Why can’t I get two access points to work at the same time?

Wow both the article and the comments provide incorrect setups to resolve the issue. The article itself isn’t wrong, but it’s incomplete. The comment below it suggesting to connect the access points in series is completely wrong and will cause a problems down the line.

When expanding a wireless network coverage, you pretty much have two options: multiple access points versus wireless repeater. Your network setup is more efficient if you choose multiple access points, but sometimes it may not be feasible and I’ll explain why later.

Since you have one router and two access points, I am assuming that both access points are connected via WIRE to the router. On both access points, you must disable DHCP and firewall functions. On both access points, they must both use WEP or WPA (not combination). On both access points, they must have identical SSID. On both access points they must have identical subnet and gateway. However the two access points MUST differ in IP address in the last number: X.X.X.Y and X.X.X.Z. Notice that X.X.X must be identical. Y and Z must be different. Also, the two access points MUST differ in wireless channel, preferably 3 channels apart: 1 & 6, 3 & 8, etc. The IP addresses, subnets, and gateway must be within the range of IP addresses allowed by the ROUTER.

Credits: Martin at May 28, 2010 4:18 PM

Compilar kernel 2.6.35 no Linux Mint

1)Obter o último kernel através deste www.kernel.org

2)Aceder directória /usr/src, como utilizador root:

# sudo mv /linux-2.6.35.tar.bz2 /usr/src/

# cd /usr/src/

# sudo su 

3)Descompactar e criar o link simbólico ‘linux’

# tar -jxvf linux-2.6.35.tar.bz2

# ln -sf linux-2.6.35 linux

# cd linux 

* Como esse kernel é específico para minha máquina, usarei o make seguido da opção ‘localmodconfig’:

# make localmodconfig 

* teclar no ENTER em todas as opções.

4)Iníciar a compilação:

* Comando para multi-core:

# INSTALL_MOD_STRIP=1 CONCURRENCY_LEVEL=3 fakeroot make-kpkg –initrd –append-to-version=-custom –revision=+1.0 kernel_image kernel_headers 

* Comando para single-core:

# fakeroot make-kpkg –initrd –append-to-version=-custom –revision=+1.0 kernel_image kernel_headers 

* em ‘–append-to-version=-custom‘, substituam ‘-custom‘ pelo que quiserem, da mesma forma para a opção –revision=+1.0, se desejarem retirem essas opções, nesse caso ficaria assim:

# fakeroot make-kpkg –initrd kernel_image kernel_headers 

5)Após a conclusão e criação dos .debs, saír da pasta de trabalho e efectuar a instalação

# cd ..

# ls

# dpkg -i linux-headers-2.6.35-custom_+1.0_i386.deb 

# dpkg -i linux-image-2.6.35-custom_+1.0_i386.deb

# apt-get -f install 

6)Agora temos que criar o initrd, o responsável por carregar nossos módulos na inicialização do sistema. Aqui tem uma curiosidade, no debian ainda usamos o utilitario mkinitrd, no ubuntu esse utilitario não é mais utilizado por estar defasado, o utilitario usado agora é o mkinitramfs

#mkinitramfs -o /boot/initrd.img-2.6.25.6-custom 2.6.25.6-custom

*2.6.25.6-custom reference ao directorio criado em /lib/modules/

Powered by:

http://www.vivaolinux.com.br/dica/Compilando-o-kernel-2.6.35-no-Linux-Mint-Debian-Edition

http://www.lichti.eti.br/compilando-o-kernel-no-ubuntu-parte-1/

Security on Ubuntu 1/2

What are some security best practices?

I would suggest these at the very least (there are some measures you can take to go beyond this, but this is a good start):

