blog ntic de revolunet » admin

Google apps tips

admin — Tue, 10 Aug 2010 10:22:07 +0000

Some google apps setup tips. replace DOMAIN.COM with the domain you suscribed for.

DNS setup

SPF : http://www.google.com/support/a/bin/answer.py?hl=en&answer=33786
MX : http://www.google.com/support/a/bin/answer.py?answer=56217
JABBER SRV records : http://www.google.com/support/a/bin/answer.py?hl=en&answer=34143

Example zone :

@ 28800 IN TXT v=spf1 include:aspmx.googlemail.com a mx include:sfr.fr ~all
@ 28800 IN MX 5 ASPMX2.GOOGLEMAIL.COM.
@ 28800 IN MX 5 ASPMX3.GOOGLEMAIL.COM.
@ 28800 IN MX 3 ALT1.ASPMX.L.GOOGLE.COM.
@ 28800 IN MX 3 ALT2.ASPMX.L.GOOGLE.COM.
@ 28800 IN MX 1 ASPMX.L.GOOGLE.COM.
_jabber._tcp 28800 IN SRV 5 0 5269 xmpp-server.l.google.com.
_jabber._tcp 28800 IN SRV 20 0 5269 xmpp-server1.l.google.com.
_jabber._tcp 28800 IN SRV 20 0 5269 xmpp-server2.l.google.com.
_jabber._tcp 28800 IN SRV 20 0 5269 xmpp-server3.l.google.com.
_jabber._tcp 28800 IN SRV 20 0 5269 xmpp-server4.l.google.com.
_xmpp-server._tcp 28800 IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp 28800 IN SRV 20 0 5269 xmpp-server1.l.google.com.
_xmpp-server._tcp 28800 IN SRV 20 0 5269 xmpp-server2.l.google.com.
_xmpp-server._tcp 28800 IN SRV 20 0 5269 xmpp-server3.l.google.com.
_xmpp-server._tcp 28800 IN SRV 20 0 5269 xmpp-server4.l.google.com.
_xmpp-client._tcp 28800 IN SRV 5 0 5222 talk.l.google.com.
_xmpp-client._tcp 28800 IN SRV 20 0 5222 talk1.l.google.com.
_xmpp-client._tcp 28800 IN SRV 20 0 5222 talk2.l.google.com.
_xmpp-client._tcp 28800 IN SRV 20 0 5222 talk3.l.google.com.
_xmpp-client._tcp 28800 IN SRV 20 0 5222 talk4.l.google.com.

Gmail

Config Thunderbird to send/receive use Gapps via IMAP :
http://www.howtogeek.com/howto/internet/setting-up-gmail-imap-support-in-thunderbird-2x/

Migration tips :

Dont change your DNS at first

Create your gapps account http://www.google.com/apps/intl/fr/business/index.html
Activate email, gtalk, calendar, sites…
Manually replicate your actual mail server config (users, forwards, lists…) into gapps
Test it with the temporary domain
Migrate your DNS zone
Use old and new systems a few days
Breathe !

Gtalk

Create a chatback badge

gmail : http://www.google.com/talk/service/badge/New
gapps : http://www.google.com/talk/service/a/DOMAIN.COM/badge/New

Gtalk widget (iframe)

gmail : http://talkgadget.google.com/talkgadget/popout
gapps: http://hostedtalkgadget.google.com/a/DOMAIN.COM/talkgadget/client?

Use a standard jabber client

http://www.google.com/support/a/bin/answer.py?hl=fr&answer=49159

Your gmail url is : http://mail.google.com/a/DOMAIN.COM and you can create a CNAME mail.DOMAIN.com in your DNS zone that points to ghs.gmail.com.

Getting SuExec and TRAC to play nice

drax — Tue, 12 Feb 2008 00:31:35 +0000

EnvironmentError: The environment options "TRAC_ENV" or "TRAC_ENV_PARENT_DIR"
or the mod_python options "TracEnv" or "TracEnvParentDir" are missing.

Yuck. What’s more, if you’re using SuExec (like I am) then your Apache directives are ignored.

Solution: Edit your trac.fcgi and prepend the following code.

# hack for SuExec
import os;
os.environ['TRAC_ENV_PARENT_DIR'] = '/var/lib/trac'

vmsplice exploit fix and patching on Debian

drax — Mon, 11 Feb 2008 18:00:06 +0000

Some vulnerabilities in the Linux kernel where publicly disclosed on the 8th of February 2008. These can be exploited by any user to gain elevated privileges. A “local root” exploit was published Sunday which allows an arbitrary user to escalate to root privileges.

