ejes consulting

Techincal Consulting Design and Automation

Posts Tagged ‘tutorial

Raw, Encrypted Tunnel with OpenSSL and NetCat

leave a comment »

I use netcat on my local network to transfer files very quickly without the overhead of a more complex protocol.

Just for those who don’t; here’s how:

on my home server, i transfer “myfile” on port “1024” to the computer named “MacBook”

root@homeserver:~# nc MacBook 1024 < myfile

and on my mac, i receive “myfile”, listening on port 1024

MacBook:~ ejes$ nc -l 1024 >myfile

this works, and is fairly quick.  if you need some validation that the file received is the original file, you can use md5 on Mac, and most BSDs;

MacBook:~ ejes$ md5 myfile
 MD5 (myfile) = 47f7f451e2e6d462a35a3d88b594e283

and md5sum on Linux.

root@homeserver:~# md5sum myfile
 47f7f451e2e6d462a35a3d88b594e283  myfile

Sometimes, however, I need to send a file, quickly, ad-hoc across the big ol’ scary internet.  this means that i’m sending “private” information across a “public” network.  I hate doing that, because anything on the the internet is subject to snooping.

What can we do?  Encrypt our transfer.  Thankfully, OpenSSL has the ability to help us do that.

So, to repeat the same transfer as above, but encrypted.  We setup our “listener first”, I’m listening on my mac, but the same command line would work in most BSD flavors:

MacBook:~ ejes$ nc -l 1024 | openssl enc -d -aes-256-cbc -out myfile
 enter aes-256-cbc decryption password:

and on the sending machine you need to use:

root@homeserver:~# openssl enc -e -aes-256-cbc -in built | nc MacBook 1024
 enter aes-256-cbc encryption password:
 Verifying - enter aes-256-cbc encryption password:

Of course OpenSSL supports plenty other encryption methods than aes-256, so feel free to explore. list-cipher-commands should help.

root@homeserver:~# openssl list-cipher-commands
aes-128-cbc
aes-128-ecb
aes-192-cbc
aes-192-ecb
aes-256-cbc
aes-256-ecb
base64
bf
bf-cbc
bf-cfb
bf-ecb
bf-ofb
camellia-128-cbc
camellia-128-ecb
camellia-192-cbc
camellia-192-ecb
camellia-256-cbc
camellia-256-ecb
cast
cast-cbc
cast5-cbc
cast5-cfb
cast5-ecb
cast5-ofb
des
des-cbc
des-cfb
des-ecb
des-ede
des-ede-cbc
des-ede-cfb
des-ede-ofb
des-ede3
des-ede3-cbc
des-ede3-cfb
des-ede3-ofb
des-ofb
des3
desx
rc2
rc2-40-cbc
rc2-64-cbc
rc2-cbc
rc2-cfb
rc2-ecb
rc2-ofb
rc4
rc4-40
seed
seed-cbc
seed-cfb
seed-ecb
seed-ofb
zlib
Advertisements

Written by ejes

May 1, 2013 at 9:12 pm

Back from the Dead – Fixing Drives in Linux

with 2 comments

So as you all know I lost my NAS due to some disk errors. 

Sadly, it was actually my flash adapter card (http://www.dealextreme.com/details.dx/sku.711) failed and this caused my FreeNAS to fail.

After much debugging – since this solid state drive seemed like a power supply failing: power turns off a couple seconds after being turned on, turning it on sometimes would do nothing until you unplugged the power supply then plug it back in.  (http://hubpages.com/hub/How-to-Tell-When-Computer-Power-Supply-Is-Failing)

Anyway, after figuring it out, I put in an old unlocked X Box hard disk (15 Gb) and that’s now my boot drive.  I used the newest version of FreeNAS which allows for a “full install” on a hard disk. (simply boot it up, and use the console menu to install)

Now that I’ve got my FreeNAS server up again, I still have a broken 500Gb drive to fix.

I took the 500Gb drive out and put it in my Ubuntu Linux lab server.  I usually use this machine for any experiments that I’m doing and for virtual machines.

Canada computers and a few others have some pretty good deals on 1Tb drives right now.   (I got mine for $90.00. http://www.canadacomputers.com/index.php?do=ShowProduct&cmd=pd&pid=024109&cid=HDD.443.877)  So this is a good time to upgrade my drive.

I put it into my lab server, and dd’ed the drive to make a complete copy onto my new 1Tb drive. 

Now I have a whole bitwise copy of my drive, now the fun part.

I don’t know UFS as well as I know FAT or EXT, so I was hoping to find a utility to help me with the restoration of this drive.

A quick google found me a utility called “testdisk”, (http://www.cgsecurity.org/wiki/TestDisk) and since I have a bitwise copy of my drive, I thought let’s give it a try.