Don’t change any default settings with regard to networking unless you know what you’re doing. If you decide to allow remote logins, for example, expect that people (people with malicious intent) will try to log in remotely and take control of your computer. Use strong passwords for all users. Strong passwords tend to be longer than six characters and a mix of numbers, letters (both upper- and lower-case), and symbols. Strong passwords do not contain birthdates, addresses, or words in the dictionary. Don’t install software from untrusted sources. Don’t just download any .deb you come across through an internet search, unless you know it can be trusted. Generally, it’s a good idea to stick to software you can install through Ubuntu’s online repositories. If you want to know how to install software, read this guide. It used to be the case just a couple of years ago that a malicious .deb was unheard of. They still are not common, but they definitely exist. So install software only from trusted sources. Use your common sense. Ask other Ubuntu users if you have any questions about the reputation of a source. Wait for multiple confirmations. Use the NoScript extension in Firefox. Of course, if you don’t have Firefox, you may be able to achieve a similar functionality in your preferred browser, but the general idea is the same—a way to block JavaScript, Java, and Flash on all websites except those you explicitly approve. Most of Firefox’s exploits are JavaScript-based. They tend to get patched pretty quickly, but why wait even the one day to a week it takes for a patch to come out? Back up regularly. This goes for your important personal files and your system files (you can make an image of your entire installation if you want). Don’t be dumb. That’s right. You can have your firewall all set up and encryption, etc., but if you’re dumb, the battle is lost. A lot of security breaches come through social engineering. Don’t give your password away. Don’t click on links in emails. Don’t open attachments from people you don’t know. Don’t be dumb.

So, do I need a firewall, anti-virus, anti-spyware tools?

By default, Ubuntu ships with no open ports on public interfaces. In other words, a “port scan” would show all closed ports, nothing open. As a result, putting up a firewall would provide no more security than not putting one up. Remember that open ports provide services that hackers can connect to, and only if they can connect to these services can they be potentially abused and exploited.

A firewall, however, adds the benefit of peace-of-mind from accidentally installing a server program that opens up a port by default. Also, it satisfies curiousity by logging potential “hits.” Linux comes with a very strong, secure, and powerful firewall called iptables, but it is relatively difficult to use from a new user’s standpoint. As a result, there are many graphical tools that give you a simple user interface for configuring iptables, such as Firestarter for GNOME or Guarddog for KDE. There are many more in the repository, too. Remember—these all use iptables in the background, so find your favorite interface—they all offer the same great protection. [These last two paragraphs contributed by jdong from the Ubuntu Forums. Thanks, jdong!]

Conventional wisdom in the Linux community says that there are either no or very few Linux viruses out in “the wild,” and that most are just proof-of-concept theoretical viruses. Some people recommend installing a virus scanner like ClamAV in order to protect your Windows-using friends from Windows viruses you might accidentally send them. I don’t really see how that’s an issue, though. If you have an attachment you created in Linux, why would it have a Windows virus in it? If your computer has been compromised in such a way that you don’t have control over what you send other people, then you have a lot more to worry about than spreading viruses to your Windows-using friends!

I’ve never heard of any self-propagating viruses in Linux… ever. Still, if you’re super-paranoid, stick to software in the repositories. And if you don’t trust even the software in the repositories, why are you installing Ubuntu at all? The operating system and the software are packaged by the same people.

Some real dangers out there are rootkits and cracking. It doesn’t happen often that a Ubuntu user gets a rootkit installed or has her computer cracked, but both have happened, and I’ve seen threads about them in the Ubuntu Forums. There are rootkit detectors in the repositories—rkhunter and chkrootkit, for example. I’m not sure what to do about cracking except some of the advice I gave before—stick with the default network settings unless you know what you’re doing, and use strong passwords.

Is Ubuntu’s security model stronger than Windows’?

Right now, as of Windows XP (and in Windows Vista and 7, though it has UAC, which is a little better, though many Windows users disable the UAC prompts), Windows defaults to the first user being the computer administrator, so the user is able to accidentally (or, God forbid, through accidental approval/installation of a malicious program) modify systemwide settings.

Windows XP allows you to make it more secure by creating limited user accounts and using the Run As… option to run only particular tasks or programs as administrator (similar to the su feature in most Linux distributions). Run As… is crippled in its implementation, though. If you use Run As… to install Windows Updates, the updates do not install properly. Also, you have to find the particular launcher files (extension of *.cpl) for Control Panel applications in order to use the Run As… option on them. The way to run Explorer (the file browser) as administrator from within a limited user account is extremely complicated.

Unfortunately, in addition to Run As… being crippled, many third-party (not Microsoft) software companies design their applications to be run as administrator (since that is the Windows default, which is Microsoft’s fault). Here is the Hall of Shame for programs that need to be run as administrator in Windows in order to function properly.

