Table of Contents
Part 1
Entries
Remember that 4 is just the minimum number of entries. Feel free to have more.
September 4, 2011
I set up my repository using the instructions at:
http://lab46.corning-cc.edu/haas/spring2011/cprog/tasks/task0 .
lab46:~$ mv src src1.bak lab46:~$ mkdir src lab46:~$ mkdir -p src/data lab46:~$ mkdir -p src/sysprog lab46:~$ svn import src http://lab46.corning-cc.edu/svn/jr018429/src -m "Initial import" Authentication realm: <http://lab46.corning-cc.edu:80> Lab46 User Subversion Repository Password for 'jr018429': Adding src/sysprog Adding src/data ----------------------------------------------------------------------- ATTENTION! Your password for authentication realm: <http://lab46.corning-cc.edu:80> Lab46 User Subversion Repository can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details. You can avoid future appearances of this warning by setting the value of the 'store-plaintext-passwords' option to either 'yes' or 'no' in '/home/jr018429/.subversion/servers'. ----------------------------------------------------------------------- Store password unencrypted (yes/no)? y Please type 'yes' or 'no': yes Committed revision 1. lab46:~$ mv src src2.bak lab46:~$ svn co http://lab46.corning-cc.edu/svn/jr018429/src src A src/sysprog A src/data Checked out revision 1. lab46:~$
I joined the data class mailing list by navigating to the web page at:
http://lab46.corning-cc.edu/mailman/listinfo/data , and following the directions on the page.
Soon thereafter, I received a confirmation e-mail requiring that either I navigate to a URL or send a reply.
I sent a reply.
Date: Sun, 04 Sep 2011 16:35:40 -0400 From: data-request@lab46.corning-cc.edu To: jr018429@lab46.corning-cc.edu Subject: confirm cb14554e157fd7a8eeb720a791b0d77f96f43081 Mailing list subscription confirmation notice for mailing list DATA We have received a request from 10.80.2.18 for subscription of your email address, "jr018429@lab46.corning-cc.edu", to the data@lab46.corning-cc.edu mailing list. To confirm that you want to be added to this mailing list, simply reply to this message, keeping the Subject: header intact. Or visit this web page: http://lab46.corning-cc.edu/mailman/confirm/data/cb14554e157fd7a8eeb720a791b0d77f96f43081 Or include the following line -- and only the following line -- in a message to data-request@lab46.corning-cc.edu: confirm cb14554e157fd7a8eeb720a791b0d77f96f43081 Note that simply sending a `reply' to this message should work from most mail readers, since that usually leaves the Subject: line in the right form (additional "Re:" text in the Subject: is okay). If you do not wish to be subscribed to this list, please simply disregard this message. If you think you are being maliciously subscribed to the list, or have any other questions, send them to data-owner@lab46.corning-cc.edu. Include original message in Reply? y
I then received an e-mail message welcoming me to the data structures course e-mail list.
Date: Sun, 04 Sep 2011 16:39:07 -0400 From: data-request@lab46.corning-cc.edu To: jr018429@lab46.corning-cc.edu Subject: Welcome to the "DATA" mailing list Welcome to the DATA@lab46.corning-cc.edu mailing list! To post to this list, send your email to: data@lab46.corning-cc.edu General information about the mailing list is at: http://lab46.corning-cc.edu/mailman/listinfo/data If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lab46.corning-cc.edu/mailman/options/data/jr018429%40lab46.corning-cc.edu You can also make such adjustments via email by sending a message to: DATA-request@lab46.corning-cc.edu with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: XXXXXXXXXXXX Normally, Mailman will remind you of your lab46.corning-cc.edu mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you.
I also joined the data class mailing list by navigating to the web page at:
http://lab46.corning-cc.edu/mailman/listinfo/sys , and following the directions on the page.
Afterwards, I received a confirmation e-mail requiring that either I navigate to a URL or send a reply.
I sent a reply.
Date: Sun, 04 Sep 2011 16:37:08 -0400 From: sys-request@lab46.corning-cc.edu To: jr018429@lab46.corning-cc.edu Subject: confirm 54d6ee7883bcf277a46b04538af54893b4ed2421 Mailing list subscription confirmation notice for mailing list SYS We have received a request from 10.80.2.18 for subscription of your email address, "jr018429@lab46.corning-cc.edu", to the sys@lab46.corning-cc.edu mailing list. To confirm that you want to be added to this mailing list, simply reply to this message, keeping the Subject: header intact. Or visit this web page: http://lab46.corning-cc.edu/mailman/confirm/sys/54d6ee7883bcf277a46b04538af54893b4ed2421 Or include the following line -- and only the following line -- in a message to sys-request@lab46.corning-cc.edu: confirm 54d6ee7883bcf277a46b04538af54893b4ed2421 Note that simply sending a `reply' to this message should work from most mail readers, since that usually leaves the Subject: line in the right form (additional "Re:" text in the Subject: is okay). If you do not wish to be subscribed to this list, please simply disregard this message. If you think you are being maliciously subscribed to the list, or have any other questions, send them to sys-owner@lab46.corning-cc.edu. Include original message in Reply? y
I soon received an e-mail message welcoming me to the system programming course e-mail list.
Date: Sun, 04 Sep 2011 16:41:07 -0400 From: sys-request@lab46.corning-cc.edu To: jr018429@lab46.corning-cc.edu Subject: Welcome to the "SYS" mailing list Welcome to the SYS@lab46.corning-cc.edu mailing list! To post to this list, send your email to: sys@lab46.corning-cc.edu General information about the mailing list is at: http://lab46.corning-cc.edu/mailman/listinfo/sys If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lab46.corning-cc.edu/mailman/options/sys/jr018429%40lab46.corning-cc.edu You can also make such adjustments via email by sending a message to: SYS-request@lab46.corning-cc.edu with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: XXXXXXXXXXXX Normally, Mailman will remind you of your lab46.corning-cc.edu mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you.
Next, I joined the Data Structures course IRC channel.
lab46:~$ screen -r
Irssi v0.8.15 - http://www.irssi.org 19:15 -!- I have 11 users, 0 services and 1 servers 19:15 -!- 11 11 Current local users: 11, Max: 11 19:15 -!- 11 11 Current global users: 11, Max: 11 19:15 -!- - irc.offbyone.lan message of the day 19:15 -!- - ************************************************** 19:15 -!- - * irc.offbyone.lan - LAIR IRC server * 19:15 -!- - * * 19:15 -!- - * If you know your class channel(s), you may * 19:15 -!- - * "/join CHANNEL_NAME" them now. * 19:15 -!- - * * 19:15 -!- - * For help, /join lab46 * 19:15 -!- - * * 19:15 -!- - * Regular rules apply: Play nice or go home. * 19:15 -!- - ************************************************** 19:15 -!- End of MOTD command 19:15 -!- Mode change [+i] for user jr018429 19:24 Irssi commands: 19:24 accept die knock note rping unban 19:24 action disconnect knockout notice save unignore 19:24 admin echo lastlog notify sconnect unload 19:24 alias eval layout op script unnotify 19:24 away exec links oper scrollback unquery 19:24 ban flushbuffer list part server unsilence 19:24 beep foreach load ping servlist upgrade 19:24 bind format log query set uping 19:24 cat hash lusers quit sethost uptime 19:24 cd help map quote silence userhost 19:24 channel hilight me rawlog squery ver 19:24 clear ignore mircdcc recode squit version 19:24 completion info mode reconnect stats voice 19:24 connect invite motd redraw statusbar wait 19:24 ctcp ircnet msg rehash time wall 19:24 cycle ison names reload toggle wallops 19:24 dcc join nctcp resize topic who 19:24 dehilight kick netsplit restart trace whois 19:24 deop kickban network rmreconns ts whowas 19:24 devoice kill nick rmrejoins unalias window Day changed to 01 Sep 2011 Day changed to 02 Sep 2011 Day changed to 03 Sep 2011 Day changed to 04 Sep 2011 [17:37] [jr018429(+i)] [1:irc (change with ^X)] [(status)] /join #data
17:23 -!- jr018429 [~jr018429@lab46.corning-cc.edu] has joined #data 17:23 [Users #data] 17:23 [@dschoeff] [ jr018429] 17:23 -!- Irssi: #data: Total of 2 nicks [1 ops, 0 halfops, 0 voices, 1 normal] 17:23 -!- Irssi: Join to #data was synced in 1 secs [17:37] [jr018429(+i)] [5:irc/#data] [#data]
I also joined the System Programming course IRC channel.
17:23 -!- jr018429 [~jr018429@lab46.corning-cc.edu] has joined #data 17:23 [Users #data] 17:23 [@dschoeff] [ jr018429] 17:23 -!- Irssi: #data: Total of 2 nicks [1 ops, 0 halfops, 0 voices, 1 normal] 17:23 -!- Irssi: Join to #data was synced in 1 secs [17:38] [jr018429(+i)] [5:irc/#data] [#data] /join #sys
17:22 -!- jr018429 [~jr018429@lab46.corning-cc.edu] has joined #sys 17:22 [Users #sys] 17:22 [@dschoeff] [ jr018429] 17:22 -!- Irssi: #sys: Total of 2 nicks [1 ops, 0 halfops, 0 voices, 1 normal] 17:22 -!- Irssi: Join to #sys was synced in 1 secs 17:22 < jr018429> hello all! [17:39] [jr018429(+i)] [4:irc/#sys] [#sys]
September 17, 2011
I added my first linked list source file to the Subversion repositiory:
lab46:~/src/data$ svn add linkedList1-jr.c A linkedList1-jr.c
Next, I commited the file to the Subversion repository:
lab46:~/src/data$ svn commit -m "Committing first linked list source file-to be used in further development-JR" Adding data/linkedList1-jr.c Transmitting file data . Committed revision 2.
I experimented with void pointers; the resulting file is voidptr.c. I added it to the code repository and then committed it.
lab46:~/src/data$ svn add voidptr.c A voidptr.c lab46:~/src/data$ svn commit -m "Added voidptr.c; voidptr.c is a c source file used to experiemtn with a void pointer" Adding data/voidptr.c Transmitting file data . Committed revision 3. lab46:~/src/data$
September 18, 2011
I added and committed the beginning cpu interface code.
lab46:~/src/sysprog$ svn add interface.c A interface.c lab46:~/src/sysprog$ svn commit -m "Added and committed the start of cpu interface -JR" Adding sysprog/interface.c Transmitting file data . Committed revision 4.
I posed a question regarding memory allocation and deallocation to the data mailing list at: data@lab46.corning-cc.edu .
I asked the following questions:
Date: Sun, 18 Sep 2011 20:52:56 -0400 (EDT) From: John Rine <jr018429@lab46.corning-cc.edu> To: data@lab46.corning-cc.edu Subject: Deallocating dynamically allocated memory All, Regarding deallocating memory when finished with a linked list, isn't it a good idea to first copy the pointer to the next address into a temporary pointer variable and then set all pointers within a node to NULL and finally deallocate the memory rather than deallocating the memory and then setting pointers to NULL? Is deallocated memory available to the system immediately after being deallocated? The code I have seen, frees and then sets pointers to NULL. Example: while(temp != NULL) { temp2 = temp->next; temp->prev = NULL; temp->next = NULL; free(temp); temp = temp2; } John T. Rine CSIT 1320 HPC Fundamentals CSIT 2048 HPC Experience II CSIT 2320 HPC Systems & Networking CSCS 2650 Computer Organization Graduate Electrical Technology-Electronics Graduate General Studies --- Lab46: Penguin Powered
I received the following reply to my question from the course instructor.
Date: Mon, 19 Sep 2011 08:31:00 -0400 From: Matthew Haas <wedge@lab46.corning-cc.edu> Reply-To: CSCS2320 Class Discussion List <data@lab46.corning-cc.edu> To: data@lab46.corning-cc.edu Subject: Re: [DATA] Deallocating dynamically allocated memory On 09/18/2011 08:52 PM, John Rine wrote: > Is deallocated memory available to the system immediately after being deallocated? Excellent question, that would make a great experiment... What do you think is the case? Why? How would you test this? For starters, what if you printed out the address a pointer points to before and after freeing? Does it remain the same? If you free memory and it returns it for system use, would that not mean the memory is no longer allocated to you, and therefore you would no longer have access to that memory? What happens when you try to access memory outside your process space? That would be a great experiment to try, whether or not it is successful. -Matthew -- Matthew Haas Lab46 System Administrator Instructor of Computer& Information Science http://lab46.corning-cc.edu/haas/home/ _______________________________________________ DATA mailing list DATA@lab46.corning-cc.edu http://lab46.corning-cc.edu/mailman/listinfo/data [ Note: This message contains email list management information ]
I posed the following questions regarding curses and keyboard keys to the system programming class e-mailing list at: sys@lab46.corning-cc.edu .
Date: Sun, 18 Sep 2011 21:25:29 -0400 (EDT) From: John Rine <jr018429@lab46.corning-cc.edu> To: sys@lab46.corning-cc.edu Subject: Trouble with Curses recognizing F keys and other keyboard keys All, I am having trouble with curses recognizing function keys and the escape key. I am using code like this: #include<curses.h> int main() { int c; initscr(); keypad(stdscr,TRUE); noecho(); move(0,0); c=getch(); while(c != KEY_F(1) && c != 'q') { move(0,0); printw("%c\n",c); refresh(); c=getch(); } endwin(); return 0; } it will exit with 'q' but not KEY_F(1) or the F1 key. Also, the esc key is not recognized when using the KEY_EXIT constant. Anyone have any ideas as to how to get function keys and the escape key to work with curses? thanks, John T. Rine --- Lab46: Penguin Powered
The instructor provided the following reply to my curses/keyboard keys questions.
Date: Mon, 19 Sep 2011 08:43:07 -0400 From: Matthew Haas <wedge@lab46.corning-cc.edu> Reply-To: "\\\"Systems\\\" Classes Discussion List" <sys@lab46.corning-cc.edu> To: sys@lab46.corning-cc.edu Subject: Re: [SYS] Trouble with Curses recognizing F keys and other keyboard keys On 09/18/2011 09:25 PM, John Rine wrote: > > I am having trouble with curses recognizing function keys and the escape key. > I am using code like this: > #include<curses.h> > > int main() > { > int c; > initscr(); > keypad(stdscr,TRUE); > noecho(); > move(0,0); > c=getch(); > while(c != KEY_F(1) && c != 'q') > { > move(0,0); > printw("%c\n",c); > refresh(); > c=getch(); > } > endwin(); > return 0; > } > it will exit with 'q' but not KEY_F(1) or the F1 key. Also, the esc key is not recognized when using the KEY_EXIT constant. Anyone have any ideas as to how to get > function keys and the escape key to work with curses? I've never played with the function keys... so that would take some experimenting. Escape, even though there may not be a #define for it (all the keys available to you are #define'd in /usr/include/curses.h, check it out), has a value. The trick is, what is it? Hmm... this could be another experiment. If you know that pretty much every key on the keyboard has a value (which ones do not have a direct value?), how could we figure out what the values of keys are? What is the data type of the 'c' variable in the program above? What type of data are we displaying in the printw() function call above? Could you perhaps CHANGE the format specifier to match the actual data type of the 'c' variable? What would happen then? If you then compile and run the program and start pressing keys, what happens? What do you see when you press 'a', 'A', spacebar? Do you know what these values correspond to? What do you think happens when you start pressing some keys that do not directly have printable characters associated with them, like... escape. What does it display? -Matthew -- Matthew Haas Lab46 System Administrator Instructor of Computer& Information Science http://lab46.corning-cc.edu/haas/home/ _______________________________________________ SYS mailing list SYS@lab46.corning-cc.edu http://lab46.corning-cc.edu/mailman/listinfo/sys [ Note: This message contains email list management information ]
September 23, 2011
After modifying my code in linkedList1-jr.c, my experimental file, I compiled it.
lab46:~/src/data$ gcc linkedList1-jr.c -o linkedList1-jr lab46:~/src/data$
Next, I ran the code and found that it executed perfectly.
lab46:~/src/data$ ./linkedList1-jr 1 2 3 4 5 6 7 8 9 10 10 9 8 7 6 5 4 3 2 1 lab46:~/src/data$
I then committed it to the Subversion repository.
lab46:~/src$ svn commit -m "Added linked-list deletion routines to linkedList1-jr.c" Sending data/linkedList1-jr.c Transmitting file data . Committed revision 5. lab46:~/src$
September 24, 2011
I added 2 functions to my linked list experimental file, linkedList1-jr.c, which return the size of a list; one that starts at the head, and the other that starts at the tail.
First, I compiled the modified file.
lab46:~/src/data$ gcc linkedList1-jr.c -o linkedList1-jr
I then executed the file to verify that it worked as expected.
lab46:~/src/data$ ./linkedList1-jr Head = 25c0010 Size of the list is: 10 Head = 25c0010 1 2 3 4 5 6 7 8 9 10 10 9 8 7 6 5 4 3 2 1 Size of the list is: 25 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 lab46:~/src/data$
I committed the file to the Subversion repository.
lab46:~/src/data$ cd .. lab46:~/src$ svn commit -m "Updated linkedList1-jr.c to include 2 functions to return the size of a linked list, one starting at the head and the other starting at the tail" Sending data/linkedList1-jr.c Transmitting file data . Committed revision 6. lab46:~/src$
I chose Null Pointers as a data topic. I wrote a simple program, nullPtr.c, to demonstrate them. After compiling and executing the program, I then added it and committed it to the Subversion repository.
lab46:~/src/data$ svn add nullPtr.c A nullPtr.c lab46:~/src/data$ svn commit -m "Added and committed the nullPtr.c which demonstrates Null Pointers -JR" Adding data/nullPtr.c Transmitting file data . Committed revision 7. lab46:~/src/data$
September 26, 2011
I asked the question “Is deallocated memory available to the system immediately after being deallocated?” Which became a subject for my first experiment. For deatils, see experiment 1 below.
lab46:~/src/data$ svn add deallocTest.c A deallocTest.c lab46:~/src/data$ svn commit -m" Added and committed deallocTest.c for experiement 1 -JR" Adding data/deallocTest.c Transmitting file data . Committed revision 8. lab46:~/src/data$
I wrote a program, argv.c, to demonstrate the use of pointers to pointers for the data topic. I compiled the program and ran it successfully. I then added and committed it to the Subversion repository.
lab46:~/src/data$ svn add argv.c A argv.c lab46:~/src/data$ svn commit -m "argv.c is a program which demonstrates the use of pointers to pointers -JR" Adding data/argv.c Transmitting file data . Committed revision 9. lab46:~/src/data$
January 15, 2012
This is my first Opus entry for IT-HPC.
I was enrolled in this course during the Fall 2011 semester but due to a number of personal issues, and with the consent of the instructor, I took am incomplete for the course at the end of the Fall semester. I am now completing the course.
For Christmas, the family received a wireless router which I set up and now administer. The router make and model are: Cisco Linksys E1200 Wireless router.
January 24, 2012
I installed a network adapter in my E machine. When I installed it, I noticed that the edge connector on the network adapter didn't fill the entire PCI slot. Usually, this is an indication that the device wasn't designed to be plugged into this type of slot, however, the network adapter was advertised as being a PCI device and the slot I was plugging it into was also advertised as being PCI. Further, the conductive “fingers” on the network adapter edge connector did line up with the pins in the slot, and the polarizing key in the slot matched up with the cutout on the network adapter's edge connector, so decided to install it and see if I could get it to work. On boot-up, however, my system returned a resource conflict error. I let the system boot. Once Windows started, it nformed me that there was new hardware. I Opened the System utility in Control Panel and navigated to Device Manager. In Device Manager, I
January 25, 2012
I met with the instructor in the Lair to discuss possible projects. I told the instructor that I intended to install Debian Linux on an E Machine which my family has had for several years and that I planned to use use this platform to carry out my HPC 1 projects. He thought this was a good idea.
January 27, 2012
I brought my computer and network card to the lair with the purpose of getting assistance with the installation of the network adapter. While the instructor taught class, I borrowed a key board and mouse and installed the network card, this time in the other PCI slot. I also removed the modem card from its slot. I booted up the computer and noticed that there was no notification from the operating system of new hardware. I looked in device manager and noticed that there was a network adapter listed. I hooked up the adapter to a switch and rebooted the computer. Once the Windows desktop was displayed, I opened Internet Explorer and then pointed it to Google. Success! the Google logo was displayed.
Febrary 4, 2011
Once the network adapter installed, it was time to install an operating system. I am partial to Debian so I downloaded a Debian CD image from:
http://cdimage.debian.org/debian-cd/6.0.4/i386/bt-cd/
as per the instructions, I only needed to install CD 1 so I burned CD number one of the set of Debian installation CDs. One the CD was burned, I placed it into the CD drive and rebooted the computer. When the computer rebooted, the Debian install menu was displayed. When I selected any of the installation selections, however, the monitor screen began to flicker and the installation froze. I searched the Internet for a solution but found none, so I began to search for live CD information. While searching for live CD information, I came across information about “Damn Small Linux”. I decided to gicve Damn Small Linux or DSL a try. I downloaded a CD image and then burned a CD. I installed it in the CD Drive and then rebooted the computer. Success! I was able to navigate around and to open a terminal window and move through the directory structure. I powered down the computer and connected my router to the computer's network adapter and then rebooted with the DSL CD in the CD drive. Once the computer booted, I opened Firefox, the Web browser which comes with DSL and pointed it to Google. Success! the Google logo was displayed.
