How to fix unstable wifi connection after 14.04 upgrade

After upgrade the computer from 13.10 to Ubuntu 14.04, the connection has been really unstable. The connection frequently drops, fails to connect, or is very slow.

You should deactivate the N-mode of the driver.

Open a Terminal “CTRL+ALT+T” and type this command line:

# sudo apt-update 
# echo "options iwlwifi 11n_disable=1" | sudo tee /etc/modprobe.d/iwlwifi.conf 
# sudo modprobe -rfv iwlwifi
# sudo modprobe -v iwlwifi

 

Note:

Additionally you can deactivate the power management of the card:

 # sudo iwconfig wlan0 power off

How to create OOP Smartphone or Tablet with Sencha Touch Framework

 

Sencha Touch is an OOP JavaScript framework that makes it easy to build mobile web applications that look and feel native on iPhone, Android, and BlackBerry touch devices. To find more you can take a look at Sencha Touch website.

 

Required Software

1. Download and unzip Sencha Touch. You can unzip the software to any directory.
2. Sencha Touch requires Chrome or Safari. On a mobile device, you can use Chrome, Safari, or Internet Explorer 10 or 11.
3. Download and install Sencha Cmd. Sencha Touch 2.3.1 and later requires Sencha Cmd 4.0.1, 4.0.2, and later. To check that you have correctly installed Sencha Cmd, type the sencha command, for example:

   # sencha
   Sencha Cmd vn.n.n
   ...
   

4. Java Runtime Environment version 1.7. Sencha Cmd is written in Java and needs the JRE to run. Note: If you are building an Android app using Windows, you must install the Java SDK. You can build an iOS app under Windows with the JRE, but not an Android app.
5. Ruby to create the compiled CSS used by Touch.
   • Windows: Download Ruby from rubyinstaller.org. Download the RubyInstaller .exe file and run it.
   • Mac: Ruby is pre-installed. You can verify its presence with the ruby -v command.
   • Ubuntu: Use sudo apt-get install ruby2.0.0 to download and install Ruby.

Create a Starting Environment

Choose or create a directory where your application will reside, change to that directory, and issue the following command:

$ sencha -sdk /path/to/touch generate app MyApp . 

Where:

1. /path/to/touch is the directory where you unzipped the Touch software.
2. MyApp is the name you give your application.

This generates a starting Sencha Touch application namespaced to the MyApp variable and located in the current directory.

The starting app contains all the files you need to create a Sencha Touch application, including the default index.html file, a copy of the Touch SDK, the CSS file, and images and configuration files for creating native packages for your app.

You can verify if your application has generated successfully by opening it in a web browser. If you extracted the SDK to your webroot folder, navigate to http://localhost/MyApp. If you are using the Sencha Cmd web server, you can access served applications with the http://localhost:1841/ URL.

What We Are Creating

We are creating a simple mobile web app to use for a company’s mobile site. The app includes a home page, a contact form, and a simple list that fetches Sencha’s recent blog posts and allows visitors to read them on a mobile device.

 

 

How to Securing your Linux Server

Securing your environment starts during the ordering process when you are deploying server resources. If you want to deploy a quick server without putting it behind an extra hardware firewall layer or deploying it with an APF (Advanced Policy Firewall).

There are a couple of security hardening tips. I  set my servers to have a solid base level of security when I deploy a Linux system.

 

Limit physical access and booting capabilities

• Enable BIOS password
• Disable floppy and usb booting
• Set a LILO or GRUB password (/etc/lilo.conf or /boot/grub/menu.lst, respectively)
• check that the LILO or GRUB configuration file is read-protected.

 

Disable Root Login

When you need super-user permissions, use sudo instead of su. Sudo is more secure than using su: When a user uses sudo to execute root-level commands, all commands are tracked by default in /var/log/secure. Furthermore, users will have to authenticate themselves to run sudo commands for a short period of time.

Note:
You should Stop Using Root!