This has improved greatly in Windows 7. Even though it is not the default setup in Windows, you can use a limited user account as your main account, and you will automatically be prompted for an administrator account password authentication if you try to install software or do any other action that requires modifying system folders.

Contrary to what some Linux advocates keep repeating, it is not that difficult to secure Windows. I’ve outlined here the steps to do that.

Ubuntu’s default user operates as a limited user most of the time but has the ability (since she belongs to the admin group) to temporarily assume administrator (also known as root) privileges for particular tasks, and this setup is not only the default setup, but it is also fully functional.

So running as a limited user takes care of everything?

Not exactly. This is a common argument made by Linux users, that if you run as administrator, your whole system can be borked, but if you run as a limited user, only your personal files can be damaged.

While that’s somewhat true, personal files are usually more important to a user than system files. After all, I can reinstall Ubuntu in half an hour and have it running again the way I want it to within two hours. If I lost all my personal files, it would take me months to recreate a lot of them, and some I would not be able to recreate at all.

This is why it’s really important to back up whatever files are important to you.

Isn’t using sudo essentially the same as running as root?

This is a common misconception about sudo among Linux-using non-Ubuntu users. When you run as root, anything you do has system-wide privileges. You can do anything. You have free reign over your entire system. This would be akin to walking around with everything you own, including all your money in cash on your person.

When you run as an admin in Ubuntu, you’re almost always a limited user. If you preface a terminal command with the word sudo or preface a graphical command with gksudo or kdesu, you allow yourself (and only with password authentication) to temporarily assume root privileges for that one task. This would be like having your belongings in a safe with a combination lock or keeping all your money in a bank, where you can access your account through an ATM card and PIN code.

There is a fifteen-minute “timeout” for sudo. If you launch one command with sudo, you’ll be prompted for a password, and within the same shell, you won’t be prompted again for other sudo commands for the next fifteen minutes. If you want, you can change the sudo timeout to something lower so that you’ll always be prompted for a password on every sudo command.

So anybody can assume root privileges with a password?

No. Only users in the admin group. The first user created during the Ubuntu installation will belong to the admin group. Any other users would have to be added to that group manually by the first user or another user in the admin group.

This whole sudo business makes no sense and isn’t user-friendly

You’re entitled to your opinion, of course, but many people consider Mac OS X to be one of the most user-friendly operating systems around, and it uses sudo.

Where can I read more about sudo?

http://help.ubuntu.com/community/RootSudo

Recovery mode makes me root user. Isn’t that a security risk?

Well, if you have several people using your computer, you can put small obstacles in their way by setting a root password, setting a Grub password, or setting a BIOS password. Still, anyone who has physical access to your computer and a little know-how practically has root access anyway. She can boot a live CD and mount your partition or even just physically remove the hard drive from your computer and put it in another computer. There’s a certain amount of trust you automatically give anyone by allowing her to sit at your computer.

Is there any way to be 100% sure my computer will never be cracked into?

If you follow the instructions at the top of this page, you probably will not have your computer cracked. When you’re connected to the internet, though, you are always vulnerable to security breaches of some kind. The only thing you can do is try to reduce your vulnerability. And I’ve read from a few security experts on the Ubuntu Forums that if someone is really determined to crack into your computer and capable, she pretty much will eventually—it’s just a matter of time. The more obstacles you can put in the way of that happening, the more time it will take. Of course, disallowing remote logins is a big help.

What’s the most important part of OS security?

The user. It’s always the user. I’d rather have a smart user running as administrator on a Windows computer with no firewall, no anti-virus, and no anti-spyware than a dumb user running as limited user on a Ubuntu computer with a firewall, anti-virus, and a rootkit detector. Dumb users click on anything, somehow manage to install untrustworthy software even without administrative privileges, and use easy-to-guess passwords.

As an illustration, take a look at this excerpt from the Seinfeld episode “The Robbery,” in which Jerry buys a secure “operating system,” and Kramer plays the “dumb user.”

ELAINE: [from the bathroom] JERRY! [enters the living-room] Jerry, oh, hi, welcome back. How were the shows?

JERRY: Great, I had fun, where’s the TV, where’s the VCR. [Elaine looks guilty] What?