Affected versions: >= 2.6.17
Fixed in version: 2.6.24.2

Fix

You can download the vmsplice patch locally or from the official LKML thread: [PATCH] vmsplice exploit fix

Patching on Debian Etch

Update 12/02/08: Debian repositories have been updated and contain patched kernels. If you’re using a stock kernel, the following two commands should sort you out (providing you reboot afterwards).

aptitude update
aptitude upgrade

Install kernel sources

export KVER=`uname -r`
aptitude update
aptitude install linux-source-${KVER}
cd /usr/src
tar -xjf linux-source-${KVER}.tar.bz2
ln -s linux-source-${KVER} linux
cd linux

Patch kernel sources

patch < vmsplice.patch -p1

Compile kernel and install

You'll want to copy your existing kernel configuration.

cp /boot/config-${KVER} .config
make-kpkg clean
make-kpkg --initrd --append-to-version=-mykernelname kernel_image
cd ..
dpkg -i linux-image-${KVER}-mykernelname_${KVER}-mykernelname-10.00.Custom_i386.deb
reboot

References

Encrypted filesystem on OS X, Linux and Windows

drax — Sat, 02 Feb 2008 18:08:56 +0000

Finally we have a truly portable, open source, encrypted filesystem. I’ve tested a fair share of encrypted filesystem solutions. The most promising probably being encfs since it could be used with Fuse, but that only works on OS X and Linux at best.

TrueCrypt, probably the best solution available, was only working on Linux and Windows… up to now.

Some dude got impatient for the OS X port, managed to make a deal with a developper to code it for 1500$, raised those 1500$ and BAM! Bob’s you’re uncle.

The software is labelled alpha, described as beta, and used in production… w00t. Jokes aside, it’s been released for a few weeks now and no serious data-destroying bug stories have arose. Nevertheless, you might want to backup to another more trusted encrypted disk somewhere, every now and then.

Bare in mind the TrueCrypt team annouce their 5.0 release for the 4th of Febuary 2008 (that’s in 2 days) and claim OS X support. Watch this space…

Still interested? Download the software here:

OS X notes:

Your encrypted filesystem image should have a .img extension.
When mounting a hidden volume, you’ll be asked the outer volume password, then the hidden volume password.
Unmounting in finder does not dismount the image. It’s a known bug. Use ocutil -detach.

Keyboard shortcuts during OS X boot sequence

drax — Wed, 30 Jan 2008 11:46:59 +0000

Here is a list of keyboard shortcuts or hotkeys available during the boot sequence of OS X on Intel based macs although some shortcuts also work on PPC.
Shamelessly ripped off apple’s documentation article:
Startup key combinations for Intel-based Macs.

Keystroke	Description
Press C during startup	Start up from a bootable CD or DVD, such as the Mac OS X Install disc that came with the computer.
Press D during startup	Start up in Apple Hardware Test (AHT), if the Install DVD 1 is in the computer.
Press Option-Command-P-R until you hear two beeps.	Reset NVRAM
Press Option during startup	Starts into Startup Manager, where you can select a Mac OS X volume to start from. Note: Press N to make the the first bootable Network volume appear as well.
Press Eject, F12, or hold the mouse (/trackpad) button	Ejects any removable media, such as an optical disc.
Press N during startup	Attempt to start up from a compatible network server (NetBoot).
Press T during startup	Start up in FireWire Target Disk mode.
Press Shift during startup	Start up in Safe Boot mode and temporarily disable login items.
Press Command-V during startup	Start up in Verbose mode.
Press Command-S during startup	Start up in Single-User mode.
Press Option-N during startup	Start from a NetBoot server using the default boot image.

Hosting multiple SSL vhosts on a single IP/Port/Certificate with Apache2

drax — Thu, 24 Jan 2008 13:07:54 +0000

But that’s impossible!!

HTTPS is just HTTP encapsulated inside an SSL tunnel. Apache’s virtual hosts are a clever “hack” whereby the Host header in the HTTP packet is verified. This alllows a single apache instance on a single IP/Port combination to serve a (not so) infinite number of differentes sites (aka vhosts).

Problem: The SSL tunnel is created before the first HTTP packet gets sent. Apache needs an SSL certificate but doesn’t have a Host header to match, hence cannot choose a virtual host.

Solution

This trick essentially does the matching of the Host header after the SSL connection has been established. How? Via some mod_rewrite magic!

Caveats

Although I said so, it’s not really that magical. There are a few things this trick does not solve.

The SSL certificate used will be common to all SSL vhosts.
Certain Apache directives may be common to all SSL vhosts (example: SuExecUserGroup). Basically anything you can’t override in a .htaccess file will be shared amongst vhosts.

The trick

The process is only 2 steps and involves modifying your Apache configuration. I assume you have a working SSL vhost configured.

Create virtual hosts “map file”.
Modify existing SSL vhost.

1. The virtual hosts map file

Create a new file in your Apache server root. Example:/etc/apache2/ssl.map

Write a list of virtual hosts and their respective DocumentRoot. Example:

foo.example.com        /var/www/foo.example.com/
bar.example.com        /var/www/bar.example.com/
# you can even put comments!
# Alias to bar
boar.example.com        /var/www/bar.example.com/

2. Edit your SSL vhost

Open your Apache config, inside the section of your SSL vhost, include the following code or include this file: Mass SSL vhosts Apache config.

Important: Make sure to edit line 8 to include the correct path to your ssl.map file.

