Mirabellette.eu

A blog about digital independence and autonomy

Ubuntu 17.10 - tools and configuration

Written by Mirabellette / 01 january 2018 / no comments

I bought a new computer last year and I had to choice to install a new operating system. I am waiting for Qubeos 4.1 (x.0 are most of the time fucked up).
I choice to use Ubuntu 17.10 because packages are quite new and it is easy to use. To get an operative system fully usable, I had to do configure it and do some trick to get it as I want.

You can find below some tools I installed and some configuration I did.

First of all, the first thing you had to know is Ubuntu 17.10 has Gnome installed. Unity was give up by Ubuntu Inc. Astonishingly, even if it is the first release with Gnome, it works pretty well.

Display full date to toolbar

I wanted to display the full date to my toolbar.

sudo apt-get install gnome-tweak-tool

Launch tweaks
Top Bar > clock > Date > Calendar > Show week numbers

An ebook reader

There is no ebook reader by default in Ubuntu 17.10. Calibre is the most famous of them.

sudo apt update && sudo apt install calibre

Network manager

Network manager is installed on Ubuntu 17.10. I don't really like it because it changes your configuration. I try to disable these modifications in order to have a better control.
Randomize your MAC network address
Ubuntu allows by design to generate a random network MAC address at each network connection. It is a basic privacy settings which could help you to prevent mac address ban or to increase the difficulty to track your habits.

vim /etc/NetworkManager/conf.d/30-mac-randomization.conf
[device-mac-randomization]
# "yes" is already the default for scanning wifi.scan-rand-mac-address=yes

[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random

To be sure if works well,

ifconfig && service network-manager restart && sleep 5 && ifconfig

The mac addresses from your ethernet interface and wifi interface must be different from the first ifconfig result displayed.
sources:

Disable automatic update of /etc/resolv.conf
When you want to use a specific dns, you have to modify /etc/resolv.conf. NetworkManager modifies this file each time it started. To avoid that:

vim /etc/NetworkManager/NetworkManager.conf
[main]
dns=none

service network-manager restart

To be sure if works well,
cat /etc/resolv.conf
The previous /etc/resolv.conf must be displayed.
sources:

Disable the DNS resolver
Ubuntu comes with his own resolver integrated in Systemd, I don't need it.

systemctl disable systemd-dns
systemctl stop systemd-dns

Speed test in command line

Sometimes it could be useful to measure your bandwidth in CLI.

sudo apt install speedtest-cli
speedtest-cli

Show display picture from others components (usb key, sd cards)

By default, Nautilus shows miniature only from local computer. It could be unconvenient when you have a usb driver which contains pictures. To enable this feature for all devices:
open nautilus (files) > preferences > search & preview > thumbmails > all files

Show information system

If you want to find some information about your own system configuration.
System Settings > Details > about

Classified in : Tricks / Tags : none

Searx 0.12 to 0.13.1 and configuration

Written by Mirabellette / 18 december 2017 / no comments

Hello everyone,

I just upgraded the version of Searx from 0.12 to 0.13.1. The upgrade was quite easy, it needed me around 30 minutes to upgrade it and to verify if everything was ok. If you followed the standard installation, you just have to follow these steps bellow to upgrade it:

sudo -u searx -i
cd /usr/local/searx
mv searx/settings.yml searx/settings.yml.old #(to keep your previous configuration
git pull
# copy your own settings from searx/settings.yml.old to searx/settings.yml
rm searx/settings.yml.old #not needed anymore virtualenv searx-ve
. ./searx-ve/bin/activate
pip install -r requirements.txt
python setup.py install
#exit the virtual_env

Now your application is upgraded, you just have to restart the service with:

sudo /etc/init.d/uwsgi restart

I also add some search engine which respect privacy enable by default like duckduckgo, xquick, qwant, startpage, ixquick.

I hope this article was useful for you to upgrade your version of Searx. I am aware I have a Captcha issue with Google, I am working on it.

Have a nice day

Two new services available for you: Lufi and Searx

Written by Mirabellette / 30 november 2017 / no comments

Hello everyone,

Some months since I hadn't published anything, I know that is a very long time ago. :( I had a lot of things to do. Of course, I work and learn new things. For myself and in order to continue to be autonomous about services I used, I hosted two new services for myself. Lufi and Searx.
If I hosted them for myself, I had to share access them to others, It just normal I think, give and receive. You can access to the instances

Lufi

*from the official git repository
Lufi means Let's Upload that FIle. Lufi is tested and working on the following browsers / devices :
  • Firefox
  • Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Safari
  • iOS devices (ipad, iphone)
  • Android devices (Galaxy tab, Galaxy S8)

It stores files and allows you to download them. Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-)

To install it, I mainly used a tutorial created by Framasoft and these contributors. In parallel, I always see the official installation guide before doing anything. Lufi is not so easy to install because it uses Websocket and it is very painful to configure the web server correctly.
configuration
I deliberately choose to allow storage to one week. My Lufi instance must no be dedicated to store files for a long period but to exchange them quickly and securely.
sources

Searx

Searx is a free metasearch engine with the aim of protecting the privacy of its users. If you want to choose searx as default search engine to Firefox, you have to install add-to-search addon.

