Derwynd's Weblog

Download YouTube Videos on Linux

Download Software

# yum install youtube-dl

Download YouTube Videos

# youtube-dl http://www.youtube.com/watch?vxxxxxxx

January 17, 2011 Posted by derwynd | Uncategorized | Leave a comment

Pidgin + The certificate for omega.contacts.msn.com could not be validated

If in pidgin you get a error
The certificate for omega.contacts.msn.com could not be validated. The certificate chain presented is invalid
On connection with msn…..

My guess is the old certificate in pidgins folder is outdated

This is what I did to fix it

cd $HOME/.purple/certificates/x509/tls_peers
rm omega.contacts.msn.com ows.messenger.msn.com rsi.hotmail.com
wget http://files.andreineculau.com/projects/pidgin/omega.contacts.msn.com.txt
mv omega.contacts.msn.com.txt omega.contacts.msn.com

Restart Pidgin and you should be good to go

NOTE: Can be fixed by deleting certificate from Pidgin menu Tools/Certificate.

ELSE
Also found this method while browsing
Solution
a. open https://omega.contacts.msn.com/
b. On the URL bar, click on the security lock (usually just in front of the URL). Click on the certificate information.
c. Go to the Detail tab and click the “Export” button. Save the file as “omega.contacts.msn.com” (without the quotes).
d. Copy and paste this file to $HOME/.purple/certificates/x509/tls_peers

November 25, 2010 Posted by derwynd | Uncategorized | 2 Comments

Tata Phonone / Reliance Netconnect (wvdial)

Getting the required software
# yum install wvdial usb_modeswitch usb_modeswitch-data

Stopping network
# /etc/init.d/network stop

Plug in modem in usb outlet and check output
# tail -f /var/log/messages

kernel: usb 2-1.1: new full speed USB device using ehci_hcd and address 4
kernel: usb 2-1.1: New USB device found, idVendor=19d2, idProduct=fff5
kernel: usb 2-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
kernel: usb 2-1.1: Product: USB Storage
kernel: usb 2-1.1: Manufacturer: ZTE, Incorporated
kernel: usb 2-1.1: SerialNumber: 000000000002
kernel: Initializing USB Mass Storage driver…
kernel: scsi6 : usb-storage 2-1.1:1.0
kernel: usbcore: registered new interface driver usb-storage
kernel: USB Mass Storage support registered.
usb_modeswitch: switching 19d2:fff5 (ZTE, Incorporated: USB Storage)
kernel: usb 2-1.1: USB disconnect, address 4
kernel: usb 2-1.1: new full speed USB device using ehci_hcd and address 5
kernel: usb 2-1.1: New USB device found, idVendor=19d2, idProduct=fff1
kernel: usb 2-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
kernel: usb 2-1.1: Product: ZTE CDMA Tech
kernel: usb 2-1.1: Manufacturer: ZTE, Incorporated
kernel: scsi7 : usb-storage 2-1.1:1.5
kernel: usbcore: registered new interface driver usbserial
kernel: USB Serial support registered for generic
kernel: usbcore: registered new interface driver usbserial_generic
kernel: usbserial: USB Serial Driver core
kernel: USB Serial support registered for GSM modem (1-port)
kernel: option 2-1.1:1.0: GSM modem (1-port) converter detected
kernel: usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB0
kernel: option 2-1.1:1.1: GSM modem (1-port) converter detected
kernel: usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB1
kernel: option 2-1.1:1.2: GSM modem (1-port) converter detected
kernel: usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB2
kernel: option 2-1.1:1.3: GSM modem (1-port) converter detected
kernel: usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB3
kernel: option 2-1.1:1.4: GSM modem (1-port) converter detected
kernel: usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB4
kernel: usbcore: registered new interface driver option
kernel: option: v0.7.2:USB Driver for GSM modems
modem-manager: (ttyUSB1) opening serial device…
modem-manager: (ttyUSB0) opening serial device…
modem-manager: (ttyUSB4) opening serial device…
modem-manager: (ttyUSB2) opening serial device…
modem-manager: (ttyUSB3) opening serial device…
usb_modeswitch: switched to 19d2:fff1 (ZTE, Incorporated: ZTE CDMA Tech)
pcscd: winscard.c:309:SCardConnect() Reader E-Gate 0 0 Not Found
pcscd: winscard.c:309:SCardConnect() Reader E-Gate 0 0 Not Found
pcscd: winscard.c:309:SCardConnect() Reader E-Gate 0 0 Not Found
pcscd: winscard.c:309:SCardConnect() Reader E-Gate 0 0 Not Found
kernel: scsi 7:0:0:0: Direct-Access ZTE USB Storage FFF1 2.31 PQ: 0 ANSI: 2
kernel: sd 7:0:0:0: Attached scsi generic sg2 type 0
kernel: sd 7:0:0:0: [sdb] Attached SCSI removable disk

