You are here: Home Articles Workshops

Safe and Secure Internet Console

Last Updated on Tuesday, 19 July 2011
This howto describes a quick way to setup a safe and secure Internet Only Console, useful for public places. Additionally there is a web content filtering for preventing unwanted access to adult sites or other harmful sites. Access is very restricted, only firefox is available with no possibility to close it or change it's settings.

The client workstation (aka Internet only Console) does not need any Hard Drive or Optical Drive, as it boots its System over Network. We do not need HighEnd Servers or Workstations, old PC's can be used without problem. (I've used a Pentium 4 2GHz with 1GB Ram and a Hard Drive of 10GB as a Server to serve ~ 4 Clients, a typical client config was : Pentium 4 2GHZ with 256MB Ram and no Hard Drive)

Basic Linux skills are required, as i will not describe step by step on how to change an IP adress of a NIC.

What we need :

Server

  • For own Server- OS min 256 MB, pro client 64MB suppl. , Hard Drive 10GB
  • 2 NIC's (primary=internet , secondary = lan used for PXE-booting the clients

Client

  • No HD, DVD Floppy
  • NIC able with PXE-Boot

Software Used:

  • LTSP 5
  • Ubuntu 8.04 alternate (<- alternate version includes LTSP-ready packages)
  • Firefox with
-publicfox (https://addons.mozilla.org/en-US/firefox/addon/3911)
-openkiosk (https://www.mozdevgroup.com/clients/bm/ )
-optional foxfilter (content filter , we'll be using Dansguardian for content filtering)
  • Pessulus (Gnome LockDown editor)
  • Dansguardian (Proxy & Web Content Filter)
[Update] Be sure to use a 8.04 Version of Ubuntu, as with the latest (9.04) I've got some trouble to get it up and running...

Installation of LTSP :

With the Hardy Heron (8.04) release the LTSP installer functionallity developed in edubuntu was moved to the Ubuntu alternate CD . All future releases follow this format

The installer will set up an out of the box working LTSP install for you if your server has two network cards built in. If that is not the case it will tell you what to modify to run with a single network card.

Once you boot up the CD, hit F4. The "Modes" menu will pop up. Select "Install an LTSP Server". Now just move on with the install.

Fig. 1 Ubuntu LTSP Server Install

Towards the end of the install the installer will start to build the client environment from the packages on the CD.

Fig. 2 Ubuntu LTSP Server Install

Which then will be compressed into an image...

Fig. 3 Ubuntu LTSP Server Install

 

If the installer is done and has rebooted into your new system you will be able to boot your first Thin Client right away.

Installing on top of an already running desktop system

You need to set up one static network interface where you will attach the thin clients, install two packages and run one command.

Configure your spare interface for the thin clients to have the IP 192.168.0.1 (and make sure it is up and running), then follow the instructions below.

sudo apt-get install ltsp-server-standalone openssh-server

Now create your Thin Client environment on the server with.

sudo ltsp-build-client

After that, you will be able to boot your first thin client.

Server Actions

  • Create a user Profile, i.e. internet-user
  • Install Flash Plugin for Firefox
  • Install Pessulus (sudo apt-get install pessulus)
  • Install Dansguardian & Squid (sudo apt-get install dansguardian squid ssh)
  • Edit Dansguardian acces denied page

(/etc/dansguardiuan/languages/ukenglish/template.html)

N.B. Dansguardian acces controls are in /etc/dansguardian/lists

--> modify with text editor to adjust web content filtering

file "exceptionsitelist" is very useful and effective to add entire sites

(i.e. hotmail.com for funny sexy mails)

If you need to adjust settings for the diskless clients (i.e. Display resolution, keyboard settings), you'll need to edit the file "/opt/ltsp/i386/etc/lts.conf"

[default]

LOCALDEV = True
SOUND = True
NBD_SWAP = True
X_COLOR_DEPTH = 24
XKBLAYOUT = ch
XSERVER=auto
X_MODE_0 = 1280x1024
X_VERTREFRESH = 60
X_HORZSYNC = 60-75
LDM_AUTOLOGIN = True
LDM_USERNAME = User //only if you want Autologin features
LDM_PASSWORD = Pass

Run "ltsp-update-image" after saving!

