Welcome to WordPress.com! This is your very first post. Click the Edit link to modify or delete it, or start a new post. If you like, use this post to tell readers why you started this blog and what you plan to do with it.
Happy blogging!
Installation steps: 1, landing putty or similar SSH tools; If you see the following interface: Web Host Manager
Install additional components (Note: Install the following components must in lnmp0.9 installation directory, that lnmp compression unpack cd lnmp0.9 / directory!, If you can not find do find /-name eaccelerator.sh find.) Upgrade program Upgrade Nginx version, execute the following command: / upgrade_nginx.sh prompted nginx version number, such as 1.0.10, version number can from http://nginx.org/en/download.html get the. (Note: the upgrade process, MySQL, PHP-FPM will be suspended.) State management LNMP state management: / root / lnmp {start | stop | reload | restart | the kill | status} The related graphics interface program phpinfo: http:// previously entered domain name or IP / phpinfo.php LNMP related directory nginx: / usr / local / nginx LNMP configuration file Nginx main configuration file |
etc / init.d / nginx {start | stop | reload | restart}apt-get updateapt-get upgradeapt-get install wget makeapt-get install python-software-propertiesadd-apt-repository ppa:nginx/stableapt-get updateapt-get install nginxapt-get install php5 php5-cgi php5-sqlite php5-tidy php5-xmlrpc php5-xs php5-devnano /etc/init.d/php-fastcgiThings you may want to change:
Now save the file (usualy by pressing CTRL+O) and exit nano. We now have to make this file executable:
chmod +x /etc/init.d/php-fastcgi
Now start the script:
/etc/init.d/php-fastcgi start
Now we have enable PHP in nginx. First open the config file:
nano /etc/nginx/sites-available/default
Now make the following changes:
Your config file should now look like this:
Don’t forget to read the file to make shure everything is set up right.
Now restart nginx:
/etc/init.d/nginx restart
Now it´s time to create a test script:
nano /usr/share/nginx/www/test.php
Inside, insert the following:
<?php phpinfo() ?>
And save the file. Now go to your-site.com/test.php in your web browser. You should see a page with your PHP configuration information. We are now ready to install MySQL!
4. MySQL
Type:
apt-get install mysql-server mysql-client php5-mysql
And follow the instructions that appear on-screen. Now restart the PHP server:
/etc/init.d/php-fastcgi restart
Now it´s time to install phpMyAdmin
5. phpMyAdmin
phpMyAdmin is a browser-based MySQL database manager writen in PHP. First let´s install it:
apt-get install phpmyadmin
If the installer asks you what HTTP server to configure for, press enter without answering.
Now we have to be able to access phpMyAdmin through phpmyadmin.your-site.com. First create a new config file:
nano /etc/nginx/sites-available/phpmyadmin
And inside insert the following (don´t forget the right-click method):
Change your-site.com on line 9 to your domain name. Don´t forget to set up the DNS record!!!
Now we have to enable this configuration using the following command:
ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/phpmyadmin
Now restart nginx and your done. Go to phpmyadmin.your-site.com in your web-browser and login with the username and password you specified in the MySQL installer (not the phpMyAdmin one).
6. Email server
Now it´s time to set up a Mail Transport Agent (MTA), in this case, Postfix; and a POP3/IMAP server, Dovecot, so we can read the mail. (Note: If your planning to use Google Apps for email, or not use your own email at all, you can skip this step.
First let´s install Postfix:
apt-get install postfix postfix-tls libsasl2-2 sasl2-bin libsasl2-modules popa3d
Follow the insructions on-screen until the installation completes. We´ll configure Postfix later. Now let´s install Dovecot:
apt-get install dovecot-imapd dovecot-pop3d dovecot-common
Open the config file:
nano /etc/dovecot/dovecot.conf
Find the following settings (using the CTRL+W function) and make shure they are set as below (uncomment if necesary):
protocols = imap pop3
ssl = no
mail_location = mbox:~/mail:INBOX=/var/mail/%u
pop3_uidl_format = %08Xu%08Xv
disable_plaintext_auth = no
Now replace this:
auth default {
With this:
auth default2 {
And just before that line add:
Now enter the Postfix config file:
nano /etc/postfix/main.cf
And insert at the end:
Replacing your-site.com with your domain name.