# wvdialconf

Editing `/etc/wvdial.conf’.

Found a modem on /dev/ttyUSB0.
Modem configuration written to /etc/wvdial.conf.
ttyUSB0: Speed 9600; init “ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0”

# vi /etc/wvdial.conf

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem
ISDN = 0
Phone = #777
Modem = /dev/ttyUSB0
Username = # In case of tata Username =internet
Password = # In case of tata Password =internet
Baud = 9600

# wvdial
It should now connect

September 17, 2010 Posted by derwynd | Uncategorized | Leave a comment

mp3 on fedora-13

yum install amarok amarok-extras-nonfree xine-lib-extras-freeworld libtunepimp-extras-freeworld phonon gstream -y
rpm -ivh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
yum install gstreamer-plugins-bad gstreamer-ffmpeg gstreamer-plugins-ugly -y

kill `pidof pulseaudio`
alsamixer

September 17, 2010 Posted by derwynd | Uncategorized | Leave a comment

Linux disk cache

Linux has a supposedly good memory management feature that will use up any “extra” RAM you have to cache stuff.
Accessed file’s content gets cached in RAM for fast access eventhough we might not need it later in RAM.

$ free -m
total used free shared buffers cached
Mem: 1504 1490 14 0 24 809
-/+ buffers/cache: 656 848
Swap: 0 0 0

In Linux, you can clear the cache of the memory by using

$ sync; echo 3 > /proc/sys/vm/drop_caches; echo 0 > /proc/sys/vm/drop_caches
or
$ sync; sysctl -w vm.drop_caches=3; sysctl -w vm.drop_caches=0

$ free -m
total used free shared buffers cached
Mem: 1504 650 854 0 1 67
-/+ buffers/cache: 581 923
Swap: 0 0 0

sync should be run because this is a non-destructive operation, and dirty objects are not freeable. So you run sync in order to make sure all cached objects are freed.

Doing echo 3 is clearing pagecache, dentries and inodes but you could choose echo 1 to free pagecache only or echo 2 to free dentries and inodes.

July 22, 2010 Posted by derwynd | Uncategorized | Leave a comment

redhat/centos build kernel rpm

Preparing System

$ yum install gcc make bison ncurses-devel rpm-build

Downloading the kernel source linux-2.6.30.10.tar.gz from http://kernel.org

$ nohup wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.30.10.tar.gz &

After you have done it, extract to /usr/src

$ tar zxvf linux-2.6.30.10.tar.gz -C /usr/src

enter to /usr/src
create a symlink to source code called linux, do this:

$ cd /usr/src
$ ln -sf linux-2.6.30.10 linux
drwxr-xr-x 3 root root 4096 Jul 16 14:09 kernels
lrwxrwxrwx 1 root root 12 Jul 16 16:18 linux -> linux-2.6.31
drwxr-xr-x 23 root root 4096 Sep 10 2009 linux-2.6.31
drwxr-xr-x 7 root root 4096 Jul 16 14:11 redhat

