never try to help anyone, give advice, or lend them anything... just general rules I keep failing to live by and constantly regretting it.
/shortrant
Sunday, January 31, 2010
Gentoo Netbook - eeepc 1000HE
Since i've been asked by a few people, here are the configuration specs for Gentoo on the ASUS eeepc 1000HE netbook.
The section of the make.conf that references layman is just for extra tools, I like some of the software in the sunrise overlay and the pentoo overlay is excellent for hacktop programs. Neither are necessary to have a functioning gentoo netbook build.
Desktop environment - Fluxbox
Browser - Midori
e-mail client - Sylpheed
Networking - command line only (wpa supplicant script)
UPDATED 04/26/2010
-----------------------
Kernel: linux-x86-2.6.32-gentoo-r7
-----------------------
CFLAGS="-O2 -march=core2 -mtune=generic -mssse3 -mfpmath=sse -fomit-frame-pointer -pipe"
CXXFLAGS="${CFLAGS}"
REDUX="-xscreensaver -abiword -ipv6 -kde -xfce -qt -qt4 -ldap -accessibility -samba -bluetooth"
USE="X nsplugin dbus sqlite sqlite3 bash-completion alsa ssl mmx mmxext sse sse2 sse3 ssse3
laptop apache2 java fluxbox mssql mysql snmp vnc gtk nessus samba svg gnutls hal acpi
offensive truetype vim-syntax spell branding jpg jpeg png aim msn jabber tls ${REDUX}"
INPUT_DEVICES="evdev keyboard mouse synaptics"
VIDEO_CARDS="intel i915"
MAKEOPTS="-j3"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_TMPDIR="/dev/shm"
BUILD_PREFIX="/dev/shm"
LINGUAS="en"
ACCEPT_LICENSE="*"
FEATURES="ccache userfetch parallel-fetch"
CCACHE_DIR="/var/tmp/ccache"
CCACHE_SIZE="8G"
_________________________________________________________________
OLD CONFIG INFO:
-----------------------
Kernel: linux-x86-2.6.30-gentoo-r8
-----------------------
Kernel config --> http://7x7.us/UV9
The section of the make.conf that references layman is just for extra tools, I like some of the software in the sunrise overlay and the pentoo overlay is excellent for hacktop programs. Neither are necessary to have a functioning gentoo netbook build.
Desktop environment - Fluxbox
Browser - Midori
e-mail client - Sylpheed
Networking - command line only (wpa supplicant script)
UPDATED 04/26/2010
-----------------------
Kernel: linux-x86-2.6.32-gentoo-r7
-----------------------
#/etc/make.conf#
CHOST="i686-pc-linux-gnu"CFLAGS="-O2 -march=core2 -mtune=generic -mssse3 -mfpmath=sse -fomit-frame-pointer -pipe"
CXXFLAGS="${CFLAGS}"
REDUX="-xscreensaver -abiword -ipv6 -kde -xfce -qt -qt4 -ldap -accessibility -samba -bluetooth"
USE="X nsplugin dbus sqlite sqlite3 bash-completion alsa ssl mmx mmxext sse sse2 sse3 ssse3
laptop apache2 java fluxbox mssql mysql snmp vnc gtk nessus samba svg gnutls hal acpi
offensive truetype vim-syntax spell branding jpg jpeg png aim msn jabber tls ${REDUX}"
INPUT_DEVICES="evdev keyboard mouse synaptics"
VIDEO_CARDS="intel i915"
MAKEOPTS="-j3"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_TMPDIR="/dev/shm"
BUILD_PREFIX="/dev/shm"
LINGUAS="en"
ACCEPT_LICENSE="*"
FEATURES="ccache userfetch parallel-fetch"
CCACHE_DIR="/var/tmp/ccache"
CCACHE_SIZE="8G"
_________________________________________________________________
OLD CONFIG INFO:
-----------------------
Kernel: linux-x86-2.6.30-gentoo-r8
-----------------------
#/etc/make.conf#
CFLAGS="-O2 -march=core2 -mtune=generic -fomit-frame-pointer -pipe"
CXXFLAGS="${CFLAGS}"
CHOST="i686-pc-linux-gnu"
REDUX="-abiword -ipv6 -gnome -kde -xfce -qt"
USE="X sqlite sqlite3 bash-completion alsa ssl mmx mmxext sse sse2 sse3 ssse3 fluxbox ${REDUX} mssql mysql snmp vnc gtk nessus samba svg gnutls hal acpi truetype vim-syntax spell jpg jpeg png"
LINGUAS="en"
INPUT_DEVICES="evdev keyboard mouse synaptics"
VIDEO_CARDS="intel i915"
FEATURES="ccache"
CCACHE_DIR="/var/tmp/ccache"
CCACHE_SIZE="4G"
GENTOO_MIRRORS="rsync://192.168.168.144:873"
source /usr/local/portage/layman/make.conf
-------------------------------------------------#/usr/local/portage/layman/make.conf#
PORTDIR_OVERLAY="
/usr/local/portage/layman/sunrise
/usr/local/portage/layman/pentoo
$PORTDIR_OVERLAY
"
-------------------------------------------------Kernel config --> http://7x7.us/UV9
Saturday, January 30, 2010
Iptables Blacklist
I randomly decided to check on my home server's logs and general status today, I haven't been using it for much lately so its just been sitting there open to the world.. of-course with some basic security running on it.