I wrote the instructor about my experiences so far:
Date: Sat, 4 Feb 2012 13:02:43 -0500 (EST) From: John Rine <jr018429@lab46.corning-cc.edu> To: wedge@lab46.corning-cc.edu Subject: Linux install Matt, Well I have made progress with my Linux install on my E machine. As you know, I go my Network adapter installed successfully, short edge connector and all. Once I got the computer home, I checked out the CD drive in preparation for the OS installation. I could get the door open; a CD was jammed in it. I removed the drive from the computer and took it apart and after working patiently for an hour or so, I go the CD out and the drive still worked! My family had gigs worth of files on the hard drive which I go off. Once the computer was ready for Linux, I found a Debian CD image which I downloaded and burned to a CD. I then installed the CD into the drive and boot the computer. On boot up an installation menu was displayed, so far, so good. When I selected an installation option-any installation option it turns out, however, the installation stalls and the screen begins to flicker. I burned another CD, but the installation again locked up and the screen flickered. I searched the Internet for similar occurrences but found none, so I thought I would try a live CD. In my search for live Cd's, I came across DSL, or Damn Small Linux. Intrigued, I read a little about DSL. After reading, I thought I would give it a try so I burned a CD. I installed the CD and then booted the E machine. To my surprise it worked! Once I navigated around for a little while, I connected the computer to the network and rebooted. I was able to use the Firefox browser to surf the Web! My question to you is, that if the live CD worked, shouldn't an install disk work? When researching the Debian install, the documentation described possible issues with CD drivers. My bios supports booting from a CD. The CD drive that is in the computer, however, is not the origninal. The original could only read disks, so I replaced it with one that could also write. Do you have any ideas? I have one more option, well two really. The first option would be to bring the computer back and install it from the Lab46 network which is fine by me. The second option is to install Damn small Linux from a CD into a partition on the hard drive. This option is also fins by me. My only reservation about this option is if I would be able to control hardware and if I could install the Arduino IDE. The Arduino IDE doesn't have to reside on the computer, it just makes development easier. I just wanted to update you on my progress and see if you had any ideas. After learning the course subject matter last semester (Thanks for being a great instructor, Joe too!), I am even more interested in using Linux for control applications. I came across a ladder IDE which is used to program microcontrollers rather than PLCs. It is open source. I downloaded the source and began to figure out how to compile it. I figured out how to use the Microsoft command line C/C++ compiler batch file in order to use Make (the source came with a Make batch file). The install, however, calls a Perl script which apparently is used to configure language options. My next step is to install Perl. Once I have installed Perl, I should be able to compile the source. The next step will be to learn the source and start modifying it. Well got to go, John T. Rine
The following Web page describes which packages are part of Damn Small Linux:
http://www.damnsmalllinux.org/packages.html
Issues having to do with package installation are described on the following Web page:
http://www.damnsmalllinux.org/f/topic-3-9-15019-0.html
On the same day, I received a reply to my e-mail from the instructor:
Date: Sat, 04 Feb 2012 15:53:17 -0500 From: Matthew Haas <wedge@lab46.corning-cc.edu> To: John Rine <jr018429@lab46.corning-cc.edu> Subject: Re: Linux install [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "ISO-8859-1" character set. ] [ Some characters may be displayed incorrectly. ] On Sat, 2012-02-04 at 13:02 -0500, John Rine wrote: > > When I selected an installation option-any > installation option it turns out, however, the installation stalls and the > screen begins to flicker. I burned another CD, but the installation again > locked up and the screen flickered. Sounds like it could be a driver issue... not necessarily (but not excluding) a lack of proper support (I have some video cards in the LAIR that were once supported and are not in current releases). It likely is that the hardware auto-detection scripts are not successful in properly IDing you graphics hardware so it ends up not properly switching out of console VGA modes. > I searched the Internet for similar occurrences but found none, so I > thought I would try a live CD. In my search for live Cd's, I came across > DSL, or Damn Small Linux. Intrigued, I read a little about DSL. After > reading, I thought I would give it a try so I burned a CD. I installed the > CD and then booted the E machine. To my surprise it worked! Once I > navigated around for a little while, I connected the computer to the > network and rebooted. I was able to use the Firefox browser to surf the > Web! Different distros can have this effect. It could just be that it was able to better detect your hardware where Debian could not. You could poke around DSL to get the config info you need and then reapply it to Debian and get it working. For graphics (X), take a look at /var/log/Xorg.0.log... that should contain some telling information about what it is doing to fire up X, including what driver (or X server) it is using, and maybe even some indication of particular options being utilized (note that it will NOT tell you everything though). > My question to you is, that if the live CD worked, shouldn't an install > disk work? When researching the Debian install, the documentation > described possible issues with CD drivers. My bios supports booting > from a CD. The CD drive that is in the computer, however, is not the > original. The original could only read disks, so I replaced it > with one that could also write. Do you have any ideas? Yep, see above paragraph. Live CDs have a higher focus on getting it right out of the box... at the cost of customization or other flexibility. They are designed to be used, not administered. > I have one more option, well two really. The first option would be to > bring the computer back and install it from the Lab46 network which is > fine by me. The second option is to install Damn small Linux from a CD > into a partition on the hard drive. This option is also fins by me. My > only reservation about this option is if I would be able to control You are welcome to do so... Pressly or I could also poke at it and see if we can see any obvious indications of what it is trying to do for graphics and "get it to work". > hardware and if I could install the Arduino IDE. The Arduino IDE doesn't > have to reside on the computer, it just makes development easier. > I just wanted to update you on my progress and see if you had any > ideas. I would say that no matter what distro you end up with, that you have a working package management system so you could install the necessarily prerequisites the Arduino IDE might need. Also, it looks like your degree audit has been fixed for HPC... I took a look last week as I was filling out waivers, and it looks like all you need is to just finish HPC1 so the incomplete turns into a grade. Take a look and let me know if you see otherwise. -Matthew -- Matthew Haas Lab46 System Administrator Instructor of Computer & Information Science http://lab46.corning-cc.edu/haas/home/
February 5, 2011
After reading the following excerpt: “Now for the warning: Damn Small is not derived purely from Debian, if you 'apt-get install' the wrong application you may break something, for instance, the X servers.
If you want an easy and compact way to get Debian on your hard drive check out Bonzai”
http://www.damnsmalllinux.org/dsl-hd-install.html
I decided that it probably wasn't a good distribution to use for my application.
Below is an e-mail I sent to the instructor after reading about loading packages on DSL.
Date: Sun, 5 Feb 2012 19:04:54 -0500 (EST) From: John Rine <jr018429@lab46.corning-cc.edu> To: wedge@lab46.corning-cc.edu Subject: HPC 1 Progress Matt, On the DSL(Damn Small Linux) page, I found that it is a bad idea to install things on a DSL based system because: "Now for the warning: Damn Small is not derived purely from Debian, if you 'apt-get install' the wrong application you may break something, for instance, the X servers." http://www.damnsmalllinux.org/dsl-hd-install.html The page went on to say: "If you want an easy and compact way to get Debian on your hard drive check out Bonzai" So I decided to give Bonzai a try. I burned a CD. It is installing right now. We'll see what happens. John T. Rine
February 9, 2011
After making the decision to not use “Damn Small Linux” or DSL for any of my projects, I looked for another distribution to load. I found another compact one called “Bonzai”.
I was able to load it on my E-Machine. SSH, however, wasn't loaded, so I loaded it so that I could connect with lab46. The Bonzai Linux home page is located at:
http://developer.berlios.de/projects/bonzai/.
The latest version can be downloaded from:
http://developer.berlios.de/project/showfiles.php?group_id=825&release_id=1910.
Before installing SSH, however, I couldn't even connect to theInternet. So I researched what was required to do so. I found that I had to load a driver for my network adapter, start the eth0 device, and start the DHCP client. Of course, this last step isn't required if the IP address, etc. are assigned statically. I wanted my network to assign these things dynamically, so that I wouldn't have manage them; that is the point of the DHCP protocol.
In order be able to connect to the Internet, I had to perform the tasks mentioned above on the system so I opened a terminal window.
First, to connect to the Internet, I had to manual load a hardware specific driver for my network adapter:
Bonzai:~$ modprobe 8138too
Next, I brought device eth0 up:
Bonzai:~$ ifconfig eth0 up
Lastley, I started the DHCP client so I didn't have to statically assign the IP address, etc:
Bonzai:~$ dhclient
After I performed these tasks, I was able to view web pages. Next, I opened a terminal window and attempted to SSH into lab46 but was unable because SSH hadn't been loaded. So, with the terminal window open, I performed an apt-get install ssh:
apt-get install ssh
Because the sources.list file pointed to the installation CD, I was prompted to insert the CD. I did and SSH loaded successfully on my Bonzai Linux system.
After loading SSH, I was able to SSH into lab46 and send the instructor an e-mail.
Below is the e-mail I sent to the instructor informing him that after loading Bonzai Linux and configuring the system, I was able to connect to lab46 via SSH and send him an e-mail.
Date: Thu, 9 Feb 2012 19:23:24 -0500 (EST) From: John Rine <jr018429@lab46.corning-cc.edu> To: wedge@lab46.corning-cc.edu Subject: Coming to you from my E Machine Bonzai Linux Box! Banzai! Banzai! Banzai! This is coming to you from my Bonzai or Banzai or should I say Bonsai (small) E-Machine Linux box! Man, it was a pain! First, no network! I read and read and experimented, finally, I got it working by doing the following after boot-up: modprobe 8138too //loads the driver for my Network adapter ifconfig eth0 up //starts up eth0 dhclient //starts DHCP so that I can get IPaddress, etc. Where do I put these commands? Startup script? Next step, install Arduino. Also, no SSH, I had to figuare out how to install it. Luckly, it was on the Banzai (or Bonzai) CD. Now I can experiment with all kinds of stuff. John T. Rine
February 20, 2012
Bonzai Linux also has issues. It is a small distribution of “Woody” debian. Woody is old. After commenting out the line in sources.list that causes packages to be loaded from the installation CD, I added a line pointing to the Woody Debian repository. When I attempted to install certain packages from that repository I found that they could not be located. I was unable, therefore, to install Arduino as per the instructions on the following Web page: http://arduino.cc/playground/Linux/Debian.
I decided to try Ubantu 11.10 which is the latest version of the Ubantu distribution. I made an installation CD and was able to get it loaded. I was also able to get Arduino installed. I also got the Apache 2 Web server and PHP5 installed.
February 27, 2012
I worked on HPC1 topics. I added HPC1 topic content to my opus.
March 3, 2012
I worked on HPC1 topics; I added topic content to my Opus.
March 4, 2012
I studied HPC1 topic material; I then added topic material to my Opus.
March 11, 2012
I installed Open SSH on my emachine desktop computer so that I could administer it remotely using SSH. Having the ability to administer it remotely should accelerate development of my second project, controlling hardware remotely. To administer a remote machine, only the SSH server needs to be installed, however, if I wanted to connect to another machine from the taarget machine, I would also need the ssh-client to be installed.
First, I attempted to install the ssh-client:
jr018429@emachine:~$ sudo apt-get install openssh-client [sudo] password for jr018429: Reading package lists... Done Building dependency tree Reading state information... Done openssh-client is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 355 not upgraded.
I found, however, that the client was already installed so no new installation and no upgrades were performed.
Next, I installed the ssh-server on my emachine.
jr018429@emachine:~$ sudo apt-get install openssh-server Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ssh-import-id Suggested packages: rssh molly-guard openssh-blacklist openssh-blacklist-extra monkeysphere The following NEW packages will be installed: openssh-server ssh-import-id 0 upgraded, 2 newly installed, 0 to remove and 355 not upgraded. Need to get 345 kB of archives. After this operation, 971 kB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric/main openssh-server i386 1:5.8p1-7ubuntu1 [339 kB] Get:2 http://us.archive.ubuntu.com/ubuntu/ oneiric/main ssh-import-id all 2.5-0ubuntu2 [6,148 B] Fetched 345 kB in 1s (213 kB/s) Preconfiguring packages ... Selecting previously deselected package openssh-server. (Reading database ... 127343 files and directories currently installed.) Unpacking openssh-server (from .../openssh-server_1%3a5.8p1-7ubuntu1_i386.deb) ... Selecting previously deselected package ssh-import-id. Unpacking ssh-import-id (from .../ssh-import-id_2.5-0ubuntu2_all.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... ureadahead will be reprofiled on next reboot Processing triggers for ufw ... Setting up openssh-server (1:5.8p1-7ubuntu1) ... Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... ssh start/running, process 2792 Setting up ssh-import-id (2.5-0ubuntu2) ... jr018429@emachine:~$
To open an SSH connection to a target machine, one needs to know either the domain name or the IP address of the remote host, so on the host on which I was going to install Open SSH, I performed an ifconfig on the target machine to get its IP address:
jr018429@emachine:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:e0:4c:ff:12:b2 inet addr:192.168.1.113 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:feff:12b2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1094 errors:0 dropped:0 overruns:0 frame:0 TX packets:669 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1485876 (1.4 MB) TX bytes:54388 (54.3 KB) Interrupt:16 Base address:0x3000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) jr018429@emachine:~$
March 19, 2012
Using the IP adrress, username and password of my emachine, I opened putty on a Windows laptop and attempted to log into it:
login as: jr018429 jr018429@192.168.1.113's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ Last login: Mon Mar 19 20:01:36 2012 from 192.168.1.111 jr018429@emachine:~$
Success! I was able to log into my emachine remotely.
Next, using Filezilla on my Windows laptop, I tried to transfer a file from the emachine running Ubuntu, to my Windows 7 desktop, so I entered the IP address, username, password and port number for the connection. Success! I was able to transfer a file from the emachine to my laptop.
I wanted to create a root user and password so I performed the following via pUTTY:
login as: jr018429 jr018429@192.168.1.113's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ Last login: Mon Mar 19 20:12:00 2012 from 192.168.1.111 jr018429@emachine:~$ sudo passwd root [sudo] password for jr018429: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully jr018429@emachine:~$
Next, I configured the emachine running Ubuntu 11.10 with a static IP address. First, I logged in remotely using pUTTY:
login as: jr018429 jr018429@192.168.1.113's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ 359 packages can be updated. 96 updates are security updates. Last login: Mon Mar 19 20:58:16 2012 from 192.168.1.111 jr018429@emachine:~$ su Password:
Next, I edited /etc/network/interfaces file:
root@emachine:/home/jr018429# nano /etc/network/interfaces
I added the section beginning with the line “auto eth0” to the /etc/network/interfaces file:
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.2 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.1
Lastly, I restarted networking:
root@emachine:/home/jr018429# /etc/init.d/networking restart
I then logged into the emachine from pUTTY using the new IP address:
login as: jr018429 jr018429@192.168.1.2's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ 359 packages can be updated. 96 updates are security updates. Last login: Mon Mar 19 21:17:06 2012 from 192.168.1.111 jr018429@emachine:~$
I logged into the Linksys E1200 router and forwarded port 22 (SSH) to the emachine's static IP address. Next, I forwarded port 80 (HTTP) to the emachine's static IP address. I then used putty to access the IP address assigned to the router's port by my ISP. Success!
March 20, 2012
I installed Apache2 and PHP5 on my emachine remotely using pUTTY. First I installed Apache2:
login as: jr018429 jr018429@192.168.1.2's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ 359 packages can be updated. 96 updates are security updates. Last login: Mon Mar 19 21:49:14 2012 from 192.168.1.1 jr018429@emachine:~$ sudo apt-get install apache2 [sudo] password for jr018429: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap Suggested packages: apache2-doc apache2-suexec apache2-suexec-custom The following NEW packages will be installed: apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap 0 upgraded, 9 newly installed, 0 to remove and 355 not upgraded. Need to get 3,131 kB of archives. After this operation, 10.3 MB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric/main libapr1 i386 1.4.5-1 [90.5 kB] Get:2 http://us.archive.ubuntu.com/ubuntu/ oneiric/main libaprutil1 i386 1.3.12+dfsg-2 [75.4 kB] Get:3 http://us.archive.ubuntu.com/ubuntu/ oneiric/main libaprutil1-dbd-sqlite3 i386 1.3.12+dfsg-2 [10.3 kB] Get:4 http://us.archive.ubuntu.com/ubuntu/ oneiric/main libaprutil1-ldap i386 1.3.12+dfsg-2 [7,988 B] Get:5 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2.2-bin i386 2.2.20-1ubuntu1.2 [2,636 kB] Get:6 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2-utils i386 2.2.20-1ubuntu1.2 [84.3 kB] Get:7 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2.2-common i386 2.2.20-1ubuntu1.2 [223 kB] Get:8 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2-mpm-worker i386 2.2.20-1ubuntu1.2 [2,282 B] Get:9 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2 i386 2.2.20-1ubuntu1.2 [1,484 B] Fetched 3,131 kB in 5s (610 kB/s) Selecting previously deselected package libapr1. (Reading database ... 127369 files and directories currently installed.) Unpacking libapr1 (from .../libapr1_1.4.5-1_i386.deb) ... Selecting previously deselected package libaprutil1. Unpacking libaprutil1 (from .../libaprutil1_1.3.12+dfsg-2_i386.deb) ... Selecting previously deselected package libaprutil1-dbd-sqlite3. Unpacking libaprutil1-dbd-sqlite3 (from .../libaprutil1-dbd-sqlite3_1.3.12+dfsg-2_i386.deb) ... Selecting previously deselected package libaprutil1-ldap. Unpacking libaprutil1-ldap (from .../libaprutil1-ldap_1.3.12+dfsg-2_i386.deb) ... Selecting previously deselected package apache2.2-bin. Unpacking apache2.2-bin (from .../apache2.2-bin_2.2.20-1ubuntu1.2_i386.deb) ... Selecting previously deselected package apache2-utils. Unpacking apache2-utils (from .../apache2-utils_2.2.20-1ubuntu1.2_i386.deb) ... Selecting previously deselected package apache2.2-common. Unpacking apache2.2-common (from .../apache2.2-common_2.2.20-1ubuntu1.2_i386.deb) ... Selecting previously deselected package apache2-mpm-worker. Unpacking apache2-mpm-worker (from .../apache2-mpm-worker_2.2.20-1ubuntu1.2_i386.deb) ... Selecting previously deselected package apache2. Unpacking apache2 (from .../apache2_2.2.20-1ubuntu1.2_i386.deb) ... Processing triggers for man-db ... Processing triggers for ufw ... Processing triggers for ureadahead ... Setting up libapr1 (1.4.5-1) ... Setting up libaprutil1 (1.3.12+dfsg-2) ... Setting up libaprutil1-dbd-sqlite3 (1.3.12+dfsg-2) ... Setting up libaprutil1-ldap (1.3.12+dfsg-2) ... Setting up apache2.2-bin (2.2.20-1ubuntu1.2) ... Setting up apache2-utils (2.2.20-1ubuntu1.2) ... Setting up apache2.2-common (2.2.20-1ubuntu1.2) ... Enabling site default. Enabling module alias. Enabling module autoindex. Enabling module dir. Enabling module env. Enabling module mime. Enabling module negotiation. Enabling module setenvif. Enabling module status. Enabling module auth_basic. Enabling module deflate. Enabling module authz_default. Enabling module authz_user. Enabling module authz_groupfile. Enabling module authn_file. Enabling module authz_host. Enabling module reqtimeout. Setting up apache2-mpm-worker (2.2.20-1ubuntu1.2) ... * Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName [ OK ] Setting up apache2 (2.2.20-1ubuntu1.2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place jr018429@emachine:~$
Next, I installed PHP5:
jr018429@emachine:~$ sudo apt-get install php5 Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: apache2-mpm-prefork libapache2-mod-php5 php5-cli php5-common Suggested packages: php-pear php5-suhosin The following packages will be REMOVED: apache2-mpm-worker The following NEW packages will be installed: apache2-mpm-prefork libapache2-mod-php5 php5 php5-cli php5-common 0 upgraded, 5 newly installed, 1 to remove and 355 not upgraded. Need to get 6,614 kB of archives. After this operation, 17.7 MB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2-mpm-prefork i386 2.2.20-1ubuntu1.2 [2,398 B] Get:2 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main php5-common i386 5.3.6-13ubuntu3.6 [416 kB] Get:3 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main libapache2-mod-php5 i386 5.3.6-13ubuntu3.6 [3,109 kB] Get:4 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main php5 all 5.3.6-13ubuntu3.6 [1,108 B] Get:5 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main php5-cli i386 5.3.6-13ubuntu3.6 [3,086 kB] Fetched 6,614 kB in 12s (540 kB/s) dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested: apache2 depends on apache2-mpm-worker (= 2.2.20-1ubuntu1.2) | apache2-mpm-prefork (= 2.2.20-1ubuntu1.2) | apache2-mpm-event (= 2.2.20-1ubuntu1.2) | apache2-mpm-itk (= 2.2.20-1ubuntu1.2); however: Package apache2-mpm-worker is to be removed. Package apache2-mpm-prefork is not installed. Package apache2-mpm-event is not installed. Package apache2-mpm-itk is not installed. (Reading database ... 127945 files and directories currently installed.) Removing apache2-mpm-worker ... * Stopping web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName ... waiting [ OK ] Selecting previously deselected package apache2-mpm-prefork. (Reading database ... 127941 files and directories currently installed.) Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.20-1ubuntu1.2_i386.deb) ... Setting up apache2-mpm-prefork (2.2.20-1ubuntu1.2) ... * Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName [ OK ] Selecting previously deselected package php5-common. (Reading database ... 127946 files and directories currently installed.) Unpacking php5-common (from .../php5-common_5.3.6-13ubuntu3.6_i386.deb) ... Selecting previously deselected package libapache2-mod-php5. Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.6-13ubuntu3.6_i386.deb) ... Selecting previously deselected package php5. Unpacking php5 (from .../php5_5.3.6-13ubuntu3.6_all.deb) ... Selecting previously deselected package php5-cli. Unpacking php5-cli (from .../php5-cli_5.3.6-13ubuntu3.6_i386.deb) ... Processing triggers for man-db ... Setting up php5-common (5.3.6-13ubuntu3.6) ... Setting up libapache2-mod-php5 (5.3.6-13ubuntu3.6) ... Creating config file /etc/php5/apache2/php.ini with new version * Reloading web server config apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName [ OK ] Setting up php5 (5.3.6-13ubuntu3.6) ... Setting up php5-cli (5.3.6-13ubuntu3.6) ... Creating config file /etc/php5/cli/php.ini with new version update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode.
