Author Archives: funkym0nk3y

How to compile Truecrypt from source

A few days ago my new USB hard drive arrived. My idea was to connect the hard drive to my Raspberry Pi so that everyone in the network can read the data on that drive. But all the data stored on that drive should be encrypted. The problem was that I also wanted to use the hard drive to copy files from a computer of a friend. Not everyone uses Linux, so I could not encrypt the hard drive with LUKS.
But I had an idea to encrypt the hard drive with Truecrypt, which is available for Windows, Mac OS X and Linux. I created a little partition (about 100MB) which is not encrypted and download the Truecrypt installer for each OS to that partition. The advantage is that you don’t need an internet connection to download the installer. The rest of the hard drive is encrypted with Truecrypt.

The main problem was the installation of Truecrypt on my Pi because there is no ARM binary. I’ve no X-Server on my Pi so I had to install Truecrypt as console-only version. Here are the steps I’ve done to install Truecrypt on my Pi.
Read the rest of this entry

Advertisements

How to enable SWAP without restart

I use Conky to monitor my computer status, e.g. current cpu, memory and swap usage network connections etc. A few weeks ago I noticed that my SWAP-partition was not enabled. Maybe Conky was wrong, but I took a deeper look at it:

$ cat /proc/meminfo
[...]
SwapTotal:             0 kB
SwapFree:              0 kB
[...]

Read the rest of this entry

How to install Privoxy and combine it with Tor

In this post I’ll show you how you can improve your privacy and anonymity while you are browsing on some websites. For this purpose I’ll use Privoxy and Tor. Privoxy is a non-caching web-proxy with filtering capabilities for enhancing privacy. Tor uses an overlay network of volunteers and relays your traffic through the Tor network to it’s destination. It also encrypts your data, so no Tor node (except the exit node) can read your data.

This is not a high-security setup, but it should improve your privacy and anonymity.

1. Privoxy
2. Tor
3. Combine Privoxy and Tor
4. Appendix
Read the rest of this entry

How to set up a stateful firewall with iptables

My old post to set up a small rules set for iptables is deprecated so I decided to update this post and improve some rules.
This time I tested this iptables setup on my Raspberry Pi. I connected to my Pi via SSH and the first time I tested the rules order I locked myself out and I had to connect the monitor and keyboard to fix this. The rule order in this post worked for me to set everything up via SSH.

I also tried this setup on a virtual machine and made a screencast of it. You can find the video at the end of this post.

1. Kernel modules
2. Important Rules
3. Chain Policies
4. Port Rules
5. Logging
6. Saving Rules
7. Appendix (Script and video)
Read the rest of this entry

How to install a CalDav and CardDav server using Radicale

During my time at the university I had lots of meetings, events and I couldn’t remember all these events, so I had to write them down. But we’re living in a digital world, so I wanted to keep all my appointments digitally. I tried Thunderbird Lightning and it is a great Add On. But I also wanted to synchronize all these events with my smartphone without using an external cloud, e.g. Google Calendar.

I wanted a small program with minimal dependencies to act as a server which is able to run on a Raspberry Pi. It doesn’t have to provide a web interface, because I can use Thunderbird or my smartphone to add, change or delete events. I found Radicale which is written in Python and has no dependencies. It supports the CalDav and CardDav protocol. That’s all I wanted so I gave it a try. My first impression was very good and it works great. Here are all steps I did to set up my own CalDav server with Radicale.

1. Installation of Radicale
2. Adding bcrypt support to Radicale (optional step)
3. Configure Radicale
4. Configure Thunderbird Lightning
5. Configure Android Calendar
Read the rest of this entry

Vim Cheat Sheet

Linux is a great OS and ships with a lot of text editors. But in my opinion one of them is special, VIM. If you use VIM for the first time, it’ll be very annoying because there are so much keys and little tricks you have to know. I use VIM for about one and a half year and I still have to search for some keys and little tricks. So I decided to make a little cheat sheet. I will update this cheat sheet from time to time.
Read the rest of this entry

How to make diffs of SVN and Git files with vimdiff

Version control systems like Git or SVN have lots of advantages. One can easily fork a project or create a new branch to test new code. I use Git for all my programs, reports and for my thesis. But sometimes it is necessary to see the difference of two versions of a file. One can use git diff or svn diff but in my opinion the output of these tools are not very nice and it is not easy to see the difference of the files.
In this post I will show you how you can display the difference of two versions of a (SVN or Git) file. The tool I’ll use for this purpose is vimdiff. It’s also possible to use gvimdiff for graphical vim, just replace vimdiff with gvimdiff.
Read the rest of this entry

How to create your own PKI with openssl

Today certificates are widely used to verify, authenticate a client/user or server, to encrypt or sign emails or to sign other types of objects (e.g. source code). You are using a certificate at the moment, due to the secure http (https) connection.
In this post I will show you how to create your own Root Certificate Authority (CA).

1. Create a self signed root certificate
2. Create a sub ca certificate
3. Create a server certificate
4. Create a user certificate
5. Generate a certificate revocation list
6. Revoke a certificate
7. Export a certificate to PKCS#12 format
8. Bash script to manage your own CA

I recommend to configure your openssl.cnf (located at /etc/ssl/openssl.cnf). This is the most annoying part, but it simplifies the next steps. You can find an example of an openssl.cnf I’ll use at the end of this post. Be careful at the policy_match section, this can be a problem while signing a certificate signing request.
Read the rest of this entry

How to make daily backups with rsync and cronjobs

It’s always a good idea to make backups of important data (documents, images, music, etc.), e.g. the worst case for students is to lose data of written reports or theses.
I wanted to make backups of my documents and source codes every day. The backup should be stored on a usb flash drive. But I also wanted to keep deleted files for a couple of days, in case of accidentally deleted files. There are many ways to complete this task, but I decided to use rsync and cronjobs for this purpose. Both tools make the backup process very flexible. It’s very easy to manage the time of the backup process with cronjobs and rsync makes it easy to change the destination (e.g. another folder, device or remote host).
My idea was to add a cronjob to start a bash script which uses rsync to copy the directories and files to the flash drive. But the device names of flash drives changes, if you plug them in a different order. To avoid this problem, I added a udev rule to create a symbolic link every time the flash drive is plugged.
Read the rest of this entry

How to install Slackware ARM on a Raspberry Pi

A few days ago I got my Raspberry Pi and I had to decide which OS I install. I like Slackware and decided to give Slackware ARM (formerly ArmedSlack) a try. It was surprisingly easy to install it.
The first step was to download the Slackware ARM installer and copy it to the SD card.
Download installer:

$ wget http://www.daves-collective.co.uk/raspi/images/raspi-slack-installer_01Aug12.img.xz

Write the installer to SD card:

$ xz -dc raspi-slack-installer_01Aug12.img.xz | dd of=[device] bs=65536
Read the rest of this entry