At the end of the installation, you can get a page which tell you page not found. You can find a solution here, you just have to add a rewrite rule to apache2.
RewriteEngine on
RewriteRule "^/$" "/searx/" [R]
<Location /searx>
 Options FollowSymLinks Indexes
 SetHandler uwsgi-handler
 uWSGISocket /run/uwsgi/app/searx/socket
</Location>
configuration
Searx can also be used as web proxy in order to replace your IP by the server's IP. I disable this feature to avoid any problem because If my IP server was associated to a questionable navigation.
sources

Other maintenance stuff and improvements

I upgrade the Privatebin instance from 1.0.1 to 1.1.1. This update fix an security issue. Even if the version available is not vulnerable, I take no risk and upgrade it. Moreover, application version currently deployed are now display in the services page. I know it is not recommend because it helps attacker to know the version but there are a lot of other way to discover it. I hope users will check before using services in order to see if they are updated or not and choose to use them knowing that. You can also found the date of availability.

Disclaimer

The same last words. Could you please didn't forget to not do anything wrong or use them in an abusing way; I hope you will enjoy these news services as I do. Have a good day,
Mirabellette

Dominate yours pdfs with pdftk

Written by Mirabellette / 21 october 2017 / no comments

Hello everyone,

Introduction

I recently have to do a lot of administration stuff. To do that, I often need to manipulate pdf documents, merge them or extract some parts. I wanted to share an extraordinary tool that I recently discover last week : pdtfk

Installation

System where the soft is installed : linux desktop 4.9.0-4-amd64 - x86_64 GNU/Linux
apt-get install pdftk

Usage

It is very easy to understand how it works and how to use it. You can find below two commands really useful that I used.

The first one is used to merge pdf
pdftk file1.pdf file2.pdf cat output file-result.pdf

The second one is used to extract some page from a document. In the example below, I ask to extract only the page 2 and 3.
pdftk big_file.pdf cat 2-3 output file_with_page_2_and_3.pdf

Of course, this tool can do a lot of other things with your pdf. Do not hesitate to read the documentation at https://www.pdflabs.com/docs/pdftk-cli-examples/.You can also find some examples here too.

Have a good day,
Mirabellette

sources


Classified in : Tricks / Tags : none

Examples of script to renew automaticaly web certificates with let's encrypt

Written by Mirabellette / 13 october 2017 / no comments

Hello everyone,

I know it is a very long time that I didn't post any article but life is life. ^^
Today, I wanted to share two scripts I used to renew my web certificates with let's encrypt. I know there is a lot of documentation about that, but it could help some of you to keep some time.

Generation web certificates with a specific domain name

The script browses the given file and ignore the line which begin with # or ----------. These symbols are used in the given file to make the text easier to read. Each line is one of my domains name or sub domains I managed. I just have to add a new one to this list to be sure the certificate of this new domain name will be automatically renewed.

#!/bin/bash
# file : /root/certs/renew-webcert.sh
# Renew all certificates which are in the given file
logFile="/var/log/renew-cert.log"

serverName=$1
while read c ; do
 if [[ ${c} != "#"* ]]; then
  if [[ ${c} != "----------" ]]; then
   echo $c
   echo "/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect" | tee -a $logFile
   /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect
  fi
 fi
done <$serverName
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/serverName
toto.example.org
#titi.example.org
----------
tata.example.org

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert.sh /root/certs/serverName
Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

A single web certificate with multiple domain name

The second one is very similar to the first one. The main difference is that it creates a single certificate with multiple domain name and do not get a domain name from a file given as parameter.

#!/bin/bash
# file : /root/certs/renew-webcert-mirabellette.sh
logFile="/var/log/renew-cert-mirabellette.log"

serverName="server-name-mirabellette"
cmdRenew="/opt/letsencrypt/letsencrypt-auto --apache --rsa-key-size 4096 --uir --redirect"
while read domainName ; do
 if [[ ${domainName} != "#"* ]]; then
  if [[ ${domainName} != "----------" ]]; then
   echo $domainName
   cmdRenew="$cmdRenew -d $domainName"
  fi
 fi
done <$serverName

echo ${cmdRenew}
${cmdRenew}
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/server-name-mirabellette
blog.mirabellette.eu
privatebin.mirabellette.eu
#lufi.mirabellette.eu

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert-mirabellette.sh

Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

sources:
I hope this article gave you some ideas to easily manage how to renew your web certificate.

Classified in : Apache / Tags : none