The most effective iftop command is as follows:

sudo iftop -P -f "not ether host ff:ff:ff:ff:ff:ff"

The above command filters out broadcast traffic, which can be quite extensive on some networks.

Use Shift p to pause the screen.

Error:

No suitable module for running kernel found When proceeding with starting virtualbox, I get this error: WARNING: The character device /dev/vboxdrv does not exist. Please install the virtualbox-ose-dkms package and the appropriate headers, most likely linux-headers-generic.

You will not be able to start VMs until this problem is fixed.

Solution:

Install build-essentials.

apt-get install build-essentials

and install linux-kernel-headers

apt-get install linux-kernel-headers

or

apt-get install linux-kernel-*

Install dkms

apt-get install dkms

Ubuntu 12.04 Kiosk

Core Software
Ubuntu 12.04 LTS Server
chromium-browser
xorg (X window system)
nodm (minimal display manager)

1. Install Ubuntu server
2. apt-get update && sudo apt-get upgrade
3. apt-get mc nano man man-db lynx openssh-server gpm

(Optional) If using wireless
4. apt-get install wireless-tools wpasupplicant

If you are connecting to an open network, you wont need wpasupplicant

(Optional) If using Intel wireless
4a. Add the following to the apt sources.list: http://ftp.us.debian.org/debian squeeze main contrib non-free
4b. apt-get firmware-iwlwifi

5. ifconfig wlan0 up – Brings up wireless interface

Check to see if Wifi is working

6. iwconfig
7. iwlist scan

If nothing shows up then their is a wireless driver issue

8. wpa_passphrase YOURSSID YOURWIFIPASSWORD – get your WiFi key.

It should look as follows:

network={
ssid=”YOURSSID”
#psk=”YOURWIFIPASSWORD”
psk=fe727aa8b64ac9b3f54c72432da14faed933ea511ecab1 5bbc6c52e7522f709a
}

We will use psk= (NOT #psk=) since the WiFi password in hex format.

9. nano /etc/network/interfaces – At the end of this file, you need to add your WiFi configuration. Here are the options you can add.

auto wlan0 #change this to the name of your WiFi interface
iface wlan0 inet dhcp #this is normally fine, if you want a static IP address replace “dhcp” with “static”
netmask 255.255.255.0 #change this as appropriate for your network, this value is usually right
gateway 192.168.1.1 #change this as appropriate for your network
address 192.168.1.100 #only needed for a static IP address
dns-nameservers 192.168.1.1 #only needed for a static IP address
wpa-driver wext #you shouldn’t need to change this
wpa-ssid YOURSSID #just type the name of your SSID here
wpa-ap-scan 1 #if the name of your SSID is hidden usually, type 2 instead of 1
wpa-proto WPA #if you use WPA1 type WPA, if you use WPA2 type RSN
wpa-pairwise CCMP #if you use AES type CCMP, if you use TKIP type TKIP
wpa-group CCMP #if you use AES type CCMP, if you use TKIP type TKIP
wpa-key-mgmt WPA-PSK #usually WPA-PSK (if you share a key) but sometimes WPA-EAP (for enterprises)
wpa-psk YOURHEXKEYFROMABOVE #the hex key that you generated earlier

Thus, since I am using a WiFi card that is identified as wlan0 and am connecting to a WPA1 AES encrypted network called MYPLACE that isn’t hidden without a static IP address, this is what I added:

auto wlan0
iface wlan0 inet dhcp
netmask 255.255.255.0
gateway 192.168.1.1
wpa-driver wext
wpa-ssid MYPLACE
wpa-ap-scan 1
wpa-proto WPA
wpa-pairwise CCMP
wpa-group CCMP
wpa-key-mgmt WPA-PSK
wpa-psk 71c81a855973ae7bb1243141e5caa7b6bb0e2d7bbtcetcetc

Finally, comment out the top section so it looks like this:

#auto eth0
#iface eth0 inet dhcp

This stops your wired network from working. This helps to ensure there are no conflicts. Remember, if you want your wired network to work again, remove these two comments (the #).

