Archive for category howtos

HOWTO: Secure File Storage on Windows (TrueCrypt vs EncFS)

TrueCrypt

You will create encrypted file container which is for example 10 GB file which itself contains encrypted file system. You will be able to mount this filesystem as hard drive (assign some letter in My Computer) providing correct password.
Pros: Most secure method.
Cons: It is not salable, and harder to transfer secure file container due to usually large size.
  1. Go to www.truecrypt.org
  2. Go to Downloads->Download latest version
  3. Install it
  4. Open TrueCrypt
  5. Go to Volumes -> Create New Volume
  6. Choose Create an encrypted file container
  7. Choose Standard TrueCrypt Volume
  8. Choose place where encrypted file container will be placed
  9. Choose AES as encryption algorithm, and SHA-512 as hashing algorithm.
  10. Specify size of file container (e.g. 6 GB)
  11. Choose secure password. (IMPORTANT! choose password not less than 12 characters which will contain letters, uppercase letters, digits and special symbols). If you fail to choose strong password your encrypted file will be vulnerable to offline brute force attack.
  12. Choose FAT as a file system and move your mouse for a while for TrueCrypt to collect more entropy for generating cartographic key.
  13. Press Format, wait until it finishes
  14. Now get back to main TrueCrypt screen
  15. Press Select File button and locate file that you have recently created
  16. Press mount
  17. Provide your password
  18. Now go to My Computer and you will see new drive where you can securely store your sensitive files
  19. IMPORTANT! Don’t forget to get back to TrueCrypt screen and press Dismount All button when you don’t need your secure drive anymore, otherwise other people will be able to access it untill computer is turned on.

Repeat steps 15-19 for every day use.

EncFS

It will create folder where it stores encrypted versions of your files. Unlike TrueCrypt which make whole filesystem encryption EncFS encrypts file per file basis, so it don’t have large size even if it’s still empty and it’s easier to port and more effective for syncing(for example with Dropbox).
Pros: Highly portable. Encrypted container scales as you add more files there.
Cons: Have some information leakage like number of files that is stored in there and it is possible to guess approximate size of original filenames. Not so mature software, it is in beta still, because it is port  linux software.
  1. Go to http://members.ferrara.linux.it/freddy77/encfs.html
  2. Download encfs.zip
  3. Go to http://dokan-dev.net/en/download/
  4. Download latest Dokan library
  5. Install Dokan library
  6. Extract encfs.zip
  7. Execute encfsw.exe. Icon in notification bar will appear(near clock)
  8. Click the icon in notification bar -> Choose Open/Create
  9. Select folder where encrypted fill be located
  10. Choose drive letter, check Set paranoia mode and choose secure password. (IMPORTANT! choose password not less than 12 characters which will contain letters, uppercase letters, digits and special symbols). If you fail to choose strong password your encrypted file will be vulnerable to offline brute force attack.
  11. Click on the notification icon again, choose Mount (path of folder that you have specified):
  12. Now go to my computer and you will find new drive where you can store your files securely.
  13. IMPORTANT! Don’t forget to click icon and choose Unmount when you don’t need your secure vault anymore.

Repeat steps 11-13 for every day use.

Also you can add encfsw.exe to list startup programs for more convenience.

No Comments

VirtualBox init.d service autostart script

I’ve just installed started using VirtualBox on my Fedora 11 x86_64 and it works just perfectly. I’ve migrated from VMWare when it figured out that it is unable to work with latest kernel version. So I need to start some virtual machines in the background with system startup. I’ve made a lot of googling and found some dirty scripts that were not meeting my criterias. I’ve decided to write my own system startup service.

You need to create file named vbox in /etc/sysconfig/ to list the virtual machine names that you want to start with system. Also when shutting down this service will save state to all running VMs. Here is the script:

/etc/init.d/vbox

#!/bin/sh
#
# chkconfig: - 91 35
# description: Starts and stops vbox autostart VMs.

