Archive for the ‘technical’ Category

There has just been a new regulation about keeping network logs for last 6 months.

According to the regulation 5651,

Internet endpoints, DHCP IP distribution records, and traffic information of Web, e-mail and FTP servers in your organization’s intranet have to be saved in the format mentioned in the law; in a form that, their consistency, integrity, and the hashes of the files are preserved and their privacy is assured.

I am really curious how DHCP records will help if some violations occur in the network. If something occurs, and you are judged, the court applies for an authority. In Turkey, anyone can be an authority. All you should know is how to use Frontpage. If the authority can’t find a solution, he asks for the logs. This regulation just fulfills this requirement.

How will the system admins make sure that the log information’s consistency, integrity and the hashes of the files are preserved and their privacy is assured? If an admin is sure that the log is in safe, he can also protect the system against hacks. May be sending the last 6 months logs to the government’s servers can be a solution. However, this solution has problems too. How the governments will build a logging log server, and how they will protect these servers against hacks? I have even not mentioned how it will cost, who will analyze all these logs, find the needed information, automate, and adjust the system according to the requirements in that field.

Judges judge according to how expert’s judge in IT cases. This is why a regulation something like this is needed. However, this regulation is open to violations. How will experts make sure that the information on those systems are real?

Anyway, Expert (authority) system is a problem in Turkey, just like any government related case. Our government could not see yet that digital information is not reliable. Anyone may be hurt because of these laws and regulations. Who will protect innocent people’s rights?

To make Firefox compatible with Thunderbird (which means mailto:// protocol will be handled by Thunderbird), you should apply the following:

• Open about:config address
• Add a string line having the following values:

  network.protocol-handler.app.mailto = /usr/bin/mozilla-thunderbird

Easyubuntu comes with great support to extend the Ubuntu Functionality. These include codecs, some archive file type supports(including ace) and microsoft fonts.

To install EasyUbuntu first download the Ubuntu package from the following link:
http://easyubuntu.freecontrib.org/files/easyubuntu_latest.deb
Then go to (Application -> Accessories -> Terminal) and go to the directory where you have downloaded the debian package of EasyUbuntu and issue the following command to install EasyUbuntu :

sudo dpkg -i easyubuntu_latest.deb

After completeion of the above process issue the following command in terminal

sudo wget -q http://medibuntu.sos-sts.com/repo/medibuntu-key.gpg -O- |
       sudo apt-key add -

Now EasyUbuntu should be set up for installation of packages. Go to (Applications -> System tools -> EasyUbuntu ) to launch EasyUbuntu , beyond this the applications interface is quite easy for beginner and one can easily install packages without much help.

We can share printers using samba. The servers we should install are cups and samba. After installing the servers and setting up printers connected to the server, we should have /etc/samba/smb.conf file like this:

  [global]
  workgroup = workgroup_name
  netbios name = server_name
  server string =  Print Server
  load printers = yes
  printing = cups
  printcap name = cups
  encrypt passwords = yes
  security = user
  valid users = a_valid_user_name

  [print$]
  comment = Printer Drivers
  path = /etc/samba/printer
  guest ok = no
  browseable = yes
  read only = yes
  write list = a_valid_user_name

  [printers]
  valid users = a_valid_user_name
  comment = All Printers
  path = /var/spool/samba
  browseable = no
  public = no
  guest ok = no
  writable = no
  printable = yes
  printer admin = a_valid_user_name

Here, a_valid_user_name can be a username defined in samba users. This definition can be done using

  smbpasswd -a system_user

If there are no /etc/samba/printer and /var/spool/samba directories, please create so. If you install a postscript(PS) printer, you should extract {{blog:technical:windows_drivers.tar.gz|this}} file into the directories /var/spool/samba and /etc/samba/printer . After extracting chmod these extracted files to 777 and apply this command as root:

  cupsaddsmb -H server_name -U root -h domain_name -a -v

this command will install drivers for windows computers to automagically download PS drivers when they connect to the printer.

Now, edit /etc/cups/cupsd.conf and set server_name and server admin parameters. If you want to manage cups from only the machine you are using, find the section below:

  
  AuthType Basic
  AuthClass System
  Allow From 127.0.0.1
  

and set Allow From to 127.0.0.1 . You can set this entry whatever IP you want to manage cups from.

Find /etc/cups/mime.convs and uncomment the line like following:

  application/octet-stream        application/vnd.cups-raw        0

Find /etc/cups/mime.types and uncomment the line like following:

  application/octet-stream

Now restart the servers. You should now see the shared printers on windows machines.
Good Luck!!

You can forward a remote port to a local port using SSH. To do so, try you can use the command below:

ssh -L local_bind_port:remote_connect_address:remote_connect_port
   username@remote_host

For example,

ssh -L 8080:google.com:80 username@server

will forward google.com to localhost:8080. This means when you open http://localhost:8080/ you will see google.com . The remote machine will connect google.com and this connection will be forwarded to your local computer in tunnel. This is really a great feature when you want to connect to a web site in your Intranet.

When you want to have a secure mysql connection, simply forwarding the remote mysql port to your local port using ssh will satisfy you.

ssh -L 3306:127.0.0.1:3306 username@server

will tunnel the remote mysql server to your machine. You should connect to the mysql server using host for localhost.

Good luck!!

If you want to mount a remote windows share,

you can use the command below:

sudo mount -t smbfs //path/to/share /path/to/local/directory -o
username=username,password=password,rw,uid=user_id,gid=group_id

You can edit /etc/rc.local in order to enable mount operation everytime system boots up.