10. Reboot and it should work

If it does not work, edit the configuration file for the wpasupplicant program. Do this by issuing:

10b. nano /etc/wpa_supplicant.conf

Basically, you add pretty much the same information here as you did to the interfaces file, except without the wpa- part. So, my file looks like this:

ap_scan=1
ctrl_interface=/var/run/wpa_supplicant
network={
ssid=”MYPLACE”
scan_ssid=0
psk=71c81a855973ae7bb1243141e5caa7b6bb0e2d7bbtcetcetc
key_mgmt=WPA-PSK
proto=WPA
pairwise=CCMP
group=CCMP
}

Edit this file as necessary, make sure you add the ctrl_interface and network={ at the beginning and the } part at the end.

(Optional) Printing – Configure Cups
11. apt-get install cups
12. sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original
13. sudo chmod a-w /etc/cups/cupsd.conf.original
14. sudo usermod -aG lpadmin username
15. lynx into http://localhost:631 and setup the attached printer
16. lpstat -s show printer status
17. lpoptions -d printername sets up default printer
18. echo “This is a test” > testfile.txt – Create a test file to test printing
19. lp testfile.txt – runs test print job

Main Kiosk Setup
20. apt-get install xorg nodm chromium-browser
21. adduser -m kiosk
22. (Optional – Add user to groups) adduser -G groupname kiosk

23. Login as kiosk.
24. touch ” ~/.xsession
25. nano ~/.xsession – add the two following lines
#!/usr/bin/env bash
chromium-browser –start-maximized
26. Type startx – nodm will start with Chromium. If your screen is half size drag it to fill the screen
27. Open the wrench menu, select Settings or go to chrome://chrome/settings
28. Under “Appearance” – remove all check marks
29. Configure all of the browser setting you prefer users to not have
30. If you have a set start page enter it now.
31. Press Ctrl+H and clear your browser history
32. Once finish Press Ctrl+Alt+F1 and then Ctrl+C to return to the console
33. Edit ~/.xsession to look as follows:
#!/usr/bin/env bash
while true; do
sed -i ‘s/”exited_cleanly”: false/”exited_cleanly”: true/’ ~/.config/chromium/Default/Preferences
sed -i ‘s/”exited_type”: “Crashed”/”exited_type”: “normal”/’ ~/.config/chromium/Default/Preferences
xmodmap -e “keycode 67 = 0x0000” #disables F1
xmodmap -e “remove Control = Control_L” #disables control left
xmodmap -e “remove Control = Control_R” #disables control right
xsetroot -cursor_name left_ptr #Replaces the X cursor with the standard left pointer
chromium-browser –start-maximized –kiosk http://<your_app_url>/;
# chromium-browser –start-maximized #This is used for testing
sleep 5s; #Restarts chrome is it crashes after 5 seconds
done
34. Change the default maximized settings in chromium from false to true
Go to /home/kiosk/.config/chromium/Default/Preference
“browser”; {
go down to “window_placement”: {
…
“maximized”: true,

Force the Browser to expand across the screen:
“browser”: {
“check_default_browser”: false,
“clear_lso_data_enabled”: true,
“custom_chrome_frame”: true,
“pepper_flash_settings_enabled”: false,
“window_placement”: {
“bottom”: 767,
“left”: 0,
“maximized”: false,
“right”: 1366,
“top”: 0,
“work_area_bottom”: 768,
“work_area_left”: 0,
“work_area_right”: 1366,
“work_area_top”: 0
},

34b. Also in “Preferences” near the bottom of the file (inside the Profile section) this line:
“exit_type”: “normal”,
“exited_cleanly”: true,
(Optional if wanting to view PDFs)
35. apt-get install evince mozplugger
36.Make evince work with Chromium
In /etc/mozpluggerrc.d edit the 40-global_defs.conf and add the following:

### Evince
define(EVINCE, [repeat swallow(evince) fill needs_xembed: evince “$file”])

Now in /etc/mozpluggerrc.d/62-documents.conf , the GV() & ACROREAD() (not necessary though) needs to be replaced with EVINCE() as

application/pdf:pdf:PDF file
application/x-pdf:pdf:PDF file
text/pdf:pdf:PDF file
text/x-pdf:pdf:PDF file

EVINCE() << previously ACROREAD()

repeat noisy swallow(Xpdf) fill needs_xembed: xpdf -g +9000+9000 “$file”
repeat noisy swallow(okular) fill needs_xembed: okular “$file”
repeat noisy swallow(epdfview) fill needs_xembed: epdfview “$file”

EVINCE() << previously GV()

repeat noisy swallow(evince) fill needs_xembed: evince “$file”

37. nano /etc/default/nodm (Change NODM_ENABLED and NODM_USER)
It should look as follows:

NODM_ENABLED=true
NODM_USER=<kiosk_user>
NODM_FIRST_VT=7
NODM_XSESSION=/etc/X11/Xsession
NODM_X_OPTIONS=’-nolisten tcp’
NODM_MIN_SESSION_TIME=60

38. chmod a-w -R ~/.config/chromium/Default/* – Keeps chromium’s settings from being changed.