I then installed a library for php5:
jr018429@emachine:~$ sudo apt-get install libapache2-mod-php5 Reading package lists... Done Building dependency tree Reading state information... Done libapache2-mod-php5 is already the newest version. libapache2-mod-php5 set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 355 not upgraded. jr018429@emachine:~$ sudo /etc/init.d/apache2 restart * Restarting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName [ OK ] jr018429@emachine:~$
I plugged in the IP address assigned by the ISP into Internet Explorer on my laptop running Windows 7. Success! The default Web page is displayed. I now have Web server running and accessible to the outside world.
March 21, 2012
I wanted to configure Apache to also listen at port 8080; sometimes there are port confilcts and an administer is sometimes required to resolve those conflicts. I configured Apache to listen also at port 8080 through pUTTY (remote administeration). In /etc/apache2/ports.conf, I added the line “Listen 8080” immediately after the “Listen 80” line.
ports.conf:
# If you just change the port or add more ports here, you will likely also # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default # This is also true if you have upgraded from before 2.2.9-3 (i.e. from # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and # README.Debian.gz NameVirtualHost *:80 Listen 80 Listen 8080 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
Simply adding the Listen 8080 line to the /etc/apache2/ports.conf file didn't cause Apache2 to react to requests on port 8080. I also had to make a change to the /etc/apache2/sites-available/default file. I had to change the first line from <VirtualHost *:80> to <VirtualHost *:80 *:8080>.
default:
<VirtualHost *:80 *:8080> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
I then restarted Apache2.
root@emachine:/etc/apache2# /etc/init.d/apache2 restart * Restarting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName [ OK ] root@emachine:/etc/apache2#
Success! accessing the 8080 port through HTTP requests from a Web browser causes a Web page to be returned. Now I can either configure Apache to only listen on port 8080, or only forward the 8080 port from the Linksys router.
Next, since I installed PHP, I wanted to verify that PHP scripting worked, so I logged into the emachine remotely and created a web page with PHP script which calls the phpinfo function. The phpinfo function returns php configuration information:
login as: root root@192.168.1.2's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ Last login: Tue Mar 20 19:01:16 2012 from 192.168.1.111 root@emachine:~# cd /var/www root@emachine:/var/www nano phpinfo.php root@emachine:/var/www#
The phpinfo,.php looks like this:
<html> <title>PHP Information</title> <?php phpinfo(); ?> </html>
I tested the phpinfo.php file by entering the static IP address I assigned to the emachine earlier followed by the php page name, 192.168.1.2:8080/phpinfo.php, into a Web browser. Success! The page was returned.
March 22, 2012
I worked on my “Controlling Hardware via the Web” project, however, the Arduino package wouldn't install:
root@emachine:/home/jr018429# apt-get install arduino Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: arduino-core avr-libc avrdude binutils-avr extra-xdg-menus gcc-avr libjna-java librxtx-java Suggested packages: avrdude-doc task-c-devel gcc-doc gcc-4.2 libjna-java-doc The following NEW packages will be installed: arduino arduino-core avr-libc avrdude binutils-avr extra-xdg-menus gcc-avr libjna-java librxtx-java 0 upgraded, 9 newly installed, 0 to remove and 18 not upgraded. Need to get 18.8 MB of archives. After this operation, 77.6 MB of additional disk space will be used. Do you want to continue [Y/n]? y Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe libjna-java i386 3.2.7-4 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe librxtx-java i386 2.2pre2-8 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe binutils-avr i386 2.20.1-2 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe gcc-avr i386 1:4.5.3-2 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe avrdude i386 5.10-3 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe avr-libc all 1:1.7.1-2 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/universe arduino-core all 0022+dfsg-4ubuntu0.1 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/universe arduino all 0022+dfsg-4ubuntu0.1 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com/ubuntu/ oneiric/universe extra-xdg-menus all 1.0-4 Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/libj/libjna-java/libjna-java_3.2.7-4_i386.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/r/rxtx/librxtx-java_2.2pre2-8_i386.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/b/binutils-avr/binutils-avr_2.20.1-2_i386.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-avr/gcc-avr_4.5.3-2_i386.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/a/avrdude/avrdude_5.10-3_i386.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/a/avr-libc/avr-libc_1.7.1-2_all.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/a/arduino/arduino-core_0022+dfsg-4ubuntu0.1_all.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/a/arduino/arduino_0022+dfsg-4ubuntu0.1_all.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/universe/e/extra-xdg-menus/extra-xdg-menus_1.0-4_all.deb Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? root@emachine:/home/jr018429#
Furthermore, I found that apt-get update didn't work either:
root@emachine:/home/jr018429# apt-get update Ign http://extras.ubuntu.com oneiric InRelease Ign http://security.ubuntu.com oneiric-security InRelease Err http://extras.ubuntu.com oneiric Release.gpg Something wicked happened resolving 'extras.ubuntu.com:http' (-5 - No address associated with hostname) Err http://security.ubuntu.com oneiric-security Release.gpg Something wicked happened resolving 'security.ubuntu.com:http' (-5 - No address associated with hostname) Ign http://us.archive.ubuntu.com oneiric InRelease Ign http://extras.ubuntu.com oneiric Release Ign http://security.ubuntu.com oneiric-security Release Ign http://us.archive.ubuntu.com oneiric-updates InRelease Ign http://us.archive.ubuntu.com oneiric-backports InRelease Ign http://security.ubuntu.com oneiric-security/main Sources/DiffIndex Ign http://extras.ubuntu.com oneiric/main Sources/DiffIndex Err http://us.archive.ubuntu.com oneiric Release.gpg Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Err http://us.archive.ubuntu.com oneiric-updates Release.gpg Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Ign http://security.ubuntu.com oneiric-security/restricted Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse Sources/DiffIndex Ign http://extras.ubuntu.com oneiric/main i386 Packages/DiffIndex Ign http://extras.ubuntu.com oneiric/main TranslationIndex Err http://us.archive.ubuntu.com oneiric-backports Release.gpg Something wicked happened resolving 'us.archive.ubuntu.com:http' (-5 - No address associated with hostname) Ign http://us.archive.ubuntu.com oneiric Release Ign http://security.ubuntu.com oneiric-security/main i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates Release Ign http://us.archive.ubuntu.com oneiric-backports Release Ign http://security.ubuntu.com oneiric-security/multiverse i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/main TranslationIndex Ign http://us.archive.ubuntu.com oneiric/main Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric/restricted Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric/universe Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse TranslationIndex Ign http://security.ubuntu.com oneiric-security/restricted TranslationIndex Ign http://security.ubuntu.com oneiric-security/universe TranslationIndex Ign http://us.archive.ubuntu.com oneiric/multiverse Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric/main i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric/restricted i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric/universe i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric/multiverse i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric/main TranslationIndex Ign http://us.archive.ubuntu.com oneiric/multiverse TranslationIndex Err http://extras.ubuntu.com oneiric/main Sources Something wicked happened resolving 'extras.ubuntu.com:http' (-5 - No address associated with hostname) Ign http://us.archive.ubuntu.com oneiric/restricted TranslationIndex Ign http://us.archive.ubuntu.com oneiric/universe TranslationIndex Err http://extras.ubuntu.com oneiric/main i386 Packages Something wicked happened resolving 'extras.ubuntu.com:http' (-5 - No address associated with hostname) Err http://extras.ubuntu.com oneiric/main Translation-en_US Something wicked happened resolving 'extras.ubuntu.com:http' (-5 - No address associated with hostname) Ign http://us.archive.ubuntu.com oneiric-updates/main Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/restricted Sources/DiffIndex Err http://extras.ubuntu.com oneiric/main Translation-en Something wicked happened resolving 'extras.ubuntu.com:http' (-5 - No address associated with hostname) Ign http://us.archive.ubuntu.com oneiric-updates/universe Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/multiverse Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/main i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/restricted i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/universe i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/multiverse i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-updates/main TranslationIndex Ign http://us.archive.ubuntu.com oneiric-updates/multiverse TranslationIndex Ign http://us.archive.ubuntu.com oneiric-updates/restricted TranslationIndex Ign http://us.archive.ubuntu.com oneiric-updates/universe TranslationIndex Ign http://us.archive.ubuntu.com oneiric-backports/main Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-backports/restricted Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-backports/universe Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-backports/multiverse Sources/DiffIndex Ign http://us.archive.ubuntu.com oneiric-backports/main i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-backports/restricted i386 Packages/DiffIndex Ign http://us.archive.ubuntu.com oneiric-backports/universe i386 Packages/DiffIndex 22% [Connecting to security.ubuntu.com]^C root@emachine:/home/jr018429#
I researched the issue, tried several things suggested in various articles published on the Web, but nothing worked. Finally, I searched the Web for information regarding the error message “Something wicked happened resolving 'extras.ubuntu.com ” which was one of the error messages returned during the apt-get update. I found the following two articles: http://ubuntuforums.org/showthread.php?t=1692331 and http://code.google.com/speed/public-dns/docs/using.html which together suggest adding two lines, nameserver 8.8.8.8 and nameserver 8.8.8.8 to the /etc/resolv.conf file:
# Generated by NetworkManager nameserver 8.8.8.8 nameserver 8.8.4.4
After making these changes to the /etc/resolv.conf file, apt-get update worked:
login as: jr018429 jr018429@192.168.1.2's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ Last login: Sat Mar 22 11:56:55 2012 from 192.168.1.101 jr018429@emachine:~$ sudo apt-get update [sudo] password for jr018429: Ign http://security.ubuntu.com oneiric-security InRelease Ign http://us.archive.ubuntu.com oneiric InRelease Ign http://extras.ubuntu.com oneiric InRelease Ign http://us.archive.ubuntu.com oneiric-updates InRelease Ign http://us.archive.ubuntu.com oneiric-backports InRelease Get:1 http://security.ubuntu.com oneiric-security Release.gpg [198 B] Get:2 http://us.archive.ubuntu.com oneiric Release.gpg [198 B] Get:3 http://extras.ubuntu.com oneiric Release.gpg [72 B] Get:4 http://us.archive.ubuntu.com oneiric-updates Release.gpg [198 B] Get:5 http://security.ubuntu.com oneiric-security Release [40.8 kB] Get:6 http://extras.ubuntu.com oneiric Release [9,759 B] Get:7 http://us.archive.ubuntu.com oneiric-backports Release.gpg [198 B] Hit http://us.archive.ubuntu.com oneiric Release Get:8 http://us.archive.ubuntu.com oneiric-updates Release [40.8 kB] Get:9 http://extras.ubuntu.com oneiric/main Sources [2,260 B] Get:10 http://security.ubuntu.com oneiric-security/main Sources [34.5 kB] Get:11 http://us.archive.ubuntu.com oneiric-backports Release [40.8 kB] Get:12 http://extras.ubuntu.com oneiric/main i386 Packages [3,711 B] Ign http://extras.ubuntu.com oneiric/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric/main Sources Hit http://us.archive.ubuntu.com oneiric/restricted Sources Hit http://us.archive.ubuntu.com oneiric/universe Sources Hit http://us.archive.ubuntu.com oneiric/multiverse Sources Hit http://us.archive.ubuntu.com oneiric/main i386 Packages Hit http://us.archive.ubuntu.com oneiric/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric/universe i386 Packages Hit http://us.archive.ubuntu.com oneiric/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric/main TranslationIndex Get:13 http://security.ubuntu.com oneiric-security/restricted Sources [14 B] Get:14 http://security.ubuntu.com oneiric-security/universe Sources [13.3 kB] Get:15 http://security.ubuntu.com oneiric-security/multiverse Sources [1,654 B] Hit http://us.archive.ubuntu.com oneiric/multiverse TranslationIndex Hit http://us.archive.ubuntu.com oneiric/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric/universe TranslationIndex Get:16 http://us.archive.ubuntu.com oneiric-updates/main Sources [132 kB] Get:17 http://security.ubuntu.com oneiric-security/main i386 Packages [90.5 kB] Get:18 http://security.ubuntu.com oneiric-security/restricted i386 Packages [14 B] Get:19 http://security.ubuntu.com oneiric-security/universe i386 Packages [31.4 kB] Get:20 http://security.ubuntu.com oneiric-security/multiverse i386 Packages [3,363 B] Get:21 http://security.ubuntu.com oneiric-security/main TranslationIndex [73 B] Get:22 http://security.ubuntu.com oneiric-security/multiverse TranslationIndex [72 B] Get:23 http://security.ubuntu.com oneiric-security/restricted TranslationIndex [70 B] Get:24 http://security.ubuntu.com oneiric-security/universe TranslationIndex [73 B] Ign http://extras.ubuntu.com oneiric/main Translation-en_US Get:25 http://security.ubuntu.com oneiric-security/main Translation-en [50.7 kB] Ign http://extras.ubuntu.com oneiric/main Translation-en Get:26 http://us.archive.ubuntu.com oneiric-updates/restricted Sources [1,337 B] Get:27 http://us.archive.ubuntu.com oneiric-updates/universe Sources [48.8 kB] Hit http://security.ubuntu.com oneiric-security/multiverse Translation-en Hit http://security.ubuntu.com oneiric-security/restricted Translation-en Get:28 http://us.archive.ubuntu.com oneiric-updates/multiverse Sources [3,648 B] Get:29 http://us.archive.ubuntu.com oneiric-updates/main i386 Packages [305 kB] Get:30 http://security.ubuntu.com oneiric-security/universe Translation-en [22.1 kB] Get:31 http://us.archive.ubuntu.com oneiric-updates/restricted i386 Packages [2,968 B] Get:32 http://us.archive.ubuntu.com oneiric-updates/universe i386 Packages [105 kB] Get:33 http://us.archive.ubuntu.com oneiric-updates/multiverse i386 Packages [6,367 B] Get:34 http://us.archive.ubuntu.com oneiric-updates/main TranslationIndex [74 B] Get:35 http://us.archive.ubuntu.com oneiric-updates/multiverse TranslationIndex [72 B] Get:36 http://us.archive.ubuntu.com oneiric-updates/restricted TranslationIndex [71 B] Get:37 http://us.archive.ubuntu.com oneiric-updates/universe TranslationIndex [73 B] Hit http://us.archive.ubuntu.com oneiric/main Translation-en Get:38 http://us.archive.ubuntu.com oneiric-backports/main Sources [2,742 B] Get:39 http://us.archive.ubuntu.com oneiric-backports/restricted Sources [14 B] Get:40 http://us.archive.ubuntu.com oneiric-backports/universe Sources [7,964 B] Get:41 http://us.archive.ubuntu.com oneiric-backports/multiverse Sources [14 B] Get:42 http://us.archive.ubuntu.com oneiric-backports/main i386 Packages [3,296 B] Get:43 http://us.archive.ubuntu.com oneiric-backports/restricted i386 Packages [14 B] Get:44 http://us.archive.ubuntu.com oneiric-backports/universe i386 Packages [9,291 B] Get:45 http://us.archive.ubuntu.com oneiric-backports/multiverse i386 Packages [14 B] Get:46 http://us.archive.ubuntu.com oneiric-backports/main TranslationIndex [72 B] Get:47 http://us.archive.ubuntu.com oneiric-backports/multiverse TranslationIndex [70 B] Get:48 http://us.archive.ubuntu.com oneiric-backports/restricted TranslationIndex [70 B] Get:49 http://us.archive.ubuntu.com oneiric-backports/universe TranslationIndex [72 B] Hit http://us.archive.ubuntu.com oneiric/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric/universe Translation-en Get:50 http://us.archive.ubuntu.com oneiric-updates/main Translation-en [142 kB] Hit http://us.archive.ubuntu.com oneiric-updates/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/restricted Translation-en Get:51 http://us.archive.ubuntu.com oneiric-updates/universe Translation-en [62.9 kB] Hit http://us.archive.ubuntu.com oneiric-backports/main Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/restricted Translation-en Get:52 http://us.archive.ubuntu.com oneiric-backports/universe Translation-en [7,860 B] Fetched 1,227 kB in 8s (153 kB/s) Reading package lists... Done jr018429@emachine:~$
Also after changing the /etc/resolv.conf file as described above, the Arduino package installed perfectly:
root@emachine:/home/jr018429# apt-get install arduino Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: arduino-core avr-libc avrdude binutils-avr extra-xdg-menus gcc-avr libjna-java librxtx-java Suggested packages: avrdude-doc task-c-devel gcc-doc gcc-4.2 libjna-java-doc The following NEW packages will be installed: arduino arduino-core avr-libc avrdude binutils-avr extra-xdg-menus gcc-avr libjna-java librxtx-java 0 upgraded, 9 newly installed, 0 to remove and 18 not upgraded. Need to get 18.8 MB of archives. After this operation, 77.6 MB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe libjna-java i386 3.2.7-4 [414 kB] Get:2 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe librxtx-java i386 2.2pre2-8 [175 kB] Get:3 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe binutils-avr i386 2.20.1-2 [4,347 kB] Get:4 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe gcc-avr i386 1:4.5.3-2 [7,699 kB] Get:5 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe avrdude i386 5.10-3 [199 kB] Get:6 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe avr-libc all 1:1.7.1-2 [4,665 kB] Get:7 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/universe arduino-core all 0022+dfsg-4ubuntu0.1 [602 kB] Get:8 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/universe arduino all 0022+dfsg-4ubuntu0.1 [678 kB] Get:9 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe extra-xdg-menus all 1.0-4 [12.8 kB] Fetched 18.8 MB in 35s (525 kB/s) Selecting previously deselected package libjna-java. (Reading database ... 128091 files and directories currently installed.) Unpacking libjna-java (from .../libjna-java_3.2.7-4_i386.deb) ... Selecting previously deselected package librxtx-java. Unpacking librxtx-java (from .../librxtx-java_2.2pre2-8_i386.deb) ... Selecting previously deselected package binutils-avr. Unpacking binutils-avr (from .../binutils-avr_2.20.1-2_i386.deb) ... Selecting previously deselected package gcc-avr. Unpacking gcc-avr (from .../gcc-avr_1%3a4.5.3-2_i386.deb) ... Selecting previously deselected package avrdude. Unpacking avrdude (from .../avrdude_5.10-3_i386.deb) ... Selecting previously deselected package avr-libc. Unpacking avr-libc (from .../avr-libc_1%3a1.7.1-2_all.deb) ... Selecting previously deselected package arduino-core. Unpacking arduino-core (from .../arduino-core_0022+dfsg-4ubuntu0.1_all.deb) ... Selecting previously deselected package arduino. Unpacking arduino (from .../arduino_0022+dfsg-4ubuntu0.1_all.deb) ... Selecting previously deselected package extra-xdg-menus. Unpacking extra-xdg-menus (from .../extra-xdg-menus_1.0-4_all.deb) ... Processing triggers for doc-base ... Processing 2 added doc-base files... Registering documents with scrollkeeper... Processing triggers for man-db ... Processing triggers for desktop-file-utils ... Processing triggers for bamfdaemon ... Rebuilding /usr/share/applications/bamf.index... Processing triggers for gnome-menus ... Processing triggers for hicolor-icon-theme ... Setting up libjna-java (3.2.7-4) ... Setting up librxtx-java (2.2pre2-8) ... Setting up binutils-avr (2.20.1-2) ... Setting up gcc-avr (1:4.5.3-2) ... Setting up avrdude (5.10-3) ... Setting up avr-libc (1:1.7.1-2) ... Setting up arduino-core (0022+dfsg-4ubuntu0.1) ... Setting up arduino (0022+dfsg-4ubuntu0.1) ... Setting up extra-xdg-menus (1.0-4) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place root@emachine:/home/jr018429#
March 24, 2012
I worked on experiment 2(HPC1). My hypothesis regarding port forwarding from my router and use of the Linux firewall to disallow ports was that I could simply not forward port 80 (HTTP) to cause HTTP traffic from reaching my Web server or disallow port 80 at the firewall. I was correct (see experiment 2-HPC1 for details)!