Now add a new user to recieve and send email (If new user is joe then email address will be joe@your-site.com. Create as many users as you want):
adduser username
Now restart all components of the mail server:
Now you can access your email through your email client, or through any webmail package. I recomend Roundcube webmail, since it is easy to set up and use, stylish and works great with nginx!
7. FTP server
I use vsftpd (Very Secure File Transfer Protocol Daemon) beacause it´s lightning fast and very easy to set up. First let´s install it:
apt-get install vsftpd
Now let´s edit the config file:
nano /etc/vsftpd.conf
Replace the entire contents with:
Things to change:
Now restart vsftpd:
restart vsftpd
You can now login to your server using FTP (using the user account you created before. Root logins will not work.)
8. Webmin
Webmin is a server control panel similar to cPanel and Plesk, but it is free. First get the download path for the latest .tar.gz version here. Then download and install it on your server:
After setup is complete go to your-site.com:10000 and login with the username and password you specified during the installation.
9.Things to set-up before continuing
Now is a good time to do certain tasks that should be performed.
First, I recommend, as a security precaution, to change the SSH port using Webmin (Servers > SSH server > Networking). Don´t forget to click apply changes after changing the port number, or to update the port number in the PuTTY configuration window.
We also have to add the user you use to make FTP connections to the www-data group, so that there isn´t any permission errors when we install WordPress. First go to System > Users and Groups and select the user account you use to make your FTP connections. Go to the Group membership section and set Primary Group to www-data. Now go to Secondary groups and add the group with the same name as the user account. Also add the sudo group if you want this user account to be able to use the sudo command. Now set Change group ID on files? to All files.
Settings should look like this Now click save. Do this to all user accounts you use to upload files via FTP. So now nginx has group access to your users files (In other words, permission 774 means full permissions for owner, full permissions for nginx (and therefore WordPress, etc…) and read permissions for everybody else. We do this so the server can modify files when we use things like WordPress. Now go to the SSH terminal and type:
chown -R username /usr/share/nginx/www
Replacing username with the user you´ve just added to the www-data group.
We`re now ready to set up Memcached
10. Memcached
Memcached is a general-purpose distributed memory caching system. It is very easy to install. Just type:
apt-get install memcached php5-memcached
And you´re done! Instructions on how to integrate it into WordPress here.
11. EAccelerator
EAccelerator is a caching extension for PHP that stores PHP scripts in their compiled state in shared memory.
First, we need to download the latest version of EAccelerator:
wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
Now let´s compile and install it:
Now we have to enable it in the php.ini file. Open the php.ini file:
nano /etc/php5/cgi/php.ini
And insert this just after (PHP)
Now restart PHP:
/etc/init.d/php-fastcgi restart
Now we´ll enable the EAccelerator control panel:
Now find the $user and $pw settings and change them to a username and password.
12. And finally… WordPress
We are now ready to install WordPress. First we´ll configure nginx so pretty permalinks work. Open the config file:
nano /etc/nginx/sites-available/default
Now find:
And just after that (before the }) add:
This will enable pretty permalinks. While we´re here we might as well block access to the wp-config.php file. Just before:
location /doc {
Add:
And also block access to the .htaccess files that come with some WordPress plugins (while we´re on the subject, .htaccess files don´t work with nginx, instead you use location blocks in the config file, as you´ve probably already figured out). Uncomment the following lines:
Now restart nginx:
/etc/init.d/nginx restart
Now we´re ready to install WordPress. Make shure you are logged in using the user account you added to the www-data group in step 9 (following this procedure wil install it in the root of your site):
Now login to phpMyAdmin, click on the permisions tab and create a new user account and database for WordPress. Then go to your-site.com/wp-admin/install.php and complete WordPress´famous 5-minute install.