### BEGIN INIT INFO
# Provides: vbox
# Required-Start: $network $named $vboxdrv
# Required-Stop: $network $named
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: Autostart some Virtual Box VMs
# Description: Autostart some Virtual Box VMs that are mentioned in /etc/sysconfig/vbox file
### END INIT INFO

. /etc/rc.d/init.d/functions

MANAGE_CMD=VBoxManage

[ -r /etc/sysconfig/vbox ] && . /etc/sysconfig/vbox

prog=$"Virtual Box Machines"

start()
{
	echo -n $"Starting $prog: "
	RETVAL=0

	for vbox_name in ${VBOX_AUTOSTART}
	do
	    SERVS=1
	    echo -n "${vbox_name} "
	    daemon $MANAGE_CMD startvm "${vbox_name}" -type vrdp >/dev/null 2>&1
	    RETVAL=$?
	    [ "$RETVAL" -eq 0 ] || break
	done
	if [ -z "$SERVS" ]; then
	    echo -n "no virtual machines configured "
	    failure
	    RETVAL=6
	else
	    if [ "$RETVAL" -eq 0 ]; then
		success $"vbox startup"
		touch /var/lock/subsys/vbox
	    else
		failure $"vbox start"
	    fi
	fi
	echo
	return "$RETVAL"
}

stop()
{
	echo -n $"Shutting down $prog: "
	for vbox_name in ${VBOX_AUTOSTART}
	do
	    echo -n "${vbox_name} "
	    runuser root -c "$MANAGE_CMD -q controlvm "${vbox_name}" savestate" >/dev/null 2>&1
	done
	RETVAL=$?
	[ "$RETVAL" -eq 0 ] && success $"vbox shutdown" || \
	    failure $"vbox shutdown"
	echo
	[ "$RETVAL" -eq 0 ] && rm -f /var/lock/subsys/vbox
	return "$RETVAL"
}

status()
{
	for vbox_name in ${VBOX_AUTOSTART}
	do
	    echo -n "${vbox_name} "
	    $MANAGE_CMD showvminfo "${vbox_name}"|grep "^State:\s*.*$"
	done
}

case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart|force-reload)
	stop
	start
	;;
  status)
	status
	;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
	exit 3
	;;
esac

:

And here is configuration file:

/etc/sysconfig/vbox

# Virtual box machines to autostart
# Example to start 2 machines
#	VBOX_AUTOSTART = "MachineName1 MachineName2"

# VBOX_AUTOSTART=""

Thats it. If you have any questions do not hesitate to contact me.

, , , ,

18 Comments

SOLVED: Adobe AIR installation problem on Fedora 10 x86_64

Adobe AIR installation fails on Fedora 10 x86_64 without any explanations. It just says:

An error occurred while installing Adobe AIR. Installation may not be allowed by your administrator. Please contact your administrator.

The reason is some missing i386 packages. You just have to run following command:

yum install gtk2-devel.i386 nss.i386 libxml2-devel.i386 libxslt.i386 gnome-keyring.i386 rpm-devel.i386

You may already have some these packages. Don’t worry about that, yum will skip them. After yum finishes, retry installation of AIR, it should work now.

, , , ,

No Comments

Howto delete all .svn folders from SVN working directory

To delete all .svn folders from SVN working directory for releasing folder from SVN just do this simple steps.
Create new file in /usr/local/bin with name svnrm with following content

#!/bin/sh
find . -name .svn -print0 | xargs -0 rm -rf

Save it. From now on you can execute svnrm command in your working directory and it will delete all .svn folders at once.
Have fun!