March 25, 2012
I worked on HPC1 topics related to remote administration. Topics I worked on include: Remote administration, Telnet, SSH, FTP, Linux Remote desktop applications.
March 27, 2012
I wrote up an HPC1 Objective; I described what it took to put together a home network and then answered the questions posed by the instructor in the template for the course objective; the answers were specific to the subject matter.
March 28, 2012
I wrote up another HPC1 Objective; I described what it took to install, configure and test a Web server and related software. I then answered the questions posed by the instructor in the template for the course objective; the answers were specific to the subject matter.
March 31, 2012
My grandson Gabriel Alexander Barlow was born today!
I worked on the topic ufw or Uncomplicated Firewall. I read and experimented to figure out how to use ufw to manage my emachine's firewall.
First, I executed ufw status, however, I found out I had to be logged in as root so that I could use ufw.
jr018429@emachine:~$ ufw status ERROR: You need to be root to run this script jr018429@emachine:~$
Once I was logged in as root, I found, throught the use of 'ufw status', that by default, ufw was disabled.
root@emachine:/home/jr018429# ufw status Status: inactive
Once I enabled ufw, I found, once again through the use of 'ufw status', that by default no rules were set. Only the message 'Status: active' was returned
root@emachine:/home/jr018429# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429#
Next, I tested 'ufw disable' functionality.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw disable Firewall stopped and disabled on system startup root@emachine:/home/jr018429#
I reenabled ufw and then tried setting a ufw allow option with port and protocol parameters to see how it worked.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow 22/tcp Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere (v6) root@emachine:/home/jr018429#
After trying ufw with the allow option, I figured the next logical thing to try was the deny option with a port parameter.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw deny 23 Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 23 DENY Anywhere 23 DENY Anywhere (v6) root@emachine:/home/jr018429#
The ufw's syntax for removing a rule is very simple. Simply use the syntax for the rule but place the option 'delete' between ufw and the remaining options.
root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 23 DENY Anywhere 23 DENY Anywhere (v6) root@emachine:/home/jr018429# ufw delete deny 23 Rule deleted Rule deleted (v6) root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429#
It is possible to create firewall rules for services. Next, I tried 'ufw allow' with a service parameter.
root@emachine:/home/jr018429# ufw allow ssh Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 22 ALLOW Anywhere (v6) root@emachine:/home/jr018429#
To deny a service using its service name, use the 'deny' option with the service parameter.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw deny telnet Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 23/tcp DENY Anywhere 23/tcp DENY Anywhere (v6) root@emachine:/home/jr018429#
Next, I experimented with allowing and denying IP addresses. In this case I used 'deny'.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow from 192.168.1.1 Rule added root@emachine:/home/jr018429#
Using ufw, it is possible to allow or deny a protocol from an IP address or network IP address and gateway to an ip address (target IP address) on a certain port. I experimented with these options and their parameters. Note that 'any' means any target IP address.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow proto tcp from 192.168.1.134 to any port 22 Rule added root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW 192.168.1.134 root@emachine:/home/jr018429#
Since I used the 'any' parameter in the last experiment, I wanted to see how using a target IP address worked.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow proto tcp from 192.168.1.134 to 192.168.1.2 port 22 Rule added root@emachine:/home/jr018429#
A range of IP addresses can be specified through the use of the network address and a subnet mask. I experimented with these parameters.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.2 port 22 Rule added root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 192.168.1.2 22/tcp ALLOW 192.168.1.0/24 root@emachine:/home/jr018429#
I wanted to know how to restore default states to ufw. After reading several Web pages, I found ufw's 'reset' option. I experimented with it by setting some rules and then resetting ufw to see what the result of the reset would be. After resetting ufw, I performed 'ufw status'.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow 22/tcp Rule added Rule added (v6) root@emachine:/home/jr018429# ufw deny 23 Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 23 DENY Anywhere 22/tcp ALLOW Anywhere (v6) 23 DENY Anywhere (v6) root@emachine:/home/jr018429# ufw reset Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)? y Backing up 'user.rules' to '/lib/ufw/user.rules.20120331_153139' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20120331_153139' Backing up 'user6.rules' to '/lib/ufw/user6.rules.20120331_153139' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20120331_153139' Backing up 'after.rules' to '/etc/ufw/after.rules.20120331_153139' Backing up 'before.rules' to '/etc/ufw/before.rules.20120331_153139' root@emachine:/home/jr018429# ufw status Status: inactive root@emachine:/home/jr018429#
ufw has logging capability. I is enabled by default, or at least on my system it was.
root@emachine:/home/jr018429# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip root@emachine:/home/jr018429#
I turned logging on.
root@emachine:/home/jr018429# ufw logging on Logging enabled root@emachine:/home/jr018429#
Next, I turned logging off.
root@emachine:/home/jr018429# ufw logging off Logging disabled root@emachine:/home/jr018429#
April 1, 2001
I worked at getting a Web interface to communicate with my Arduino Duemilanove via USB. The Web interface is PHP.
Once the Web server was up and running, I was ready to develop the Web interface which will be used to both command the Arduino to control hardware, but also return data.
I found HTML and PHP code snippets on the Web which demonstrate the following:
- Open and read or write to a serial port.
- Create buttons that can be used to call PHP code.
I combined these code snippets to get the Arduino to return analog data to the Web interface. I then logged in as root and uploaded the php file to /var/www, the Web server directory.
Next, I compiled and uploaded some simple Arduino code to read analog input pin 0 and then write its value to the serial port.
Before, I could use the serial port, I had to add www-data to group dialout, the owner of ttyUSB0, the serial port.
root@emachine:/var/www# adduser www-data dialout
Lastly, I had to restart the Web server.
root@emachine:/var/www# /etc/init.d/apache2 restart
Here is the Web page with data returned from the Arduino. The Arduino has 10-bit A/D converters. This means that the value returned from the Arduino can range from 0 to 1023 dec. In order to give this range of values meaning, the values might need to be offset and scaled using what is known as zero-span. Zero-span or offset and scaling can be performed either by hardware (Op-amps) or software. After scaling and offsetting (if required) units must be attached to the value.
I found some PHP code on the Web which demonstrates how to open and read or write to a serial port. The link is posted on my <html><a href=“http://lab46.corning-cc.edu/user/jr018429/portfolio/WebServerandArduino.html”>Controlling Hardware Remotely via the Web</a></html>
Project page.
This is my rdArd.php file which does get analog data from pin 0 of my Arduino Duemilanove.
<html> <body> <form action="<?=$_SERVER['PHP_SELF'];?>" method="post"> <input type="submit" name="submit" value="Get A/D 0 Value"> </form> <?php if(isset($_POST['submit'])) { $fp = fopen("/dev/ttyUSB0", "r"); sleep(2); $data = intval(fgets($fp)); print $data; fclose($fp); } ?> </body> </html>
Here is the Web page with data returned from the Arduino. The Arduino has 10-bit A/D converters. This means that the value returned from the Arduino can range from 0 to 1023 dec.
April 2, 2012
When I logged in remotely to my emachine today, I noticed that there were 28 packages to be updated, 18 of which are security updates. I decided to perform an 'apt-get update, and then an apt-get upgrade. Updating an dupgrading the system is a common system maintenance task. Unfortunately, I was interrupted and didn't get to capture the 'apt-get upgrade':
login as: jr018429 jr018429@67.251.79.214's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ 28 packages can be updated. 18 updates are security updates. Last login: Mon Apr 2 06:51:40 2012 from portal.corning.com jr018429@emachine:~$ su Password: root@emachine:/home/jr018429# apt-get update Ign http://security.ubuntu.com oneiric-security InRelease Ign http://extras.ubuntu.com oneiric InRelease Ign http://us.archive.ubuntu.com oneiric InRelease Ign http://us.archive.ubuntu.com oneiric-updates InRelease Ign http://us.archive.ubuntu.com oneiric-backports InRelease Hit http://security.ubuntu.com oneiric-security Release.gpg Get:1 http://extras.ubuntu.com oneiric Release.gpg [72 B] Hit http://us.archive.ubuntu.com oneiric Release.gpg Hit http://us.archive.ubuntu.com oneiric-updates Release.gpg Hit http://security.ubuntu.com oneiric-security Release Hit http://us.archive.ubuntu.com oneiric-backports Release.gpg Hit http://us.archive.ubuntu.com oneiric Release Hit http://extras.ubuntu.com oneiric Release Hit http://us.archive.ubuntu.com oneiric-updates Release Hit http://us.archive.ubuntu.com oneiric-backports Release Hit http://security.ubuntu.com oneiric-security/main Sources Hit http://us.archive.ubuntu.com oneiric/main Sources Hit http://extras.ubuntu.com oneiric/main Sources Hit http://security.ubuntu.com oneiric-security/restricted Sources Hit http://security.ubuntu.com oneiric-security/universe Sources Hit http://security.ubuntu.com oneiric-security/multiverse Sources Hit http://security.ubuntu.com oneiric-security/main i386 Packages Hit http://security.ubuntu.com oneiric-security/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric/restricted Sources Hit http://us.archive.ubuntu.com oneiric/universe Sources Hit http://us.archive.ubuntu.com oneiric/multiverse Sources Hit http://us.archive.ubuntu.com oneiric/main i386 Packages Hit http://us.archive.ubuntu.com oneiric/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric/universe i386 Packages Hit http://security.ubuntu.com oneiric-security/universe i386 Packages Hit http://security.ubuntu.com oneiric-security/multiverse i386 Packages Hit http://security.ubuntu.com oneiric-security/main TranslationIndex Hit http://security.ubuntu.com oneiric-security/multiverse TranslationIndex Hit http://security.ubuntu.com oneiric-security/restricted TranslationIndex Hit http://extras.ubuntu.com oneiric/main i386 Packages Ign http://extras.ubuntu.com oneiric/main TranslationIndex Hit http://security.ubuntu.com oneiric-security/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric/multiverse TranslationIndex Hit http://us.archive.ubuntu.com oneiric/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/main Sources Hit http://us.archive.ubuntu.com oneiric-updates/restricted Sources Hit http://us.archive.ubuntu.com oneiric-updates/universe Sources Hit http://security.ubuntu.com oneiric-security/main Translation-en Hit http://security.ubuntu.com oneiric-security/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/multiverse Sources Hit http://us.archive.ubuntu.com oneiric-updates/main i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/universe i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/multiverse TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/restricted TranslationIndex Hit http://security.ubuntu.com oneiric-security/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/main Sources Hit http://us.archive.ubuntu.com oneiric-backports/restricted Sources Hit http://us.archive.ubuntu.com oneiric-backports/universe Sources Hit http://us.archive.ubuntu.com oneiric-backports/multiverse Sources Hit http://us.archive.ubuntu.com oneiric-backports/main i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/restricted i386 Packages Hit http://security.ubuntu.com oneiric-security/universe Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/universe i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/multiverse TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric/main Translation-en Hit http://us.archive.ubuntu.com oneiric/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric/universe Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/main Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/universe Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/main Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/universe Translation-en Ign http://extras.ubuntu.com oneiric/main Translation-en_US Ign http://extras.ubuntu.com oneiric/main Translation-en Fetched 72 B in 2s (33 B/s) Reading package lists... Done root@emachine:/home/jr018429#
April 3, 2012
I wanted to automate apt-get update and apt-get upgrade if possible. I did not want to perform these tasks manually, and I wanted do perform this task on a regular schedule. I did use a tool in HPC0 to check if a process, an irc robot, was running and if it was not, to restart it. I used crontab successfully to perform this task. I thought ccontab would be the perfect candidate for this project.
I researched the following articles and blogs to figure out how best to carry out automating apt-get update and upgrade:
- <html><a href=“http://www.linuxquestions.org/questions/*bsd-17/crontab-test-550745/”>http://www.linuxquestions.org/questions/*bsd-17/crontab-test-550745/</a></html>
I e-mailed my instructor regarding the use of crontab to automate apt-get update and apt-get upgrade. Here is his reply:
Me: On Apr 3, 2012, at 7:02 AM, Rine, John T wrote: I am running Ubuntu 11.10 on my emachine. I get annoyed being told, when I log on the command line, that there are security and other updates pending. Yes, one could simply perform an apt-get update and apt-get upgrade, however, we are being trained to be systems analysists, etc. So why not automate these tasks?? Matt: John, The only risk with auto-updating, is if there is a problem, or something that requires a restart or relaunching of an app, it could appear to cause stability problems, and becomes an unknown variable when trying to figure out just what has changed. There's also the notion that just because there are updates, that does not necessitate the need to immediately apply them. The current setup isn't obsolete, it still works as well as it did before knowledge of the update was available.\\ Me: In fact, Ubuntu has tools specifically for automating updates, but I would rather go old school….I want to use crontab. My crontab, however, has an issue. It doesn’t like ‘root’. Matt: Depending on what crontab you are updating (system-wide?), the syntax with respect to the user is different. If you are editing root's personal crontab (via running "crontab -e" as root), you do NOT need to put in "root". Me: For example if I do this: * * * * * root echo “cron was here on $(date)” >> /home/jr018429/myLog Matt: Careful... "* * * * *" means run EVERY minute of EVERY hour of EVERY day of EVERY month, EVERY day of the week. At the very least, be more conservative on the hours and minutes... perhaps just once a day... 25 */12 * * * (echo “cron was here on $(date)” >> /home/jr018429/myLog) This will run it on the 25th minute every 12 hours. -Matthew -- Matthew Haas Instructor Corning Community College Computer & Information Science http://lab46.corning-cc.edu/haas/home/ "Thinking ... is no more and no less an organ of perception than the eye or ear. Just as the eye perceives colours and the ear sounds, so thinking perceives ideas." -- Rudolf Steiner
I did in fact know that I was asking cron to perform an action every minute. I was testing and I didn't want to wait. I believe that the actual time to perform an apt-get update on my system took less than one minute. If I were to have cron perform apt-get update on a regular basis, I would set cron to perform it once every 24 hours and only at a time when I wouldn't be using the system. Later, I increased one minute to five.
Okay, maybe it isn't a good idea to automate these apt-gets, but the fact remains, I couldn't get crontab to execute anything requiring root privleges. So I continued to use apt-get update as an instrument for testing of cron as I could not think of any other Linux command requiring root access to use.
It turns out that there are three different types of crontab files; there are regular user, root user, and system crontab. The system crontab is located in /etc/crontab.
This is what a system croontab looks like:
# /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --repo$ 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --repo$ 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --repo$ #
This is my root crontab I used to experiment with using a crontab to perform a command requiring root privleges:
# Edit this file to introduce tasks to be run by cron. # # Each task to run has to be defined through a single line # indicating with different fields when the task will be run # and what command to run for the task # # To define the time you can provide concrete values for # minute (m), hour (h), day of month (dom), month (mon), # and day of week (dow) or use '*' in these fields (for 'any').# # Notice that tasks will be started based on the cron's system # daemon's notion of time and timezones. # # Output of the crontab jobs (including errors) is sent through # email to the user the crontab file belongs to (unless redirected). # # For example, you can run a backup of all your user accounts # at 5 a.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command #* * * * * echo "Hello test 1, 2" >> /home/jr018429/myLog #*/5 * * * * /usr/bin/apt-get update > /dev/null 2>&1 */3 * * * * /usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr
This is the contents of the 'cronUpdate' file after the root cron executed:
Ign http://security.ubuntu.com oneiric-security InRelease Ign http://us.archive.ubuntu.com oneiric InRelease Ign http://us.archive.ubuntu.com oneiric-updates InRelease Ign http://extras.ubuntu.com oneiric InRelease Ign http://us.archive.ubuntu.com oneiric-backports InRelease Hit http://security.ubuntu.com oneiric-security Release.gpg Hit http://us.archive.ubuntu.com oneiric Release.gpg Hit http://extras.ubuntu.com oneiric Release.gpg Hit http://security.ubuntu.com oneiric-security Release Hit http://us.archive.ubuntu.com oneiric-updates Release.gpg Hit http://extras.ubuntu.com oneiric Release Hit http://us.archive.ubuntu.com oneiric-backports Release.gpg Hit http://security.ubuntu.com oneiric-security/main Sources Hit http://us.archive.ubuntu.com oneiric Release Hit http://extras.ubuntu.com oneiric/main Sources Hit http://security.ubuntu.com oneiric-security/restricted Sources Hit http://security.ubuntu.com oneiric-security/universe Sources Hit http://security.ubuntu.com oneiric-security/multiverse Sources Hit http://security.ubuntu.com oneiric-security/main i386 Packages Hit http://security.ubuntu.com oneiric-security/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates Release Hit http://extras.ubuntu.com oneiric/main i386 Packages Ign http://extras.ubuntu.com oneiric/main TranslationIndex Hit http://security.ubuntu.com oneiric-security/universe i386 Packages Hit http://security.ubuntu.com oneiric-security/multiverse i386 Packages Hit http://security.ubuntu.com oneiric-security/main TranslationIndex Hit http://security.ubuntu.com oneiric-security/multiverse TranslationIndex Hit http://security.ubuntu.com oneiric-security/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports Release Hit http://security.ubuntu.com oneiric-security/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric/main Sources Hit http://us.archive.ubuntu.com oneiric/restricted Sources Hit http://us.archive.ubuntu.com oneiric/universe Sources Hit http://us.archive.ubuntu.com oneiric/multiverse Sources Hit http://us.archive.ubuntu.com oneiric/main i386 Packages Hit http://us.archive.ubuntu.com oneiric/restricted i386 Packages Hit http://security.ubuntu.com oneiric-security/main Translation-en Hit http://security.ubuntu.com oneiric-security/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric/universe i386 Packages Hit http://us.archive.ubuntu.com oneiric/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric/multiverse TranslationIndex Hit http://us.archive.ubuntu.com oneiric/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/main Sources Hit http://us.archive.ubuntu.com oneiric-updates/restricted Sources Hit http://security.ubuntu.com oneiric-security/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/universe Sources Hit http://us.archive.ubuntu.com oneiric-updates/multiverse Sources Hit http://us.archive.ubuntu.com oneiric-updates/main i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/universe i386 Packages Hit http://security.ubuntu.com oneiric-security/universe Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric-updates/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/multiverse TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric-updates/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/main Sources Hit http://us.archive.ubuntu.com oneiric-backports/restricted Sources Hit http://us.archive.ubuntu.com oneiric-backports/universe Sources Hit http://us.archive.ubuntu.com oneiric-backports/multiverse Sources Hit http://us.archive.ubuntu.com oneiric-backports/main i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/restricted i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/universe i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/multiverse i386 Packages Hit http://us.archive.ubuntu.com oneiric-backports/main TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/multiverse TranslationIndex Ign http://extras.ubuntu.com oneiric/main Translation-en_US Hit http://us.archive.ubuntu.com oneiric-backports/restricted TranslationIndex Hit http://us.archive.ubuntu.com oneiric-backports/universe TranslationIndex Hit http://us.archive.ubuntu.com oneiric/main Translation-en Hit http://us.archive.ubuntu.com oneiric/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric/restricted Translation-en Ign http://extras.ubuntu.com oneiric/main Translation-en Hit http://us.archive.ubuntu.com oneiric/universe Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/main Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric-updates/universe Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/main Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/multiverse Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/restricted Translation-en Hit http://us.archive.ubuntu.com oneiric-backports/universe Translation-en Reading package lists...
So as one can see, the root crontab did in fact perform the apt-get update.
Futhermore, there were no errors as the cronUpdateErr file was empty.