Boot the diskless System via network (PXE-Boot, be sure to have plugged the "lan" into secondary NIC of server), login with the freshly created user. (i.e. internet-user)

Verify DHCP Settings

Have a quick look at /etc/ltsp/dhcp.conf :

  • Be sure that the router IP Address distributed by the LTSP Server corresponds with your LTSP Setup. ( I had to change from 192.168.0.1 to 192.168.0.254)

Setup Profile

  • Add Firefox to autostart (Preferences -> Session -> add -> firefox (as command)
  • Adjust Desktop (Wallpaper, icons etc..)
  • Remove Top Panel
  • Remove Trash , Multiple Workspaces, Show Desktop from Bottom Panel
  • Add Logout applet to Bottom Panel
  • Run pessulus (or via System->Administration->Lockdown Editor)

Fig. 4 Pessulus Lockdown Editor Configuration pages

Fig. 5 Pessulus Lockdown Editor Configuration pages

Fig. 6 Pessulus Lockdown Editor Configuration pages

Fig. 7 Pessulus Lockdown Editor Configuration pages

  • Open Firefox
  • Install Publicfox extension & Openkiosk extension

!!! Set password for these extensions !!!

  • Configure Publicfox like this (Menu Tools->Addons) :

Fig. 8 PublicFox Config

 

  • Configure OpenKiosk like this (Menu Tools -> OpenKiosk->admin) ,use admin as first password

Fig. 9 Open Kiosk Configuration Page 1

 

Workshops

Last Updated on Tuesday, 21 February 2012

Remote X-Server on Windows

Last Updated on Tuesday, 19 July 2011

Another workshop to show how Linux is far more superior to Windows.

This time, we'll be using a Linux Host as an Application Server, and 2 clients which will connect via ssh and display Remote Programs on a local Display.

Fig. 1 Bluefish on Fedora, running on a remote Ubuntu Host

Why so much trouble ? Well, imagine that you have a Workstation at Home, with a specific software installed (i.e. Gcstar, a powerful Collections Manager). Now, if you would like to work on your personal DVD collection from another Computer (over LAN or Internet, don't care), you would have to setup a remote Desktop Session (which is a. more slow b. much harder to setup, config router etc...). With the ability to connect to an X-server via TCP/IP, it is much easier and faster to display a remotely running software on a local display.

Setup SSH acces to your "Server"

Open up a terminal, and enter following command (valid for Debian based Systems like Ubuntu)

sudo apt-get install openssh-server [ENTER]

that's it.

 

Configuration of the Client PC's:

 

Windows Workstation :

You'll need :

Putty (SSH client for Windows) : Get it from putty.org

XMing (X Server for Windows) : Get it from Sourceforge

Install Xming with standard options.

Be sure to check if Xming is running in the system tray :

Fig. 2 Icon displayed in system tray

Setup Putty :

Be sure to enable X11 Forwarding to localhost:0 when configuring the ssh connection :

Fig. 3   Configuration of the ssh connection with Putty

 

Once connected, launch any programm (i.e. gcstar) , and it will display on your Windows :

Fig. 4 Connected via Putty and launched "xeyes"

Fig. 5 Bluefish, Linux Html Editor displayed in Windows

 

Fig. 6 Nautilus, Linux Explorer equivalent displayed in Windows

 

Fig. 7 Gnomebaker, Linux Disc Burning Software displayed in Windows

Linux workstation :

Open up a terminal , and connect to remote Workstation via ssh :

ssh -X -l <<user>> <<remote-host>> [ENTER]

Enter your remote host password, and you're connected.

-X -l options are used for Forwarding the remote X server

Now every software you'll launch (i.e. gcstar) will launch on the remote Host but display on your local host. This way, you'll have access to pretty anything on your remote host. You can work your documents with Openoffice, check your mail with Evolution etc..

Fig. 8 Bluefish on Ubuntu, running on a remote Fedora Host

Strangely, the remote X server from a Fedora Host looks much better than from an Ubuntu Host (with default settings, no tweaking)

Fig. 9 Fedora Host

Fig. 10 Ubuntu Host

Spot the difference ? Seems to be an export Option with GTK Engines.....we'll see in a later workshop on how to fix this.

Workshop : Firmware Upgrade on DELL PowerEdge Server with Linux

Last Updated on Tuesday, 19 July 2011

Firmware Upgrade on DELL PowerEdge Servers with Linux

We have several Dell PowerEdge (1950 / 2950 / R900) running. As twice per year, it was time to do some Firmware / Bios Upgrades.

Unfortunately, some Firmware upgrades were not applied using Dell's IT Assistant or using Dell's Software Update CD (OM_SUU_XXX.iso).

In most cases the Operating Systems were not supported properly by the OM SUU CD, i.e a VMware ESX 3.02 , (although Version 3.5 is supported).

For example, BIOS and Broadcom updates were not applied on an ESX 3.02, as this is based on a heavily modified Red Hat Linux, running on a 2.4er Kernel, and other systems are running OpenBSD.

Fortunately, with the power and flexibility of Linux, we managed to find a workaround.