ELAINE: They were stolen.

JERRY: Stolen? When?

ELAINE: A couple a hours ago, the police are coming right over.

JERRY: Stolen?

ELAINE: [Kramer enters the apartment] Someone left the door open. [it’s clear that she means Kramer; she walks to the bathroom]

JERRY: [to Kramer] You left the door open?!

KRAMER: Uh, Jer, well ya know, I was cookin’ and I, I uh, I came in to get this spatula…and I left the door open, ’cause I was gonna bring the spatula right back!

JERRY: Wait, you left the lock open or the door open?

KRAMER: [bobs his head guiltily] The door.

JERRY: The door? You left the door open?

KRAMER: Yeah, well, I was gonna bring the spatula right back.

JERRY: Yeah, and?

KRAMER: Well, I got caught up… watching a soap opera…[with a broken voice] The Bold and the Beautiful

JERRY: So the door was wide open?

KRAMER: Wide open!

JERRY: [Elaine enters the living-room] And where were you?

ELAINE: I was at Bloomingdale’s…waiting for the shower to heat up.

KRAMER: Look, Jerry, I’m sorry, I’m uh, you have insurance, right buddy?

JERRY: No.

KRAMER: [looks shocked] How can you not have insurance?

JERRY: Because…I spent my money on the Clapgo D. 29, it’s the most impenetrable lock on the market today…it has only one design flaw: the door…[shuts the door] must be CLOSED.

Article from psychocats.ne

Lazy Linux: 10 essential tricks for admins

Summary:  Learn these 10 tricks and you’ll be the most powerful Linux® systems administrator in the universe…well, maybe not the universe, but you will need these tips to play in the big leagues. Learn about SSH tunnels, VNC, password recovery, console spying, and more. Examples accompany each trick, so you can duplicate them on your own systems.

Powered by IBM http://www.ibm.com/developerworks/linux/library/l-10sysadtips/

Installing Debian distributions from USB sticks – problems and solutions

If you tried to install any distribution which uses Debian-Installer (Debian, Ubuntu and derivatives) using my method for booting multiple CDs from a USB stick (with ext2 partitions) (see also the version with FAT16 partitions, you most likely encountered the error “No common CD-ROM drive was detected.” immediatly after the “Detecting hardware to find CD-ROM drives” screen.

This is, of course, caused by the fact that Debian-Installer looks for CD-ROM drives and tries to mount them using the iso9660 filesystem (the ISO files format). Since we are running from a USB stick, our partitions are formated as ext2 or FAT16, so they will be ignored by Debian-Installer.

There is a quick fix though – Debian-Installer will happily use the files from the /cdrom directory if it is already mounted by the time it tries to check for CD-ROMs! You should follow these steps:

Step 1: Boot the USB stick, select the distribution that you want to install.

Step 2: When the installer asks for the language selection, don’t choose anything and press ALT-F2, then Enter to activate the console.

Step 3: Create /cdrom and mount the USB stick partition to it (/dev/sdc2 and 5 are my partitions, make sure you have the right ones, for example by looking at the log messages in console 4 – press ALT-F4 – or checking what sd* devices were created in /dev):

# ls /dev/sd*
# mkdir /cdrom
# mount -t vfat /dev/sdc2 /cdrom
or
# mount -t ext2 /dev/sdc5 /cdrom

If you get an error message saying “Invalid argument”, the most likely cause is that you run from a ext2 partition but the initrd doesn’t support ext2 filesystems. This is the genius work of Debian developers, and I will provide a fix for it in another blog post.

Step 4: Press ALT-F1 to go back to the installer dialogues and continue installing.

Additional step: If at some point, you get an error from the installer with the message “Failed to determine the codename for the release”, it usually means the installer is trying to access a symlink that is no longer there (most likely cause: you used a FAT16 filesystem, which does not support symlinks).

The solution is simple: take a look at the error messages in console 4 (press ALT-F4) and you will most likely see the installer tried to look for the release name “stable”. Get back to console 2 (press ALT-F2 and Enter to activate it), see what’s in /cdrom/dists and “fix” it:

# cd /cdrom/dists
# ls
lenny
# mv lenny stable

You can now return to the installer (press ALT-F1) and select Retry. The installation should continue correctly.

Credits