Ran it,  it took literally 1 hour to analyze the drive.  It was so slow that I almost gave up.  However, beer and a night of Simpsons let me relax and let it do its work.

I wish I’d taken screen shots for you, but I was thrilled to find out that it actually worked. 

It recognized the UFS filesystem, GFI partition and all.  It rewrote the partition table, and dropped me to a command prompt.

I installed “ufsutils” with apt-get install, and ran fsck.ufs on it.  fsck did it usual “i found xxx fix?” and the drive was repaired.

I copied the data from the old 500Gb to the new 1Tb, and installed the new 1Tb drive into my FreeNAS server, added the drive, and ta-da it worked.

Back in business.

Now, the new version of FreeNAS has some neat new features that I discovered, the least of which is “/etc/rc.d/transmission blocklist-update” – which makes my old tutorial redundant, and I’ll write an update about that sometime soon :)

This week I’m going to reconfigure it – and I’ll probably write a little tutorial for you all who are interested.

In the meantime, I got my NAS back – and my movies.

Written by ejes

October 5, 2009 at 11:06 am

Tutorial: cvs server on FreeNAS

with one comment

First, when I started to research if “cvs” would work on my FreeNAS I found a whole lot of links to cvsd… but I recall using cvs over ssh for many many projects. Couldn’t I run just cvs over ssh?

Yes You Can!!! And this makes cvs on FreeNAS easier than ever. Not much modification is required, and I am very happy to report that I’ve got mine working very well.

So let’s get into it shall we?

In order to get cvs working, we need the cvs binary. FreeNAS is a FreeBSD core underneath the covers. There are many many releases of FreeBSD so we should find out what release we have. We can do this by running uname on the command prompt of your FreeNAS.

Mine says:

nas:/mnt/default# uname -a

FreeBSD nas.ejes.gotdns.org 6.4-RELEASE-p3 FreeBSD 6.4-RELEASE-p3 #0: Sat Apr 18 22:17:59 UTC 2009     root@vmbsd64i386:/usr/obj/freenas/usr/src/sys/FREENAS-i386  i386
nas:/mnt/default#

Now that I have the release number, I can simply browse the FreeBSD repository at ftp://ftp.freebsd.org (the 6.4 release is ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.4-RELEASE/6.4-RELEASE/packages/All/), and following the directory tree you can find most any other release.

Simply download the “cvs” binary cvs+ipv6-1.11.17_1.tbz (ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.4-RELEASE/6.4-RELEASE/packages/All/cvs+ipv6-1.11.17_1.tbz)

I used fetch on my system:

nas:/mnt/default# fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.4-RELEASE/6.4-RELEASE/packages/All/cvs+ipv6-1.11.17_1.tbz cvs+ipv6-1.11.17_1.tbz
                        100% of  442 kB  266 kBps

Then, in the GUI, I added a group called “cvs”, I gave it the group id 2401 because port 2401 was the cvs server port (and I may want to use pserver one day).

The Group I used for my cvs

The Group I used for my cvs

I added a new user _cvs with the userid of 2401 (for the same reason my group is 2401), his home directory will be my cvs root directory. add user _cvs (id 2401), his home directory is where my cvs root will be as well i put mine in /mnt/default/cvs.

the user _cvs for myself

the user _cvs for myself

Thankfully a tbz file means a tar bzipped file. So we can use tar to extract the package from freeBSD i want all my cvs stuff in one place so i’m going to extract it to my /mnt/default/cvs/tmp directory.

nas:/mnt/default/cvs/tmp# tar -vxzf cvs+ipv6-1.11.17_1.tbz
x +CONTENTS
x +COMMENT
x +DESC
x +MTREE_DIRS
x man/man1/cvs.1.gz
x man/man5/cvs.5.gz
x man/man8/cvsbug.8.gz
x bin/cvs
x bin/cvsbug
x bin/rcs2log
x share/cvs/contrib/README
x share/cvs/contrib/check_cvs
x share/cvs/contrib/clmerge
x share/cvs/contrib/cln_hist
x share/cvs/contrib/commit_prep
x share/cvs/contrib/cvs2vendor
x share/cvs/contrib/cvs_acls
x share/cvs/contrib/cvscheck
x share/cvs/contrib/cvscheck.man
x share/cvs/contrib/debug_check_log
x share/cvs/contrib/intro.doc
x share/cvs/contrib/log
x share/cvs/contrib/log_accum
x share/cvs/contrib/mfpipe
x share/cvs/contrib/pvcs2rcs
x share/cvs/contrib/rcs-to-cvs
x share/cvs/contrib/rcs2log
x share/cvs/contrib/rcslock
x share/cvs/contrib/sccs2rcs
x info/cvs.info
x info/cvs.info-1
x info/cvs.info-10
x info/cvs.info-2
x info/cvs.info-3
x info/cvs.info-4
x info/cvs.info-5
x info/cvs.info-6
x info/cvs.info-7
x info/cvs.info-8
x info/cvs.info-9
x info/cvsclient.info
x info/cvsclient.info-1
x info/cvsclient.info-2
x info/cvsclient.info-3
nas:/mnt/default/cvs/tmp#
The only binary we really need in that entire mess is the actual “cvs” binary. Let’s copy it to /mnt/default/cvs/bin.
Once I’ve done that, I can symbolically link the cvs binary to a better place in your path, i put it in /bin. /bin/ln -sf /mnt/default/cvs/bin/cvs /bin/cvs
Since I want this to happen each time after boot, I put it in the System|Advanced|Command scripts section of the FreeNAS GUI.
symlink cvs to /bin
While I’m there I should fix the permissions of /tmp so that everyone can write in it. chmod a+rwx /tmp works nicely.
repermission /tmp
Don’t forget to run them post-init (and run it too).