 

Partitioning

• Separate user-writable data, non-system data, and rapidly changing run-time data to their own partitions
• Set nosuid,noexec,nodev mount options in /etc/fstab on ext2 partitions such as /tmp

 

Limiting the network access

• Install and configure ssh (suggest PermitRootLogin No in /etc/ssh, PermitEmptyPasswords No; note other suggestions in text also)
• Consider disabling or removing in.telnetd
• Generally, disable gratuitous services in /etc/inetd.conf using update-inetd –disable (or disable inetd altogether, or use a replacement such as xinetd or rlinetd)
• Disable other gratuitous network services; mail, ftp, DNS, www etc should not be running
• if you do not need them and monitor them regularly.
• For those services which you do need, do not just use the most common programs, look for more secure versions shipped with Debian (or from other sources). Whatever you end up running,make sure you understand the risks.
• Set up chroot jails for outside users and daemons.
• Configure firewall and tcpwrappers (i.e. hosts_access); note trick for /etc/hosts.deny in text
• If you run ftp, set up your ftpd server to always run chrooted to the user’s home director
• If you run X, disable xhost authentication and go with ssh instead; better yet, disable remote X if you can (add -nolisten tcp to the X command line and turn off XDMCP in /etc/X11/xdm/xdm-config by setting the requestPort to 0)
• Disable outside access to printers
• Tunnel any IMAP or POP sessions through SSL or ssh; install stunnel if you want to provide this service to remote mail users Set up a loghost and configure other machines to send logs to this host (/etc/syslog.conf)
• Secure BIND, Sendmail, and other complex daemons (run in a chroot jail; run as non-root pseudo-user)
• Install snort or a similar logging tool.
• Do without NIS and RPC if you can (disable portmap).

 

Password hygiene and login security

• Do not choose passwords less than 8 characters “Create complexity with upper and lower-case of letters ,Special character and numbers e.g Qu4DL1nux*I0″
• Enable password shadowing and MD5
• Install and use PAM – Add MD5 support to PAM and make sure that (generally speaking) entries in /etc/pam.d/ files which grant access to the machine have the second field in the pam.d file set to “requisite” or “required”.
• Tweak /etc/pam.d/login so as to only permit local root logins.
• Also mark authorized tty:s in /etc/security/access.conf and generally set up this file to limit root logins as much as possible.
• Add pam_limits.so if you want to set per-user limits
• Tweak /etc/pam.d/passwd: set minimum length of passwords higher (6 characters maybe) and enable md5
• Add group wheel to /etc/group if desired; add pam_wheel.so group=wheel entry to /etc/pam.d/su
  For custom per-user controls, use pam_listfile.so entries where appropriate
• Have an /etc/pam.d/other file and set it up with tight security
• Set up limits in /etc/security/limits.conf (note that /etc/limits is not used if you are using PAM)
• Tighten up /etc/login.defs; also, if you enabled MD5 and/or PAM, make sure you make the corresponding

Note:
Disable root ftp access in /etc/ftpusers
Disable network root login; use su or sudo.

Policy issues

• Educate users about the whys and hows of your policies. When you have prohibited something which is regularly available on other systems, provide documentation which explains how to accomplish similar results using other, more secure means.
• Prohibit use of protocols which use cleartext passwords (telnet, rsh and friends; ftp, imap, http)
• Prohibit programs which use SVGAlib.
• Use disk quotas.

Update Kernel and Software

Ensure your kernel and software patches are up to date. I like to make sure my Linux kernel and software are always up to date because patches are constantly being released with corrected security flaws and exploits. Remember you have access to SoftLayer’s private network for updates and patches, so you don’t have to expose your server to the public network to get updates. Run this with sudo to get updates in RedHat or CentOS: yum update.

How to Install MySQL on Linux

MySQL is a relational database management system (RDBMS), and ships with no GUI tools to administer MySQL databases or manage data contained within the databases.

Users may use the included command line tools  or use MySQL “front-ends”, desktop software and web applications that create and manage MySQL databases, build database structures, back up data, inspect status, and work with data records.

The official set of MySQL front-end tools, MySQL Workbench is actively developed by Oracle, and is freely available for use.

Installation

Open a Terminal “CTRL+ALT+T” and type this command line:

on Debian / Ubuntu

# sudo -i 
# apt-get update
# apt-get install mysql-client-5.1 mysql-server-5.1

Note:
The apt-get command will install a number of packages, including the MySQL server, in order to provide the typical tools and application environment. This can mean that you install a large number of packages in addition to the main MySQL package.