Read more...

OCS Inventory a XEN Server 5

Last Updated on Tuesday, 19 July 2011

How to : Perform an XEN Server 5 Inventory with OCS-Inventory

What you need :

  • Internet access on the Xen Server
  • OCS-Inventory Linux client (OCSNG_LINUX_AGENT_1.01.tar.gz)
  • Shell Access to XEN Server (can also be via ssh or XenCenter)
  • a running OCS-Inventory Server (of course)
If you don't know what OCS is, it is simply a very powerful OpenSource Computer Inventory and Package Deployement tool. (check it out www.ocsinventory-ng.org for more info)

As the XEN Server 5 is based on a CentOS Linux System, only few steps
are required to compile and use the OCS Linux Client :

  1. Enable CentOS Rositories
Edit /etc/yum.repos.d/CentOS-Base (i.e.with nano or vi)
Change every "enabled=0" to "enabled=1"
Save the file

  1. Prepare System for compilation
Compiling and runnung the OCS Linux client requires following packages :

make
gcc
perl-libwww-perl.noarch
perl-XML-SAX.noarch
perl-NET-SSLeay.i386

Install packages via
yum install <<package1>> <<package2>> etc...

  1. Compile OCS Linux client
untar the package
tar -xvf OCSNG_LINUX_AGENT_1.01.tar.gz
change into the newly extracted directory :
cd OCSNG_LINUX_AGENT_1.01
launch the setup process :
./setup.sh

Answer all the questions, i.e. Address and port of OCS Inventory Server
For the rest, use default answers (mostly yes).
Compiling should not take that long.
Wait until it is finished, if you see error messages, you can view ocs_agent_setup_log for details.

  1. Performing an Inventory
Simply launch ocsinventory-client.pl
Wait a few seconds, then login onto your OCS Inventory Server to verify that it worked.


Pinnacle USB PCTV 150e in Linux

Last Updated on Tuesday, 19 July 2011

I got myself an used USB Analog TV Grabber PCTV150e from Pinnacle :

This thingy comes with Windows only Drivers (of course, what did you expect?)

However, with a very little fine tuning, this nice little Device works great (and even better according to Image Quality) in Linux then in Windows.

 

This is me playing Super Mario Bros 3 on a NES hooked up to my Linux Box via the Pinnacle USB PCTV 150e, I like the quote on the title bar, it fits me so much ;)

How?

  1. Install TVTime

    2. TVTime is a very great software for watching Television on a Linux Desktop. Furthermore it grabs Video and Sound from nearly any source of an Analog Tuner (Composite Video, SVHS, you get the trick..)

    Install it with

    On Ubuntu  : "sudo apt-get install tvtime sox libsox-fmt-all"

    On Fedora : "yum install tvtime sox"

    I'll come to the sox and libsox stuff a bit later...

    A shortcut will be placed in you apps Menu, or you can simply launch it with "tvtime".

    You'll notice that the image quality is great, but there is no sound...

  2. Determine the Audio Device of the Pinnacle USB

    3. In a Terminal, simply launch

    cat /proc/asound/cards

    Output will be something like :

    0 [M5455 ]: ICH - ALi M5455 ALi M5455 with ALC655 at irq 20

    1 [UART ]: MPU-401 UART - MPU-401 UART MPU-401 UART at 0x330, irq 5

    2 [PAL ]: USB-Audio - PCTV USB2 PAL Pinnacle Systems GmbH PCTV USB2 PAL at usb-0000:00:1c.3-5, high speed

    Note the number of the Pinnacle USB Device (In this case, it's 2, it might be different for your system)

  3. Create a new launcher for TVTime

    4. Create a new file , and paste the following command (which I found on a user friendly German Friendly, but forgot to bookmark Frown)

    #!/bin/sh

    #-q

    sox -r 48000 -w -c 2 -t ossdsp /dev/dspX -t ossdsp /dev/dsp & tvtime --mixer=/dev/mixer:pcm


    Notice the first /dev/dspX ? Substitute it with the number of your USB PCTV Audio Device (in this case , 2)

    Save the new file, and give it a meaningful name, i.e. start-tvtime.sh or something like this

    Now launch this file (you may want to do an chmod +x on it first), and voilà, now there's sound being played.

     

Resize / Move of Windows partitions

Last Updated on Tuesday, 19 July 2011

Clone / Resize / Move of Windows partitions


In case you're running out of Disk Space, or you need to resize different partitions, this tutorial is for you.