Go back and “Give full shell access to user.” to the _cvs user and log-in or “su _cvs” to become him.

Now we have to initialize the cvs root directory; mine is /mnt/default/cvs/root. Run cvs init, and we’re off.

nas:/mnt/default/cvs/tmp# su _cvs
%cvs -d ~/root init
%exit
nas:/mnt/default# chown -R _cvs:cvs cvs
nas:/mnt/default#

Everything should be functional, all we need to do now is add anyone we want to be able to access cvs, to the “cvs” group. I added “user” as a test.

On my OpenBSD terminal I setup a simple cvs system

$ CVS_RSH=ssh cvs -d:ext:_cvs@nas:/mnt/default/cvs/root checkout .

works! GREAT!! Add my user to the “cvs” group, remove “shell” access from _cvs done!

My Remote users have to set these settings:

CVS_RSH=ssh

CVSROOT=:ext:user@host:/mnt/default/cvs/root

CVSEDITOR=nano

Now I can import directories using: cvs import -m “comment” module_name committer start

Check them out on another machine using: cvs checkout module_name

Add files or directories: cvs add “file/directory”

And Commit my changes once they’re made: cvs commit

For example:

nas:/mnt/default# ssh user@192.168.0.2
user@192.168.0.2's password:
Last login: Tue Aug  4 16:46:50 2009 from 192.168.0.3
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
$ CVS_RSH=ssh; export CVS_RSH
$ CVSROOT=:ext:user@192.168.0.3:/mnt/default/cvs/root; export CVSROOT
$ CVSEDITOR=nano;export CVSEDITOR=nano
$ mkdir src
$ cd src
$ mkdir testing
$ cd testing
$ touch a file
$ ls
a    file
$ cvs import -m "testing" test ejes start
user@192.168.0.3's password:
N test/a
N test/file
No conflicts created by this import
$ mkdir new
$ cvs add n
$ touch new/more
$ cd ..
$ ls
testing
$ rm -rf testing/
$ cvs checkout test
user@192.168.0.3's password:
cvs checkout: Updating test
U test/a
U test/file
$ cd test
$ mkdir new
$ touch new/more
$ cvs add new
user@192.168.0.3's password:
? new/more
Directory /mnt/default/cvs/root/test/new added to the repository
$ cvs add new/more
user@192.168.0.3's password:
cvs add: scheduling file `new/more' for addition
cvs add: use 'cvs commit' to add this file permanently
$ cvs commit
cvs commit: Examining .
cvs commit: Examining new
user@192.168.0.3's password:
RCS file: /mnt/default/cvs/root/test/new/more,v
done
Checking in new/more;
/mnt/default/cvs/root/test/new/more,v  <--  more
initial revision: 1.1
done
$

Written by ejes

August 4, 2009 at 5:44 pm

Tutorial: Bittorrents in FreeNAS

with 40 comments

As you might notice, I have been playing around with FreeNAS a lot lately.

Among the many features that I enjoy in the FreeNAS project, one of my very favorite ones is the Bittorrent Server that it has built in.

Really it’s just a verion of Transmission bittorrent web client which I remember from Mac OS.  (http://www.transmissionbt.com/) but running in WebGUI mode (by default on your freeNAS server on port 9091 http://freenas:9091 or similar)

The features that I want specifically is the blocklist feature, which allows you to download a list of blocked ips from known malware locations or otherwise malicious sites, and the ability to encrypt my traffic so that my ISP cannot detect my bittorrent traffic.