694 ip addresses have been added to the blacklist since sometime last fall via customized portsentry and iptables, which is both awesome and a little crazy.
Essentially all traffic to my network hits this box first (Gentoo Linux built on an old dell server), and portsentry is running in paranoid mode with the following ports on alert:
and set to execute:
Whenever an outside system hits any of those ports for any reason (portsentry actually calls a script called banhammer.sh that contains that command along with a few other minor details). That iptables script adds the source IP address to the blacklist chain (which all input other than ssh is sent to), which in turn logs and drops any matched IP address attempting to connect.
So, 694 attempted unauthorized connections or portscans in the last few months, not one successful intrusion, I suppose that's not a bad record to have for a development box sitting in my living-room thats not really being used for much right now.
-------
Note: I dont use this setup for any production boxes, just for fun security metrics. In production i recommend a little linux security daemon called "fail2ban"... but that's another story.
-------
This has actually be a bit of a fun game, I have a system that uses automated blacklists like this as well as running intentionally vulnerable software. The issue being that most people can't get enough information to find the vulnerabilities before getting banned, even if they rotate ip addresses. Again.. not production... but fun.
694 ip addresses have been added to the blacklist since sometime last fall via customized portsentry and iptables, which is both awesome and a little crazy.
Essentially all traffic to my network hits this box first (Gentoo Linux built on an old dell server), and portsentry is running in paranoid mode with the following ports on alert:
TCP_PORTS="11,15,21,23,79,110,111,119,135,143,161,445,540,635,1080,1524,2000,2222,3306,3389,5742,6667,11698,12345,12346,20034,27665,31337,32771,32772,32773,32774,35175,40421,43966,48618,43548,49655,49724,50070,50344,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"
and set to execute:
#iptables -A INPUT -s $1 -j BLACKLIST
Whenever an outside system hits any of those ports for any reason (portsentry actually calls a script called banhammer.sh that contains that command along with a few other minor details). That iptables script adds the source IP address to the blacklist chain (which all input other than ssh is sent to), which in turn logs and drops any matched IP address attempting to connect.
So, 694 attempted unauthorized connections or portscans in the last few months, not one successful intrusion, I suppose that's not a bad record to have for a development box sitting in my living-room thats not really being used for much right now.
-------
Note: I dont use this setup for any production boxes, just for fun security metrics. In production i recommend a little linux security daemon called "fail2ban"... but that's another story.
-------
This has actually be a bit of a fun game, I have a system that uses automated blacklists like this as well as running intentionally vulnerable software. The issue being that most people can't get enough information to find the vulnerabilities before getting banned, even if they rotate ip addresses. Again.. not production... but fun.
Friday, January 29, 2010
Linux OCD #1
The moment I heard about the Droid phone was the moment I decided I needed a smartphone and no other option had a chance, after all it was pretty, powerful, and ran Linux...
So for a few months I enjoyed playing with the phone as it came, enjoying all the fancy features and its open development marketplace, but of-course it was only a matter of time before it began to become too normal, and the few limitations in the device began to stand out more and more; It made me have the familiar urge to try a different distro.. (or just run gentoo).. but ofcourse its a phone, it will run android, not normal Linux distros (yet).
Then I stumbled across the Droid hackers... salvation.
Rooting, kernel modding, flashing new roms, changing app sets... Now i can obsess over customizing my phone just like I do with any other Linux system, which is what i've been doing for the last couple of days in my spare time. My Droid is now rooted, has an awesome backup system, its prettier, its overclocked with the kernel cpu scaling governor, uses different system apps, can tether...
obsessive compulsive system tweaking status: temporarily satisfied.
Links:
http://alldroid.org/viewtopic.php?f=210&t=1556 [SmokedGlass Rom, my current favorite of the available roms]
http://alldroid.org/viewtopic.php?f=210&t=792 [DroidRootHelper, everything made insanely easy, its in the app market]
So for a few months I enjoyed playing with the phone as it came, enjoying all the fancy features and its open development marketplace, but of-course it was only a matter of time before it began to become too normal, and the few limitations in the device began to stand out more and more; It made me have the familiar urge to try a different distro.. (or just run gentoo).. but ofcourse its a phone, it will run android, not normal Linux distros (yet).
Then I stumbled across the Droid hackers... salvation.
Rooting, kernel modding, flashing new roms, changing app sets... Now i can obsess over customizing my phone just like I do with any other Linux system, which is what i've been doing for the last couple of days in my spare time. My Droid is now rooted, has an awesome backup system, its prettier, its overclocked with the kernel cpu scaling governor, uses different system apps, can tether...
obsessive compulsive system tweaking status: temporarily satisfied.
Links:
http://alldroid.org/viewtopic.php?f=210&t=1556 [SmokedGlass Rom, my current favorite of the available roms]
http://alldroid.org/viewtopic.php?f=210&t=792 [DroidRootHelper, everything made insanely easy, its in the app market]
Thursday, January 28, 2010
blag
So, this being the first post it can not be useful or meaningful in any way, therefor the obligatory first post statement follows:
This will be a place for me to dump random info that pops into my head... mostly tech junk, but we'll see.
This will be a place for me to dump random info that pops into my head... mostly tech junk, but we'll see.
Subscribe to:
Posts (Atom)