularly have a large number of messages in your queue, find out why they are there. If they are outbound messages, see who is sending them, where they're addressed to, and why they aren't getting there. If they are inbound messages, find out why they aren't getting delivered to your user's account. If you need to delete some, use exiqgrep to pick out just the ones that should be deleted.

Reload the configuration

After making changes to exim.conf, you need to give the main exim pid a SIGHUP to re-exec it and have the configuration re-read. Sure, you could stop and start the service, but that's overkill and causes a few seconds of unnecessary downtime. Just do this:

root@localhost# kill -HUP `cat /var/spool/exim/exim-daemon.pid`

You should then see something resembling the following in exim_mainlog:

pid 1079: SIGHUP received: re-exec daemon
exim 4.52 daemon started: pid=1079, -q1h, listening for SMTP on port 25 (IPv4)

Read The Fucking Manual

The Exim Home Page

Documentation For Exim

The Exim Specification - Version 4.5x

Exim command line arguments

Thanks to bradthemad.

Linux

CLI Video Ripping.

Gui are fine and well, but sometime you just can't beat the command line.  Here are a few examples.

First, make sure you have mplayer installed correctly.  Below is what I have:

[ebuild   R   ~] media-video/mplayer-1.0_rc4_p20120105  USE="X a52 alsa ass bluray cddb cdio cdparanoia cpudetection dts dv dvd dvdnav enca encode faac faad gif iconv jpeg live mmx mp3 network openal opengl osdmenu png pulseaudio quicktime rar real rtc shm speex sse sse2 ssse3 theora toolame tremor truetype twolame unicode vdpau vorbis x264 xscreensaver xv xvid xvmc -3dnow -3dnowext -aalib (-altivec) (-aqua) -bidi -bindist -bl -bs2b -debug -dga -directfb -doc -dvb (-dxr3) (-esd) -fbcon -ftp -ggi -gsm -ipv6 -jack -joystick -jpeg2k -ladspa -libcaca -libmpeg2 -lirc -lzo -mad -md5sum -mmxext -mng -nas -nut -oss -pnm -pvr -radio -rtmp -samba -sdl -tga -v4l (-vidix) (-win32codecs) -xanim -xinerama -zoran" VIDEO_CARDS="-mga -s3virge -tdfx" 0 kB

An example of ripping a DVD could be:

mencoder dvd://1 -dvd-device /dev/sr0 -aid 128 -nosub -info srcform="DVD ripped by cdstealer" -oac faac -ovc x264 -o "/home/cdstealer/Desktop/full_metal_jacket.avi"

But this won't play on a PS3 or Xbox.

mencoder dvd://1 -dvd-device /dev/sr0 -aid 128 -nosub -info srcform="DVD ripped by cdstealer" -oac faac -faacopts mpeg=4 -ovc lavc -lavcopts vcodec=mpeg4 -ffourcc mp4v -o "full_metal_retards.mp4"

This will create an MP4 format file that will play :)

You can also dump and decode the DVD using

mplayer dvd://1 -dumpstream -dumpfile ~/Desktop/file.mpg

This will create a "lossless" copy of which you can transcode using mencoder, ffmpeg et al.

These encoders have a VAST array of options:-
http://ffmpeg.org/ffmpeg.html
http://www.mplayerhq.hu/DOCS/HTML/en/mencoder.html

PS3 supported video formats:

 

  • Memory Stick Video Format
  • MPEG-4 SP (AAC LC)
  • H.264/MPEG-4 AVC High Profile AAC LC
  • MPEG-2 TS H.264/MPEG-4 AVC, AAC LC
  • MP4 file format
  • H.264/MPEG-4 AVC High Profile (AAC LC)
  • MPEG-1 (MPEG Audio Layer 2)
  • MPEG-2 PS (MPEG2 Audio Layer 2, AAC LC, AC3(Dolby Digital), LPCM)
  • MPEG-2 TS MPEG2 Audio Layer 2, AC3 Dolby Digital, AAC LC
  • MPEG-2 TS H.264/MPEG-4 AVC, AAC LC
  • AVI
  • Motion JPEG (Linear PCM)
  • Motion JPEG (μ-Law)
  • AVCHD .m2ts / .mts
  • DivX
  • WMV
  • VC-1 WMA Standard V2

eg
ffmpeg -i file.mkv -vcodec libx264 -acodec copy file.mp4

Input #0, matroska,webm, from 'file.mkv':
Duration: 00:23:42.88, start: 0.000000, bitrate: 2489 kb/s
Stream #0:0(eng): Video: h264 (High 10), yuv420p10le, 1920x1080 [SAR 1:1 DAR 16:9], 23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc (default)
Stream #0:1(eng): Audio: aac, 48000 Hz, 5.1, s16 (default)
Stream #0:2(jpn): Audio: aac, 48000 Hz, stereo, s16
Stream #0:3(eng): Subtitle: text (default)
Linux

