Category: Linux

IT

WordPress: custom links on plugin page

Since WordPress 2.8, you can easily add your own links to the plugin page. This can be useful to jump right to the settings of the plugin. Example code:

function set_plugin_meta($plugin_meta, $plugin_file, $plugin_data, $status){
if (plugin_basename(__FILE__)!=$plugin_file) return $plugin_meta;
return array_merge( $plugin_meta, array( sprintf( '<a href="options-general.php?page=%s">%s</a>', $plugin, __('Settings') ) ));
}
add_filter( 'plugin_row_meta', 'set_plugin_meta', 10, 2 );

Two other interesting plugin hooks are:

do_action( 'after_plugin_row', $plugin_file, $plugin_data, $status );
do_action( "after_plugin_row_$plugin_file", $plugin_file, $plugin_data, $status );

These are both run after the row was printed.

© GeekLabInfo WordPress: custom links on plugin page is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

An Asterisk 1.8 fax server

To start, I setup a clean, minimal Fedora 15 installation.

Install requirements

After installation, we install a few more tools that we need:
yum install asterisk asterisk-fax #base
yum install perl-Email-MIME libtiff-tools #for mailer script
yum install telnet mc vim ntp rsync #for convenience and backup

Synchronize your time:
sntp -s pool.ntp.org

Configuration

On a clean asterisk installation, we only edit a few files.

sip.conf
Edit /etc/asterisk/sip.conf and make the following changes:

  • Look for ;faxdetect=yes and uncomment it by removing the ;
  • Somewhere under [global] put your register string. For example:
    register => myUsername:myPassword@12.34.56.78/31331234567
    In this example 12.34.56.78 is the ip of my SIP provider and 31331234567 my internationalized fax number.
  • At the bottom, add the following lines:
    [trunk-geeklab-9]
    username=myUsername
    type=peer
    secret=myPassword
    qualify=yes
    host=12.34.56.78
    canreinvite=yes
    context=geeklab-fax
    insecure=invite

extensions.conf
To /etc/asterisk/extensions.conf add the following lines:
[geeklab-fax]
exten => 331234567,1,Goto(inboundfax,s,1)
;This is the DID number my provider rings. I would
;prefer 3133123... or 033123... but that's just the
;way it is. Your provider may use another format.

[inboundfax]
;I could have merged this with [geeklab-fax] but i decided not to.
exten => s,1,NoOp(**** FAX RECEIVED from ${CALLERID(num)} ${STRFTIME(${EPOCH},,%c)} ****)
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FILENAME=fax-${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)}-${CALLERID(num)})
exten => s,n,Set(FAXFILE=${FILENAME}.tif)
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FAXOPT(headerinfo)=Received by MYCOMPANY ${STRFTIME(${EPOCH},,%Y-%m-%d %H:%M)})
exten => s,n,Set(FAXOPT(localstationid)=0331234567)
exten => s,n,Set(FAXOPT(maxrate)=14400)
exten => s,n,Set(FAXOPT(minrate)=2400)
exten => s,n,NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)})
exten => s,n,NoOp(FAXOPT(headerinfo) : ${FAXOPT(headerinfo)})
exten => s,n,NoOp(FAXOPT(localstationid) : ${FAXOPT(localstationid)})
exten => s,n,NoOp(FAXOPT(maxrate) : ${FAXOPT(maxrate)})
exten => s,n,NoOp(FAXOPT(minrate) : ${FAXOPT(minrate)})
exten => s,n,NoOp(**** RECEIVING FAX : ${FAXFILE} ****)
exten => s,n,ReceiveFAX(/var/spool/asterisk/fax/${FAXFILE})
exten => s,n,Hangup()
exten => h,1,NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)})
exten => h,n,system(/usr/local/bin/fax-process.pl --to yourname@geeklab.info --from fax@geeklab.info --subject "Fax from ${URIENCODE(${CALLERID(number)})} ${URIENCODE(${CALLERID(name)})}" --attachment ${FILENAME}.pdf --type application/pdf --file ${FAXFILE});

Inbound fax notification

When you get a fax, you'll probably want it in you mailbox. Download fax-process.txt and move it to /usr/local/bin/fax-process.pl. Make it executable using chmod 755 /usr/local/bin/fax-process.pl. If you haven't disabled SELinux, change the files security context by running: chcon system_u:system_r:asterisk_t:s0 fax-process.pl

Firewall

You won't get any calls if the firewall drops them. You may want a complex firewall. But since I'm using this virtual machine as a dedicated fax, I allow all from my SIP host and nothing from other hosts. Edit /etc/sysconfig/iptables to reflect your preferences. Mine are:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [59:6844]
-A INPUT -s 12.34.56.78 -p tcp -m tcp ! --dport 22 -j ACCEPT
-A INPUT -s 12.34.56.78 -p udp -m udp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s my.ho.me.ip --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

You're done

Start asterisk by running service asterisk start and you're good to go.