During installation, the initial database will be created, and you will be prompted for the MySQL root password (and confirmation). A configuration file will have been created in /etc/mysql/my.cnf. An init script will have been created in /etc/init.d/mysql.

The server will already be started. You can now start  the MySQL server using this command line:

# service mysql [start|stop]

on Red Hat Linux, Fedora, CentOS

# su
# yum install mysql mysql-server mysql-libs mysql-server

Note:
MySQL and the MySQL server should now be installed. A sample configuration file is installed into /etc/my.cnf . An init script, to start and stop the server, will have been installed into /etc/init.d/mysqld.
To start the MySQL server use service:

# service mysqld start

To enable the server to be started and stopped automatically during boot, use chkconfig:

# chkconfig --levels 235 mysqld on 

Which enables the MySQL server to be started (and stopped) automatically at the specified the run levels.

 

How to install Zend Framework 2 (ZF2) & ZFTool (Command Line Tool) in Linux Ubuntu 14.04

Introduction:

The Zend Framework 2 is a MVC Framework developped by the PHP developpers called Zend.

I am using an Ubuntu 14.04 Desktop with an installed Apache2 web server, php5 (5.3+ required for ZF2).

---

Installation Process:

Download Zend Framework 2

First you will have to download the Zend Framework you desire to install (version >= 2.0.0 for this tutorial)

Visit Zend Archive and download your Zend package. 
Extract it to /usr/share/php/ZendFramework2

Download ZFTool

Afterwards you will need to install ZFTool. It is a command line tool which gives you the ability to create projects, models, viewtemplates and so on.

Download ZFTool from GitHub.
Extract it now to /usr/share/php/ZFTool

Now you need to grab a file called zftool.phar.

Download it directly from Zend packages.
And then extract it to the previously created folder
/usr/share/php/ZFTool/bin/.

For the extraction process you are free to choose between handling it over the terminal or the graphical way.

Notice: You will need permission rights to add content to the /usr/share/php/ folder!

You can use sftp://root@localhost to get access to this folder with root permissions, but use this way carefully!

Now you have installed the ZFTool but it is a pity to write the whole path to the executable file to use this tool.
However, as linux gives us the possibility, we can make use of aliases (for the standard user).

Create Alias

cd /etc/php5/conf.d/
sudo touch zend-framework2.ini
sudo gedit zend-framework2.ini

Now you should be able to edit this recently created file. Add the following content to it:

[Zend]
php.include_path = "/usr/share/php/ZendFramework2/library"

Save and close the file afterwards.

Let’s define the alias now:

sudo gedit ~/.bashrc

Add the following lines to your bashrc if they aren’t already defined or uncomment them
(keep in mind to edit from you standard user!):

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
   . ~/.bash_aliases
fi

Save and close again.
Now we have to create the file we are looking for in the previous bashrc:

sudo touch ~/.bash_aliases
sudo gedit ~/.bash_aliases

We add the following line(s) to the file:

alias zf2='export ZF_CONFIG_FILE=/etc/php5/conf.d/zend-framework2.ini; sudo /usr/share/php/ZFTool/bin/zftool.phar'

Finally save and close it.
Now use following command to reload your bashrc file to make the changes taking effect:

. ~/.bashrc

Now you can try to use ZFtool:

zf2 --version

You should get something like this:

ZFTool - Zend Framework 2 command line Tool
The ZFTool is using Zend Framework 2.2.4

Basic usage

For the basic commands of this tool please check the manual / help.

zf2 --help

---

Debugging

If you get an error, for instance, you wouldn’t have the required permissions,
you could try to give your user the permissions to access the zend directory.

sudo -i
cd /usr/share/php/
chown -R yourUser:yourUser ZFTool/
chmod a+x ZFTool/*
exit

Afterwards try again zf2 --version while logged into the command line with yourUser.

Raspberry Pi makes use of the full size of your screen!

Have you ever struggled of how to use the whole screen / display with your raspberry pi?