,

No Comments

Bugfix: Howto turn off gpg-agent usage in Enigmail in Thunderbird

There is some bug in Enigmail v0.95.7 for Thunderbird. If you untick the checkbox “Use gpg-agent for passphrases” in Advanced tab of Advanced settings menu, Thunderbird in anyway will try to use gpg-agent if GPG_AGENT_INFO environment variable is set. The reason is some little bug in Enigmail source code. To fix it, first close Thunderbird, then just open .thunderbird folder in your home directory, search for enigmail.js file. It have to be in extensions folder in one of the random name folders. When you have found the enigmail.js file open it with your favorite text editor and find line number 1368. It have to be this:

useAgent= (this.gpgAgentInfo.envStr.length>0 || this.prefBranch.getBoolPref("useGpgAgent"));

Change the || sign to &&. After change this line have to look like this:

useAgent= (this.gpgAgentInfo.envStr.length>0 && this.prefBranch.getBoolPref("useGpgAgent"));

Save file. Now open Thunderbird and enjoy.

, , , , ,

4 Comments

Howto recursively add unversioned files into SVN repository

Because svn add command does not support recursive addition of unversioned files you can use this little script to do it.
Create new file in /usr/local/bin with name svnadd with following content

#!/bin/sh
svn status | perl -ne 's/^\?\s+(\S.+)$/\1/g;chomp;system("svn add \"$_\"");'

Save it. From now on you can execute svnadd command in your working directory.

,

6 Comments

Howto run Gajim with root privileges

Gajim 0.12.1 says that he can’t run with root privileges. This is new feature that appeared in Fedora 10. In earlier versions it was normaly running under root. Anyway let’s turn off this feature in case that you need to run Gajim under root.

Open /usr/bin/gajim with your favorite text editor, find 24th line and just comment out this part of code:

if test $(id -u) -eq 0; then
echo "You must not launch Gajim as root, it is INSECURE"
exit 1
fi

After commenting it should look like

#if test $(id -u) -eq 0; then
#	echo "You must not launch Gajim as root, it is INSECURE"
#	exit 1
#fi

Save file. Thats it.
Happy chatting :)

, ,

1 Comment

SOLVED: Linux software RAID 5 too slow

In this article I am going to tell about my experience with Linux software RAID.
So I had a ASUS P6T motherboard which has Intel ICH10R raid controller, 3x 1 Tb SATA 2 HDDs and Intel Core i7 920 processor. So I wanted to install Fedora 10 on that machine.
After configuring RAID 5 in the BIOS I booted the Fedora 10 installation DVD to start the installation. BUT! Suddenly I saw that Anaconda see 3 separate hard drives instead of 1 RAID device. After some googleing I figured out that my motherboard don’t have real RAID controller. Instead it is fakeraid controller. It is just software raid which software is located in BIOS. So I decided to use linux software raid, because it is definitely better than the from ASUS.
So installed Fedora 10 with linux software RAID 5 with LUKS encryption. After installation machine started to work very slowly. I thought it so because of the encryption, but after some googleing I understood that the encryption can’t slow down the machine that way. The thing was when you newly create RAID 5 array it needs to build the 3rd hard drive and it take a lot of time. It took from me approximately 4 hours to finish that operation on 1 Tb hard drives. You can check the rebuild status at any time invoking one of the following commands:

# cat /proc/mdstat

or

# mdadm --detail /dev/md0

After rebuild was over and after some tunings (see tuning parameters below) I had ~90 Mb/s write and ~200 Mb/s read.

My tuning parameters was:

echo 32768 > /sys/block/md0/md/stripe_cache_size
blockdev --setra 65536 /dev/md0

, ,

2 Comments

VMWare Workstation 6.5 segfault on Fedora 10 x86_64

VMWare Workdstation 6.5 is causing segmentation fault on Fedora 10 x86_64 when trying to execute it. The message is:

/usr/lib/vmware/bin/launcher.sh: line 231: 13748 Segmentation fault      "$binary" "$@"

To solve the problem you need to do this:

# mv /usr/lib/vmware/modules/binary /usr/lib/vmware/modules/binary.old
# vmware-modconfig --console --install-all

After build is over start VMWare, it should work now.

Taken from http://www.jerrypau.ca/?p=63

,

2 Comments

GDM root login in Fedora 10

To enable logging in with root user on fedora 10 system simply edit file /etc/pam.d/gdm and comment out line:

auth required pam_succeed_if.so user != root quiet

Thats it :)

No Comments