© GeekLabInfo An Asterisk 1.8 fax server is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 2.40 out of 5)
Loading...
Hardware

Find the Dell Service Tag Remotely

Windows with VNC/RDP

If you can login to the computer over VNC or RDP, you can use wmic to find the service tag:
start > run > cmd
On the command line, enter:
wmic bios get serialnumber

Windows without VNC/RDP

If you cannot login to the computer over VNC or RDP, you can still use wmic to find the service tag:
start > run > cmd
On the command line, enter:
wmic /node:computer-name-here bios get serialnumber
You may need to use /user:yourusername and /password:yourpassword to get access to the remote computer. Running wmic /? gives a pretty good manual on what wmic can do.

Other uses of wmic

wmic is a very useful tool for a lot of stuff. For instance wmic csproduct can tell you exactly what model the computer is and wmic nic list shows useful information about your network.

Linux

Under Linux, you can run dmidecode -s system-serial-number to get the serial number. This can be done locally or over ssh.

© GeekLabInfo Find the Dell Service Tag Remotely is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

Native IPv6: First steps

Today I made my first native IPv6 connection. I've been running Teredo/Miredo on my laptop for quite a while now, and I thought it was time to get a real IPv6 connection. I could use IPv6 autoconfiguration, but on a server you need a fixed IP.

Needed software

Install required packages that are not included in the Fedora default install:
yum install iproute2 ndisc6

Configuring manually

Configuring the network is not that much different from configuring an IPv4 address.

IPv4IPv6
ip addr add 1.2.3.4/24 dev eth0ip addr add 2001:1BE8:DEAD:BEEF::1a1a/64 dev eth0
ip route add default via 1.2.3.254ip route add default via 2001:1BE8:DEAD:BEEF::1

Now test it by pinging/tracerouting some known IPv6 services:

[root@localhost ~]# ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8003::69) 56 data bytes
64 bytes from 2a00:1450:8003::69: icmp_seq=1 ttl=58 time=7.19 ms
64 bytes from 2a00:1450:8003::69: icmp_seq=2 ttl=58 time=7.52 ms
64 bytes from 2a00:1450:8003::69: icmp_seq=3 ttl=58 time=6.98 ms
64 bytes from 2a00:1450:8003::69: icmp_seq=4 ttl=58 time=7.44 ms
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 6.989/7.287/7.525/0.227 ms
[root@localhost ~]# tracert6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:8003::69) from 2001:1be8:dead:beef::1a1a, 30 hops max, 60 bytes packets
1 2001:1be8:dead:beef::1 (2001:1be8:3f03:541::1) 1.024 ms 0.970 ms 1.036 ms
2 2001:1be8::310:1 (2001:1be8::310:1) 2.618 ms 2001:1be8::300:1 (2001:1be8::300:1) 2.583 ms 2001:1be8::310:1 (2001:1be8::310:1) 2.527 ms
3 pr61.ams04.net.google.com (2001:7f8:1::a501:5169:1) 2.865 ms 2.536 ms 2.184 ms
4 2001:4860::1:0:4b3 (2001:4860::1:0:4b3) 2.801 ms 3.156 ms 24.731 ms
5 2001:4860::2:0:66e (2001:4860::2:0:66e) 7.021 ms 6.830 ms 96.541 ms
6 2001:4860:0:1::31 (2001:4860:0:1::31) 7.092 ms 7.367 ms 12.089 ms
7 2a00:1450:8003::69 (2a00:1450:8003::69) 6.996 ms 7.550 ms 7.341 ms

Configure at boot time

Step 1. Enable IPv6 networking

vim /etc/sysconfig/network
then add (or replace):
NETWORKING_IPV6=yes

Step 2. Configure IPv6 addresses

vim /etc/sysconfig/network-scripts/ifcfg-eth0
then add the following lines:
IPV6INIT=yes
IPV6ADDR=2001:1BE8:DEAD:BEEF::1a1a/64
IPV6_DEFAULTGW=2001:1BE8:DEAD:BEEF::1

Step 3. Test

Run service network restart or reboot to test.
Warning: if you do this remotely, you may lose the connection. I first locked myself out of my test machine, but I always got a KVM switch attached or VMWare console.

Security

Please remember that using IPv6 also means that there's a new entrance to your network. Use ip6tables to set up a firewall.

Ubuntu/Debian

I'm running RedHat-based software on all of my machines. Above information may be useful for Ubuntu/Debian users, but it's not tested and I'm not supporting it.

Servers: RedHat Enterprise Linux/CentOS is more suitable for servers, as there's a lot of professional level support available. I think that's important, because if I say, get a car accident, I want the servers to be managable by another professional.