39. Prevent CTRL+ALT+F1
nano /etc/X11/xorg.conf
Enter the following:

Section “ServerFlags”
Option “DontVTSwitch” “on”
EndSection

(Optional – Password protecting Grub)
Examine the grub configuration files
40. cd /etc/grub.d
41. ls -l
Informational
00_header:
Password Protection.
05_debian_theme:
Set background and text colors, themes
10_linux:
Locates Linux kernels based on results of the “lsb_release” command.
20_memtest86+:
If the file /boot/memtest86+.bin exists, it is included as a menu item.
30_os-prober:
Searches for Linux and OS’s on other partitions and includes them in the menu.
40_custom:
A template for adding custom menu entries which will be inserted into grub.cfg upon execution of the “update-grub” command. This and any other custom file must be made executable to allow importation into grub.cfg.

42. cp 00_header 00_header.bak – make sure you backup this file!

Create Grub Password
43. grub-mkpasswd-pbkdf2
Enter a password
At the command prompt type the word echo<space> then Highlight the password
Right Click after the space and gdm will Copy
Add a “>> 00_header” to send the password into the bottom of the 00_header file

44. vi 00_header
Above the copied password put 2 lines between EOF and the password
Password Protect the Grub File
Instructions (Type the following)
cat << EOF
set superusers=”someonesname”
password_pbkdf2 someonesname GRUB_PASSWORD_GOES_HERE
EOF
Press the <Esc> button
Type “:wq!”

Next: Edit your /etc/grub.d/10_linux file and down around line 29, it has this:
vi 10_linux
Code: CLASS=”–class gnu-linux –class gnu –class os”
Change it to this:
Code: CLASS=”–class gnu-linux –class gnu –class os –unrestricted”
Press the <Esc> button
Type “:wq!”
45. update-grub

Testing the Password Protected Grub Menu

Reboot the machine
Instructions
reboot

Boot to Grub 2 Menu
Instructions
Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Shift> key.

The Grub 2 Menu
Instructions
Make sure the first link is highlighted (See Below).
Press “e” to edit

Enter Username and Password
Instructions
Enter username:
Enter password:

Welcome to the Grub Menu
Notes
Now you have successfully password protected the Grub Menu.
Instructions
Press <Ctrl> and “x” to boot.

___________________________________________________________________________
Additional if you prefer to use Chrome

https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add –
nano /etc/apt/sources.list.d/google.list
Then copy and paste the line below into the file and save.
deb http://dl.google.com/linux/chrome/deb/ stable main
apt-get update
apt-get install google-chrome-stable

cd /opt/google/chrome/
ln -s $plugin /usr/lib/chromium-browser/;

To break into the OS.

Boot
Hold Shift for Grub
Select recovery
Use the root password to enter recovery

1) nano /etc/default/nodm
change NODM_ENABLED to false

2) nano /etc/X11/xorg.conf
comment out all lines with #

If you need to break the kiosk user
3) nano /home/kiosk/.xsession
Using # comment all needed fields especially,
“chromium-browser –start-maximized –kiosk http://<your_app_url>/”

By: nexxy, prupert, myself, and various other resources

Open terminal and check your current kernel:

uname -r

DO NOT REMOVE THIS KERNEL!

Next, type the command below to view / list all installed kernels on your system.

dpkg –list | grep linux-image

Find all the kernels that lower than your current kernel. When you know which kernel to remove, continue below to remove it. Run the commands below to remove the kernel you selected.

sudo apt-get purge linux-image-x.x.x.x-generic

Finally, run the commands below to update grub2

sudo update-grub2

Reboot your system.

By: penreturn

Additional Useful Information:

Removing Entries from Grub 2 Entries should be removed by editing or removing files in the /etc/grub.d folder. The /boot/grub/grub.cfg file is read-only and should not normally require editing.

Too Many Kernels?

If you are not sure of the kernel you are currently using, in a terminal type uname -r.

Kernels removed via APT (Synaptic, “apt-get remove”, etc.) will automatically update grub.cfg and no user action is required.

A great tool for removing kernels (and menu entries) is Ubuntu-Tweak, a safe and easy-to-use GUI app.

Install ubuntu tweak

Ubuntu-Tweak will be available under Applications > System Tools.

Remove Older Kernel Entries

Select “Package Cleaner” on the left and “Clean Kernel” from the right panel.

Press the “Unlock” button at the lower right, enter your password.

Select from the displayed list the kernel images and headers you wish to remove. The kernel in use is not listed.

Press the “Cleanup” button at the lower right to remove the selected kernel images and headers.

Remove Operating Systems from the Grub menu

Other Operating Systems which have been removed from the computer will also be removed from the menu once “update-grub” is run as root.

Menu items are placed on the Grub2 menu by scripts. If you don’t want other Operating Systems to be entered in the menu, disable /etc/grub.d/30_osprober

Run this command to stop the script from running
sudo chmod -x /etc/grub.d/30_os-prober

DISABLE_30_OS-PROBER=’true’ in /etc/default/grub

Remove Memtest86+ from the Grub Menu
sudo chmod -x /etc/grub.d/20_memtest86+

Run the update-grub command to allow the changes to be incorporated in grub.cfg

By: karthick87

1. Download shc and install it

Download shc and install it as shown below.

# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make

Verify that shc is installed properly.

$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

2. Create a Sample Shell Script

Create a sample bash shell script that you like to encrypt using shc for testing purpose.

For testing purpose, let us create the following random.sh shell script which generates random numbers. You have to specify how many random numbers you like to generate.

$ vi random.sh
#!/bin/bash

echo -n “How many random numbers do you want to generate? ”
read max

for (( start = 1; start <= $max; start++ ))
do
echo -e $RANDOM
done

$ ./random.sh
How many random numbers do you want to generate? 3
24682
1678
491

3. Encrypt the Shell Script Using shc

Encrypt the random.sh shell scripting using shc as shown below.

$ ./shc -f random.sh

This will create the following two files:

$ ls -l random.sh*
-rwxrw-r–. 1 ramesh ramesh 149 Mar 27 01:09 random.sh
-rwx-wx–x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
-rw-rw-r–. 1 ramesh ramesh 10174 Mar 27 01:12 random.sh.x.c

random.sh is the original unencrypted shell script
random.sh.x is the encrypted shell script in binary format
random.sh.x.c is the C source code of the random.sh file. This C source code is compiled to create the above encrypted random.sh.x file. The whole logic behind the shc is to convert the random.sh shell script to random.sh.x.c C program (and of course compile that to generate the random.sh.x executable)

$ file random.sh
random.sh: Bourne-Again shell script text executable

$ file random.sh.x
random.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

$ file random.sh.x.c
random.sh.x.c: ASCII C program text

4. Execute the Encrypted Shell Script

Now, let us execute the encrypted shell script to make sure it works as expected.

$ ./random.sh.x
How many random numbers do you want to generate? 3
7489
10494
29627

Please note that the binary itself is still dependent on the shell (the first line provided in the random.sh. i.e /bin/bash) to be available to execute the script.
5. Specifying Expiration Date for Your Shell Script

Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they’ll get an error message.

Let us say that you don’t want anybody to execute the random.sh.x after 31-Dec-2011 (I used last year date for testing purpose).

Create a new encrypted shell script using “shc -e” option to specify expiration date. The expiration date is specified in the dd/mm/yyyy format.

$ ./shc -e 31/12/2011 -f random.sh

In this example, if someone tries to execute the random.sh.x, after 31-Dec-2011, they’ll get a default expiration message as shown below.

$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider

If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).

$ ./shc -e 31/12/2011 -m “Contact [email protected] for new version of this script” -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact [email protected] for new version of this script

6. Create Redistributable Encrypted Shell Scripts

Apart from -e, and -m (for expiration), you can also use the following options:

-r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
-T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
-v is for verbose

Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.

$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec ‘%s’ “$@”
shc [-l]=
shc opts=
shc: cc random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x
How many random numbers do you want to generate? 3
28954
1410
15234

By R Natarajan