Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • MD1032 3:56 pm on September 27, 2021 Permalink  

    Open VNC virt-viewer (.vv) files on macOS 

    I tried to use virt-viewer from homebrew but it didn’t work properly. Instead I decided to write an Automator App that reads the contents of the .vv file and opens the macOS built-in VNC viewer.

    Create a new Automator Application, and add the “Run Shell Script” action and choose to pass input as arguments. Select bash as the shell and enter the following code:

    /usr/bin/env python3 <<'EOF' - "$@"
import configparser
import sys
import os
import urllib.parse

config = configparser.ConfigParser()
config.read(sys.argv[1])
password = urllib.parse.quote(config['virt-viewer']['password'].encode('utf8'), safe='')
os.system("open vnc://:"+ password + "@" + config['virt-viewer']['host'] + ":" + config['virt-viewer']['port'])
EOF

    Save the action under /Applications. In Finder, open the .vv file with this new app and choose to always open this file extension with it. Now when you double click on a .vv file in Finder, it should open the VNC console.

     

  • MD1032 1:55 pm on July 8, 2020 Permalink  

    This copy of the Install macOS Catalina application is damaged 

    I recently needed to reinstall macOS via USB stick on a laptop that has not been used for a while. I was able to boot from the USB, but when running the installer I was greeted with the “This copy of the Install macOS Catalina application is damaged…” message. Curiously, the same USB stick worked fine on another Macbook.

    During the time in storage the laptop battery ran out of power completely and the system clock was reset to Jan 1 2019. Using the “Utilities – Terminal” window I was able to set it to today’s date with the “date” command.

    It is probably related to a signature on the Installer image that is only valid from a certain starting date.

     

  • MD1032 12:10 pm on August 17, 2015 Permalink  

    FreeRADIUS two factor authentication (OTP and Password) 

    MultiOTP is a tool to verify one-time passwords from hardware or software HOTP or TOTP devices. In the README they describe how to set up FreeRADIUS for OTP verification. By default, MultiOTP requires entering a 4 digit personal PIN plus the token (usually 6 digits). For better security in multi-factor authentication (MFA), it’s a good idea to use a stronger password than a 4 digit PIN and concatenate it with the OTP. Combining the password and token in one field allows two factor authentication for a lot of older devices that don’t support multiple authentication challenges natively.

    In order to do that, we create a user in FreeRADIUS with an encrypted password. We configure FreeRADIUS for multiOTP according to the instructions. We set “request_prefix_pin=0” in the multiOTP user config file and in multiotp.ini to disable the PIN check.

    Then we change the “authorize” section in FreeRADIUS config “sites-available/default” to:

    authorize {
        if (User-Password =~ /^(.*)([0-9]{6})$/) {
                update request {
                        User-Password := "%{2}"
                }
                multiotp.authenticate
                if (ok) {
                        update request {
                                User-Password := "%{1}"
                        }
                }
        } else {
                reject
        }
        files 
        expiration
        pap
}

    The password of an incoming request is now split into password and 6 digit token via regex. The second match (OTP) is authenticated against the multiotp backend. If successful, the token is stripped from the password for further processing. If the token or the password format is incorrect, the request is rejected.

    After the OTP has been validated, we read the user accounts, password and expiration times from the “users” file using the “files” module. After the expiration check, the password is validated via PAP.

     

    • multiOTP 3:26 am on August 29, 2015 Permalink

      Hello,

      Nice configuration, we hope that multiOTP satisfies your needs. Please note that even if multiOTP is talking about PIN code, we are supporting long passwords as the PIN.

      It’s also possible to synchronize the users of multiOTP with an AD/LDAP, and i nthis case, the prefix password is the AD/LDAP password.

      Best regards,

      Andre

    • multiOTP 3:31 am on August 29, 2015 Permalink

      multiOTP open source is now also available as a ready to use virtual appliance!
      Best regards, and don’t hesitate to send us suggestions!
      Andre

  • MD1032 9:40 pm on April 11, 2015 Permalink  

    Nomachine reports “ERROR: Unsupported operating system ‘linux'” 

    I’m trying to install Nomachine NX Enterprise Server on Ubuntu, and the installation of the .deb package fails with:

    NX> 704 ERROR: Unsupported operating system 'linux'

    After looking at the install script, I found a simple solution:

    sudo touch /etc/debian_version

     

  • MD1032 7:12 pm on October 29, 2014 Permalink  

    Two-factor authentication for mySQL users 

    I want to authenticate mySQL users with a password and a token on Ubuntu, so I figured out a way to do this using MariaDB, PAM and Google Authenticator.

    First we need a plugin for mySQL that can authenticate users against PAM. The non-free enterprise version of mySQL has authentication_pam.so. I’m not an Enterprise customer, so I decided against this one.