Also as an extra check,I looked at the output to the /var/log/syslog file (look at the last lines):
Apr 3 20:26:43 emachine crontab[15052]: (root) BEGIN EDIT (root) Apr 3 20:26:54 emachine crontab[15052]: (root) REPLACE (root) Apr 3 20:26:54 emachine crontab[15052]: (root) END EDIT (root) Apr 3 20:27:01 emachine cron[865]: (root) RELOAD (crontabs/root) Apr 3 20:27:01 emachine CRON[15065]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr) Apr 3 20:28:01 emachine kernel: [135808.618520] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:28:08 emachine kernel: [135815.048854] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:30:01 emachine CRON[15089]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr) Apr 3 20:30:06 emachine kernel: [135933.631203] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:30:12 emachine kernel: [135939.421560] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:32:11 emachine kernel: [136058.643422] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:32:14 emachine kernel: [136060.693473] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:33:01 emachine CRON[15113]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr) Apr 3 20:34:17 emachine kernel: [136183.656518] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:34:18 emachine kernel: [136185.486488] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:36:01 emachine CRON[15137]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr) Apr 3 20:36:22 emachine kernel: [136308.670378] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:36:22 emachine kernel: [136308.830270] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:38:27 emachine kernel: [136433.684046] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:38:27 emachine kernel: [136434.193908] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:39:01 emachine CRON[15172]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr) Apr 3 20:39:01 emachine CRON[15173]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete) Apr 3 20:40:32 emachine kernel: [136558.696954] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:40:37 emachine kernel: [136564.377236] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:42:01 emachine CRON[15201]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr) Apr 3 20:42:37 emachine kernel: [136683.709958] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:42:46 emachine kernel: [136692.800715] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:44:42 emachine kernel: [136808.723407] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:44:50 emachine kernel: [136816.973882] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:fb:58:6d:8f:ad:97:af:08:00 SRC=192.168.1.1 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 Apr 3 20:45:01 emachine CRON[15225]: (root) CMD (/usr/bin/apt-get update > /home/jr018429/cronUpdate 2> /home/jr018429/cronUpdateErr)
As one can see, the root crontab executed without errors.
Regarding my <html><a href=“http://lab46.corning-cc.edu/user/jr018429/portfolio/WebServerandArduino.html”>Controlling Hardware Remotely via the Web</a></html> I have been experiencing issues with the serial communication between my microcontroller and the Web server. I have to place a delay in the PHP file to get the microcontroller to return an analog value. I found some information on the Web regaring this issue.
I researched the following articles and blogs to find out about serial communications and related issues:
April 7, 2012
My web server machine had been off for a few days, and I wanted to get back to working with PHP, HTML, and my Arduino.
I found however, that I couldn't get the Arduino to return data via PHP.
I checked the port parameters for the Arduino in Linux:
root@emachine:/var/www# stty -F /dev/ttyUSB0 speed 115200 baud; line = 0; eof = ^A; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke
My arduino's serial port is set to 9600 baud but the serial port on the Linux side is set to 115200 baud so I decided to write a test PHP file to set the serial port baud rate:
<? //Valid baud rates: //110 //150 //300 //600 //1200 //2400 //4800 //9600 //19200 //38400 //57600 //115200 exec("stty -F /dev/ttyUSB0 9600"); ?>
When I exectued this PHP file from my Web browser and then checked the serial port attached to the Arduino again, I found that it had chenged.
root@emachine:/var/www# stty -F /dev/ttyUSB0 speed 9600 baud; line = 0; eof = ^A; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke root@emachine:/var/www#
After changing the baud rate be execting my php file via the Web browser, http://192.168.1.2/setBaudPHP.php, I was able to get data again! I added the contents of the setBaudPHP.php to the my original PHP file rdArd.php:
<html> <body> <form action="<?=$_SERVER['PHP_SELF'];?>" method="post"> <input type="submit" name="submit" value="Get A/D 0 Value"> </form> <?php if(isset($_POST['submit'])) { //Valid baud rates: //110 //150 //300 //600 //1200 //2400 //4800 //9600 //19200 //38400 //57600 //115200 exec("stty -F /dev/ttyUSB0 9600"); $fp = fopen("/dev/ttyUSB0", "r"); //sleep(2); $data = intval(fgets($fp)); print $data; fclose($fp); } ?> </body> </html>
To verify that the revised rdArd.php file actually works, I changed the serial port back to 115200 baud:
root@emachine:/var/www# stty -F /dev/ttyUSB0 speed 9600 baud; line = 0; eof = ^A; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke root@emachine:/var/www# stty -F /dev/ttyUSB0 115200 root@emachine:/var/www# stty -F /dev/ttyUSB0 speed 115200 baud; line = 0; eof = ^A; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke root@emachine:/var/www#
Next, I executed the rdArd.php file from my Web browser and found that analog data was returned and the baud rate of serial port connected to the Arduino was changed to match the baud rate set in the Arduino:
root@emachine:/var/www# stty -F /dev/ttyUSB0 speed 115200 baud; line = 0; eof = ^A; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke root@emachine:/var/www# stty -F /dev/ttyUSB0 speed 9600 baud; line = 0; eof = ^A; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke root@emachine:/var/www#
I noticed that sometimes the analog value returned is 0, usually after it hasn't been queried for a while. Normally the data returned without anything input to analog pin 0 on the Arduino is between 500 and 700.
I wanted to see if I could cat the serial device, ttyUSB0, so I tried:
root@emachine:/var/www# cat /dev/ttyUSB0 4Sj)ÿ46Lá4Cá4LCá4¦SHü43Cá4NCá42Cá42MCá4Cá^C
Typical serial port parameters are 8N1 or databits-8, No parity, and 1 stop bit. I experimented with combinations of data, and stop bits as well as changing parity setting so that I could possibly explain the gibberish.
Setting data bits to 7:
root@emachine:/var/www# stty -F /dev/ttyUSB0 cs7 root@emachine:/var/www# cat /dev/ttyUSB0 474 459 447 441 ^C root@emachine:/var/www#
No more gibberish!
April 8, 2012
After getting the PHP to return data from my Arduino Duelimenove, I noticed that the data returned varied from 400's to 700's (The arduino has 10-bit analog inputs which can vary from 0 to 1023 (decimal)). Furthermore, I noticed that the data read from the Arduino using 'cat /dev/ttyUSB0' differed from what was returned via PHP; the PHP data varying by a power of 2 in some cases. I could not explain what was causing these issues but I read that there was an issue with the serial communications between the Arduino and other devices:
I decided to give the modification described on Arduino.cc's 'DisablingAutoRestOnDerialConnection' Web page a try.
After installing a 120 ohm resistor between reset and +5v header pins, the values read from the Arduino via the USB port using 'cat /dev/ttyUSB0' closely matched the values returned using PHP, and the values returned using PHP were consitently in the 400 range; no more data ranging from 400's to 700's.
I e-mailed my instructor to let him know what I found.
from: John Rine jr018429@lab46.corning-cc.edu to: wedge@lab46.corning-cc.edu, haas@corning-cc.edu, JohnRineTech@gmail.com, rinejt@corning.com date: Sun, Apr 8, 2012 at 1:16 PM subject: Microcontrollers, Radio Shack, and other stuff Matt, Radio Shack has seen the light, they are carrying Arduino: http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/microcontroller.html&noBc=true http://www.radioshack.com/family/index.jsp?categoryId=12360923&ab=microcontrollerLP http://www.radioshack.com/family/index.jsp?categoryId=12316880&ab=microcontrollerLP Not that I would buy from them, but you have to give 'em credit.. Besides Arduino, they have Parallax products: http://www.radioshack.com/uc/index.jsp?page=researchLibraryArticle&articleUrl=../graphics/uc/rsk/USContent/HTML/pages/microcontroller.html&noBc=true PS, I got my Arduino to return analog data correctly through my Web server using PHP. To do so, I had to load a Web server on a machine local to my network. Since I was using PHP, I also had to load PHP5. Next, since I wanted Web access outside my network, I had to forward a port, port 80, to my Web serving machine. I wanted to also remotely administer this machine via SSH, so I forwarded port 22 to this machine as well. I also wanted security so I enabled utw. Since by default ufw blocks everything, I had to allow ports 80 and 22. Next, I wrote and loaded a sketch to my Arduino. The sketch reads an analog port pin, stores its value in a variable, and writes it to the serial port; next, it waits one second and begins again. My Arduino file, rdAna.pde: int anaVal = 0; void setup() { Serial.begin(9600); } void loop() { anaVal = analogRead(0); //pin 0 Serial.println(anaVal); delay(1000); } my PHP file, rdArd.php: <?php $fp = fopen("/dev/ttyUSB0", "r"); //intval() causes "" to be returned as 0 $data = intval(fgets($fp))`; print $data; fclose($fp); ?> Next, plug the address and file into the Web browser: 192.168.1.2/rdArd.php To read the next value, simply refresh the browser. At first, this didn't work. I couldn't even cat /dev/ttyUSB0 to read data from the Arduino. I performed a stty -F /dev/ttyUSB0 and found that the default port baud rate for ttyUSB0 was 115200. I changed the port parameters for ttyUSB0 to 9600/8N1 using the folloing invocations of stty: stty 9600 cs8 -parenb -cstopb < /dev/ttyUSB0 or stty -F /dev/ttyUSB0 9600 cs8 -parenb -cstop After setting the port, I was able to 'cat /dev/ttyUSB0' and get data from the PHP page, however, the data at the php page didn't match the data returned from 'cat'. It differed by one 2^x order of magnitude! Next, I found that my Arduino Duelimanove has an autoreset feature which when serial communications occur with the Arduino, it performs an autoreset of its microcontroller! This feature causes the microcontroller to be reset after a sketch has been uploaded so that the boot loader will be invoked, and will cause the sketch to run immediately in the Arduino. If the Arduino is being used for serial communication, and if the autorest feature is causing issues with serial communications, it is recommended that the autoreset feature be disabled. One way to disable the autoreset feature is to place a 120 ohm resistor between 'Reset' and '+5' on the Arduino's edge connector (there are other ways as well). It didn't seem to me that would have an effect, as I could get data from cat /dev/ttyUSB0 and from my PHP page, but it after I added the 120 resistor to my Arduino, the data matched the data from cat, and the data from cat was more consistent than before. Success!!!!!!!!!!! I don't know what to do next. I see there is an Ethernet shield for the Arduino. why have a Web server on a PC?? If your application is small enough, use an Arduino with an Ethernet shield. If you get the Ethernet Shield, you can learn more about the hardware. The shield I read, has a slot for a camera memory stick, COOL!!!! I want to hook up my Arduino Mega to the Web server (it has an LCD, Keypad, Stepper driver/motor) and drive the motor from the Web. Simple modifications. Arduino only has a serial.read function so you have to repeadily read into an array or concatenate a string I suppose and then do an atoi(string) to convert the string to integer data to pass to the motor stepping function. Another cool thing about this project, is that one can get data from the Arduino over the Internet using a smart phone of tablet without an Ap, correct? John T. Rine --- Lab46: Penguin Powered
April 16, 2012
I downloaded and installed the Arduino 1.0 IDE for Windows. Next, I assembled the Arduino Uno and the Ethernet shield. I plugged one end of the USB programming cable into the Arduino Uno and the other end into the computer on which I installed the Arduino 1.0 IDE. Installing the device driver is a little bit on a pain; after plugging the Arduino's USB cable into the computer used to develop sketches, let the driver install fail, then go to device manager, select the unknown device, select browse the computer for the device driver. On this pop-up, enter the path to the Arduino driver library (and not the FTDI folder-this is an Uno and does not use the FTDI chip) and let it find the driver. After successfully installing the driver for the Arduino Uno, I opened one of the example sketches, File→Examples→Basics→Blink. Next, I complied this 'sketch',
sketch→verify/compile. Lastely, I uploaded the compiled sketch to the Arduino, file→upload. The Arduino's yellow led blinked once per second, success!
Next, I found a Ethernet example, file→examples→Ethernet→Web server, and opend it in the Arduino IDE. I changed the mach address to the address listed on the sticker on the front of the Ethernet shield's container. I also changed the IP address tio an open address on my home network-192.168.1.3. I complied the sketch and uploaded it to the Arduino. I plugged one end
of a spare Ethernet cable into the router; I plugged the other end of the cable into Ethernet shield. Lastly, I plugged a power supply (wall wart) into the Arduino's power connector. The LEDs on the Arduino and Ethernet shield came on. I pointed my broswer to the Arduino. I read values returned from 4 of the Arduino's analog inputs, Cool!!!
I haven't yet forwarded a port to the Arduino Web server to expose it to the outside world; right now, it is only accessible from inside my network.
After getting the Arduino Web server to work, I added it as a new project to my portfolio. I plan to add hardware control and improve the server. The Ethernet shield also has a connector for an SD card on which data can be stored.
DATA Topics
Void Pointer
A void pointer is a generic pointer that can be used to point to any datatype.
Because it is a generic pointer, before it can be dereferenced, it must be cast to the appropriate type.
Also because a void pointer is a generic pointer, no pointer arithmetic may be performed on it.
In C++ void references are not allowed.
//voidptr.c //John T. Rine //September 17, 2011 #include<stdio.h> int main(int argc, char **argv) { void *pVoid; int *pInteger; float *pFloatingPoint; char *pCharacter; int integer; float floatingPoint; char character; integer = -5; floatingPoint = 1298.1234; character = 'Z'; pVoid = &integer; pInteger = (int *)pVoid; printf("%d\n",*pInteger); pVoid = &floatingPoint; pFloatingPoint = (float *)pVoid; printf("%4.4f\n",*pFloatingPoint); pVoid = &character; pCharacter = (char *)pVoid; printf("%c\n",*pCharacter); return 0; }
lab46:~/src/data$ gcc voidptr.c -o voidptr lab46:~/src/data$ ./voidptr -5 1298.1234 Z lab46:~/src/data$
References
Null Pointer
A Null Pointer is a pointer which has been set to a specific value, known as NULL, that is not a valid address on a target system.
Pointers can be tested for null. Doing so is used to indicate whether a pointer points to a valid memory address or not. The success of testing pointers for NULL is dependent on the programmer setting pointers to null when they are not pointing to a valid memory address. Some programming languages automatically set pointers to null when they are declared.
//nulPtr.c //John T. Rine //September 24, 2011 #include<stdio.h> int main(int argc, char **argv) { int *iptr; int i = 10; printf("iptr value after declaring it: 0x%x\n", iptr); iptr = NULL; printf("iptr value after setting to NULL: 0x%x\n", iptr); iptr = &i; printf("iptr value after setting to address of i: 0x%x\n", iptr); printf("The value pointed to by iptr is: %d\n", *iptr); iptr = NULL; printf("iptr value after setting to back to NULL: 0x%x\n", iptr); return 0; }
lab46:~/src/data$ gcc nullPtr.c -o nullPtr lab46:~/src/data$ ./nullPtr iptr value after declaring it: 0x0 iptr value after setting to NULL: 0x0 iptr value after setting to address of i: 0x488c58c4 The value pointed to by iptr is: 10 iptr value after setting to back to NULL: 0x0 lab46:~/src/data$
References
- <html><a href=“http://en.wikipedia.org/wiki/Pointer_(computing)#Null_pointer”>Null pointers-Wikipedia</html>
Pointers to Pointers
Pointers to pointers are pointers which hold the address of another pointer. In other words, a pointer to a pointer points to another pointer. When a pointer to a pointer is dereferenced once, the address pointed to is returned. When it is dereferenced again, the value at the address pointed to by the pointer being pointed to by the pointer to a pointer is returned. See the code and console output below.
//pToP.c //John T. Rine //September 27, 2011 #include<stdio.h> int main(int argc, char **argv) { char **p = NULL; char *q = NULL; char i = 25; q = &i; p = &q; printf("Address of i = 0x%x\n", &i); printf("Value in i = %d\n", i); printf("Address of q = 0x%x\n",&q); printf("Value in q = 0x%x\n", q); printf("Value pointed to by q = %d\n", *q); printf("Address of p = 0x%x\n", &p); printf("The value in p = 0x%x\n", p); printf("Value in *p = 0x%x\n", *p); printf("value pointed to through double indirection = %d\n",**p); getchar(); return 0; }
address of i = 0x22ff47 Value in i = 25 Address of q = 0x22ff48 Value in q = 0x22ff47 Value pointed to by q = 25 Address of p = 0x22ff4c The value in p = 0x22ff48 Value in *p = 0x22ff47 value pointed to through double indirection = 25
Pointers to pointers can be used as a function parameter when a function must change the address contained in a pointer external to the function. Pointers to pointers can also be used to access individual elements of a multidimensional array, an array of strings for example.
//argv.c //John T. Rine //9/26/2011 #include<stdio.h> int main(int argc, char **argv) { int i; char * inputString = NULL; if (argc > 1) { for(i = 1; i < argc; i++) { int count = 0; while(*(*(argv + i) + count) != '\0') { printf("%c\n",*(*(argv + i) + count)); ++count; } } } else printf("No command line arguments were supplied after the file name\n"); return(0); }
C:\MinGW\programs-jr>argv.exe dog cat d o g c a t C:\MinGW\programs-jr>
Pointer Arithmetic
Pointers may be incremented, decremented, added to or subtracted from, compared and assigned. When incrementation is performed, the address pointed to afterwards is current address plus the data type size in bytes. When decrementation is performed, the address pointed to afterwards is current address minus the data type size in bytes. When a pointer is added to by an integer type, the address pointed to afterwards is the current address plus the number being added multiplied by the data type size in bytes. When a pointer is being subtracted from, the address pointed to afterwards is the current address plus the number being subtracted multiplied by the data type size in bytes. When an assignment is being carried out, the value of the pointer afterward is the value being assigned.
//ptrMath.c //John T. Rine //September 29, 2011 #include<stdio.h> int main(int argc, char **argv) { int integer = 12345; printf("integer = %d\n", integer); printf("The address of integer is 0x%x\n", &integer); printf("\n"); printf("Assigning NULL to intPtr...\n"); int * intPtr = NULL; printf("Checking the value of intPtr...\n"); if(intPtr == NULL) printf("intPtr == NULL\n"); else printf("intPtr != NULL\n"); printf("\n"); printf("Setting intPtr to the address of integer...\n"); intPtr = &integer; printf("The address of intPtr is 0x%x\n", intPtr); printf("\n"); printf("The size of the int data type is %d\n", sizeof(int)); printf("Incrementing intPtr...\n"); intPtr++; printf("The address of intPtr is 0x%x\n", intPtr); printf("\n"); printf("Decrementing intPtr...\n"); intPtr--; printf("The address of intPtr is 0x%x\n", intPtr); printf("\n"); printf("Adding 10 to intPtr...\n"); intPtr += 10; printf("The address of intPtr is 0x%x\n", intPtr); printf("\n"); printf("Subtracting 10 from intPtr...\n"); intPtr -= 10; printf("The address of intPtr is 0x%x\n", intPtr); return 0; }
C:\MinGW\programs-jr>gcc ptrMath.c -o ptrMath C:\MinGW\programs-jr>ptrMath integer = 12345 The address of integer is 0x22ff18 Assigning NULL to intPtr... Checking the value of intPtr... intPtr == NULL Setting intPtr to the address of integer... The address of intPtr is 0x22ff18 The size of the int data type is 4 Incrementing intPtr... The address of intPtr is 0x22ff1c Decrementing intPtr... The address of intPtr is 0x22ff18 Adding 10 to intPtr... The address of intPtr is 0x22ff40 Subtracting 10 from intPtr... The address of intPtr is 0x22ff18 C:\MinGW\programs-jr>
References
Structure Pointers
Structure pointers contain the addresses of structures. The address of a structure may be obtained in the same way as an address of any other data type, through the use of the address of operator (ampersand). There are two forms of syntax with which to derefence the members of a structure: struct→member, or (*struct).member.
Structure pointers are very important in programmming as they are the linking mechanism used to connect nodes of a data structure. For usage of structure pointers, assignment and dereferencing, see the code and console output below.
//John T. Rine //September 28, 2011 //structPtr.c #include<stdio.h> struct Test { char c; int i; float f; }; typedef struct Test test; int main(int argc, char **argv) { test * structPtr; test testStruct; testStruct.c = 'Z'; testStruct.i = 54321; testStruct.f = 123.4567; structPtr = &testStruct; printf("The address of testStruct is 0x%x\n", structPtr); printf("The address of testStruct.c (&testStruct.c) is 0x%x\n", &testStruct.c); printf("The value at the address dereferenced by (*strucktPtr).c is %c\n", (*structPtr).c ); printf("The value at the address dereferenced by strucPtr->c is %c\n", structPtr->c); printf("\n"); printf("The address of testStruct.i (&testStruct.i) is 0x%x\n", &testStruct.i); printf("The value at the address dereferenced by (*strucktPtr).i is %c\n", (*structPtr).i ); printf("The value at the address dereferenced by strucPtr->i is %c\n", structPtr->i); printf("\n"); printf("The address of testStruct.f (&testStruct.f) is 0x%x\n", &testStruct.f); printf("The value at the address dereferenced by (*strucktPtr).f is %f\n", (*structPtr).f ); printf("The value at the address dereferenced by strucPtr->f is %f\n", structPtr->f); getchar(); //Keep the console window open in Windows return 0; }
C:\MinGW\programs-jr>gcc structPtr.c -o structPtr C:\MinGW\programs-jr>structPtr The address of testStruct is 0x22ff10 The address of testStruct.c (&testStruct.c) is 0x22ff10 The value at the address dereferenced by (*strucktPtr).c is Z The value at the address dereferenced by strucPtr->c is Z The address of testStruct.i (&testStruct.i) is 0x22ff14 The value at the address dereferenced by (*strucktPtr).i is 1 The value at the address dereferenced by strucPtr->i is 1 The address of testStruct.f (&testStruct.f) is 0x22ff18 The value at the address dereferenced by (*strucktPtr).f is 123.456703 The value at the address dereferenced by strucPtr->f is 123.456703
References
Function Pointers
A function pointer points to a function rather than data. Function pointers are used to simplify code to select a function to execute based on values during run-time. Function pointers can be used
to replace switch/if-statements. An important rule regarding function pointers is that the functions a function pointer points to must have the same signature and return type.