After installing go to SSH and type
chmod 640 /usr/share/nginx/www/wp-config.php
And you´re done! By following this tutorial you have (hopefully) gone from a blank box to a sophisticatedly set-up VPS capable of handling almost anything. I hope that this tutorial is both accurate and easy to understand. If you have any problems please leave a comment below.
Looking for a list of working proxies? See http://about.piratereverse.info/proxy/list.html – updated daily!
This article will be explaining how to set up your own pirate bay proxy, as some ISPs in the UK have been ordered to block it by the High Court. In addition to this we will also be explaining how it is a good and low cost investment with a great outcome – we must fight censorship, we cannot let this continue.
For most of the article we’ll be using a web server called nginx. It has been tested on Red Hat based and Debian based distributions but it works on pretty much all UNIX-based systems. Your server should not have anything else running on port 80 though, and of course it needs sufficient bandwidth. Don’t use a precompiled binary from your distributions repos though as it will not have all the required modules. You can get good value VPS servers for next to nothing these days that will be more than capable of running it, ours costs less than £5 per month.
There is also a PHP script that proxies The Pirate Bay that has been designed specifically for this, and can be used on web hosting packages (i.e. does not require a server dedicated to it). If you are planning on doing this, make sure you aren’t violating any terms of service that your provider has.
These guides were created in the spirit of The Hydra Bay. In ancient Greek mythology, the Hydra was a serpent that possessed many heads. Herakles was sent to destroy it as one of his twelve labours, but for each of the heads that he decapitated, two more grew. In a sense this is what we are trying to achive; ISPs block The Pirate Bay, and many more proxies appear.
We have preconfigured nginx for Windows into a Pirate Bay proxy. Just download it, run start.bat and configure your router and you have a fully functional proxy that you can share.
Download v1.0 based on nginx/1.2.0
This will only work if your ISP has not blocked The Pirate Bay, if they have then your proxy will be serving their block page rather than the actual Pirate Bay site. If your ISP has blocked it and you need to access The Pirate Bay, use https://piratereverse.info instead, or check out this list of proxies.
Once the software is running you will need to forward port 80 on your router or firewall to the IP of the computer with nginx. This guide about Apache will help as it uses the same port. You will also need to open nginx.conf in the conf directory and change where it says 127.0.0.1 to your external IP address or hostname. If you don’t have a static IP address, use a service like no-ip.com to get a free hostname and dynamic DNS.
1. Once you’ve got your server set up and online you’ll want to get nginx installed. Install the dependencies first, this is for a Red Hat based system.
If you’re using a Debian based operating system you should use this.
2. Download the source. Latest version is 1.2.0 as of 04/05/2012.
3. Download the substitutions4nginx source using subversion.
4. Extract the source.
5. Get ready to compile by configuring. Leave out –with-http_ssl_module if you aren’t planning on using SSL. Change the path of the substitutions4nginx-read-only directory to where you’ve downloaded it to. If you haven’t changed the path and are logged in as root it’ll probably be /root/substitutions4nginx-read-only/
6. Compile it. It’ll be installed to /usr/local/nginx/ by default.
7. Test nginx is working by starting it then typing in your server IP in your web browser. You should see the “Welcome to nginx!” message.
8. If its working, we’ll stop it so we can configure it. If you can’t connect to it, make sure there isn’t a firewall blocking it. For testing, see this shell script. You should configure iptables properly later but its not something in the scope of this article, instead see here.
9. Rename the default config file so we’ve got a copy just in case something isn’t quite right.
10. Download this non-SSL config and open it. Have a look at it here online first if you’re unsure.
If you are using SSL, download this config and open it. Have a look at it here online first if you’re unsure. This is for SSL.
11. If you aren’t using SSL the only thing you should consider changing is the subs_filters, or you can remove them. They perform a find and replace. If you are using SSL change the paths of the SSL certificates as appropriate and edit the server_name so it is relevant.
12. Make the cache directory. By caching we’ll be taking the stress off The Pirate Bay’s servers and speeding up delivery of our site. If you changed the cache path above then make sure its the same here too.
