Tuesday, March 15, 2011

Upgrade to 2.6.37 kernel

Upgrading to new kernel version 2.6.37 had brought some problems:
  1. Nvidia drivers on mainpc had to be upgraded and recompiled.
  2. Radeon on serverpc had some firmware for Realtek missing:
Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-2.fw 
     thus there was no video in raw console as well.

However, dealing with them both was pretty easy:




1: Nvidia drivers.
Log in to Console (ALT+CTRL+F1)
$ sudo service gdm3 stop
$ links ftp://download.nvidia.com/XFree86/
choose the latest ones and download. ALT+F - for links menu.
$ sudo nvidia-uninstall
follow the wizards prompts
$ sudo apt-get purge nvidia-*
$ sudo apt-get install gcc g++ linux-headers-`uname -r`
$ sudo dpkg-reconfigure -phigh xserver-xorg 
$ sudo sh NVIDIA-Linux-x86_64-270.30.run 
substitute the version, of course. Follow the prompts and you're done. Reboot if you wish to
$ sudo reboot







2: Realtek/Radeon firmware.
In GRUB menu chose any working previous version of kernel to boot.
Get the required packages:
$ sudo apt-get install realtek-firmware firmware-linux-nonfree
Update your new kernel:
$ sudo update-initramfs -k 2.6.37-<your architecture> -u
And thats it =)

Reboot to your 2.6.37 kernel. All this, I presume, is due to implementation of a mechanism to detect screen resolution and set it for console. Meaning: console has default resolution of 1248x1024 for me. Nice and clean.

Sunday, March 13, 2011

Configuring Samba

After reading the book for a while I've had realized, that I will not be able to 'simply' configure and set up everything in one go even. Most likely I will have to edit, re-edit and probably at some point in time will have to re-write the /etc/samba/smb.conf which I will create now.

Moreover, it came to my attention, that Samba version 4 is in rapid development and, despite the almost complete rewrite of the source code and still being in the Alpha phase since 2005, probably will have been implemented as a standard file&print sharing protocol by the 2012 or so. As much as I would love to participate in the testing and helping the developers by providing maybe useful feedback, I can't locate a more or less comprehensive to me documentation -- I'm not that much of an experienced Linux user. Sad but true.

Onward with configuration. As I have already installed Samba, SSH from Debian repositories, and my yet-to-be-server can be addressed as 'server' from the terminal, I can begin:
$ ssh server@serverpc
Syntax is simple: connect as_user=server at pc=serverpc, which has an 192.168.1.100 IP. Enter user password and voila.

Samba package comes with the default configuration settings file (despite being heavily commented is rather hard to grasp at a quick glance) which I am going to store as a backup and write a new one:
$ cp /etc/samba/smb.conf ~/smb.conf.original
$ sudo echo "" > /etc/samba/smb.conf
Configuration file consists of [sections] which contain all required settings, in case not mentioned there, Samba defaults are assumed, which in turn are usually secure enough. However, they require additional setup anyway.

So all in all:
[global] 
  workgroup = home
  encrypt passwords = yes
  security = user
 Workgroup should be the name of all PCs you have on the network, which already are in a same workgroup.
Encrypt passwords is a default setting, which has a rather long development background and reasons to be here.
Security may be either share, user, domain, ads which are Samba's security modes with different presets.
[share] 
  path = /store/
  read only = Yes
  writable = No
This, and any other section I will add later, has A LOT of possible settings, however, these are the main ones and are self-explanatory. The rest are assumed to be defaults by Samba and are hidden.

For this share to actually exist:
$ mkdir /store
$ chmod 1777 /store 
To check any misspelled words and general consistency:
$ sudo testparm 
Samba's built-in mechanism to self-check. If any errors did occur, output will show so.

Due to the chosen security mode, samba requires a user list who can access the shares.
$ sudo smbpasswd -a $USER
New SMB password:
Retype new SMB password: 

Adds yourself to the smbpasswd program, which controls the user access to the samba-server. All other users from your network should be added as well, by replacing variable $USER with a corresponding username.

To check that everything works:
$ smbclient //serverpc/share 
Enter password: 
Domain=[HOME] OS=[Unix] Server=[Samba 3.5.7] 
smb: \> 
 Type help for list of available commands. ls for example.