Copying the stock config into the dir
$ cd /usr/src/linux
$ cp /boot/config-`uname -r` .config

Compiling the kernel
$ cd /usr/src/linux
$ make clean
$ make menuconfig

If you want to add a custom tag that will identify the new kernel (if you want or skip this) , to accomplish this, do that:
I did not enter anything here and skipped this step

* On initial screen, go to General setup —>
* Select Local version – append to kernel release

┌─────────────── Local version – append to kernel release ────────────────┐
│ Please enter a string value. Use the key to move from the input |
│ field to the buttons below it. │
│ ┌─────────────────────────────────────────────────────────────────────┐
│ │ │
│ └─────────────────────────────────────────────────────────────────────┘

With this done, the resulting kernel.rpm will have the tag identifying it.
It is time to customize the kernel configuration to fit with your hardware.

After this quit menuconfig and start the compilation.

While you get out the configuration, you will be asked to save the changes. Answer Yes.

Run make rpm

$ make rpm

The compilation will start, good time to grab a coffee cause this is going to be long
WROTE:…….
/usr/src/redhat/SRPMS/kernel-2.6.30.10-1.src.rpm
/usr/src/redhat/RPMS/x86_64/kernel-2.6.30.10-1.x86_64.rpm

Take a backup of /boot dir for safety

$ tar czvf boot.tgz /boot/ /etc/grub.conf

Installing the new kernel rpm
$ rpm -ivh rpm -ivh /usr/src/redhat/RPMS/x86_64/kernel-2.6.30.10-1.x86_64.rpm
Preparing… ########################################### [100%]
1:kernel ########################################### [100%]

Confirming that alls ok
$ ls /boot
config-2.6.18-128.el5 grub message System.map-2.6.18-128.el5 vmlinux-2.6.30.10.bz2 vmlinuz-2.6.30.10
config-2.6.30.10 initrd-2.6.18-128.el5.img lost+found symvers-2.6.18-128.el5.gz System.map-2.6.30.10 vmlinuz-2.6.18-128.el5

Hmmm no initrd-2.6.30.10.img

To create the dependencies for the modules:

$ depmod 2.6.30.10

Create a new initrd with mkinitrd

$ mkinitrd -v /boot/initrd-2.6.30.10.img 2.6.30.10
Creating initramfs
Looking for deps of module ehci-hcd
Looking for deps of module ohci-hcd
Looking for deps of module uhci-hcd
Looking for deps of module ext3: jbd
Looking for deps of module jbd
Found root device hda2 for LABEL=/
Looking for driver for device hda2
Looking for deps of module ide:m-disk
Looking for driver for device hda3
Looking for deps of module ide:m-disk
Looking for deps of module ips: scsi_mod
Looking for deps of module scsi_mod
Looking for deps of module sd_mod: scsi_mod
Looking for deps of module ata_piix: scsi_mod libata
Looking for deps of module libata: scsi_mod
Looking for deps of module ide-disk
Looking for deps of module dm-mem-cache
No module dm-mem-cache found for kernel 2.6.30.10, aborting.

Opps errors …… Need to fix this
$ echo “DMRAID=no” > /etc/sysconfig/mkinitrd/noraid
$ chmod 755 /etc/sysconfig/mkinitrd/noraid
$ mkinitrd -v /boot/initrd-2.6.30.10.img 2.6.30.10