13. Test your config works by starting nginx. If there isn’t any output then its started. If you get [emerg] errors, something needs changing. Usually the output will point you in the right direction. If you can’t figure it out, try searching the internet as there are a lot of resources – otherwise email with as much detail as possible.
14. If it works, try it out. You’ve completed it. We recommend installing Webmin too, so you can see the error logs in the browser and manage the server with ease. If you are hosting this as a public proxy then see this section on contacting us as we are maintaining a list of known proxies.
One of the advantages with nginx is that it works on a Mac too. This guide will explain how to configure it. You’ll need to have Xcode installed, but that is free from Apple.
1. Configure the dependencies by going to the Terminal (Applications > Utilities) and paste in the following. If it does not work, paste it in each line at a time (note that the long URL on the first line wraps over onto the second, but it should be treated as a single line).
2. Download nginx source and untar it.
3. Download the substitutions4nginx source using subversion.
4. Get ready to compile by configuring. Leave out –with-http_ssl_module if you aren’t planning on using SSL. Change the path of the substitutions4nginx-read-only directory to where you’ve downloaded it to.
5. Compile it. It’ll be installed to /usr/local/sbin/ by default.
6. Test nginx is working by starting it then typing in your server IP in your web browser. You should see the “Welcome to nginx!” message.
7. If its working, we’ll stop it so we can configure it. If there are any problems, try installing it again using this guide but make sure you include the “–add-module=/path/to/substitutions4nginx-read-only” parameter to ./compile
8. Rename the default config file so we’ve got a copy just in case something isn’t quite right.
9. Download this non-SSL config and open it. Have a look at it here online first if you’re unsure.
If you are using SSL, download this config and open it. Have a look at it here online first if you’re unsure. This is for SSL.
10. If you aren’t using SSL the only thing you should consider changing is the subs_filters, or you can remove them. They perform a find and replace. If you are using SSL change the paths of the SSL certificates as appropriate and edit the server_name so it is relevant.
11. Test your config works by starting nginx. If you get [emerg] errors, something needs changing. Usually the output will point you in the right direction. If you can’t figure it out, try searching the internet as there are a lot of resources – otherwise email with as much detail as possible.
12. Installation is complete, try it out. If you are hosting this as a public proxy then see this section on contacting us as we are maintaining a list of known proxies.
This PHP script is a proxy designed specifically for providing access to The Pirate Bay. A great solution if you do not have a server that you can dedicate to the task. It was developed by UnblockedPirateBay.com and requires at least PHP5 and cURL. Just unzip it and upload it to your web server.
Download latest
The cookies.txt file should be chmod 755/777. There is no additional configuration required however in the file configurationfile.php there are some options you can change, such as the page title.
Do the following:
Don’t do the following:
Unfortunately some rouge sites have appeared, which is unacceptable and disappointing that people feel the need to abuse the situation. Any sites found to be in the best interest of the operators and not the visitors will be reported to The Pirate Bay so they can be dealt with! Find out more at http://torrentfreak.com/pirate-bay-slaps-pathetic-proxies-and-scammy-copies-120507/
Once you have created your site, we would appreciate it if you would share it with us by emailing nospam@piratereverse.info – this is so we can all build up a list of proxies. Our list is at http://about.piratereverse.info/proxy/list.html and will be shared on The Pirate Bay’s Facebook wall.
If anyone has any questions or suggestions please email nospam@piratereverse.info and we’ll be happy to try and help. If we get a lot of similar questions we’ll add a FAQ section here.
Likewise if anyone has any improvements to make the process easier then please submit them at the above email address. We’re also looking for any alternative methods of creating proxies, so if you have wrote some code or are making a guide, let us know and we’ll post it here. It is important we can get as many Pirate Bay proxies up as possible, that is what The Hydra Bay is all about.