Here is the solution to use the full screens size:

sudo nano /boot/config.txt

now use Ctrl + W and type disable_overscan
if you find this line, uncomment it so that it looks like

 disable_overscan=1 

then search for overscan_ top,left,right,bottom and comment these like

#overscan_left=16
#overscan_right=16
#overscan_top=16
#overscan_bottom=16 

Afterwards save your save your changes with Ctr + X and hit enter.

The changes will take effect if you restart your X Server or just to be on the safe side,
quickly reboot your device.

How to reset MySQL root password

If you have lost the MySQL root password, can’t remember or want to break in!

You can reset it with the command line with following five easy steps.

Open a Terminal “CTRL+ALT+T” and type this command line:

Stop the MySQL server process.

# su 
# service mysql stop

Start the MySQL server process with the –skip-grant-tables

# mysqld_safe --skip-grant-tables &

Connect to mysql server using mysql client

# mysql -u root

 

Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit

Restart MySQL Server

# service mysql restart

Login to MySQL server with the new password

# mysql -u root -p

How to protecting linux server against denial of service “DOS” attacks

Denial Of Service “DOS” attack is according to Wikipedia:

In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.[1]

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

But most of the times this kind of attacks are attempted against web servers, and that is the one I’m going to show you how  to protecting linux server against denial of service “DOS” attacks using fail2ban.

What is Fail2ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

Installation

Open a Terminal “CTRL+ALT+T” and type this command line:

Debian / Ubuntu

# sudo -i 
# apt-get install fail2ban

Red Hat / CentOS

# su
# yum install fail2ban

Configuration

Depending on the distribution you are using, now to configure it, consider that there are two main configuration files.

/etc/fail2ban/fail2ban.conf
/etc/fail2ban/jail.conf

Make a ‘local’ copy the jail.conf  or fail2ban.conf file in /etc/fail2ban

cd /etc/fail2ban
cp jail.conf jail.local

Now edit the file:

nano jail.local

Basic configurations are listed under the [DEFAULT] heading in the configuration file for fail2ban.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

 

Protect SSH/SFTP

After the basic settings in conf file, you can find the section for SSH [ssh-iptables]. Update the section and restart the fail2ban service.

Example:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/secure
maxretry = 3

# service fail2ban restart

Protect your FTP server:

Example:

[proftpd-iptables]

enabled  = false
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath  = /var/log/proftpd/proftpd.log
maxretry = 5

# service fail2ban restart

 

How to reset a lost administrative password

Sometimes it is necessary to get root access, for example when you have forgotten your password or changed something in /etc/sudoers and things do not work as expected.

Note: Be careful, because this step will give you full root access to your system and you can really damage your system! Keep in mind that all the steps you see here can also be done by someone else!

Boot in to Recovery Mode:

If you have a single-boot (Ubuntu is the only operating system on your computer), to get the boot menu to show, you have to hold down the Shift key during boot up.

If you have a dual-boot (Ubuntu is installed next to Windows, another Linux operating system, or Mac OS X; and you choose at boot time which operating system to boot into), the boot menu should appear without the need to hold down the Shift key.

Note: The root account is the ultimate administrator and can do anything to the Ubuntu installation (including erase it), so please be careful with what commands you enter in the root terminal.

 

Drop to root shell prompt

You will see the following screen. Now select “root – Drop to root shell prompt” and press “Ok”

In recent versions of Ubuntu, the file system is mounted as read-only, so you need to enter the follow command to get it to remount as read-write, which will allow you to make changes:

mount -o rw,remount /

If you forgot your username enter this command to know:

ls /home

 

Change Password

Now Enter following command to reset your password:

passwd <your username>

Now enter your new password and confirm it. Restart your computer:

exit

 

How to Setup iptables on LInux Debian / Ubuntu

A firewall is a system or router that sits between an external network (i.e. the Internet) and an internal network. This internal network can be a large LAN at a business or your networked home PCs. The firewall in it’s simplest form is like a one-way street. It allows people on the internal network to access the external network (the Intenet), but it restricts traffic so that no one can use the external network to access the systems or files on the internal network.

A firewall has two network connections, one for the external network and one for the internal network. Traffic that is allowed to flow between the two networks is internally “bridged” (using a FORWARD rule) between these two connections. Disallowed traffic is not. This decision-based bridging of traffic between two connections is called “routing” or “IP forwarding”. What this means is that any firewall, by its very nature, is a router (but not all routers block traffic, so not all routers are firewalls).