References
Pushing
Pushing is the act of placing a value into the top of the stack and incrementing the stack pointer to point to the next address. When the push function is performed on the stack, the address pointed to by the stack pointer gets data, it will become the new top of the stack and the stack pointer is incremented to point to the next address. With linked-list implemented stacks, if no list exists a node is created and the data to be pushed is placed into it. If a list exists, a new node is tacked onto the end of the list, head or tail, and the data to be pushed is polaced into it. This node becomes the new head or tail.
References
- <html><a href=“http://en.wikipedia.org/wiki/Stack_(data_structure)”>Wikipedia Stack</a></html>
Popping
Popping is the act of copying the value at the top of the stack and decrementing the stack pointer to point to the last address. When the pop function is performed on the stack, data at the location pointed to by the stack pointer is copied from the stack and the stack pointer is decremented to point to the address from where the data was just copied. This location becomes the new top of the stack. With linked-list implemented stacks, after the data has been retrieved, the node that was the top of the stack is freed and the node that was pointed to by the node that was just freed becomes the new top of the stack; it also becomes the new head or tail of the list depending on which end of the list things are being pushed to and popped from.
References
- <html><a href=“http://en.wikipedia.org/wiki/Stack_(data_structure)”>Wikipedia Stack</a></html>
SYSPROG Topics
User Space
The definition of user space is the area of system memory in which user processes execute. It is does not include the part of system memory where the kernel, or the operating system's core, runs. In fact, the kernel manages system resources and is the interface between user processes and the system's hardware.
References
- Understanding Unix/Linux Programming by Bruce Molay, Chapter 1
Kernel Space
The definition of Kernel space is the area of system memory where the Kernel, the system manager, executes. User processes (applications) do not have direct access to the system's hardware; they have to request access from the Kernel. In this way, user processes cannot interfere with each other or the Kernel for that matter.
References
- Understanding Unix/Linux Programming by Bruce Molay, Chapter 1
Threads
A thread is the smallest unit of computing that can be assigned to a process by the operating system. Muliple threads can execute within a single process. A process being an instance of a computer application or program being executed by an operating system that has the ability to execute multiple programs at the same time. Threads were created to so that a process would have the capability of performing several actions at the same time.
References
- <html><a href=“http://en.wikipedia.org/wiki/Thread_(computer_science)”>Wikipedia Thread (Computer Science)</a></html>
Multithreading
Multithreading is the ability of an operating system to run a few or several parts of a computer application at the same time. Through the use of multithreading, can be used to control multiple streams of input to an application. Further, tasks that have a low priority can be run in a thread in the background.
References
Semaphores
A Semaphore is an operating system variable which all processes executing on the system have access to. It prevents processes from using system resources at the same time. A process using a system resource sets a semaphore and when other processes are preparing to use that resource, they check the state of the semaphore, if it is set, they wait until the process using the resource resets the semaphore signaling that the resource is now available.
References
- <html><a href=“http://en.wikipedia.org/wiki/Semaphore_(programming)”>Wikipedia-Semaphore (Programming)</a></html>
Streams
Streams are input and output channels between computer applications, the operating system and I/O devices. The three I/O channels are called: standard input (stdin), standard output (stdout) and standard error (stderr).
References
- Understanding Unix/Linux Programming-A Guide to Theory and Practice Bruce Molay
File Descriptor
A file descriptor is a connection between a process and a file. In Unix/Linux operating systems, it is created through the open system call.
The file descriptor is an index into an operating system data structure which encapsulates the details of all open files.
References
- Understanding Unix/Linux System Programming-A Guide to Theory and Practice, Bruce Molay
Zombie
A process that has completed execution but still has an entry in the process table.
References
- Understanding Unix/Linux System Programming-A Guide to Theory and Practice, Bruce Molay
HPC1 Topics
Maintenance
Maintenance is performed by checking the system (logs etc.) to verify that the system is functioning properly and then performing any required updates and upgrades; maintenance is usually carried out on a regular or semi-regular basis.
Common Linux maintenance tasks include:
- Installation of Install System and Application Patches/Updates-The following command line invocation will patch the OS and all applications: $ sudo apt-get update; sudo apt-get dist-upgrade
- Backing up the hard drive
- For a local backup use Back-In-Time or rdiff-backup
- For remote backup to a server use Crashplan
- Cleaning up temporary files-The tmp directory under root is used for temporary files. The tmp directory gets cleaned up automatically. Some editors, however, can leave files ending with a ‘~' character. An administrator can remove these files using a combination of Linux commands: find and rm. To remove these files, execute find again but add -exec: $ find $HOME -type f -name “*~” -print -exec rm {} \; To remove these files from the entire system the adminstrator must be logged in as root. Other temporary files may be located in the var directory under the root. When kernel crashes occur, core files may be written into the var directory. An adminstator must be logged in as root to remove them: $ sudo find /var -type f -name “core” -print.
- Unistalling packages-When If the package manager was used to install software, it should be used to uninstall it. For APT-based systems, perform the following to uninstall packages: $ sudo apt-get purge [package]. If custom settings are to be maintained, but a program still must be removed, use the following command line invocation of apt-get remove: $ sudo apt-get remove [package].
References
Logging
Logging is the act of collecting information or data through automated means; data can be collected only when particular events occur or it can be collected periodically. Once the data has been collected it is usually stored in a non-volatile storage medium such a hard drive. Once the data has been stored, it can be analysed at a later time.
Most log files are located in the /var/log directory (and subdirectories). An adminstrator must be the root user in order to gain access to this directory.
To navigate to the logs directory, use the following cd command command line invocation: # cd /var/logs
To view log file messages, use any one of the following command line command invocations:
# tail -f /var/log/messages
# less /var/log/messages
# more -f /var/log/messages
# vi /var/log/messages
Typical Linux log files and their paths are:
/var/log/message-General message and system related stuff
/var/log/auth.log-Authenication logs
/var/log/kern.log-Kernel logs
/var/log/cron.log-Crond logs (cron job)
/var/log/maillog-Mail server logs
/var/log/qmail/-Qmail log directory (more files inside this directory)
/var/log/httpd/-Apache access and error logs directory
/var/log/lighttpd-Lighttpd access and error logs directory
/var/log/boot.log-System boot log
/var/log/mysqld.log-MySQL database server log file
/var/log/secure-Authentication log
/var/log/utmp or /var/log/wtmp-Login records file
/var/log/yum.log-Yum log files
In summary, /var/log is the location where you should find most Linux logs file. However, for example, some applications such as httpd have their own directories within /var/log/ for their own log files.
To help with the administration of log files, one can use the following applications:
- Rotate log file using logrotate software
- Monitor logs files using logwatch software
References
Troubleshooting
Troubleshooting is the act of fault finding. Particular to this course, it is fault finding within a computer's operating system. Operating system fault finding methods include:
- Viewing system log files
- Observing messages during bootup
- Observing error messages
- Isolating system components
Common problems with Linux and how to fix them:
- Distribution fixes-distribution installers are good at identifying an existing Windows installation and setting up dual booting, however, it is possible that after a Windows installation that the Linux installation appears to be gone. This, however, is not the case. Windows has overwritten the bootloader. Resolve this issue, reload the bootloader into the disk's master boot record (MBR). To do this, a Live CD is required; next, open a terminal and, assuming the bootloader is Grub, run “sudo grub-install /dev/sda”. This of course assumes that everything was installed on the first (or only) hard drive. Grub-install can usually detect a previous Grub installation and correct itself. If Grub cannot correct itself, it will have to be done manually. To do so, run “sudo grub” to enter the Grub shell, then run “find /boot/grub/stage1” to determine on which partition the Grub files reside. If Windows is on the first partition Grub is probably on the second, in which case this command will return something similar to (hd0,1). Now install Grub with the following commands: “root (hd0,1); setup (hd0); quit”. The first command identifies the boot partition, the second writes the bootloader to the Master Boot Record and then you leave the Grub shell. Grub is only concerned with the location of /boot, so if you have a separate /boot partition, leave out “/boot” when using the find command as shown above.
- Booting errors-in early versions of Linux, the boot sequence was printed to the screen; if a boot error occured, the last line or two of text printed to the screen contained a clue to the problem. Nowadays, distributions display a splash screen while they're booting; if the boot stops, only the the splash screen is displayed; there is no text displaying what stage the boot process was in. To disable the splash screen and display boot messages, when the grub screen comes up Press 'e' to start editing. Scroll down to the “kernel…” line. This is the line that tells Grub which kernel to boot and what parameters are to be passed to it when it boots. Press 'e' again to edit this line. On this line, remove any references to quiet or splash, press Enter then B (for boot). Now that boot messages are displayed, one can see where the boot process stops. Simply Google the text on the line containing the error, probably the last line, to see what can be done regarding the issue. It is possible that hardware is causing the issue, so unplug all unnecessary devices and try again. If the boot issue occurs early in the boot sequence, add noapic to the kernel boot line. When the grub screen comes up Press 'e' to start editing. Scroll down to the “kernel…” line. Press 'e' again to edit this line. At the end of the kernel load line, place the word “noacpi”. Press Enter then B (for boot). If this does fix the issue, edit the Grub configuration file at /boot/grub/menu.lst or /boot/grub/grub.conf and add the noapic option; For example, to add noacpi permanently, the kernel line in /boot/grub/grub.conf would be something similar to: kernel /vmlinuz-2.6.23.1 ro root=/dev/sda9 rhgb quiet noapci.
- Hardware issues-Linux drivers for hardware are not found on the CD that comes with hardware because they are usually installed on the target system as kernel modules. Kernel modules can be loaded from the command line or a startup file, but the HAL/D-BUS system can recognize hardware and should load the modules automatically, however, if it doesn't The following steps should be taken to remedy the problem. The first step is to get information about the hardware using lspci for internal devices or lsusb for USB devices (some laptop hardware is also connected via USB) with these commands: “sudo lspci”, “sudo lsusb”. Once the devices have been identified, further information can be gathered through the use of the -s option to query a specific device and -v for more information, using: “sudo lspci -s 03:00.0 -v” or “sudo lsusb -s 001:004 -v”. Using lspci with the -w option also returns the kernel module in use for the device (if there is one). If no module is identified, try using a live CD from which to boot. If the device is recognized, run lspci -k to see which module it uses, then you can go back to the installed system and attempt to load the identified module using the following command line invocation of modprobe: modprobe -v modulename. If there is no output, then module is already loaded, and should show up in the output from lsmod. If, however, something similar to the following output is displayed “insmod /lib/modules/…/modulename.ko”, then the module is now loaded and the drivers for the hardware should now work, or at least be available for configuration. Other command line responses are “device not present” and “device not found”. The “device not present” message indicates that the hardware for that module is not found, which usually means that the wrong module was mistakenly installed. The “module not found” message means the module is not present on the target system. Distributions usually have most kernel modules installed, so your hardware is either esoteric, or is supported only in a later kernel version. If the issue is that the hardware is esoteric in nature then compilation of a new kernel is required to use it. if, however, the hardware is supported in a more recent kernel version, upgrade the kernel version through the use of the apt-get command. First find the kernel version: “$ uname -r”; Next, find all available kernel images: “$ apt-cache search linux-image”. Now install the target kernel version by explicitly specifying version number: “$ sudo apt-get install linux-image-x.x.x-xx”.
References
Security-Internal
The term “Internal security”, as it relates to a course in information technology, is a general term used to refer to all of the built-in or add-on features available to a computer system to secure it against unauthorized use. The following topics define and describe these features.
- BIOS Security-BIOS is the lowest level of software that configures x86-based hardware. Linux boot loaders access the BIOS to determine how to boot up your Linux machine. BIOS can be used to prevent attackers from rebooting your machine and manipulating your Linux system. Most PC BIOSs let a user set a boot password. It is possible to get around a BIOS password if an attacker can gain access to the motherboard. Some motherboards have a jumper related to the BIOS password. Also the BIOS can be reset; one way to do this is to momentarily disconnect the battery used to power the BIOS volatile memory. Another risk of trusting BIOS passwords is that BIOS makers have equipped their BIOSes with passwords that work regardless of a chosen password. Some common passwords include: “j262 AWARD_SW AWARD_PW lkwpeter Biostar AMI Award bios BIOS setup cmos AMI!SW1 AMI?SW1 password hewittrand shift + s y x z”. Unfortunately these passwords are quite easily available from manufacturers' websites and, therefore, cannot be considered adequate protection from a knowledgeable hacker. Many x86 BIOSs have other good security features. Check the BIOS manual or look at the BIOS the next time the system boots up. For example, some BIOSs disallow booting from floppy drives and some require passwords to access certain BIOS features.
- Boot Loader Security-Linux boot loaders also can have a boot password set. These passwords only slow the determined attacker. They won't, for example, prevent an attacker from booting from a floppy, and mounting the root partition. If boot loader security is being used, then the ability to boot from external devices, such as a floppy, in the computer's BIOS should be disabled, and then BIOS should be password protected. The bootloader's .conf file for example, /boot/grub/grub.conf, should have its files permissions set to 600 (readable and writing for root only), or attackers will be able to read the bootloader password. The Grub boot loader provides a password feature, so that only administrators can start interactive operations such as editing menu entries and entering the command-line interface. To use this feature, you need to run the command “password” in the configuration file, for example: password –md5 PASSWORD. With a password specified, Grub does not allow interactive control until the user presses 'p' and enters the correct password. The option `–md5' tells Grub that the password is in MD5 format. If it is omitted, GRUB assumes the password is in plain test. The password can be encrypted with the command “md5crypt”. For example, run the grub shell, and enter your password as follows: “grub> md5crypt Password: PASSWORD_TO_BE_ENCRYPTED Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb”. Then, copy and paste the encrypted password to your configuration file. Grub also has a “lock” command that will allow you to lock a partition if you don't provide the correct password. Simply add 'lock' and the partition will not be accessable until the user supplies a password.
- File and Folder Permissions-each file and directory in Linux has three user based permission groups: owner, group, and all users. Owner permissions apply only the owner of the file or directory. Group permissions apply only to the group that has been assigned to the file or directory. All Users permissions apply to all other users on the system, with regard to security, this is the permission group that requires the most vigelance. Each file or directory has three basic permission types, read, write, and execute. Read permission refers to a user's capability to read the contents of the file. Write permissions refer to a user's capability to write or modify a file or directory. Execute permission affects a user's capability to execute a file or view the contents of a directory. File or directory may be viewed throught the use of the ls command with the “-l” option from the command line. The permissions are displayed as: _rwxrwxrwx 1 owner:group. The first character, an underscore, is the special permission flag that can vary. The following set of three characters are the owner permissions. The second set of three characters are the group permissions. The third set of three characters is for the All Users permissions. Following the last set of permissions is an integer representing the number of hardlinks to the file. After the number of hard links is the owner and group assignment formatted as Owner:Group. When in the command line, the permissions can be edited through the use of the chmod command. You can assign the permissions explicitly or by using an octal reference. To explicity define permissions reference the permission Groups and permission types. The Permission groups used are: 'u' for owner, 'g' for group, and 'o' or 'a' for all users. The potential Assignment Operators are '+' and '-'; these symbols are used to tell the system whether to add or remove the specific permissions. The permission types that are used are: 'r' for read, 'w' for write, and 'x' for execute. Now for example, suppose there is a file named “myFile” whose permissions are set to _rw_rw_rw, which means that the owner, group and all users have read and write permission. Now to remove the read and write permissions from the all users group, invoke the chmod command as follows: chmod a-rw myFile. To restore the permissions previously removed, invoke the command: chmod a+rw myFile. To set the permission using octal references you must first understand that the permissions are given by entering three integer values. A sample permission string for example, would be “chmod 640 myFile”, which means that the owner has read and write permissions, the group has read permissions, and all other user have no rights to the file. The first number represents the owner's permissions; the second represents the group permissions; and the last number represents the permissions for all users. The numbers are the octal representation of the rwx string: r = 4, w = 2, and x = 1. The numbers for the type permissions to be set for a given user/group are added together to obtain the integer value for a user/group. When using the chmod, with octal permissions, octal values for all user/groups must be supplied, for example, to set permissions on myFile to be equivalent to _rwxr, the command line invocation of chmod would be: “chmod 740 myFile”. To assign or change the owner and group assigned to a file or directory, use the chown command to change owner and group assignments, the syntax is “chown owner:group filename”, so to change the owner of myFile to John and the group to HPC1 you would use the chown command as follows: “chown John:HPC1 myFile. The special permissions flag can be marked with any of the following symbols: _ - no special permissions, d - directory, l - the file or directory is a symbolic link, s - indicates the setuid/setgid permissions (This is not set displayed in the special permission part of the permissions display, but is represented as a s in the read portion of the owner or group permissions), t - indicates the sticky bit permissions (This is not set displayed in the special permission part of the permissions display, but is represented as a t in the executable portion of the all users permissions). The setuid/setguid permissions are used to tell the system to run an executable as the owner with the owner's permissions. Be careful using setuid/setgid bits in permissions. If one incorrectly assigns permissions to a file owned by root with the setuid/setgid bit set, then the system is open to intrusion. The setuid/setgid bit can only be set by explicitly defining permissions. The character for the setuid/setguid bit is s. To set the setuid/setguid bit on example file, myFile2.sh you would issue the command chmod g+s myFile.sh. The sticky bit can be useful in a multiuser environment such as linux because when it is assigned to the permissions on a directory, it sets it so only a file owner can rename or delete the owner's files. The sticky bit can only be assigned by explicitly defining permissions. The character for the sticky bit is t. To set the sticky bit on a directory named myDir you would issue the command chmod +t myDir.
- Configuring Services-any unused services on the Linux system should be disabled. Every service is a potential access point into your system. Not only does this provide an additional level of Linux security, but it also frees system resources. Before dealing with Linux services it is first important to understand Runlevels. A typical Linux system can be configured to boot up into one of five different runlevels. During the boot a process called init looks in the /etc/inittab file to find the default runlevel. Having identified the runlevel it proceeds to execute the appropriate startup scripts to run the services that are required for the system. Both the runlevel and the services that get started are configurable. Runlevel 0 is halt runlevel. This is the runlevel at which the system shuts down. For obvious reasons it is unlikely you would want this as your default runlevel. Runlevel 1 is the single user runlevel. This causes the system to start up in a single user mode under which only the root user can log in. In this mode the system does not start any networking or X windowing, X or multi-user services. This run level is ideal for system administrators to perform system maintenance or repair activities. Runlevel 2 boots the system into a multi-user mode with text based console login capability. This runlevel does not, however, start the network. Runlevel 3 is similar to runlevel 2 except that networking services are started. This is the most common runlevel for server based systems that do not require any kind of graphical desktop environment. Runlevel 4 is an undefined runlevel. This runlevel can be configured to provide a custom boot state. Runlevel 5 boots the system into a networked, multi-user state with X Window System capability. By default the graphical desktop environment will start at the end of the boot process. This is the most common run level for desktop or workstation use. Runlevel 6 reboots the system. Another runlevel that you are unlikely to want as your default. During the boot process, the init command opens the /etc/inittab file to decide what “runlevel” the system should be booted to. The /etc/inittab file is a plain text file that can be opened with your favorite text editor. The relevant section of a sample /etc/inittab file is as follows: “id:3:initdefault:”. This tells the init process that the default run level for the system is run level 3. To change to a different run level simply change the number and save the /etc/inittab file. Before doing this, however, be absolutely sure you know which run level you want. Selecting the wrong runlevel can have serious consequences. Having identified, and possibly changed the runlevel to which the system will boot to, the user can now control which services should be started automaticcally at boot time. As mentioned previously it is important to avoid having any services running that you don't actually need. Every server is a potential access point into your Linux server so it is good practice to turn off anything you don't think you will use. Bear in mind that you can always turn on a service at a later date if you find you need it. The command line tool chkconfig (usually located in /sbin) can be used to list and configure which services get started at boot time. To list all service settings run the following command: ”/sbin/chkconfig –list“. Running this command line will cause a long list of services to be displayed showing whether or not they are started up at various runlevels. You may want to narrow the search down using Linux grep command. For example to list the entry for the HTTP daemon you would run the following command: ”/sbin/chkconfig –list | grep httpd“, which should result in something like: “httpd 0:off 1:off 2:off 3:on 4:off 5:off 6:off”. Alternatively you may just be interested to know what gets started at a given run level, for example run level 3: ”/sbin/chkconfig –list | grep '3:on'“. chkconfig can also be used to change the settings. If we wanted the HTTP service to start up when we at runlevel 5 we would issue the following command: ”/sbin/chkconfig –level 5 httpd on“.