Please let people know about this – the more proxies that work properly the better. If you use Twitter follow us, we are @piratereverse. Post about it, include the hashtag #thehydrabay. Let’s see if we can get this trending! If you are able to donate, please do so below using flattr so we can keep providing a fast and reliable service with continually updated information. If you’d like to donate via PayPal, that is fine just send us an email and we’ll discuss from there. You can donate via BitCoin too, our address is 1BsHaQccToKwN7LEr6kqVjPtZKxNu84SDg. All donations are very much appreciated, no matter how little you are able to send us. It is the only way we are able to keep the proxy going.
LEMP stack is a group of open source software to get web servers up and running. The acronym stands for Linux, nginx (pronounced Engine x), MySQL, and PHP. Since the server is already running CentOS, the linux part is taken care of. Here is how to install the rest.
We will be installing all of the required software with Yum. However, because neither nginx nor php-fpm are available straight from CentOS, we need to download two extra repositories first.
sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
The next step is to begin installing the server software, starting with MySQL and dependancies.
sudo yum install mysql mysql-server
Once the download is complete, restart MySQL:
sudo /etc/init.d/mysqld restart
You can do some configuration of MySQL with this command:
sudo /usr/bin/mysql_secure_installation
The prompt will ask you for your current root password.
Since you just installed MySQL, you most likely won’t have one, so leave it blank by pressing enter.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Then the prompt will ask you if you want to set a root password. Go ahead and choose Y and follow the instructions.
CentOS automates the process of setting up MySQL, asking you a series of yes or no questions.
It’s easiest just to say Yes to all the options. At the end, MySQL will reload and implement the changes.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
As with MySQL, we will install nginx using yum:
sudo yum install nginx
nginx does not start on its own. To get nginx running, type:
sudo /etc/init.d/nginx start
You can confirm that nginx has installed on your web server by directing your browser to your IP address. You can run the following command to reveal your server’s IP address.
ifconfig eth0 | grep inet | awk '{ print $2 }'
The php-fpm package is located within the REMI repository, which, at this point, is disabled. The first thing we need to do is enable the REMI repository and install php and php-fpm:
sudo yum --enablerepo=remi install php php-fpm php-mysql
Then start php-fpm up.
sudo service php-fpm start
We need to make one small change in the php configuration.Open up php.ini:
sudo vi /etc/php.ini
Find the line, cgi.fix_pathinfo=1, and change the 1 to 0.
cgi.fix_pathinfo=0
If this number is kept as a 1, the php interpreter will do its best to process the file that is as near to the requested file as possible. This is a possible security risk. If this number is set to 0, conversely, the interpreter will only process the exact file path—a much safer alternative. Save and Exit.
Restart php-fpm:
sudo service php-fpm restart
Open up the default nginx config file:
sudo vi /etc/nginx/nginx.conf
Raise the number of worker processes to 4 then save and exit that file.
Now we should configure the nginx virtual hosts. In order to make the default nginx file more concise, the virtual host details are in a different location.
sudo vi /etc/nginx/conf.d/*.conf
The configuration should include the changes below (the details of the changes are under the config information):
#
# The default server
#
server {
listen 80;
server_name _;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Here are the details of the changes:
Save and Exit
Although LEMP is installed, we can still take a look and see the components online by creating a quick php info page
To set this up, first create a new file:
sudo vi /usr/share/nginx/html/info.php
Add in the following line:
<?php
phpinfo();
?>
Then Save and Exit.
Restart apache so that all of the changes take effect:
sudo service nginx restart
Finish up by visiting your php info page (make sure you replace the example ip address with your correct one): http://12.34.56.789/info.php
It should look similar to this.
You are almost done. The last step is to set all of the newly installed programs to automatically begin when the server boots.