Furthermore, it will allow you to transfer your Windows Environnement from an IDE Disk to an S-ATA Disk (or vice versa)

What you'll need :


  1. Preparation of the Windows System

Optional :             Clean Temporary Files
(I recommend using ccleaner  : www.ccleaner.com)
Recommended : Defrag Hard Drive / Partition

  1. Cloning the Hard Drive

With the second hard Drive plugged in, boot your Computer with CloneZilla (CD or USB), then follow On screen Directions to clone your Hard Drive (Device to Device)

  1. Resize of existing Partitions


Unplug your original Hard Drive, then boot your Computer with Gparted Live (CD or USB)
Once GParted Live hast started (you may have to answer some questions during startup),the Partition Editor wil start.
Normally your Hard Drive is already selected, but be sure that it's the right one in case you have more than 1 Hard Drive.

Here, you can right-click the partitions and select several options. You'll want to choose "Resize / move"
Following this, you can slide the little slider tool to adjust / move / resize partitions. After your choice has been made, don't forget to hit "Apply Changes".

 

Cross your fingers, and go have a coffee, as some operations might take a long time, depending of the size of the Hard Drive you have.

When finished, simply reboot your Computer into Windows. Everything should be there as before, with the difference that your partition(s) are bigger.

Fedora 11 - Sound problems

Last Updated on Tuesday, 19 July 2011

If you have a Notebook with an Intel HDA -Conexant Waikiki Chipset like me, and have ever had trouble to get sound working in Linux, then this is for you.

Recently , I installed Fedora 11 onto my Toshiba Notebook. Everything went fine, except that there's no sound coming from the speakers at all .

Symptoms :

Simple : there is no sound at all

output of cat /etc/proc/asound/cards :

[yannick@toshiba ~]$ cat /proc/asound/cards
0 [Intel          ]: HDA-Intel - HDA Intel
HDA Intel at 0xd2500000 irq 22

output of aplay -l

**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: CONEXANT Analog [CONEXANT Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 1: Conexant Digital [Conexant Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0

All sound channels are unmuted (checked with alsamixer and the Gnome Panel applet

Googling :

Several forums suggest to edit /etc/modprobe.d/alsa-base, to add  aline

option snd-intel-hda model=xyz

I tried several options, including toshiba, auto, 3stack, laptop-micsense,laptop-eapd etc..

Then, in a single post on a forum (unfortunately forgot to bookmark the URL), there was the solution, as incredible as it is..


Solution :

(This solution is confirmed to be working with Bios Version 4.7 or above, if you have an earlier Version, please visit Toshiba's Support Site to download a recent Version)

Just use kmix, the kde Sound Mixer Applet, to unmute (!) the sound channels. Yes, it works, even if the Gnome Panel and alsamixer see the channels as unmuted.

Kmix is part of the kdemultimedia package, so you'll have to install :

yum install kdemultimedia

Afterwards, pop up a terminal and launch (as a normal user) kmix

Ignore the error messages and have a look in the upper right corner.

There is a new icon, kmix. 

Open it, and untick "mute".

Voila, there you go, now you have Sound.

Active Directory Mass import

Last Updated on Tuesday, 10 August 2010

Mass Import Users with individual passwords in Active Directory

I looked for a nice way to bulk import hundreds of users in one of our Active Directory's, without hassling with ldifs, csvde's and base64 encoded passwords.

What you need :

Domain Admin Account on AD server
CSV-like file (delimiter ";"), first column username, second column password (here the file is named logins.dat)
The Name of the OU which will be containing your new users (in our example the OU is called Name-of-OU)

What you'll get

A simple way to import hundreds or thousands of users, without knowledge of ldifde and preparing the proper password file

How ?

On the AD server, open a DOS Prompt with admin rights ("right click-> run as Administrator", then issue this command :

FOR /F "tokens=1,2* delims=; " %i in (logins.dat) do dsadd user "CN=%i,OU=NAME-of-OU,DC=DOMAIN,DC=LOCAL" -samid %i -pwd %j

where %i = username (1st column in our CSV-like file called logins.dat)
and %j = password (2nd column in our CSV-like file called logins.dat)


Be sure that the specified Passwords meet the minimum required complexity, or temporarily disable that annoying Group Policy

After the operation completes, your OU will be populated with the imported users.

More Articles...

  1. [Workshop] Build your own DVB-T Antenna
  2. Magic Linux Tips
  3. Fedora 16 - Install XBMC 11
  4. Ocs inventory MacOS X 10.7 Lion
Buy cheap web hosting service where fatcow web hosting review will give you advices and please read bluehost review for more hosting information.
Copyright © 2012 Press Start to Stop. All Rights Reserved.
Joomla! is Free Software released under the GNU General Public License.
Free Joomla Templates designed by Web Hosting Top