So let’s get started:

Step 1:  Let’s open our firewall to let incomming bittorrent connections through.  This will help the speed of my bittorrent client dramatically.  In order to trick my ISP from throttling my connections, I’ll be trying to get bittorrent to look like a VPN.  This is accomplished by allowing only encrypted peers and setting the bittorrent traffic to well known VPN TCP port 1723.  On the firewall I only need to forward the VPN traffic port TCP/1723 on all WAN connections to my FreeNAS server on the same port.

Step 2: Under System| Advanced | rc.conf tab in the FreeNAS webGUI;  add two variables: transmission_blocklist=YES, and transmission_noblocklist=NO.

Step 3: Under Services | Bittorret; set the incomming port the 1723 (the VPN port I set earlier on my firewall), Disable UPNP, and enable Encryption.  Then Save and Restart the service.

Step 4: Download the blocklistdl script from my script repo (https://ejesconsulting.wordpress.com/blocklistdl/).  Its actually the same as the script from (http://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=60&t=519&start=40).  Place the script in a conveniant directory.  I put mine in my transmission home directory in a subdirectory called “bin”.  I changed the attributes to executable, and owned by “transmission:staff”; the user and group that bittorrent runs as.

Step 5: Add a cron job to the System | Advanced | Cron tab of the FreeNAS Web Gui to run the script at a predetermined time.  I set min to run every Sunday night at midnight.

Step 6: While in the cron tab, I added a few timed download limits so that while I’m asleep or not home the bittorrent client can take 100% of the network bandwith, but while I’m expected to be at home it would reduce it’s available downloads to a fraction of my maximum bandwitdth.

The command is “/usr/local/bin/transmission-remote –no-uplimit –no-downlimit –auth admin:xxxxxxxx” to unlimit and “/usr/local/bin/transmission-remote –uplimit 20 –downlimit 20 –auth admin:xxxxxxxx” to limit to 20Kbps and 20Kbps upload and download while I’m home – please modify these parameters as you see fit.

As always, if you find this useful or need more info I’d be happy to help.

Written by ejes

July 20, 2009 at 10:00 am

Updated Screenshots for MediaWiki Tutorial

leave a comment »

Sorry for the delay, but I deleted the original ones that I’d done.

Written by ejes

July 13, 2009 at 8:51 am

Posted in Tutorials

Tagged with , ,

Tutorial: iPhone Ringtones for Free!

with one comment

 The iPhone is the ultimate handheld platform, it’s very well designed (like most Apple hardware and software) and has a vast list of features.
One of which is Ringtones.

I’ve seen literally hundreds of sites advertising their rss feed, podcast, or immediately downloadable ringtones for your iPhone.

I also found a few sites (for example: http://theappleblog.com/2008/08/07/free-custom-iphone-ringtones-using-only-itunes/) on how to create ringtones.  (amazing tutorial by the way, works like a dream)

But what if you don’t have the song in your library?  I like having video game music as my ringtone, especially obscure ones like “Mario Kart Wii – Star Man”

So, what I did is found a copy of Mario Kart Wii – Star Man in MP3 format.  (http://www.vgmusic.com)

After downloading it, I could just import it into my iTunes library, convert it, and insert it on my iPhone like the tutorial suggests.

But, I’m difficult.  I don’t want to mess up my library, and I wanted a slightly lighter process than the one listed.

I also wanted to be able to do it on ANY operating system, for free and with no legal ramifications.

My favorite tool (lately) for converting media formats is VLC.  (http://www.videolan.org/)

Other than being able to play any format known to man (and some that aren’t), VLC can convert from one format to another.  It’s interface isn’t very good, but it’s workable for our process.

So, now i have an mp3; it’s shorter than 30 seconds which is the maximum length the iPhone accepts for a ringtone, so I can use this one out of the box.  If it WERE larger than 30 seconds I would probably trim it using “SoX” (Sound eXchange) (http://sox.sourceforge.net/)

Now load up VLC.

Select “Media -> Convert / Save”.

Now, the tricky part. 

On the “Encapsulation” tab select MP4.  Set up a “File” while you’re here.

VLC transcode options (m4r) screenshot 1

VLC Encapsulation Options

 

 Then select the “Audio codec” tab, and enable it.  Set the Codec to “MPEG 4 Audio (AAC)“.  Ensure the bitrate is 128 kb/s and the 2 channels.

VLC

VLC Audio Codec Options

 

That’s it.  Press Save.

Change the extension to “.m4r”, and import it into iTunes, sync it with your iPhone and select your new Ringtone from the Settings screen.

For the lazy, I wrote a batch file that should do this for you:

https://ejesconsulting.wordpress.com/scripts/mp3-to-m4r-bat/

Written by ejes

June 8, 2009 at 1:44 pm

Posted in Tutorials

Tagged with , , , , , , ,