Login as root

Login as root user either by opening the Terminal or login over the ssh based session. Type the following command:

sudo -i

Install UFW

“This software is used for managing a Linux firewall and aims to provide an easy to use interface for the user”.

Type this command line:

apt-get install ufw

Find status of firewall

Type the following command:

ufw status verbose

Sample outputs:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

Enable firewall

Type the following command to enables firewall on boot:

ufw enable

Sample outputs:

Firewall is active and enabled on system startup

Disable firewall

Type the following command to disables firewall on boot:

ufw disable

Sample outputs:

Firewall stopped and disabled on system startup

 

Restart firewall

Type the following command to restart firewall:

ufw reload

Sample outputs:

Firewall reloaded

Note: that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command:

ufw show raw

 You can also read the rules files in /etc/ufw (the files whose names end with .rules).

Allow and Deny (specific rules)

 Allow

ufw allow <port>/<optional: protocol>

example: To allow incoming tcp and udp packet on port 53

• ufw allow 53

   

example: To allow incoming tcp packets on port 53

• ufw allow 53/tcp

   

example: To allow incoming udp packets on port 53

• ufw allow 53/udp

   

Deny

ufw deny <port>/<optional: protocol>

example: To deny tcp and udp packets on port 53

• ufw deny 53

   

example: To deny incoming tcp packets on port 53

• ufw deny 53/tcp

   

example: To deny incoming udp packets on port 53

• ufw deny 53/udp

   

Delete Existing Rule

To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:

deny 80/tcp

Use this to delete it:

ufw delete deny 80/tcp

Services

You can also allow or deny by service name since ufw reads from /etc/services To see get a list of services:

less /etc/services

Allow by Service Name

ufw allow <service name>

example: to allow ssh by name

• ufw allow ssh

   

Deny by Service Name

ufw deny <service name>

example: to deny ssh by name

ufw deny ssh

Logging

To enable logging use:

ufw logging on

To disable logging use:

ufw logging off

Advanced Syntax

You can also use a fuller syntax, specifying the source and destination addresses, ports and protocols.

Allow Access

This section shows how to allow specific access.

Allow by Specific IP

ufw allow from <ip address>

example:To allow packets from 107.46.232.182:

• ufw allow from 107.46.232.182

   

Allow by Subnet

You may use a net mask :

ufw allow from 192.168.1.0/24

Allow by specific port and IP address

ufw allow from <target> to <destination> port <port number>

example: allow IP address 192.168.0.4 access to port 22 for all protocols

• ufw allow from 192.168.0.4 to any port 22

   

Allow by specific port, IP address and protocol

ufw allow from <target> to <destination> port <port number> proto <protocol name>

example: allow IP address 192.168.0.4 access to port 22 using TCP

• ufw allow from 192.168.0.4 to any port 22 proto tcp

   

Enable PING

Note: Security by obscurity may be of very little actual benefit with modern cracker scripts. By default, UFW allows ping requests. You may find you wish to leave (icmp) ping requests enabled to diagnose networking problems.

In order to disable ping (icmp) requests, you need to edit /etc/ufw/before.rules and remove the following lines:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

or change the “ACCEPT” to “DROP”

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Deny Access

Deny by specific IP

ufw deny from <ip address>

example:To block packets from 107.46.232.182:

• ufw deny from 107.46.232.182

   

Deny by specific port and IP address

ufw deny from <ip address> to <protocol> port <port number>

example: deny ip address 192.168.0.1 access to port 22 for all protocols

• ufw deny from 192.168.0.1 to any port 22

Working with numbered rules

Listing rules with a reference number

You may use status numbered to show the order and id number of rules:

ufw status numbered

Editing numbered rules

Delete numbered rule

You may then delete rules using the number. This will delete the first rule and rules will shift up to fill in the list.

ufw delete 1

Insert numbered rule

ufw insert 1 allow from <ip address>

Advanced Example

Scenario: You want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22 using tcp

ufw deny from 192.168.0.1 to any port 22
ufw deny from 192.168.0.7 to any port 22
ufw allow from 192.168.0.0/24 to any port 22 proto tcp