    A free implementation is available from Percona . To make it work with Oracle mySQL, the plugin auth_pam_compat.so must be used. The problem with this plugin is that cleartext passwords must be enabled in the mySQL client. I didn’t like that idea so I replaced Oracle mySQL with MariaDB.

    sudo apt-get install mariadb-server mariadb-client

    Verify that MariaDB runs fine. Then follow the installation guide for the Percona auth_pam.so plugin. Install some dependencies first:

    sudo apt-get install libpam-dev libmysqlclient-dev automake autoconf libtool build-essential bzr

    then checkout the plugin source from launchpad via bazaar, ./bootstrap, ./configure, make, sudo make install. Load the plugin via /etc/mysql/my.cnf:

    [mysqld]
    plugin-load=auth_pam.so

    and restart the mySQL server. Create a mySQL user according to the Percona installation instructions. It has to be a local system user and it must use the auth_pam plugin. Now install Google Authenticator on Ubuntu and on your smartphone.

    sudo apt-get install libpam-google-authenticator pamtester
    google-authenticator

    Say yes to all questions and take a picture of the QR code using the phone. Then create a directory for the token files:

    sudo mkdir -p /var/lib/mysql-2fa/USERNAME
    sudo mv /home/USERNAME/.google_authenticator /var/lib/mysql-2fa/USERNAME
    sudo chown mysql. -R /var/lib/mysql-2fa

    This is necessary as the Google Authenticator PAM plugin will run as the “mysql” user, which has no access to the token files in user’s home directories. Edit /etc/pam.d/mysqld :

    auth required pam_google_authenticator.so forward_pass secret=/var/lib/mysql-2fa/${USER}/.google_authenticator user=mysql
    auth required pam_unix.so use_first_pass
    account required pam_unix.so

    (the file has a total of three lines, what looks like the first two lines above needs to be in one line)

    Now mySQL needs to access some files related to PAM. Edit /etc/apparmor.d/usr.sbin.mysqld and add:

    /etc/pam.d/mysqld r,
    /lib/x86_64-linux-gnu/security/pam_*.so m,
    /lib/security/pam_google_authenticator.so m,
    /etc/pam.d/* rm,
    /etc/login.defs r,
    /etc/shadow r,
    /var/lib/mysql-2fa/** rwk,

    The mysql user also needs to be part of the ‘shadow’ group:


    adduser mysql shadow

    Try to authenticate using pamtester:

    # sudo -u mysql pamtester -v mysqld my_username authenticate
    pamtester: invoking pam_start(mysqld, my_username, ...)
    pamtester: performing operation - authenticate
    Password & verification code:
    pamtester: successfully authenticated

    Check /var/log/auth.log for any errors. Everything works? Connect to the database with two factor authentication (concatenate password and token):

    # mysql -u my_username -p
    Enter password:
    Welcome to the MariaDB monitor. Commands end with ; or \g.
    Your MariaDB connection id is 1603
    Server version: 5.5.39-MariaDB-0ubuntu0.14.04.1 (Ubuntu)

    Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    MariaDB [(none)]>

    Wohoo!

     

    • Simon 7:22 pm on March 10, 2020 Permalink

      Hello. I know this was written a while back. But my query is how does this affect applications using the database?

  • MD1032 3:49 pm on August 16, 2014 Permalink  

    Disable annoying pop-up messages in VirtualBox 

    Run from command line:

    VBoxManage setextradata global GUI/SuppressMessages "all"

     

    • BillV 3:18 am on July 1, 2016 Permalink

      This doesn’t seem to work in VirtualBox 5.0.20 and 5.0.22 and looking at the change log for 5.0.24 it isn’t addressed. The xml file shows that running the above command indeed set the parameter to “all” but VirtualBox ignores it somehow.

  • MD1032 6:20 pm on November 7, 2013 Permalink  

    3G USB stick Huawei E169/E620/E800 HSDPA in Linux 

    Simply install the “wvdial” package and edit /etc/wvdial.conf:


    [Dialer Defaults]
    Phone = *99***1#
    Username = username
    Password = password
    Stupid Mode = 1
    Dial Command = ATDT

    [Dialer hsdpa]
    Modem = /dev/ttyUSB0
    Baud = 460800
    Init2 = ATZ
    Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
    ISDN = 0
    Modem Type = Analog Modem

    Then run “wvdial hsdpa” and you should be connected. I didn’t have to specify the Optus APN anywhere.

     

  • MD1032 2:35 pm on July 24, 2013 Permalink  

    CurlFTPfs: 95 Operation not supported 

    I’ve been using curlFTPfs with rdiff-backup and ran across this problem when creating the remote backup log file:

    ftpfs: operation ftpfs_open failed because Operation not supported
    unique: 889, error: -95 (Operation not supported), outsize: 16

    The curlFTPfs author says:

    “Be aware that some applications might not
    be able to “save” files on curlftpfs from 0.9.2 on, because
    we don’t support open(read+write) or open(write) and seek
    anymore.”

