Archívy kategórií: Linux

Firewall rule to allow access to windows updates

When you try to install Windows updates for the first time (e.g. you buy a new computer with Windows 8.1 preinstalled), windows doesn’t start to download updates unless you permit UDP connection to port 3544.

Here is the firewalling rule for your linux firewall:


iptables -A FORWARD -d 94.245.64.0/18 -p udp -m udp --dport 3544 -m conntrack --ctstate NEW -j ACCEPT

Here we go!
Windows_update

Howto make sure nagstamon is running on your desktop

nagstamon_header_logoAdd the following line to your (desktop user, not root) crontab:

*/5 * * * * [ -z "`pidof -x /usr/bin/nagstamon`" ] && DISPLAY=:0.0 /usr/bin/nagstamon &

This will start nagstamon and make sure user doesn’t closes them. Tricky is configuration of connection to you Xserver / graphical environment. But solution is simple: set $DISPLAY environment variable to :0.0 value, which means ‘use the first desktop running on localhost’.

Did you know ‘xauth list’ command?

Nagstamon – Python OpenSSL certificate validation

nagstamon_header_logoWhen I try to connect to my monitoring system with desktop widget Nagstamon, Nagstamon was not able to connect due to SSL certificate validation problem. I’m using certificate from CAcert.org.

After a while of hacking I have found this workaround in source code. This is the wrong way: Pokračovať v čítaní

MySQL Workbench – passwords not being saved in keychain

MySQLWorkbenchIf you have problem, that your MySQL Workbench can’t save passwords for your MySQL connections, try to start mysql-workbench in verbose mode. Maybe you will see a error:

$ mysql-workbench --verbose
** Message: Gnome keyring daemon seems to not be available. Stored passwords will be lost once quit
['un\\"o', 'do``s']
Ready.

Thread started

Pokračovať v čítaní

sendxmpp release v1.24

New config file format is supported since sendxmpp version 1.24. Issue #9 – passwords with spaces not supported in .sendxmpprc. has been fixed.

Example for Google Talk servers:

$ cat ~/.sendxmpprc
username: lubomir.host
jserver: talk.google.com
password: my-"secure-pass _word with sp@ce!
component: gmail.com

Please, don’t try the password above, I have changed them. :-)

 

Make cryptsetup ask the same password only once at boot

initramfs-tools-cryptroot-as-password-onceluks-logoI bought a new hard drive. Because I protect all my harddisk with encryption, I setup LUKS for new harddrive too. But init scripts ask password for every encrypted partition and I want enter my harddisk password only once. I have started with googling but I wasn’t succesfull. I have found this thread about the same problem. But author didn’t provide patch and uploaded *.tar.gz archive is no longer available. Pokračovať v čítaní

Shorewall – filtering IMAP/SMTP access to gmail.com domain

gmail-firewall-IMAPDo you need to discover what IP netblocks are owned and operated by Google to perhaps add to your firewall ACLs?

With dynamic zones available in Shorewall, you are able to define firewall rules and to filter network traffic based on the domain name. For example, you can permit IMAPS connection only to gmail.com domain. Problem is that Google cluster is very big and you are always connecting to different IP address. So you can’t define static rules for traffic filtering.

Here is little HOWTO do this.
Pokračovať v čítaní