- Firewall-the firewall can be configured to block ports used by the various Linux services. The lokkit command can be run at any time to change the security settings of Firewall installed on your system. To run lokkit, login as root or use the “su” command. If the user is root on the target Linux system, start the lokkit command as follows: ”/usr/sbin/lokkit“ or if not, use the su command as follows: “su –c “/usr/sbin/lokkit””. The lokkit command allows the user to enable or disable the Firewall. First, if it is not already enabled, enable it. Use the “Tab” key to move around and the “Space” key to select the “Enabled” option. Next, configure the Firewall. Use the Tab key to move the “Configure” button and press the “Space” key. On the configuration screen select the service types to support. Based on the selections lokkit will configure the Firewall to allow access to the appropriate ports. The services listed are HTTP, FTP, SSH, Telnet and Mail (SMTP). You can also specify other ports you wish to open on the Firewall in the “other ports” section. The lokkit command also provides the option of specifying trusted devices on the “Configure” screen. It is possible to have more than one network device installed on a Linux system. In this scenario, it might be that one device is connected to a secure network while the other is connected to a network that is connected to the outside world. The firewall allows the user to disable the firewall settings for any connections coming in from the device connected to the secure network while applying the firewall rules to device connected to the outside world.
References
Upgrades
The definition of the word “upgrade” as taken from the free dictionary online is as follows: “To replace (a software program) with a more recently released, enhanced version.”, and “To replace (a hardware device) with one that provides better performance.”
- Upgrading out of date packages-over time, updated versions of packages currently installed on your computer may become available from the package repositories (for example security updates). To upgrade your system, first update your package. The apt package index is a database of available packages from the repositories defined in the /etc/apt/sources.list file. To update the local package index with the latest changes made in repositories, invoke the apt-get update command as follows: “sudo apt-get update.”, Next,upgrade the system, invoke the apt-get upgrade command as follows: “sudo apt-get upgrade.” The apt-get upgrade command installs the latest versions of any out-of-date packages on your system. It never installs a package that is not yet installed. The apt-get dist-upgrade command installs up-to-date version of packages, and may install additional packages.
- Upgrading the kernel version-To upgrade the kernel version, use use the apt-get command. First find the kernel version: “$ uname -r”; Next, find all available kernel images: “$ apt-cache search linux-image”. Now install the target kernel version by explicitly specifying version number: “$ sudo apt-get install linux-image-x.x.x-xx”.
References
Backups
Backing up data on a computer system means to archive a copy of the data in a different location for safe keeping. Once the data has been archived in a different location, the original data can be removed to save space. The archive can be compressed in order to save space.
On Linux systems, use the following commands to back up data:
- tar command-this utility appends a list of files and/or directories into one flat file. To create an archive of a directory for example, invoke tar as follows: “tar -cf archive.tar myDirectories/”. Adding the v option puts tar in verbose mode; extra information is printed to the screen. To list the contents of an archive file, use the following command line invocation of tar: “tar -tf archive.tar”. Warning! Preview the contents of tape archives before unpacking them. If the user is root, it is possible during the untaring process, for important system files to be overwritten. To extract all files from an archive use the following command line invocation of tar: “tar -xf archive.tar”. To extract part of an archive, supply vnames of files or directories to be extracted after the archive name, for example: “tar -xf archive.tar filename”. Archive files can be compressed. To compress them using gzip, invoke gzip, for example: gzip archive.tar”. To decompress a compressed file, invoke gunzip, for example: “gunzip archive.tar.gz”. Rather than running the tar and compression/decompression utilities separately, it is possible to combine the opertions. The z option can be used when invoking tar, for example to archive and compress the directory 'files' useo the following command line invocation: “tar -czvf archive.tgz files/”. To decompress a tar/gzipped archive, also use the z option, for example: “tar -xzvf archive.tgz”.
- dd command-the dd command can be used to save tar backups to cd or dvd. The dd command can be used to backup an entire hard disk. It can also be used to save tar backups to cd or dvd. dd copies a file (from standard input to standard output, by default) with a changeable I/O block size, while optionally performing conversions on it. The dd command's usage format is pretty simple, for example: “dd if=/dev/sda of=/dev/sdb bs=4096”. 'if' is the input; 'of' is the output; 'bs' is the block size. The example demonstrated the command syntax required to backup the first hard disk to the second. To backup agunzip or bzip2 compressed file to a cd or dvd, provide the correct dvd writer drive. Mount the drive if you need to, for example: “dd if=/var/backup/tutorials-full-backup.tar.gz of=/dev/sr0”.
References
Documentation
The free on line dictionary defines the word “documentation” as follows: “Computer Science The organized collection of records that describe the structure, purpose, operation, maintenance, and data requirements for a computer program, operating system, or hardware device.”
Documentation concerning Linux:
- man pages-regarding documentation about Linux, manual pages or man pages are included as part of a Linux distribution. To view a manual page for a Linux command use: “man command”. For example, on the command line, enter the following to locate information about the mkdir command: “man mkdir”. man pages are organized generally into the following eight sections: 1 - general commands, 2 - system calls, 3 - library functions, covering in particular the C standard library, 4 - Special files (usually devices, those found in /dev) and drivers, 5 - file formats and conventions, 6 - games and screensavers, 7 - Miscellaneous, and 8 - system administration commands and daemons. Since a man subject may appear in more than one section, the section may be included in the command invocation to narrow down the search. For example, to get information about printf in section 3, use the following command line invocation of man: “man 3 printf”.
- On-line Documentation-search the Internet for specific information about Linux by entering a search string into a search engine. For example, to get information about anything Linux related, enter a search string specific to the subject. The search string can also be text copied from a log file, configuration file, etc.
References
Remote Administration
Of the term 'remote administration', Wikipedia says the following: “Remote administration refers to any method of controlling a computer from a remote location.” Besides meaning PC (personal computer), the word 'computer' in the preceding sentence can also mean 'server', 'switch', or 'router'.
All of these network components can be administered remotely.
Common methods of administering Linux systems remotely include the following:
- Telnet
- SSH
- FTP
- Remote desktop graphical applications
References
SSH
An SSH clinet using the SSH protocol is typically used with a terminal emulator to open a command line interface remotely and securely. Secure shell is just that-secure, whereas telnet is not. In order to access a remote machine using SSH, an SSH server must be installed on the target machine. One such Linux server is Open SSH. One uses a terminal emulator to access the target machine on secure shell's well known port, 22. pUTTY is an implementation of the Telnet and SSH protocols for Windows and Unix platforms and includes an xterm terminal emulator. Applications such as pUTTY are used to access a machine via SSH or Telnet to perform administrative services remotely.
References
Telenet
A Telnet client using the Telnet protocol is typically used with a terminal emulator to open a command line interface remotely. Unlike SSH, Telnet is not a secure communications protocol. In order to access a remote machine using Telnet, a Telnet server must be installed on the target machine. One such Linux server is telnetd. One uses a terminal emulator to access the target machine on Telnets's well known port, 23. pUTTY is an implementation of the Telnet and SSH protocols for Windows and Unix platforms and includes an xterm terminal emulator. Applications such as pUTTY are used to access a machine via Telnet or SSH to perform administrative services remotely.
References
FTP
The File Transfer Protocol or FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. In order to access a remote machine using FTP, an FTP server must be installed on the target machine. One such Linux server is VSFTPd. vsftpd, stands for “Very Secure FTP Daemon”. One uses to access the target machine on FTP's well known ports, 20 and 21; Port 20 is data, port 21 is control. Once the FTP server software has been installed and the system has been configured, FTP can be used to download files from or upload files to a target machine. In order for the network administrator or other users to use communicate with the FTP server on the target machine, the /etc/vsftpd.conf file must be modified. On a Linux machine by default users can download files but cannot upload. To upload, once again the /etc/vsftpd.conf file must be modified. Like any other server, once its configuration files have been modified, the server must be restarted for the new configuration to take effect. To actually upload and download files, a user must use an FTP client. Well known FTP clients include Filezilla and CuteFTP.
References
Firewall
A firewall is an object, set of objects or software designed to allow or deny network communication based on a set of rules; a firewall is used to protect networks from unauthorized access while permitting legitimate communications to pass.
Most modern operating systems include software-based firewalls to protect against malicious communications from the public Internet. Besides hosts, most routers also contain firewalls. It is interesting to note that many firewalls can perform certain routing functions.
Firewall and router distributions for Linux include:
- Devil Linux distribution-A firewall/router/server running from CD.
- Gibraltar Linux distribution-A firewall/router which can boot from cdrom or implemented as a hardware version.
- EnGarde Secure Linux distribution-A Router/firewall and web, email, and database server.
References
- <html><a href=“http://en.wikipedia.org/wiki/Firewall_(computing)”>Wikipedia-Firewall (computing)</a></html>
ufw (Uncomplicated Firewall)
Ufw or Uncomplicated Firewall is an application for managing the netfilter firewall. The Linux kernel in Ubuntu provides a packet filtering system, netfilter. The traditional interface for configuring netfilter is iptables. iptables while both highly configurable and highly flexible is complicated to use. ufw was created to make managing netfilter uncomplicated. By default, ufw is disabled.
ufw commands
ufw status-shows the status of the firewall and ufw managed rules. Use status verbose for extra information.
Executing 'ufw status' without being the root yields the following output:
jr018429@emachine:~$ ufw status ERROR: You need to be root to run this script jr018429@emachine:~$
If 'ufw status' is executed and ufw has not been enabled previously, the user receives the following output:
root@emachine:/home/jr018429# ufw status Status: inactive
Once ufw has been enabled, when 'ufw status' is executed, if no rules have been set, or 'ufw reset' has just been executed, the output from 'ufw status' is 'Status: active'.
root@emachine:/home/jr018429# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429#
ufw enable-reloads firewall and enables it on boot-up.
root@emachine:/home/jr018429# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup root@emachine:/home/jr018429#
ufw disable- unloads the firewall and disables it on boot-up.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw disable Firewall stopped and disabled on system startup root@emachine:/home/jr018429#
ufw allow port/optional: protocol-add the allow rule defined by the allow argument.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow 22/tcp Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere (v6) root@emachine:/home/jr018429#
ufw deny port/optional: protocol-add deny rule defined by the deny argument.
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw deny 23 Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 23 DENY Anywhere 23 DENY Anywhere (v6) root@emachine:/home/jr018429#
ufw delete allow/deny port/optional:protocol-deletes the corresponding rule.
root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 23 DENY Anywhere 23 DENY Anywhere (v6) root@emachine:/home/jr018429# ufw delete deny 23 Rule deleted Rule deleted (v6) root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429#
ufw allow/deny service/optional: port-ufw allow or deny can be used to allow or deny sevices. to allow or deny services, ufw reads from /etc/services. To see get a list of services, execute the following command line: 'less /etc/services'.
root@emachine:/home/jr018429# ufw allow ssh Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 22 ALLOW Anywhere (v6) root@emachine:/home/jr018429#
To deny a service using its service name do the following:
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw deny telnet Rule added Rule added (v6) root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 23/tcp DENY Anywhere 23/tcp DENY Anywhere (v6) root@emachine:/home/jr018429#
ufw allow/deny from a source IPaddress/optional: subnet mask
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow from 192.168.1.1 Rule added root@emachine:/home/jr018429#
ufw allow/deny proto <protocol> from <ip address/optional:subnet mask> to <ip address> port <port number>
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow proto tcp from 192.168.1.134 to any port 22 Rule added root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW 192.168.1.134 root@emachine:/home/jr018429#
An example using a 'to' ip address, the IP address of the destination machine:
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow proto tcp from 192.168.1.134 to 192.168.1.2 port 22 Rule added root@emachine:/home/jr018429#
An example using source IP address and subnet mask and 'to' or destination IP address:
root@emachine:/home/jr018429# ufw status Status: active root@emachine:/home/jr018429# ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.2 port 22 Rule added root@emachine:/home/jr018429# ufw status Status: active To Action From -- ------ ---- 192.168.1.2 22/tcp ALLOW 192.168.1.0/24 root@emachine:/home/jr018429#
ufw reset-disables and resets the firewall to installation defaults. Furthermore, after resetting the firewall, it disables it. However, once it is enabled again, one can see that the rules created earlier are now gone; ufw is back to its default state.
root@emachine:~# ufw status Status: active root@emachine:~# ufw allow 22/tcp Rule added Rule added (v6) root@emachine:~# ufw deny 23 Rule added Rule added (v6) root@emachine:~# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 23 DENY Anywhere 22/tcp ALLOW Anywhere (v6) 23 DENY Anywhere (v6) root@emachine:~# ufw reset Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)? y Backing up 'user.rules' to '/lib/ufw/user.rules.20120409_185826' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20120409_185826' Backing up 'user6.rules' to '/lib/ufw/user6.rules.20120409_185826' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20120409_185826' Backing up 'after.rules' to '/etc/ufw/after.rules.20120409_185826' Backing up 'before.rules' to '/etc/ufw/before.rules.20120409_185826' root@emachine:~# ufw status Status: inactive root@emachine:~# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup root@emachine:~# ufw status Status: active root@emachine:~#
ufw logging feature
By appending the 'verbose' to 'ufw status' the state of logging is returned:
root@emachine:/home/jr018429# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip root@emachine:/home/jr018429#
ufw logging on.off-turns logging on or off.
root@emachine:/home/jr018429# ufw logging on Logging enabled root@emachine:/home/jr018429# ufw logging off Logging disabled root@emachine:/home/jr018429#
The ufw log files are located in '/var/log/'. To get a list of ufw related logs, invoke ls with the following arguments: ls /var/log/ufw*.
root@emachine:/home/jr018429# ls /var/log/ufw* /var/log/ufw.log /var/log/ufw.log.1 root@emachine:/home/jr018429#
If you do not have logs, invoke 'ufw status' with the verbose option. If logging is off then turn it on.
root@emachine:/home/jr018429# ufw status verbose Status: active Logging: off Default: deny (incoming), allow (outgoing) New profiles: skip root@emachine:/home/jr018429# ufw logging on Logging enabled root@emachine:/home/jr018429# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip root@emachine:/home/jr018429#
If there are no log files then check if rsyslogd is running.
root@emachine:/home/jr018429# service rsyslog status rsyslog start/running, process 453 root@emachine:/home/jr018429#
If it is not running, try to start it.
root@emachine:/home/jr018429# service rsyslog restart rsyslog start/running, process 5591 root@emachine:/home/jr018429#
Lastly, see man ufw for even more information. ufw is a powerful firewall management tool!
References
iptables
iptables is a command line program used by a system adminstrator to configure the tables provided by the Linux kernel firewall and the chains and rules stored by it. Because iptables is targeted to the system administrator, it must be executed by the root user. Different kernel modules and programs are currently used for different protocols. iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames. According to the Ubuntu IptablesHowTo (see references), on installation iptables allows all traffic by default.
iptable Commands:
- iptables -L-lists your current rules in iptables.
Executing iptable -L without being the root yields the following output:
jr018429@emachine:~$ iptables -L iptables v1.4.10: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded.
If you have just set up your computer, you will have no rules, and you will see the following output:
login as: jr018429 jr018429@192.168.1.2's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ 28 packages can be updated. 18 updates are security updates. Last login: Sat Mar 24 17:24:32 2012 from 192.168.1.1 su jr018429@emachine:~$ su Password: root@emachine:/home/jr018429# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@emachine:/home/jr018429#
Next, since iptables allows all traffic by default, we allow certain ports, ect. and then drop everything else.
First, make sure ufw is disabled so there is no interaction; is there any interaction? Sounds like a great experiment.
root@emachine:~# ufw status Status: inactive root@emachine:~#
Next, verify that there are no rules set.
root@emachine:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
- iptables -A INPUT -p PROTOCOL –dport PORT -j ACCEPT-Allows a certain protocol on a certain port.
It is a good idea to allow port 22, the ssh port, before performing a general 'DROP'. This is to prevent being accidentally locked out when working on remote systems over an SSH connection.
root@emachine:~# iptables -A INPUT -p tcp --dport 22 -j ACCEPT root@emachine:~#
Next, verify that the rule is in effect.
root@emachine:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@emachine:~#
- iptables -P INPUT DROP-general rule to 'DROP' all incoming traffic.
This is an example of how to use iptables to create a general rule to 'DROP' all incoming traffic.
root@emachine:~# iptables -P INPUT DROP root@emachine:~#
Verify that the general rule is in effect.
root@emachine:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@emachine:~#
At this point I verified that the Web browser could not connect with the Web server on the emachine, but that I could connect to it using pUTTY on port 22.
login as: jr018429 jr018429@192.168.1.2's password: Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686) * Documentation: https://help.ubuntu.com/ 24 packages can be updated. 22 updates are security updates. Last login: Sat Apr 7 23:23:09 2012 from 192.168.1.135 jr018429@emachine:~$
The following commands together, reset iptables, that is, return iptables to its default state, the state before any rules were created:
root@emachine:~# iptables -P INPUT DROP root@emachine:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@emachine:~# iptables -F root@emachine:~# iptables -X root@emachine:~# iptables -t nat -F root@emachine:~# iptables -t nat -X root@emachine:~# iptables -t mangle -F root@emachine:~# iptables -t mangle -X root@emachine:~# iptables -P INPUT ACCEPT root@emachine:~# iptables -P FORWARD ACCEPT root@emachine:~# iptables -P OUTPUT ACCEPT root@emachine:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@emachine:~#
- iptables-save > /root/working.iptables.rules - saving iptables rules to a file.
root@emachine:/# iptables-save > /root/working.iptables.rules root@emachine:/#
Check that the rules were actually saved to a file.
root@emachine:/# cd /root root@emachine:~# ls working.iptables.rules root@emachine:~# nano working.iptables.rules # Generated by iptables-save v1.4.10 on Mon Apr 9 19:50:54 2012 *mangle :PREROUTING ACCEPT [1162:84209] :INPUT ACCEPT [1162:84209] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [963:156432] :POSTROUTING ACCEPT [972:157080] COMMIT # Completed on Mon Apr 9 19:50:54 2012 # Generated by iptables-save v1.4.10 on Mon Apr 9 19:50:54 2012 *nat :PREROUTING ACCEPT [7:1086] :INPUT ACCEPT [4:392] :OUTPUT ACCEPT [5:358] :POSTROUTING ACCEPT [5:358] COMMIT # Completed on Mon Apr 9 19:50:54 2012 # Generated by iptables-save v1.4.10 on Mon Apr 9 19:50:54 2012 *filter :INPUT DROP [18:540] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :ufw-after-forward - [0:0] :ufw-after-input - [0:0] :ufw-after-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-output - [0:0] :ufw-before-forward - [0:0] :ufw-before-input - [0:0] :ufw-before-logging-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-output - [0:0] :ufw-logging-allow - [0:0] :ufw-logging-deny - [0:0] :ufw-not-local - [0:0] :ufw-reject-forward - [0:0] :ufw-reject-input - [0:0] :ufw-reject-forward - [0:0] :ufw-reject-input - [0:0] :ufw-reject-output - [0:0] :ufw-skip-to-policy-forward - [0:0] :ufw-skip-to-policy-input - [0:0] :ufw-skip-to-policy-output - [0:0] :ufw-track-input - [0:0] :ufw-track-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-input - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] :ufw-user-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-output - [0:0] -A INPUT -j ufw-before-logging-input -A INPUT -j ufw-before-input -A INPUT -j ufw-after-input -A INPUT -j ufw-after-logging-input -A INPUT -j ufw-reject-input -A INPUT -j ufw-track-input -A FORWARD -j ufw-before-logging-forward -A FORWARD -j ufw-before-forward -A FORWARD -j ufw-after-forward -A FORWARD -j ufw-after-logging-forward -A FORWARD -j ufw-reject-forward -A OUTPUT -j ufw-before-logging-output -A OUTPUT -j ufw-before-output -A OUTPUT -j ufw-after-output -A OUTPUT -j ufw-after-logging-output -A OUTPUT -j ufw-reject-output -A OUTPUT -j ufw-track-output -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-before-forward -j ufw-user-forward -A ufw-before-input -i lo -j ACCEPT -A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-input -m state --state INVALID -j ufw-logging-deny -A ufw-before-input -m state --state INVALID -j DROP -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A ufw-before-input -j ufw-not-local -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT -A ufw-before-input -j ufw-user-input -A ufw-before-output -o lo -j ACCEPT -A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -j ufw-user-output -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-logging-deny -m state --state INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP -A ufw-skip-to-policy-forward -j DROP -A ufw-skip-to-policy-input -j DROP -A ufw-skip-to-policy-output -j ACCEPT -A ufw-track-output -p tcp -m state --state NEW -j ACCEPT -A ufw-track-output -p udp -m state --state NEW -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable -A ufw-user-limit-accept -j ACCEPT COMMIT # Completed on Mon Apr 9 19:50:54 2012 root@emachine:/#
- iptables-restore < /root/working.iptables.rules - restoring iptables rules from a file.
root@emachine:~# iptables-restore < /root/working.iptables.rules root@emachine:~#
To restore iptables rules on reboot automatically, add the iptables-restore line to the /etc/rc.local file. Make sure that the full path to 'iptables-restore' is used: '/sbin/iptables-restore < /root/working.iptables.rules' .