WordPress tweaks

Disable SmartQuotes

Create the file TurnOffSmartQuotes.php and paste the below into it:

<?php /* Plugin Name: TurnOffSmartQuotes Plugin 
URI: 
Description: Stops WordPress from converting your quote symbols into smartquotes. The lines below stop the smartquote conversion. 
Version: 1.0 
Author: Steve Moyes Author 
URI: http://cdstealer.com */ 
remove_filter('the_content', 'wptexturize'); 
remove_filter('widget_text', 'wptexturize'); 
remove_filter('the_excerpt', 'wptexturize'); 
remove_filter('the_rss_content', 'wptexturize'); 
remove_filter('the_title', 'wptexturize'); 
remove_filter('single_post_title', 'wptexturize'); 
remove_filter('comment_text', 'wptexturize'); 
remove_filter('comment_author', 'wptexturize'); 
remove_filter('list_cats', 'wptexturize'); 
remove_filter('category_description', 'wptexturize'); 
remove_filter('bloginfo', 'wptexturize'); ?>

Now it's just a case of enabling the plugin within the plugins menu in siteadmin.

Linux

Build your own Gentoo Live CD/DVD

Always wanted to create your very own Gentoo disc?  Well now you can.  You can have anything you want e.g. a full gnome/kde... desktop environment to a full customised util/rescue disc.  The script that is here, if left will create a "minimal" cd (288Mb) with the latest "stable" kernel.

The script does NOT have any intelligence and is designed to just run, do it's job and exit.

When editing the script for your needs, there are a few things to keep in mind:

1)  Kernel config included is for 3.0.6.  If the kernel is newer, you will be prompted for any new options.
2) Packages you wish to have MUST be defined in the CHROOT script (approx. line 75)
3) The script MUST be run as root.

Build Script

Happy hacking!

Linux

Handy One liners

Diff 2 remote files:
diff <(ssh <user>@<server1> 'cat /path/to/file1') <(ssh <user>@<server2> 'cat /path/to/file2')

If using it in a script you'll need to add a $ like so:
diff <$(ssh <user>@<server1> 'cat /path/to/file1') <$(ssh <user>@<server2> 'cat /path/to/file2')

Video capture your desktop.
ffmpeg -f x11grab -r 25 -s hd1080 -sameq -i :0.0 out.mpg

Convert epoch time in CSV file
for f in `cat | awk -F',' '{print $2}'`; do sed -i "s/"$f"/$(date --date "$f seconds 1 January 1970" +%d-%m-%Y)/" ;done

Linux

RAID1 setup

I decided it was about time I actually setup some redundancy for my data.  Having never done a full backup and only storing the odd chunk of data somewhere on a dvd.  Losing the HDD would be a severe PITA!  I purchased a Startech PEXSAT32 and popped it in.  As my current HDD is SATA and is running under AHCI, the card was picked up out of the box.

Before connecting any drives I ran a quick speed check (3 times) with the onboard SATA controller and got the following results.

# hdparm -tT /dev/sda
/dev/sda:
 Timing cached reads:   10954 MB in  2.00 seconds = 5479.70 MB/sec
 Timing buffered disk reads: 264 MB in  3.01 seconds =  87.64 MB/sec

# hdparm -tT /dev/sda
/dev/sda:
Timing cached reads: 11060 MB in 2.00 seconds = 5533.11 MB/sec
Timing buffered disk reads: 264 MB in 3.01 seconds = 87.71 MB/sec

# hdparm -tT /dev/sda
/dev/sda:
Timing cached reads: 10698 MB in 2.00 seconds = 5351.98 MB/sec
Timing buffered disk reads: 262 MB in 3.02 seconds = 86.71 MB/sec

Fairly poor for a SATAII controller and a SATAII drive!!!

Time to connect the drives...