Desktops/Laptops: RPM packages are pretty exchangable between RedHat-based platforms. That's a good reason to run Fedora on the desktop.
© GeekLabInfo Native IPv6: First steps is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

Squid active directory authentication on Centos 5.6

Step 1. Install ntp and synchronize clocks

We'll be using winbind, kerberos and ntlm to authenticate the user. This requires the clocks of the AD server and the proxy server to be synchronized.
rpm -qa ntp || yum -y install ntp
sed -i "s/^server /#server /g" /etc/ntp.conf
echo "server YOURSERVERNAME" >> /etc/ntp.conf
ntpdate YOURSERVERNAME #synchronize right now
service ntpd start #and keep in sync
chkconfig ntpd on #after reboot as well

Step 2. Install required software

yum install krb5-workstation samba-common authconfig squid
chkconfig squid on

Step 3. Connect to active directory

Please note that MYCOMPANY.local and mycompany.local may be different domains due to the upper/lowercase.
ADSERVER=sbs.MYCOMPANY.local
DOMAIN=MYCOMPANY.local
WORKGROUP=MYCOMPANY
authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=$ADSERVER \
--krb5realm=$DOMAIN --smbservers=$ADSERVER --smbworkgroup=$WORKGROUP \
--enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=$DOMAIN \
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" \
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline \
--winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall

I found some information saying that /var/cache/samba/winbindd_privileged should be chowned 750 to root:squid or that you should add user squid to group wbpriv. Also, squid.conf should not have cache_effective_group defined. However, this part was not relevant on my Centos 5.6. The reason could be that I installed 5.4, then upgraded, i'm not sure. Just leaving it as a note.

Now check your winbind connection using the following commands:
wbinfo -u
wbinfo -g

Step 4. Configure squid

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
acl our_networks src 192.168.0.0/16
acl ntlm proxy_auth REQUIRED
http_access allow our_networks ntlm
authenticate_ip_ttl 900 seconds

This will allow all valid, logged in users to surf the web. You could also limit which users can surf by adding
--require-membership-of=ADGROUPNAME to the ntlm_auth command

Start Squid using /sbin/service squid restart and you're good to go.

You may want to check what else I'm writing on Squid. I'm planning to document a lot more in the next few weeks.

© GeekLabInfo Squid active directory authentication on Centos 5.6 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Desktop software

USB Video DVD Maker for Linux

Today I borrowed a USB video device, just to see if I can get it working on Linux. And I did! The device's package shows that is supports PAL (720x576@25fps) and NTSC (720x480 @ 30fps), but not much more.

According to lsusb, the device is built by eMPIA Technology, Inc and it has id eb1a:2861. Because I have another webcam attached, the device is connected to /dev/video1 is a character device with major 81 and minor 1. In the /sys filesystem, there's information on the device. I can find the right node using the next command:

cd /sys/dev/char/81:1

This is a symlink to (in my case) /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-5/2-5:1.0/video4linux/video1. In this directory, I find some more useful information. The file name tells me the device is actually a em28xx-based device.

The device has 2 inputs: a serie of RCA connectors with a composite signal and a SVideo connector. This is represented by showing two "sub-devices". The composite signal is /dev/video1, while the SVideo connector is /dev/vbi0.

To display the screen of my Sony* HDR-SR11 camera, I use the command:

mplayer -cache 128 -tv driver=v4l2:device=/dev/video1:input=1:width=720:height=576:outfmt=i420 tv://

* Yes, a Sony. And I'm really sorry. I bought it several years ago. I'm boycotting Sony nowadays.

© GeekLabInfo USB Video DVD Maker for Linux is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

iptables and dynamic DNS

Please read other posts in this section as well.
They may provide better options.

I just found back an old note about using iptables in combination with dyndns to open up access from a remote location. For instance, if you have a laptop that you take everywhere and you want to connect to your home or office. The script the other site suggested was broken, so let's write a new one.

Step 1: Create a new chain in the firewall

Create a new chain in the firewall where we can plug in the dynamic rules. On my Fedora machine, the firewall is located in /etc/sysconfig/iptables. I added the bold lines to this example.



*nat

:PREROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

<b>:DYNAMIC - [0:0]

-A INPUT -j DYNAMIC</b>

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

Step 2: Write a script

#!/bin/bash
 
HOSTNAME=myname.dyndns.org
CHECK_INTERVAL=60 #once a minute
 
/sbin/iptables -F DYNAMIC #flush all existing rules
IP="" #initialize $IP
while [ true ]; do
    OIP=$IP
    IP=$(host $HOSTNAME | grep -iE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" |cut -f4 -d' '|head -n 1)
    if [ "$OIP" != "$IP" -a "$IP" != "" ]; then
         echo "Changing ip to $IP"
         /sbin/iptables -F DYNAMIC #flush all old rules
         /sbin/iptables -I DYNAMIC -s $IP -j ACCEPT #the new rule
    fi
    sleep $CHECK_INTERVAL
done

In this case, the firewall accepts all traffic from $IP, but of course you could restrict it to 1 port. Also, I focussed on IPv4, but you could easily rewrite this script to IPv6 using ip6tables. I saved the file to /usr/local/bin/dynfirewall.sh

Step 3: Run the script

I'd prefer running the script from inittab, but since Fedora doesn't work like this anymore, I put the following line in /etc/rc.d/rc.local:

/usr/local/bin/dynfirewall.sh >>/var/log/dynfirewall 2>>/var/log/dynfirewall &

Please don't forget the ampersand at the end to fork the script!!

© GeekLabInfo iptables and dynamic DNS is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...