Besides 'iptables -A INPUT -p XXX –dport XX -j ACCEPT' and 'iptables -P INPUT DROP', there are some other common invocations of iptables which are worth knowing:
- iptables -P FORWARD DROP - set the default policy on the FORWARD chain to DROP; we're not using the target computer as a router so there should not be any packets passing through it.
- iptables -P OUTPUT ACCEPT - set the default policy on the OUTPUT chain to ACCEPT as we're going to allow all outgoing traffic.
- iptables -L -v - iptables listing verbose.
references
netstat
netstat or network statistics is a command-line interface application that displays network connections, incoming and outgoing, routing tables, and other network interface data. It is available on Unix, Unix-like, and Windows NT-based operating systems.
references
DATA Objectives
Objective 1-Linked List Data Structures
To learn about the Linked-Lists data structures and the operations that can be performed on them.
Method
One way to measure academic achievement is through the grading system. I will track my grades.
Objective 2-Stack Data structure
To learn about and use stack data structures and the operations that can be performed on them.
Method
I will use the grading system to measure academic success.
Objective 3-Queue Data Structure
To learn about the queue data structurte and the operations that can be performed on them.
Method
I will use the grading system to measure academic success.
SYSPROG Objectives
Objective 1-Threads
To learn about and write programs utilizing threads.
Method
I will use the grading system to measure academic success.
Objective 2-Server/Client Applications
To learn about and write server/client applications.
Method
I will use the grading system to measure academic success.
Objective 3
To learn about fork and use it to create child processes.
Method
I will use the grading system to measure academic success.
HPC1 Objectives
Objective 1-Home Network
To gain proactical experience with computer networks by setting up a home network for personal use, but also to conduct experiments and develop project for HPC1.
Method
Whether or not I can setup the network and get it to work, that will be the criteria I use to judge whether or not this project is a success. I will also use my course grade as a measure of my success.
Measurement
At Christmas time, I purchased a Cisco Linksys E1200 Wireless Router/Switch with which to connect my laptop which has wireless. I connected the router and configured it, using the software which came with it, and got it to 'talk' to it successfully. Next, I wanted to add a PC with which to conduct experimets and develop HPC1 projects. Unfortunately the PC I have is an emachine T1096 with 512MB of memory and a Celeron processor. Furthermore, it didn't have a network adapter; it also had a CD drive which didn't work. Its resident operating system was Windows XP Home Edition; I wanted to change it to a Linux distribution. I was able to perform the following tasks to get the emachine to function on my Ethernet network:
- Add a network adapter
- Repair its CD drive
- Load a Linux distribution on its hard drive
- Load the appropriate driver for the network adapter (Bonzai inux)
- Turn on its DHCP client so that it could receive a IP Address, Subnet mask, Default gateway from the network (Bonzai Linux).
- Physically connect it to my network router/switch
Analysis
I was able to complete all of the steps required to assemble and configure a home network having more than one type of operating system on its hosts. Furthermore, these hosts were connected to the network using more than one type of communication medium. In the case of the emachine, I loaded an operating distribution, configured it so that the operating system could use it (loaded a driver), and turned on its DHCP client so that it could receive its IP address, subnet mask, and default gateway from the router/switch's DHCP server.
Objective 2-Web server
To gain experience with, and learn more about Web servers and related packages by loading them on one of my home network's hosts (emachine desktop pc).
Method
Whether or not I can setup and configure a Web server along with related packages and get them to work, that will be the criteria I use to judge whether or not this project is a success. I will also use my course grade as a measure of my success.
Measurement
I loaded, via the command line, the Apache2 Web server successfully. I configured the Web server to also listen at port 8080. I tested this functionality by placing the IP address of the Webserver into a web browser of a remote computer also on the network, and submitted an http request. Success! the default Web page was returned. I then appended the Web address of th Web server with :8080 in the Web browser and again submitted an http request. Success! the default Web page was returned. Next, I also loaded PHP5 via the command line successfully. I tested PHP by first creating a PHP document which contained php scripting; the scripting consisted of a call of the phpinfo() function. I then entered the IP address of the Web server into the Web browser and appended the address with the name of the PHP document (/phpinfo.php). Success! the PHP information was returned. In order to write and test PHP scripting on my laptop. I found Wamp Server. Wamp Server s a Windows web development environment. One can create web applications with Apache2, PHP and a MySQL database. Wamp Server is available http://www.wampserver.com/en/ .
Analysis
I was able to complete all of the steps required to install and configure a Web server and related packages. I plan to use the Web server and PHP to control hardware remotely.
Objective 3
State the course objective; define what that objective entails.
Method
State the method you will use for measuring successful academic/intellectual achievement of this objective.
Measurement
Follow your method and obtain a measurement. Document the results here.
Analysis
Reflect upon your results of the measurement to ascertain your achievement of the particular course objective.
- How did you do?
- Room for improvement?
- Could the measurement process be enhanced to be more effective?
- Do you think this enhancement would be efficient to employ?
- Could the course objective be altered to be more applicable? How would you alter it?
Experiments
Experiment 1
Question
The code I have seen, frees dynamically allocated memory and then sets pointers to NULL. Is deallocated memory available to the system immediately after being deallocated?
Resources
- Chapter 1-Understaning Unix/Linux Programming A Guide to Theory and Practice by Bruce Molay
Hypothesis
I believe that once the dynamically allocated memory has been freed, it immediately becomes availble to the system for reallocation. Further, because the memory is managed by the kernel, Once the memory has been deallocated, a write to the memory location without reallocating will probably return a segfault.
Experiment
I wrote the following program to verify how the system (the kernel) manages dynamically allocated memory.
//deallocTest.c //John T. Rine //September 26, 2011 #include<stdio.h> #include<stdlib.h> struct Node { int data; struct Node * prev; struct Node * next; }; typedef struct Node node; void createList(node **, node **, int); void deallocListHead(node *); node *array[10] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}; int main(int argc, char **argv) { node *head, *tail; head = NULL; tail = NULL; printf("Creating a linked list of 10 nodes...\n"); createList(&head, &tail, 10); int i = 0; for(i = 0; i < 10; i++) printf("Address stored in array[%d]is: 0x%x\n",i, array[i]); i = 1; node *temp; temp = head; while(temp != NULL) { temp-> data = i; temp = temp->next; i++; } printf("Printing addresses of nodes before freeing...\n"); int counter = 0; temp = head; while(temp != NULL) { printf("Address of node %d is 0x%x\n", counter, temp); printf("Data of this node is %d\n", temp->data); counter++; temp = temp->next; } printf("Preparing to deallocat list memory allocated previously...\n"); deallocListHead(head); printf("Printing addresses of nodes after freeing...\n"); counter = 0; temp = head; while(temp != NULL) { printf("Address of node %d is 0x%x\n", counter, temp); printf("Data of this node is %d\n", temp->data); counter++; temp = temp->next; } printf("Will now attempt to put data into the nodes...\n"); for (i = 0; i < 10; i++) { array[i]->data = i; printf("array[%d] = 0x%x\tarray[%d]->data = %d\n", i, array[i], i, array[i]->data); } getchar();//to hold the console window open in Windows I am using MinGW! } void createList(node **headd, node **taill, int elements) { int i; int counter = 1; node *new, *head, *tail; new = head = tail = NULL; for(i = 1; i<=elements; i++) { if (head == NULL) { head = (node *) malloc(sizeof(node)); tail = head; array[0] = head; head->prev = NULL; head->next = NULL; } else { new = (node *) malloc(sizeof(node)); array[counter] = new; counter++; new->prev = tail; new->next = NULL; tail->next = new; tail = new; } } *headd = head; *taill = tail; } void deallocListHead(node *head) { node *temp; node *temp2; temp = NULL; temp2 = NULL; temp = head; while(temp != NULL) { temp2 = temp->next; free(temp); temp = temp2; } }
Data
I collected data for this experiment from the output of the program listed above.
lab46:~/src/data$ ./deallocTest Creating a linked list of 10 nodes... Address stored in array[0]is: 0x7ea010 Address stored in array[1]is: 0x7ea030 Address stored in array[2]is: 0x7ea050 Address stored in array[3]is: 0x7ea070 Address stored in array[4]is: 0x7ea090 Address stored in array[5]is: 0x7ea0b0 Address stored in array[6]is: 0x7ea0d0 Address stored in array[7]is: 0x7ea0f0 Address stored in array[8]is: 0x7ea110 Address stored in array[9]is: 0x7ea130 Printing addresses of nodes before freeing... Address of node 0 is 0x7ea010 Data of this node is 1 Address of node 1 is 0x7ea030 Data of this node is 2 Address of node 2 is 0x7ea050 Data of this node is 3 Address of node 3 is 0x7ea070 Data of this node is 4 Address of node 4 is 0x7ea090 Data of this node is 5 Address of node 5 is 0x7ea0b0 Data of this node is 6 Address of node 6 is 0x7ea0d0 Data of this node is 7 Address of node 7 is 0x7ea0f0 Data of this node is 8 Address of node 8 is 0x7ea110 Data of this node is 9 Address of node 9 is 0x7ea130 Data of this node is 10 Preparing to deallocat list memory allocated previously... Printing addresses of nodes after freeing... Address of node 0 is 0x7ea010 Data of this node is 0 Address of node 1 is 0x7ea030 Data of this node is 8298496 Address of node 2 is 0x7ea050 Data of this node is 8298528 Address of node 3 is 0x7ea070 Data of this node is 8298560 Address of node 4 is 0x7ea090 Data of this node is 8298592 Address of node 5 is 0x7ea0b0 Data of this node is 8298624 Address of node 6 is 0x7ea0d0 Data of this node is 8298656 Address of node 7 is 0x7ea0f0 Data of this node is 8298688 Address of node 8 is 0x7ea110 Data of this node is 8298720 Address of node 9 is 0x7ea130 Data of this node is 8298752 Will now attempt to put data into the nodes... array[0] = 0x7ea010 array[0]->data = 0 array[1] = 0x7ea030 array[1]->data = 1 array[2] = 0x7ea050 array[2]->data = 2 array[3] = 0x7ea070 array[3]->data = 3 array[4] = 0x7ea090 array[4]->data = 4 array[5] = 0x7ea0b0 array[5]->data = 5 array[6] = 0x7ea0d0 array[6]->data = 6 array[7] = 0x7ea0f0 array[7]->data = 7 array[8] = 0x7ea110 array[8]->data = 8 array[9] = 0x7ea130 array[9]->data = 9
Analysis
Because the data in the memory locations after freeing is different, one can surmise that yes, after being deallocated, memory is free for use by the system (kernel).
Before deallocation:
Printing addresses of nodes before freeing... Address of node 0 is 0x7ea010 Data of this node is 1 Address of node 1 is 0x7ea030 Data of this node is 2 Address of node 2 is 0x7ea050 Data of this node is 3 Address of node 3 is 0x7ea070 Data of this node is 4 Address of node 4 is 0x7ea090 Data of this node is 5 Address of node 5 is 0x7ea0b0 Data of this node is 6 Address of node 6 is 0x7ea0d0 Data of this node is 7 Address of node 7 is 0x7ea0f0 Data of this node is 8 Address of node 8 is 0x7ea110 Data of this node is 9 Address of node 9 is 0x7ea130 Data of this node is 10
After deallocation of memory:
Preparing to deallocat list memory allocated previously... Printing addresses of nodes after freeing... Address of node 0 is 0x7ea010 Data of this node is 0 Address of node 1 is 0x7ea030 Data of this node is 8298496 Address of node 2 is 0x7ea050 Data of this node is 8298528 Address of node 3 is 0x7ea070 Data of this node is 8298560 Address of node 4 is 0x7ea090 Data of this node is 8298592 Address of node 5 is 0x7ea0b0 Data of this node is 8298624 Address of node 6 is 0x7ea0d0 Data of this node is 8298656 Address of node 7 is 0x7ea0f0 Data of this node is 8298688 Address of node 8 is 0x7ea110 Data of this node is 8298720 Address of node 9 is 0x7ea130 Data of this node is 8298752
Furthermore, I was able to successfully write data to the former memory locations of the nodes. The first column of data contains the addresses of the nodes. The second column contains the data read immediately after writing it to the data fields of the former nodes.
Will now attempt to put data into the nodes... array[0] = 0x7ea010 array[0]->data = 0 array[1] = 0x7ea030 array[1]->data = 1 array[2] = 0x7ea050 array[2]->data = 2 array[3] = 0x7ea070 array[3]->data = 3 array[4] = 0x7ea090 array[4]->data = 4 array[5] = 0x7ea0b0 array[5]->data = 5 array[6] = 0x7ea0d0 array[6]->data = 6 array[7] = 0x7ea0f0 array[7]->data = 7 array[8] = 0x7ea110 array[8]->data = 8 array[9] = 0x7ea130 array[9]->data = 9
Conclusions
In conclusion, dynamically allocated memory that has been freed can be used by the kernel immediately after it has been freed. Also, even though dynamically allocated memory has been freed it is possible to write to it without causing a segmentation fault.
Experiment 2 (HPC 1)
Question
Can communications on well known ports be blocked and if so how?
Resources
After much research I found that ports are blocked by the router by default, however, they can be forwarded to a particular IP address as required. Also, at the machine, ports can be allowed or disallowed access.
Hypothesis
I believe it is possible to block communications on well known ports by not forwarding the port from the router to a particular IP address; I also believe it is possible to disallow communications on ports at a particular machine.
Experiment
I will attempt to access the well known HTTP port (80) on which my Web server is running using my Web browser. I will attempt to connect to the Web server under all sets of conditions of forwarding and not forwarding ports from the switch and allowing/disallowing communications on a particular port at the machine running the Web server. To block communications on a particular port at the machine running the Web server, I will use a Ubuntu tool called UFW (Uncomplicated Fire Wall) which makes working with iptables easier.
Data
Data from ufw experiment:
- With ufw disabled, http requests to the static IP address (192.68.1.2) of the target machine's web server via port 80 were successful.
- With ufw disabled, ssh on port 22 (pUTTY) to the static IP address (192.168.1.2) of the target machine was successful.
- With ufw disabled, http requests to the static IP address (192.168.1.2) of the target machine's Web server via port 8080 were successful. The Web server was previously modified to listen on port 8080.
- with ufw active but no rules, http requests to the static IP address (192.168.1.2) of the target machine's Web server via port 80 were successful.
- with ufw active but no rules, ssh on port 22 (pUTTY) to the static ip address (192.168.1.2) of the target machine failed.
- with ufw active but no rules, http requests to the static ip address (192.168.1.2) of the target machine's Web server via port 8080 were successful.
- with ufw active but no rules, http requests to the static IP address (192.168.1.2) of the target machine's Web server via port 80 failed.
- with ufw active but no rules, ssh on port 22 (pUTTY) to the static ip address (192.168.1.2) of the target machine failed.
- with ufw active but no rules, http requests to the static ip address (192.168.1.2) of the target machine's Web server via port 8080 failed. The Web server was previously modified to listen on port 8080.
- With ufw active on the target machine, when 'ufw allow 22' was executed, connecting to the target machine using ssh on port 22 was now possible.
- With ufw active on the target machine, when 'ufw allow 80' was executed, connecting to the target machine's Web server on port 80 was now possible.
- With ufw active on the target machine, when 'ufw allow 8080' was executed, connecting to the target machine's Web server on port 8080 was now possible.
Once ufw was enabled without any rules, I noticed that ssh communication to port 22 was blocked whereas http communication to port 80 and port 8080 seemed to not be blocked. I think the web pages that are returned are in the cache. I cleared the cache and retested ports 80 and 8080 using a Web browser. Once the cache had been cleared, no Web pages were returned (compare steps 4 and 6 to steps 7 and 9 above).
Data from port forwarding experiment:
With ufw enabled and with rules to allow communication to ports 22, 80 and 8080, I tested port forwarding from the router. Before performing tests using http on ports 80 and 8080 the Web broser cache was cleared each time.
- with no ports forwarded (22, 80, or 8080) http requests to the IP address assigned by the ISP (67.251.79.214) of the target machine's Web server via port 80 failed.
- with no ports forwarded (22, 80, or 8080) ssh on port 22 (pUTTY) to the IP address assigned by the ISP (67.251.79.214) of the target machine failed.
- With no ports forwarded (22, 80, or 8080) http requests to the IP address assigned by the ISP (67.251.79.214) of the target machine's Web server via port 8080 failed.
- With port 80 forwarded, http requests on port 80 to the IP address assigned by the ISP (67.251.79.214) were successful.
- with port 22 forwarded, ssh on port 22 (pUTTY) to the IP address assigned by the ISP (67.251.79.214) was successful.
- With port 8080 forwarded, http requests on port 8080 to the IP address assigned by the ISP (67.251.79.214) weres successful.
Analysis
To summarize how ufw functions, with ufw disabled, connections via ssh on port 22, and http connections via ports 80 and 8080 are possible, that is these ports are not blocked.
with ufw enabled with no rules, connections via port 22, and http connection via 80 and 8080 cannot be established, that is they are blocked.
If the browser cache is not cleared and there are pages stored from the IP address and port to which a connection is being attempted, Web pages will be returned to the browser.
With ufw enabled and rules established to allow communications to the individual ports, connections can be established on these ports.
If port 22 is allowed, an ssh connection on port 22 (pUTTY) to the target machine is possible.
If port 80 is allowed, an http connection on port 80 to the target machine is possible.
If port 8080 is allowed, and the Web server is listening on it, an http connection on port 8080 to the target machine is possible.
Conclusions
After testing ufw functionality and router port forwarding one can conclude that in order to use ports 22, 80, or 8080, the individual port must be forwarded from the router to the target machine's IP address.
Also, either ufw must be disabled, or rules to allow the individual ports must be created.
It is interesting to note that if web browser is being used to test ports 80 and 8080, that the browser cache must be cleared before testing otherwise, if an old Web page is in the cache, it will be returned rather than the browser making requests to the target IP address and port.
References
Experiment 3
Question
What is the question you'd like to pose for experimentation? State it here.
Resources
Collect information and resources (such as URLs of web resources), and comment on knowledge obtained that you think will provide useful background information to aid in performing the experiment.
Hypothesis
Based on what you've read with respect to your original posed question, what do you think will be the result of your experiment (ie an educated guess based on the facts known). This is done before actually performing the experiment.
State your rationale.
Experiment
How are you going to test your hypothesis? What is the structure of your experiment?
Data
Perform your experiment, and collect/document the results here.
Analysis
Based on the data collected:
- was your hypothesis correct?
- was your hypothesis not applicable?
- is there more going on than you originally thought? (shortcomings in hypothesis)
- what shortcomings might there be in your experiment?
- what shortcomings might there be in your data?
Conclusions
What can you ascertain based on the experiment performed and data collected? Document your findings here; make a statement as to any discoveries you've made.
Retest
If you're doing an experiment instead of a retest, delete this section.
If you've opted to test the experiment of someone else, delete the experiment section and steps above; perform the following steps:
State Experiment
Whose existing experiment are you going to retest? Prove the URL, note the author, and restate their question.
Resources
Evaluate their resources and commentary. Answer the following questions:
- Do you feel the given resources are adequate in providing sufficient background information?
- Are there additional resources you've found that you can add to the resources list?
- Does the original experimenter appear to have obtained a necessary fundamental understanding of the concepts leading up to their stated experiment?
- If you find a deviation in opinion, state why you think this might exist.
Hypothesis
State their experiment's hypothesis. Answer the following questions:
- Do you feel their hypothesis is adequate in capturing the essence of what they're trying to discover?
- What improvements could you make to their hypothesis, if any?
Experiment
Follow the steps given to recreate the original experiment. Answer the following questions:
- Are the instructions correct in successfully achieving the results?
- Is there room for improvement in the experiment instructions/description? What suggestions would you make?
- Would you make any alterations to the structure of the experiment to yield better results? What, and why?
Data
Publish the data you have gained from your performing of the experiment here.
Analysis
Answer the following:
- Does the data seem in-line with the published data from the original author?
- Can you explain any deviations?
- How about any sources of error?
- Is the stated hypothesis adequate?
Conclusions
Answer the following:
- What conclusions can you make based on performing the experiment?
- Do you feel the experiment was adequate in obtaining a further understanding of a concept?
- Does the original author appear to have gotten some value out of performing the experiment?
- Any suggestions or observations that could improve this particular process (in general, or specifically you, or specifically for the original author).