At the risk of not losing any data and the fact that I just didn't have anything big enough to backup to, I just bought 2 x WD 1TB Eco.  The current drive is SATAII one of these :)

Due to the way the RAID is setup, both drives will be erased upon setup.  This rules out cloning the original drive and building the array. The way I had to do this was to setup the RAID1 and then clone the original drive...FAIL!  The original drive was a few blocks larger than the RAID drives :(
The work around was to mirror the partitions of the original.  This doesn't have to be an exact science, but does have to accommodate the data to be copied.  Once the partitions have been setup (done via a Gentoo minimal CD and fdisk) it was time to start migrating data.

I created 2 directories:
/mnt/master
/mnt/raid

/boot /dev/sda1    100M
swap /dev/sda2    2Gb
/ /dev/sda3    5Gb
/dev/sda4    Extended partition
/var /dev/sda5    10Gb
/usr /dev/sda6    20Gb
/tmp /dev/sda7    10Gb
/root /dev/sda8    1Gb
/home /dev/sda9    870Gb

/dev/sda being the original drive, I mounted the in the following order.

mount /dev/sda3 /mnt/master
mount /dev/sda1 /mnt/master/boot
mount /dev/sda5 /mnt/master/var
mount /dev/sda6 /mnt/master/usr
mount /dev/sda7 /mnt/master/tmp
mount /dev/sda8 /mnt/master/root
mount /dev/sda9 /mnt/master/home

I did the same with the raid drive (/dev/sdb) as above but mounted to /mnt/raid.

I then executed the following to copy the data:

cd /mnt/master
tar cf - . | (cd /mnt/raid; tar xfp -)

This took quite a few hours due to the sheer amount of data.  Although the tar command would be a little slower than say dd.  It does allow me to copy *ALL* files from each partition, including hidden files/folders.

Once that completed, I powered off the machine and removed the original drive.  Powered back up and booted into the Gentoo CD again.  I repeated the procedure and mounted the partitions (except sda1 or /boot).
Next we need to chroot into the drive's installed OS.  cd into /mnt/(where you mounted the / partition).
chroot /mnt/(where you mounted the / partition) /bin/bash
env-update
source /etc/profile

This has now put us into the OS installed on the drive.  As we have only copied the OS files, we need to install grub onto the MBR.  If you ignored me and mounted /dev/sda1 then you will fail and grub will complain!!
type "grub" to enter the grub command line interface.
type "root (hd0,0)"  This will return the format of the file system ie 0x83
type "setup (hd0)"  This will return several lines of "stage" files if successful.

That's it.. job done.  Exit the chroot by typing "exit" and "reboot".

Now... the pros and cons for me for this setup is although I now have the redundancy should a drive die, there is *NO* performance boost at all.  Infact, upgrading to SATAIII only gained me approx 10Mb/s increase.

# hdparm -tT /dev/sda

/dev/sda:
Timing cached reads:   11322 MB in  2.00 seconds = 5664.09 MB/sec
Timing buffered disk reads: 286 MB in  3.00 seconds =  95.26 MB/sec

# hdparm -tT /dev/sda

/dev/sda:
Timing cached reads:   10200 MB in  2.00 seconds = 5102.15 MB/sec
Timing buffered disk reads: 272 MB in  3.00 seconds =  90.56 MB/sec

# hdparm -tT /dev/sda

/dev/sda:
Timing cached reads:   10500 MB in  2.00 seconds = 5252.27 MB/sec
Timing buffered disk reads: 276 MB in  3.02 seconds =  91.33 MB/sec

I found the below info on a forum regarding slow performance, but I also read elsewhere that SATAIII is a complete waste of time with mechanical drives.

fdisk -H 224 -S 56 /dev/sdb

running fdisk with these parameters ensures that every partition you create is aligned to 4KiB boundaries.  I have not run the above command, this is something for me to test when I have time.

Linux

Simple File System Encryption

It's soooo easy to "misplace" your removable drive, so encrypting it is a good way to help protect your data should it be lost :)

In this example, I will be using a USB2 2Gb flash drive.

The first port of call is to ensure you have the DEVICE_MAPPER driver compiled into the kernel.  If you're using a binary distro, this almost certainly is already present.

Device Drivers ->
Multiple devices driver support (RAID and LVM) ->
Device mapper support
Crypt target support

Also ensure you have compiled the required encryption...