Creating initramfs
Looking for deps of module ehci-hcd
Looking for deps of module ohci-hcd
Looking for deps of module uhci-hcd
Looking for deps of module ext3: jbd
Looking for deps of module jbd
Found root device hda2 for LABEL=/
Looking for driver for device hda2
Looking for deps of module ide:m-disk
Looking for driver for device hda3
Looking for deps of module ide:m-disk
Looking for deps of module ips: scsi_mod
Looking for deps of module scsi_mod
Looking for deps of module sd_mod: scsi_mod
Looking for deps of module ata_piix: scsi_mod libata
Looking for deps of module libata: scsi_mod
Looking for deps of module ide-disk
Using modules: /lib/modules/2.6.30.10/kernel/drivers/usb/host/ehci-hcd.ko /lib/modules/2.6.30.10/kernel/drivers/usb/host/ohci-hcd.ko /lib/modules/2.6.30.10/kernel/drivers/usb/host/uhci-hcd.ko /lib/modules/2.6.30.10/kernel/fs/jbd/jbd.ko /lib/modules/2.6.30.10/kernel/fs/ext3/ext3.ko /lib/modules/2.6.30.10/kernel/drivers/scsi/scsi_mod.ko /lib/modules/2.6.30.10/kernel/drivers/scsi/sd_mod.ko /lib/modules/2.6.30.10/kernel/drivers/scsi/ips.ko /lib/modules/2.6.30.10/kernel/drivers/ata/libata.ko /lib/modules/2.6.30.10/kernel/drivers/ata/ata_piix.ko
/sbin/nash -> /tmp/initrd.w19233/bin/nash
/sbin/insmod.static -> /tmp/initrd.w19233/bin/insmod
copy from `/lib/modules/2.6.30.10/kernel/drivers/usb/host/ehci-hcd.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/ehci-hcd.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/usb/host/ohci-hcd.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/ohci-hcd.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/usb/host/uhci-hcd.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/uhci-hcd.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/fs/jbd/jbd.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/jbd.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/fs/ext3/ext3.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/ext3.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/scsi/scsi_mod.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/scsi_mod.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/scsi/sd_mod.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/sd_mod.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/scsi/ips.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/ips.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/ata/libata.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/libata.ko’ [elf64-x86-64]
copy from `/lib/modules/2.6.30.10/kernel/drivers/ata/ata_piix.ko’ [elf64-x86-64] to `/tmp/initrd.w19233/lib/ata_piix.ko’ [elf64-x86-64]
Adding module ehci-hcd
Adding module ohci-hcd
Adding module uhci-hcd
Adding module jbd
Adding module ext3
Adding module scsi_mod
Adding module sd_mod
Adding module ips
Adding module libata
Adding module ata_piix

Checking …….

$ ls /boot/initrd-2.6.30.10.img
initrd-2.6.30.10.img

Editing grub

Final phase, it remains only edit the grub.conf to use the new kernel.

Add the lines in and change default to boot with new kernel

title CentOS (2.6.30.10)
root (hd0,0)
kernel /vmlinuz-2.6.30.10 ro root=LABEL=/ rhgb quiet noacpi irqpoll acpi=off
initrd /initrd-2.6.30.10.img

Reboot. and check
$ reboot

After reboot
$ uname -a
Linux localhost.localdomain 2.6.30.10 #1 SMP Sat Jul 17 13:25:46 IST 2010 x86_64 x86_64 x86_64 GNU/Linux

July 17, 2010 Posted by derwynd | Uncategorized | Leave a comment

KVM on centos5

Disable Selinux

Make sure that SELinux is disabled. Open /etc/selinux/config…

$ vi /etc/selinux/config

… set SELINUX to disabled:

$ reboot

or

Run

$ setenforce 0
[edit] Installing KVM

check if your CPU supports hardware virtualization

$ egrep ‘(vmx|svm)’ –color=always /proc/cpuinfo

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm

install KVM and virtinst

$ yum install zlib-devel alsa-lib-devel SDL-devel gnutls-devel dev86 texi2html glibc-devel kvm qemu\
libvirt python-virtinst virt-manager libvirt libvirt-python python-virtinst qemu

$ yum install kvm qemu libvirt python-virtinst
$ yum install virt-manager libvirt libvirt-python python-virtinst

In case rpmforge repo is recquired for qemu

$ rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

[edit] Service Starting

Then start the libvirt daemon:

$ /etc/init.d/libvirtd start

To check if KVM has successfully been installed, run

$ virsh -c qemu:///system list

Id Name State
———————————-

Next we need to set up a network bridge on our server so that our virtual machines can be accessed from other hosts as if they were physical systems in the network.

$ yum install bridge-utils

… and configure a bridge. Delete the system startup links for NetworkManager and create system startup links for network:

$ chkconfig –del NetworkManager
$ chkconfig –levels 235 network on

[edit] Networking

Then create the file /etc/sysconfig/network-scripts/ifcfg-br0 (please use the BOOTPROTO, DNS1 (plus any other DNS settings, if any), GATEWAY, IPADDR, NETMASK and SEARCH values from the /etc/sysconfig/network-scripts/ifcfg-eth0 file):

$ vi /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
DNS1=192.168.2.234
GATEWAY=192.168.2.234
IPADDR=192.168.40.112
NETMASK=255.255.0.0
ONBOOT=yes

Modify /etc/sysconfig/network-scripts/ifcfg-eth0 by keeping these lines and hashing everything else

DEVICE=eth0
HWADDR=00:1E:C9:B5:0D:51
ONBOOT=yes
BRIDGE=br0

Then reboot the system:

$ reboot

[edit] Starting Hosts

Use graphical installation and run “Creating guests with virt-manager”

$ virt-manager &

Open the File -> Open Connection. The dialog box below appears. . Select a hypervisor and click the Connect button

OR

$ virt-install –accelerate –hvm –connect qemu:///system –network bridge:br0 –name rhel5support –ram=512 –file=/xen/rhel5support.img –file-size=6 –vnc –cdrom=/dev/cdrom

Using virt-install with KVM to create a Red Hat Enterprise Linux 5 guest using cdrom –hvm (full virt)

$ virt-install –name fedora11 –ram 512 –file=/var/lib/libvirt/images/fedora11.img –file-size=3 –vnc –cdrom=/var/lib/libvirt/images/fedora11.iso

Using virt-install to create a fedora 11 guest

[edit] Info

the xml files are loacted at

$ cd /etc/libvirt/qemu/

Starting the virt machines

$ virsh create kvm2.xml

List domains

$ virsh -c qemu:///system list
Id Name State
———————————-
1 kvm2 running
2 kvm1 running

Connect to kvm

$ virsh console kvm1

[edit] Managing Virtual Machines from the command line with `virsh`

Virtual machines can be managed on the command line with the virsh utility. The virsh utility is built around the libvirt management API and has a number of advantages over the traditional Xen xm tool:

virsh has a stable set of commands whose syntax & semantics will be preserved across updates to Xen.
virsh can be used as an unprivileged user for read-only operations (eg listing domains, getting info, etc)
virsh will (in future) be able to manage QEMU, VMWare, etc machines in additional to Xen, since libvirt is hypervisor agnostic.

To start a new virtual machine from an XML vm definition:

$ virsh create

To list the virtual machines currently running, use:

$ virsh list

To gracefully power off a guest use:

$ virsh shutdown

To save a snapshot of the machine to a file of your choosing:

$ virsh save

To restore a previously saved snapshot:

$ virsh restore

To export the XML config associated with a virtual machine:

$ virsh dumpxml <virtual machine (name | id | uuid)

For a complete list of commands available for use with virsh run:

$ virsh help

Or consult the manual page virsh(1)

July 14, 2010 Posted by derwynd | Uncategorized | Leave a comment

File Password Protection

A > How do I password protect / encrypt a file within Linux using OpenSSL ?

The file we will encrypt will be the file secretfile.txt.As you can see it is just a plain text file.

Encrypt File

Use the openssl comand to encrypt your file and then test the new file is fully encrypted.

$ openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes
enter aes-256-cbc encryption password:
Verifying – enter aes-256-cbc encryption password:

$ cat secretfile.txt.aes
binary data

Decrypt File

Decrypt the file and then confirm the decypted file is readable.