sudo chkconfig --levels 235 mysqld on
sudo chkconfig --levels 235 nginx on
sudo chkconfig --levels 235 php-fpm on
$(document).ready(function(){ //DROPDOWN MENU INIT ddsmoothmenu.init({ mainmenuid: “topMenu”, //menu DIV id orientation: ‘h’, //Horizontal or vertical menu: Set to “h” or “v” classname: ‘ddsmoothmenu’, //class added to menu’s outer DIV //customtheme: [“#1c5a80”, “#18374a”], contentsource: “markup” //”markup” or [“container_id”, “path_to_menu_file”] }); // PRETTY PHOTO INIT $(“a[rel^=’prettyPhoto’]”).prettyPhoto(); }); External Proxy Server for Mikrotik – fazar.net
/* */ /* */
|
1
2
3
4
|
/ip firewall address–list
add address=192.168.90.0/24 list=ip–proxy
/ip firewall nat
add action=dst–nat chain=dstnat comment=“transparent proxy” dst–port=80 protocol=tcp src–address–list=!ip–proxy to–addresses=192.168.90.2 to–ports=3128
|
|
1
2
3
4
|
/ip route
add check–gateway=ping distance=1 gateway=192.168.90.2 routing–mark=to–ext–proxy
/ip firewall mangle
add action=mark–routing chain=prerouting comment=“mark routing to proxy” dst–port=80 new–routing–mark=to–ext–proxy protocol=tcp src–address=192.168.1.0/24
|
|
1
2
3
4
|
route add default gateway 192.168.90.1
iptables –A PREROUTING –t nat –j REDIRECT –p tcp –s 192.168.1.0/24 –d 0/0 —dport 80 —to–ports 3128
iptables –A INPUT –p tcp –s 0.0.0.0/0 –d 192.168.90.2 –m state —state NEW,ESTABLISHED –j ACCEPT
iptables –A OUTPUT –p tcp –s 192.168.90.2 —sport 3128 –d 0.0.0.0/0 –m state —state ESTABLISHED –j ACCEPT
|
var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-33316259-1’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();
How To Remove Ubuntu’s Password Keyring
UPDATE: This post is almost 2 years old now and the method described below is somewhat obsolete (but still works). Borrowing from the comments posted below, do the following to remove the keyring in a more simple fashion:
1) Go click Applications > Accessories > Passwords and Encryption keys
2) The should be entries there listing an array of keyring password.
3) Right click on them and select change password
4) Enter the old password if you have one then leave the new password blank. (A warning message should appear)
I’ve not done this personally (I haven’t had to) but if I’m guessing correctly, the “warning message” mentioned above in step 4 is likely the same warning message pictured below, asking if you are sure you want to use “Unsafe Storage”. You can read more about what this means below.
—————-[Begin old post]—————-
I would have made the title of this post “How to remove the Keyring password manager in Ubuntu Linux” but that’s kinda long… Anyway, you might be wondering what the keyring password manager is. It is a built in feature of Ubuntu (specifically, a package called “Seahorse“) that remembers passwords for things like FTP account logins, Evolution Email accounts, your wireless network authentication passwords, etc., and locks them all behind a kind of Master Password of sorts. So for example, lets pretend that the password for your wireless network was 64 characters long and was just a bunch of random numbers and letters that you’d only be able to remember if you were some kind of freak savant mathematician. The keyring password manager would remember this for you, but will only allow the system to access and use that long password after you grant it access to the keyring.
As nice and handy as this might sound to security buffs, it’s struck me as a minor inconvenience. For starts, if I were to configure Ubuntu to automatically login to my account after I turn the computer on, I would then also be asked to type in my keyring password so it would connect to my wireless network. This becomes a bigger problem if, for instance, I were to connect to my computer remotely and had to reset it for some reason, like applying a recent kernel update. The snag there would be that after restarting, my computer would boot up, but since I’m not physically sitting in front of it, it would sit there waiting for me to enter a keyring password before it would reconnect to my wireless network, and I’d have to go home or ask someone else to type in the password for me.
So what I’ve always wanted to have happen is this:
I start or restart the computer by remote (such as through SSH or VNC).
After booting it automatically logs into my account and connects to my wireless network without asking for any passwords along the way so I can VNC right back into the system with no further trouble.
I’ve finally learned how to do this, and it’s stupid easy to do.
There is of course a few security drawbacks about doing this. For starts, if any person were to gain physical access to my machine they’d be able to connect to my wireless network without needing to enter a password. Then again, if someone I don’t trust has somehow gained physical access to my machine I might as well go ahead and consider it to be compromised.