Cryptographic API -> (both options below are the default encryption used)
AES cipher algorithms (x86_64)  <---- only available on 64bit OS
AES cipher algorithms (AES-NI)

Now insert your drive then run the following commands:

cryptsetup -y luksFormat /dev/sdX# (whatever your node is)
cryptsetup luksOpen /dev/sdX# <name>  <-- this opens the encrypted device ready for mounting.  The new device will now exist under /dev/mapper/<name>
mke2fs -j -L <name> /dev/mapper/<name>  <-- formats the partition
cryptsetup luksClose /dev/mapper/<name>  <-- unmounts the encryption

You can now unmount the drive and test it by re-inserting it.  Your GUI should prompt you for the passphrase if all has worked ok.

If you need to mount from the cli do the following:

cryptsetup luksOpen /dev/sdX# <name>
mount /dev/mapper/<name> /mnt/usb/

To unmount from the cli do the following:

cryptsetup luksClose /dev/mapper/<name>
umount /dev/mapper/<name>

That's it... simple :)

Linux

Gnome3 Tweaks

1) Removing icons from the System status area

Gnome 3 has a fixed number (well, kinda fixed, because Shell Extensions can be used to create more) of icons in the System Status Area. Some of these icons, like accessibility, may not be useful to you and just taking up space.

You can remove the icons that appear in the System Status Area by editing the file /usr/share/gnome-shell/js/ui/panel.js, and commenting out some of the items that are assigned to the STANDARD_TRAY_ICON_ORDER array.

const STANDARD_TRAY_ICON_ORDER = [/*'a11y',*/ 'display', 'keyboard', 'volume', 'bluetooth', 'network', 'battery'];
const STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION = {
//    'a11y': imports.ui.status.accessibility.ATIndicator,

This is at circa line 36

Be aware that updates to this file will most likely undo any changes you make, so if the icon pops back, just edit the file again.

To make your change "live", press ATL-F2 and type r then press enter.  This will cause the GnomeShell to restart.  This usually doesn't close any running apps, but save any work you have just to be safe.

2) Installing Gnome Shell Extensions

Gnome Shell Extensions provide a number of official enhancements to the Gnome 3 desktop.  You can download and make the extensions for yourself using the following commands.
  1. mkdir ~/temp
  2. cd ~/temp
  3. git clone http://git.gnome.org/browse/gnome-shell-extensions
  4. cd gnome-shell-extensions
  5. git checkout 3.0.0
  6. ./autogen.sh
  7. make && make install
  8. press ALT-F2 and run the command "r" (without the quotes) to restart the Gnome Shell

Step 5 checks out the version of the extensions that works with the current version of the Gnome Shell. You can omit this command to get the latest version of the extensions, but their manifest.json files do mandate a more recent version of the Gnome Shell (like 3.0.1 or 3.0.2).

You can add the --enable-extensions="alternate-tab windowsNavigator auto-move-windows dock user-theme alternative-status-menu gajim" option to step 6 to install the additional extenions. Your luck may vary - my version of Gnome 3 would not load with all the extenions.

For a complete list of the extenions that can be supplied to the --enable-extensions option, see the configure.ac file under the ALL_EXTENSIONS= section.

To check for any errors that may have occured while loading the extenions, press ALT-F2 and run "lg" (without the quotes). This will open a JavaScript console, which has an Errors tab.

3) Manually Tweaking

A powerful gconf style editor is available called dconf-editor.  To access this, press ALT-F2 and type dconf-editor.  Be careful what you tweak, you could prevent the gnome-shell from starting.

Linux

Gnome Terminal

Gnome terminal doesn't like to obey the "normal" locale file.  It uses "/etc/X11/gdm/locale.alias", and therefore usually has the incorrect character encoding.  eg.

instead of:

The way to solve this is to create a symlink to the correct locale.

1) Backup the original file:

mv /etc/X11/gdm/locale.alias /etc/X11/gdm/locale.alias.bak

2) Create the symlink:

ln -s /etc/locale.gen /etc/X11/gdm/locale.alias

It's also worth noting that I only have the following in my file:

en_GB ISO-8859-1
en_GB.UTF-8 UTF-8

 

 

Linux

Swap space.

To quickly add some extra swap do the following (as root):

dd if=/dev/zero of=/extraswap bs=1M count=12288

This will create a 12Gb swapfile in /

chmod 600 /extraswap

This will set the correct permissions on the file.

mkswap /extraswap

This will format the space for use as swap.

swapon -s

This will show what is currently mounted as swap.

If you want this to be a temporary setting just run:

swapon /extraswap

If you want this to be persistent, add this to your /etc/fstab:

/extraswap        none        swap        sw        0 0