$ openssl aes-256-cbc -d -salt -in secretfile.txt.aes -out secretfile.txt
enter aes-256-cbc decryption password:

$ cat secretfile.txt
This is a secret file that we do not want anyone to read.

B > How do I password protect / encrypt a file within Linux using Mcrypt ?

Encrypt File

Use the mcrypt comand to encrypt your file and then test the new file is fully encrypted.

$ mcrypt secretfile.txt

Output:
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc

$ ls secretfile.txt.nc

Decrypt File

Decrypt the file and then confirm the decypted file is readable.

$ mcrypt -d secretfile.txt.nc

Output:

Enter passphrase:
File secretfile.txt.nc was decrypted.

C > How do I password protect / encrypt a file within Linux using GPG ?

Encrypt File

Use the gpg comand to encrypt your file and then test the new file is fully encrypted.

$ gpg -c secretfile.txt

Output:
Enter passphrase:
Repeat passphrase:

This will create a secretfile.txt.gpg file.

Decrypt File

Decrypt the file and then confirm the decypted file is readable.

$ gpg secretfile.txt.gpg

Decrypt file and write output to file

$ gpg secretfile.txt.gpg -o somefile.txt

Easier method is to create a file using vim with the -x flag

vim -x

March 5, 2010 Posted by derwynd | Uncategorized | Leave a comment

Building modules for rhel5 kernel

Build modules for kernel instead of building the whole kernel

Download the kernel rpm
$ rpm -ivh kernel-2.6.18-x.x.x.el5.src.rpm
$ cd /usr/src/redhat/SPECS/
$ rpmbuild -bp kernel-2.6.spec

will take some time but less than rebuilding the entire kernel hopefully
$ cd /usr/src/redhat/BUILD/kernel-2.6.18/linux-2.6.18.x86_64
$ cp /boot/config-2.6.18-x.x.x.el5 .config
$ make menuconfig

Here for examplepurpose i’m taking xfs and reiserfs module hopefully it works with whatever you chose
* For xfs/reiserfs make sure to chose xfs and reiserfs as the module
$ make fs/xfs/xfs.ko
In case of error run
$ make SUBDIRS=fs/xfs/ modules
and rerun
$ make fs/xfs/xfs.ko
$ mkdir -p /lib/modules/`uname -r`/kernel/fs/xfs
Copy the module into the /lib/modules/`uname -r`/kernel/fs/xfs
$ cp fs/xfs/xfs.ko /lib/modules/`uname -r`/kernel/fs/xfs
$ make fs/reiserfs/reiserfs.ko
In case of error run
$ make SUBDIRS=fs/reiserfs/ modules
and rerun
$ make fs/reiserfs/reiserfs.ko
$ mkdir -p /lib/modules/`uname -r`/kernel/fs/reiserfs
Copy the module into the /lib/modules/`uname -r`/kernel/fs/reiserfs
$ cp fs/reiserfs/reiserfs.ko /lib/modules/`uname -r`/kernel/fs/reiserfs

Change permissions
$ chmod 744 /lib/modules/`uname -r`/kernel/fs/reiserfs/reiserfs.ko
$ chmod 744 /lib/modules/`uname -r`/kernel/fs/xfs/xfs.ko

insmod the required module
$ insmod /lib/modules/`uname -r`/kernel/fs/reiserfs/reiserfs.ko
$ insmod /lib/modules/`uname -r`/kernel/fs/xfs/xfs.ko
Make entry into /etc/modules.conf
$ echo “install reiserfs /sbin/insmod /lib/modules/2.6.18-x.x.x.el5/kernel/fs/reiserfs/reiserfs.ko ” >> /etc/modules.conf
$ echo “install xfs /sbin/insmod /lib/modules/2.6.18-x.x.x.el5/kernel/fs/xfs/xfs.ko ” >> /etc/modules.conf