Now, if the PC were in an office with a bunch of random co-workers always around, I’d be a lot more concerned. If that were the case, I’d have that puppy locked down with a power on password, disable booting from the CD-ROM/Ethernet/USB in the BIOS, perhaps have a GRUB password and be working from an encrypted HD with the required /boot partition on a USB key, and of course auto-login would be disabled so I would be required to enter anywhere from 2 to 3 different passwords just to login to the system. But this thing is in my house behind two large dogs and a dead-bolt locked door, functioning as a server that requires a password for me to access it by via SSH or VNC anyway. So for this particular PC, I see little harm in opting out of using this security feature.
So here’s how you get rid of the keyring manager. Please note: This will erase saved passwords you have so be sure you know or remember them before you make your computer forget them!
Open up your Home Folder by clicking Places>Home Folder
Press CTRL-H (or click View>Show Hidden Files)
Find a folder called .gnome2 (it has a period at the beginning of the name) and open it by double clicking on it
Inside of the .gnome2 folder, there is another folder called keyrings. Open it up.
Delete any files you find within the keyrings folder
Restart the computer
After you restart and login (if you’re automatically logging in) you’ll probably be asked to enter your wireless networks WPA/WEP encryption key (because we made it forget). After you type that password in, the keyring manager will appear to let you know that it would like to handle the storage of that password and lock it away with a new keyring. The box looks like this:
Instead of typing in a new password, leave both boxes completely empty and click Create.
You’ll then be asked if you know what the hell you’re doing:
Go ahead and click Use Unsafe Storage.
WARNING: Doing this creates a new file in your ~/.gnome2/keyrings/ folder called default.keyring and it will now house passwords IN CLEAR TEXT and not in an encrypted form. So it is imperative that you are certain no untrustworthy persons can access your user account (either physically or by remote) or they will be able to easily open and read this file and obtain many passwords (for things such as FTP accounts, SSH, e-mail accounts, etc). Proceed with caution.
From here on all keyring-stored passwords you enter will not safeguarded behind a master password or encryption. Whether or not you want to do this is entirely up to you. I personally have had enough of the keyring manager and consider it kind of annoying. But as I said before, you may have certain environmental factors that make having a master password over the rest of your passwords a good idea. Keep in mind that the keyring password manager has absolutely nothing to do with your administrative/root privilages password that has to be entered any time you want to apply updates, or add/remove software. You will still have to type your account password in for these actions, and that is something I am quite comfortable with. I’m just happy I don’t have to have to ask my girlfriend to type in a keyring password every time I want to restart the computer while I’m away from home.
Installing & Configuring VSftpd
Basic description of what will be done and what is expected.
yum install vsftpd
useradd ftpuser
passwd ftpuser
vi /etc/vsftpd/vsftpd.conf
Change these options to your liking, when finished making any changes here, restart the vsftpd service so they take effect.
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
service iptables stop
(assumes your ftp server has an IP of: 192.168.0.1. If not, change this IP.)
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.1 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.1 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.1 --dport 20 -m state --state ESTABLISHED -j ACCEPT
vi /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="ip_conntrack_netbios_ns"
IPTABLES_MODULES="ip_conntrack_ftp"
service iptables start
chkconfig --level 23 vsftpd on && service vsftpd start
chkconfig --list | grep vsftpd; service vsftpd status
service iptables status; grep ip_conntrack_ftp /etc/sysconfig/iptables-config
When you connect to switch S2, if there is an error on the switch port, it will appear on your console window, in this case there is and it looks like this:
S2##CDP-4-NATIVE VLAN_MISMATCH: Native VLAN mismatch discovered onFastEthernet0/3 (100), with S1 FastEthernet0/3 (99).
…
|
|
And use the Ping to confirm connectivity with the server. e.g.
|
The screen output for the computer PC5 shows that connectivity has been restored to the WEB/TFTP server found at IP address 192.168.10.30.
 | Mr WordPress on Hello world! |
| Jeff Kingsley on … |
| pankaj kumar on … |
| jeffkingsley on … |
| emartonline on … |