Tuesday, March 08, 2011

User account and /etc/hosts setup

Did a bit of reading Samba documentation, turns out it surely will be time-consuming to rewrite /etc/smb.conf from scratch, so, probably will do that tomorrow.
As for now: have to set up a user with all the required privileges and permissions.

4: Adding new user account is pretty straightforward:
$ sudo adduser server --group=root --system
However, I've been thinking about adding a simple user account with no privileges, alas that would be pointless, as nearly all features require root privileges. Editing /etc/sudoers does the trick, if a non-root account already exists:
$ sudo echo "user ALL=(ALL:ALL) ALL" >> /etc/sudoers
 5: /etc/hosts
The file is designed to be human readable and contains a list of keywords with values that provide various types of resolver information. Values being IP addresses and keys - domain names.
So by adding  
192.168.1.100 server
on main PC and
192.168.1.101 mainpc 
on the server PC, system now substitutes http://server/ with an appropriate IP addresses. Useful and prevents some typos indeed.

UFW (Uncomplicated Firewall) setup

UFW seems to be the best choice for a CL controlled firewall. iptables seem too complicated to me and Firestarter is designed for GTK, which is not installed, and, probably never will be.
So far the plans are:
  1. Install and configure UFW
  2. Install and configure SSH
  3. Install Samba, Transmission
  4. Create a user account which will host all required services and will be used to ssh to and to control things
  5. Configure /etc/hosts to speed up things a bit
  6. Write up the /etc/samba/smb.conf  

Have disabled the root account:
$ sudo passwd -l root
1: Install and configure UFW 
$ sudo apt-get install ufw
$ sudo ufw allow proto tcp from 192.168.1.101 to any port 22
Allows TCP connection to port 22/ssh from my MainPC (192.168.1.101)
$ sudo ufw deny
Disables all other connections Inbound or Outbound.
$ sudo ufw enable
Enables the firewall and adds to startup script.

2: Install and configure SSH on both PCs
$ sudo apt-get install ssh
Surprisingly enough it did not have to be configured. Security out of the box setup is questionable however.

3:  Install Samba, Transmission
$ sudo apt-get install samba samba-common smbclient samba-doc swat transmission-cli transmission-daemon transmission-common

Steps 4,5 and 6 require further reading, so will edit this later.
Did a bit of googling and came up with several guides, which might help me sort things out.

I'll be using Samba instead of NFS as I use Win7 on dual boot and when someone visits me their notebooks usually have Win OS too.

As soon as I get firewall set up I am planning on installing SSH for obvious reasons,Transmission to use its Web Interface and probably something to cache Internet radio stations I usually listen to.

I fear transmission will bring a lot of pain due to folder/samba permissions and other possible security precautions. Will have to deal with it later today, as for now - back to reading.

Monday, March 07, 2011

So, I guess this will be just a test post, to see if I've set up everything right and if it "working as intended (c) BlizzGMs".

So for now my current PCs specs are as follows:

Main PC:
  • Motherboard: ASUS M2N-SLI Delux on nForce4 chipset
  • RAM: 800MHz Kingston 2x512MB
  • HDD: 3 (160, 160 320 GB) drives Seagate 7200rpm
  • CPU: AMD Athlon X2 4400+
  • GFX: Nvidia GeForce 8800GT

One I managed to put together:
  • Motherboard: Probably ASUS, with on a Intel 82945G chipset
  • RAM: 2x1GB Acer @ donno freq
  • HDD: 420GB Samsung 7200rpm
  • CPU: Intel Core2duo 2140 @ 1.60GHz
  • GFX: ATI Radeon HD2400pro
 Both they are connected to a LynkSys Cisco WRT54GCv3 router, which in turn is connected to my ISP's cable.

By this time I'm not too sober to add anything more or less comprehensive at this point, I'll  do so tomorrow. Obviously I have a to set up a firewall and a bulletproof user account for the new PC as the
netstat --protocol=inet -pn
gives out quite disturbing info about four foreign IPs connected to port 22:ssh.

Whatever. Will have to wait till tomorrow.