$ modprobe reiserfs
$ modprobe xfs
$ depmod -a
Should be done hopefully

January 14, 2010 Posted by derwynd | Uncategorized | 5 Comments

Open SSL help

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

* Generate a new private key and Certificate Signing Request

# openssl req -out CSR.csr -pubkey -new -keyout privateKey.key

* Generate a self-signed certificate

# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout privateKey.key -out certificate.crt

* Generate a certificate signing request (CSR) for an existing private key

# openssl req -out CSR.csr -key privateKey.key -new

* Generate a certificate signing request based on an existing certificate

# openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

* Remove a passphrase from a private key

# openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

* Check a Certificate Signing Request (CSR)

# openssl req -text -noout -verify -in CSR.csr

* Check a private key

# openssl rsa -in privateKey.key -check

* Check a certificate

# openssl x509 -in certificate.crt -text -noout

* Check a PKCS#12 file (.pfx or .p12)

# openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL

If you are receiving an error that the private doesn’t match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands. If you are trying to verify that an SSL certificate is installed correctly, be sure to check out the SSL Checker.

* Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

# openssl x509 -noout -modulus -in certificate.crt | openssl md5openssl rsa -noout -modulus -in privateKey.key | openssl md5openssl req -noout -modulus -in CSR.csr | openssl md5

* Check an SSL connection. All the certificates (including Intermediates) should be displayed

# openssl s_client -connect http://www.paypal.com:443

Converting Using OpenSSL

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS. Use our SSL Converter to convert certificates without messing with OpenSSL.

* Convert a DER file (.crt .cer .der) to PEM

# openssl x509 -inform der -in certificate.cer -out certificate.pem

* Convert a PEM file to DER

# openssl x509 -outform der -in certificate.pem -out certificate.der

* Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

# openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
* Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

# openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

* To test SSL connections to a mail server, use the openssl command with the s_client parameter:

# openssl s_client -connect smtp.myhost.com:25 -starttls smtp

This essentially opens a telnet-like connection to smtp.myhost.com on port 25 using the STARTTLS extension. This is an interactive session, so you can send commands to the remote SMTP server as well as view the certificate used, view the details of the SSL session, and more. To test SMTP over SSL, don’t use the -starttls option:

# openssl s_client -connect smtp.myhost.com:465

* The above can also be used to connect to any service that uses SSL, such as HTTPS (port 443), POP3 over SSL (port 995), and so forth.

* The openssl command can also be used to create digests of a file, which can be used to verify that a file has not been tampered with:

# echo “test file”> foo.txt

# openssl dgst -md5 foo.txt

MD5(foo.txt)= b05403312f66bdc8ccc597fedf6cd5fe

# openssl dgst -sha1 foo.txt

SHA1(foo.txt)= 0181d93fff60b818g3f92e470ea97a2aff4ca56a

* To view the other message digests that can be used, look at the output of openssl list-message-digest-commands.

* You can also use openssl to encrypt files. To view the list of available ciphers, use openssl list-cipher-commands. Once you’ve chosen a cipher to use, you can encrypt the file using the following commands:

# openssl enc -aes-256-cbc -salt -in foo.txt -out foo.enc

enter aes-256-cbc encryption password:

Verifying – enter aes-256-cbc encryption password:

# file foo.enc

foo.enc: data

# cat foo.enc

Salted__yvi{!e????i”Yt?;(Ѱ e%
# openssl enc -d -aes-256-cbc -in foo.enc

enter aes-256-cbc decryption password:

test file

In the above example, the file foo.txt was encrypted using 256-bit AES in CBC mode, the encrypted copy being saved as the file foo.enc. Looking at the contents of the file provide gibberish. Decrypting the file is done using the -d option; however, keep in mind that not only do you need to remember the password, you also need to know the cipher used.

As you can see, OpenSSL provides more than just a library for other applications to use, and the openssl command-line binary is a powerful program in its own right, allowing for many uses.

January 14, 2010 Posted by derwynd | Uncategorized | Leave a comment