    Looking at /usr/lib/python2.7/dist-packages/rdiff_backup/log.py around line 76:

    try: self.logfp = rpath.open("a")
except (OSError, IOError), e:
   raise LoggerError("Unable to open logfile %s: %s"
         % (rpath.path, e))

    The file is opened with the append flag (“a”), which is write and seek. Replacing it with “w” fixes the problem, but truncates the log file, which is fine with me.

     

  • MD1032 8:30 pm on December 12, 2012 Permalink  

    OpenStack “backing file” cleanup script 

    Sometimes OpenStack leaves the “backing file” of the sparse root filesystem behind after a VM is destroyed. Those files are located in /var/lib/nova/instances/_base/ and can use up hundreds of GB. To find out which of those backing files are orphans and delete them, someone has posted a script, which I slightly improved:

    #!/bin/sh
cd /var/lib/nova/instances
find -name "disk*" | xargs -n1 qemu-img info | grep backing | sed -e 's/.*file: //' -e 's/ .*//' | sort | uniq > /tmp/ignore
while read i; do
ARGS="$ARGS \( \! -path $i \) "
done < /tmp/ignore
eval "find /var/lib/nova/instances/_base/ -type f $ARGS -delete"

    Someone in the original post claimed that adding remove_unused_base_images = True to nova.conf would do this automatically, however I could not reproduce that on Folsom.

     

  • MD1032 1:33 pm on November 10, 2012 Permalink  

    How to create a bootable volume in Openstack Folsom 

    Wouldn’t it be nice to have the root filesystem of your Openstack VM inside a volume? This way you could install a lot of packages on the root partition without spreading the files over several volumes. You could take a snapshot of the entire system (OS & data) and boot right off it.

    Openstack Folsom supports this feature. Here’s how you can create your own bootable volume:

    • On your desktop machine, download the cloud image of the OS that you want to boot from a volume. I chose Ubuntu 12.10:
    • wget http://cloud-images.ubuntu.com/releases/quantal/release/ubuntu-12.10-server-cloudimg-amd64-disk1.img
    • Now convert it to RAW format using qemu-img
    • qemu-img convert -O raw ubuntu-12.10-server-cloudimg-amd64-disk1.img ubuntu-12.10-server-cloudimg-amd64-disk1.raw
    • Start up a regular VM from the Ubuntu cloud image (or any other image you have)
    • Create a volume (that you later want to boot from) and attach it to the VM
    • SSH into the VM and become root
    • check if your volume is attached with fdisk -l. The volume device name is /dev/vdb in my case
    • ssh into your desktop machine (or wherever you have the RAW image)  from the VM and write the image data directly into the volume device
    • ssh user@desktop cat ubuntu-12.10-server-cloudimg-amd64-disk1.raw > /dev/vdb

    If you want your root partition to be larger than 2GB, you can now resize it to the volume size. To do that, start parted, get the partition information, delete (!) the partition, create a new one with the same “start” value, but with (total size-1) as the end value. Partition type is “primary”, filesystem “ext4”.


    root@3:/home/ubuntu# parted /dev/vdb
    GNU Parted 2.3
    Using /dev/vdb
    Welcome to GNU Parted! Type 'help' to view a list of commands.
    (parted) unit B
    (parted) p
    Model: Virtio Block Device (virtblk)
    Disk /dev/vdb: 21474836480B
    Sector size (logical/physical): 512B/512B
    Partition Table: msdos

    Number Start End Size Type File system Flags
    1 8225280B 2146798079B 2138572800B primary ext4 boot

    (parted) rm 1
    (parted) mkpart
    Partition type? primary/extended? p
    File system type? [ext2]? ext4
    Start? 8225280
    End? 21474836479
    Warning: The resulting partition is not properly aligned for best performance.
    Ignore/Cancel? i

    (parted) set 1 boot on
    (parted) p
    Model: Virtio Block Device (virtblk)
    Disk /dev/vdb: 21474836480B
    Sector size (logical/physical): 512B/512B
    Partition Table: msdos

    Number Start End Size Type File system Flags
    1 8225280B 21474836479B 21466611200B primary ext4 boot

    (parted) q
    Information: You may need to update /etc/fstab.

    Now you can detach the volume in Horizon and create a new instance. Choose “Boot from Volume” in “Volume Options” and choose your volume. You may also take a snapshot of the volume first, if you want to preserve it in a fresh state for later. You still need to choose an image in the “Details” section, which makes no sense in this case, since the VM is entirely booted off the volume.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel