Showing posts with label dropbox. Show all posts
Showing posts with label dropbox. Show all posts

04 September 2013

509. Very briefly: Send remote commands via the dropbox folder

This is probably fairly obvious to most people.

I've got a reverse ssh tunnel set up so that I can access my work computer from home. However, for the past few days I've had the connection get stuffed up on a regular basis (it doesn't get dropped, but the connection gets refused), and it frustrates me a little bit.

While a proper ssh connection is unbeatable, I would at least be able to copy files back and forth via dropbox if I only had a way of sending commands to my work computer.

And an obvious way of doing that would be to use a cronjob and a tiny bit of bash scripting. So here we go:
While we don't have to (we could just have an empty script file instead) I like the idea of testing for the presence of a specific file in the Dropbox folder, and if it exists, execute it.

Let's call the file that tests for it runremote.sh, and put it in our home folder (~/). I personally suspect that making sure that execution output and error messages get properly logged is a good thing if you're going to fly blind like this, hence the 1> and 2>

runremote.sh
if [ -e ~/Dropbox/runme.sh ]; then sh ~/Dropbox/runme.sh 1>> ~/Dropbox/runme.log 2>> ~/Dropbox/runme.error & fi

Then when you want something executed, put a file called runme.sh in ~/Dropbox:
pwd echo 'Is it working?' cp ~/testfile.text ~/Dropbox date
Note that any command in runme.sh is going to be run in the ~/ folder -- not in ~/Dropbox.

And set the runremote.sh file to be executed e.g. every five minutes through cron:

crontab -e
*/5 * * * * sh ~/runremote.sh

Again, you don't need to have it test for the presence of a file, but I just instinctively like the idea.

Anyway, any command you put in ~/Dropbox/runme.sh should be executed and logged within five minutes from being synced.

You CAN use sudo (echo mypassword| sudo -S ls /root )as well by providing your password in the script file, but this is obviously not terribly safe.

26 April 2013

398. Securing your Dropbox with encfs

Quite some time ago I made a post about how to use truecrypt and dropbox together. It wasn't a very elegant solution as it consisted of putting a truecrypt container in the dropbox folder.

 Apart from being pretty obvious, it suffers from drawbacks, such as the fixed size of the truecrypt container taking up space whether you're using it all or not.

[Note that mounting the dropbox folder inside a truecrypt container isn't a real solution either since it won't actually encrypt anything.]

Playing around with encfs made me realise that THIS is the perfect solution for secure Dropbox.

We'll make the assumption that you don't want to encrypt everything in your dropbox, but only things which is kept in a specific folder.

I'm presuming that you've got dropbox set up and working. If not, get the deb files from https://www.dropbox.com/

If you're having issues, make sure that fuse is installed, and that you belong to the group fuse (too add, do sudo usermod -a -G fuse $USER . To check do cat /etc/group|grep fuse)

Getting started:

sudo apt-get install encfs
mkdir ~/Dropbox/encrypted
encfs ~/Dropbox/encrypted ~/decrypted
The directory "/home/me/decrypted" does not exist. Should it be created? (y,n) Y Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> p Paranoia configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 256 bits Block Size: 1024 bytes, including 8 byte MAC header Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File data IV is chained to filename IV. File holes passed through to ciphertext. -------------------------- WARNING -------------------------- The external initialization-vector chaining option has been enabled. This option disables the use of hard links on the filesystem. Without hard links, some programs may not work. The programs 'mutt' and 'procmail' are known to fail. For more information, please see the encfs mailing list. If you would like to choose another configuration setting, please press CTRL-C now to abort and start over. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password:
Put the files you want to be encrypted in ~/decrypted -- NOT ~/Dropbox/encrypted. Once you're done, unmount ~/decrypted:
sudo umount ~/decrypted


When you want to access your encrypted files or add more files to the encrypted file, just mount ~/Dropbox/encrypted using encfs:
encfs ~/Dropbox/encrypted ~/decrypted/

03 March 2013

354. Some Arch linux post-installation steps/observations

I decided to temporarily switch my laptop over to Arch linux while keeping all my other boxes running debian. Luckily I had an old HDD which had Windows XP and Ubuntu (after a long hiatus from playing with Fedora Core and Mepis I got serious with Hardy Heron) that I could use -- I nuked the ubuntu install but kept the XP install for...some reason.

Still under preparation: Item 20 (chrooted firefox)

Anyway, here are some of the post installation steps I went through and some of my observations. It might help the odd debian person who explores arch. These are in addition to cosmetic things like installing the frippery extensions and faenza icon set for GNOME.

Index
0. Home partition during installation
1. There's no update-grub in Arch
2. Thinkpad
3. Changing Wallpaper in gnome 3.6
4. Get gdm to autostart
5. Get guake and conky to autostart
6. Adding a windows partition to grub2
7. Mounting ntfs partition
8. Skype and wine
9. Dropbox
10. 'apt-file' on Arch
11. Finding foreign (AUR) packages
12. No texmaker
13. systemd and network interface names
14. Virtualbox
15. grub2 theme
16. BankID
17. Truecrypt and "Failed to set up a loop device"
18. Can boot via USB but not SATA --
      "unable to find root device"
19. Problems with Guake and transparency in new tabs


0. Home partition during installation
I've covered installation of arch before (e.g. here, here and here). To have a separate home, partition your disk accordingly, and install as normal. Don't make any user while in archchroot though. Instead, edit the /etc/fstab to include the home partition, and create the user on booting from the new arch install.

UUID=b59b7022-eda1-40b8-b1e0-ada3f172ba90 /home  ext4  defaults, user_xattr  0 0

1. There's no update-grub in Arch
Instead you use
grub-mkconfig -o /boot/grub/grub.cfg

It also means that e.g. any windows installations won't be auto-detected. See below for how to deal with that.

2. Thinkpad
To get the video working you need to install xf86-video-intel
To get the mouse pad working you need to install xf86-input-synaptics
Install lm_sensors and acpi and run sudo sensors-detect to set up temperature and fan speed sensors, and battery status (acpi).
The LEDs seem to work at times with tp_smapi. Not perfect.

Problems:
the mute button doesn't work (mute immediately followed volume down works), nor does mute mic. I've tried a lot of options but so far no luck.

3. Changing Wallpaper in gnome 3.6
The debian devs may think they are simplifying things, but are often making things more difficult to discover. To change wallpaper go to the gnome overview, open Background, and click on the wallpaper in the centre of the window. THAT brings up a list over installed wallpapers etc.

4. Get gdm to autostart
systemctl enable gdm

5. Get guake and conky to autostart
sudo cp /usr/share/applications/guake.desktop /etc/xdg/autostart/

Create /usr/share/applications/conky.desktop:
[Desktop Entry]
Encoding=UTF-8
Name=Conky
Comment=Conky
TryExec=conky
Exec=conky
Icon=conky
Type=Application
Categories=GNOME;GTK;System;Utility
StartupNotify=true
sudo cp /usr/share/applications/conky.desktop /etc/xdg/autostart/

6. Adding a windows partition to grub2
You'll need to edit or create something aking to /etc/grub.d/40_custom
menuentry "Microsoft Windows XP" {
    insmod part_msdos
    insmod ntfs
    insmod search_fs_uuid
    insmod ntldr\
    search --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 B8AC3A4BAC3A0482
ntldr /ntldr
}
7. Mounting ntfs partition
sudo pacman -S ntfs-3g
sudo mkdir -p /media/winxp
sudo chown $USER /media/winxp

Edit /etc/fstab
UUID=B8AC3A4BAC3A0482 /media/winxp ntfs-3g noauto,uid=1000 0 0

8. Skype and wine
You need to edit /etc/pacman.conf and uncomment the multilib repos.
[multilib] SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist

sudo pacman -Syu
sudo pacman -S wine 
sudo pacman -S skype lib32-libpulse

I originally had a qt/qt4 conflict, but updating magically took care of that. Somehow.

NOTE that to get a useable 32 bit wine install you will need to specify this. See e.g. https://wiki.archlinux.org/index.php/Wine#Using_WINEARCH

9. Dropbox
You need to get dropbox and dropbox-nautilus from AUR. Create /etc/xdg/autostart/dropbox.desktop
[Desktop Entry] Encoding=UTF-8 Name=Dropbox daemon TryExec=dropboxd Exec=dropboxd Startupnotify=true

(I first tried systemctl enable dropbox@$USER but it didn't get nautilus running properly with dropbox. The method above works.)
10. 'apt-file' on arch
...is done with pkgfile.

sudo pacman -S pkgfile
pkgfile --update
pkgfile -s libXv.so.1

11. Finding foreign (AUR) packages.
AUR packages won't update themselves so you need to uninstall and rebuild each time. To find your AUR builds, do
pacman -Qm

12. No texmaker
Texmaker is in AUR and builds fine. It's also easy to build on your own, but installing it with pacman makes it easier to keep tabs on it.

13. systemd and network interface names
My network interfaces always end up with weird names in Arch (w5pls etc.). To manually name your interfaces create e.g. 70-persistent-net.rules in /etc/udev/rules.d/
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:27:9e:27:9b:20", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0" SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:23:fb:b3:d2:c8", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"

14.Virtualbox
sudo pacman -S virtualbox virtualbox-host-modules linux-headers
sudo usermod -G vboxusers -a $USER

To load the vboxdrv module manually do
sudo modprobe vboxdrv

To auto-load on boot do
sudo su
echo "vboxdrv">> /etc/modules-load.d/virtualbox.conf
exit 

To sort out dkms:
sudo pacman -S dkms virtualbox-host-dkms
sudo systemctl enable dkms
sudo dkms install vboxhost/4.2.8


15. grub2 theme
The stock grub2 startup screen in arch is a bit bland. To spice it up, install grub2-theme-archlinux from AUR.

Edit /etc/default/grub and add
GRUB_THEME="/boot/grub/themes/Archlinux/theme.txt"
Then do
sudo grub-mkconfig -o /boot/grub/grub.cfg

It looks a lot like the mockup here: http://xcracx.deviantart.com/art/Archlinux-Grub2-mockup-121231574

16. BankID

Install bankid via AUR:
wget https://aur.archlinux.org/packages/ne/nexuspersonal/nexuspersonal.tar.gz
tar xvf nexuspersonal.tar.gz
cd nexuspersonal
makepkg -s
sudo pacman -U nexuspersonal-4.19.1.11663-4-x86_64.pkg.tar.xz
sudo pacman -S nspluginwrapper firefox
sudo nspluginwrapper --install /usr/local/lib/personal/libplugins.so

It should now work under firefox. NOTE that in order to be able to test it using test.bankid.com you must change your useragent (see e.g. http://verahill.blogspot.com.au/2013/02/341-upgradinginstalling-bankid-on-64.html). However, it will work with e.g. skatteverket and sparbanken without changing the user agent.

17. Truecrypt and "Failed to set up a loop device"
The module loop isn't loaded. Either modprobe it, or make it load automatically on boot:
sudo su
echo "loop">> /etc/modules-load.d/loop.conf
exit

18. Arch won't boot -- "unable to find root device"
I could boot from the hdd when it was tethered via USB, but not when it was attached via a sata cable. The error was something along the lines of "unable to find root device".
I solved it by following this post. http://fanweiphysicist.blogspot.com.au/2012/02/unable-to-find-root-device-archlinux.html

19. Guake bug
On my laptop, with the xf86-video-intel drivers install, opening a new tab gives me a black background instead of a transparent one.
Not sure what the proper solution to this is, but when I set up an installation on another hdd and installed the f86-video-nv and ati drivers as well, I no longer had any issues with transparency.
(Long story short: I first installed Arch on a spinning 2.5" drive and used my laptop with it for a week. Satisfied that it worked well enough, I installed Arch to my SSD by tethering it via USB to a desktop with an external nvidia card and onboard ati graphics -- so I installed all three video drivers. Putting the hdd in the laptop, guake behaved as it should with proper transparency for all tabs. Not sure what the original issue was)

20. chrooted firefox -- in progress.
For now I've installed sandfox from AUR.

First of all, read this exchange to get a feel for the scope of chroots: http://kerneltrap.org/mailarchive/linux-kernel/2007/9/19/263398/thread#mid-263398. It's not perfect as a security tool, as it wasn't meant to be one. Having said that, security works in layers and this is one which is easy to implement and adds a little bit of security.

Chrooting a programme doesn't give you any privacy or prevents firefox from leaving traces (use an encrypted and anonymous tunnel and put the chroot in a truecrypt container to cover yourself a bit more).

sudo pacman -S devtools xorg-xhost
mkdir -p $HOME/tmp/jail
sudo mkarchroot $HOME/tmp/jail/arch64 base sudo firefox flashplugin
sudo chroot $HOME/tmp/jail/arch64
passwd
useradd -m sandbox
passwd sandbox
echo "sandbox ALL=(ALL) ALL" >> /etc/sudoers
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo 'DISPLAY=:0.0' >> /etc/bash.bashrc
source /etc/bash.bashrc
exit

Launch the chroot with a script with something like this in it:
xhost +
sudo cp /etc/resolv.conf $HOME/tmp/jail/arch64/etc/resolv.conf
sudo mount -o bind /proc $HOME/tmp/jail/arch64/proc
sudo mount -o bind /sys $HOME/tmp/jail/arch64/sys
sudo mount -o bind /dev $HOME/tmp/jail/arch64/dev
sudo chroot $HOME/tmp/jail/arch64

You could also put 8.8.8.8 in resolv.conf (google dns).
Still not working properly (firefox segfaults)

20 April 2012

120. Using truecrypt with dropbox


This is not some fancy, automatic solution. This is for people who may not be familiar with truecrypt and how to use it. To most people this will be obvious.

Basically, one way in which you can use truecrypt is to create a file which, when mounted, acts like a device/filesystem. This container is encrypted and the strength of encryption depends on your key or password.

As a solution it also suffers from slow initial syncing.

Setting it up is a piece of cake:
1. Install truecrypt.
Get the correct version e.g. "Standard x64" from http://www.truecrypt.org/downloads.


Install by extracting the file and executing it:
chmod +x truecrypt-7.1a-setup-x64
sudo ./truecrypt-7.1a-setup-x64

2. Start truecrypt and click on Create Volume

Select encrypted file container. The other option is more useful  if you have access to the hardware.

Using a Hidden truecrypt volume means you pay a space penalty, depending on how you distribute the space between the two volumes.

Select location and filename


Pick an algorithm. I don't know much about this, but using a cascade sounds reasonable. I guess there are performance penalties though.

Be aware that the container file will take up all this space -- whether it's empty or not.









 3. Use the container file.
Click on Select File, then mount. You typically need to supply both the container password and your admin password.


This is what the inside of the container file looks like.
And this is what the dropbox folder looks like