### Mass SSL Vhosts ###
RewriteEngine on

#   define two maps: one for fixing the URL and one which defines
#   the available virtual hosts with their corresponding
#   DocumentRoot.
RewriteMap    lowercase    int:tolower
RewriteMap    vhost        txt:/etc/apache2/ssl.map

#   1. make sure we don't map for common locations
RewriteCond   %{REQUEST_URI}  !^/cgi-bin/.*
RewriteCond   %{REQUEST_URI}  !^/icons/.*

#   2. make sure we have a Host header
RewriteCond   %{HTTP_HOST}  !^$

#   3. lowercase the hostname
RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
#
#   4. lookup this hostname in vhost.map and
#      remember it only when it is a path
#      (and not "NONE" from above)
RewriteCond   ${vhost:%1}  ^(/.*)$

#   5. finally we can map the URL to its docroot location
#      and remember the virtual host for logging puposes
RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]

Restart Apache and you’re done. You should be able to browse (in https) the vhosts you added to your ssl.map file.

Grandma says: You don’t need to reload Apache when you edit your map file. Just create the document root folder on the filesystem, add a new entry to your map and you’re good to go.

associer un protocole a un script sous windows

admin — Mon, 26 Feb 2007 18:47:58 +0000

Dans une page web, il peut etre assez pratique d’associer un script ou un programme externe quand on clique sur un lien avec un protocole spécifique. Par exemple un lien href avec comme valeur callto:0102030405 pourrait me permettre d’executer le dialer de windows en lui demandant de composer un numéro. C’est très pratique en intranet par exemple.

appeller le 01 02 03 04 05

(Notez que dans le href il y a un zéro de plus en prefixe qui me permettra de composer un numéro externe)

Il nous suffit pour cela d’ajouter au registre une petite clé, qui associera le nom de notre ‘protocole’ à un programme (faites un fichier .reg puis executez le)

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOTcallto]
@=”tst protocol handler”
“URL Protocol”=”"
[HKEY_CLASSES_ROOTcalltoshell]
[HKEY_CLASSES_ROOTcalltoshellopen]
[HKEY_CLASSES_ROOTcalltoshellopencommand]
@=”C:\WINDOWS\system32\wscript.exe “C:\dial.vbs” “%1″”

dial.vbs est un petit script qui permet de parser les arguments (ici le numéro) et de les envoyez à dial.exe, petit utilitaire permettant de composer un numéro envoyé en premier paramètre, technique inspirée de ce post sur le forum de SugarCRM.

Vous pouvez tout autant passer la main à un script Python ou autre qui fera ce que vous lui avez appris a faire avec les arguments. Attention toutefois, le programme sera éxécuté avec les droits de l’utilisateur actuel donc surement pas admin en entreprise…

Et voila, des qu’un utilisateur clique sur un lien callto, le numéro est composé sur le modem. Branchez donc l’entrée modem de votre telephone a votre PC et c’est parti pour une numérotation automatisée depuis votre page web !

Skype a son callto:0102030405, Wengo son wengo:usernick et maintenant nous avons aussi nos propres handlers… Enjoy

Squirrelmail lent ?

admin — Mon, 04 Dec 2006 01:43:41 +0000

Si vous trouvez que votre Squirrelmail devient lent avec le temps, verifiez ces 3 paramètres (vers la l.70) dans votre fichier /etc/squirrelmail/config.php. Cela vous permettra de grandement accélerer l’affichage.

$edit_identity=true;
$allow_thread_sort=true;
$allow_server_sort=true;

de EPS vers JPG en masse

admin — Fri, 06 Oct 2006 11:17:34 +0000

Ayant eu à convertir plusieurs dizaines de EPS en JPEG, voici un petit exemple de ce qu’on peut faire grâce à Linux en 2 lignes de commandes.

1- Je mets mes EPS en vrac dans différents répertoire dans un dossier ./eps puis je convertis tous mes eps en jpg grace à ImageMagick et GhostScript :

find ./eps -iname *.eps -exec convert -density 300 “{}” “{}.jpg” ;

2- je récuperes tous les fichiers jpg crées et les mets dans un dossier ./jpg :

find ./eps -iname *.jpg -exec cp”{}” ./jpg/ ;
# j’efface les eps
rm -rf ./eps

Et voila, en quelques minutes, ma machine m’a converti toutes mes images

NB :

-density 300 permet d’avoir une résolution de 300dpi (mettre 72 pour le web)
vous pouvez ajouter -size 300 pour forcer un redimensionnement de toutes les images à 300px de large

> toutes les options de la ligne de commande ici : http://www.imagemagick.org/script/command-line-options.php

SquirrelMail en Francais sur une dedibox Debian

admin — Thu, 24 Aug 2006 14:22:38 +0000

Par défaut, la traduction Francaise de SquirrelMail ne marche pas sur la dédibox car la locale installée n’est pas fr_FR mais fr_FR@euro (à juste titre). Il faut donc faire la petite manip suivante pour activer le Francais :

dans le fichier /usr/share/squirrelmail/functions/i18n.php modifier :

remplacer $languages['fr_FR']['LOCALE'] = ‘fr_FR’; par $languages['fr_FR']['LOCALE'] = ‘fr_FR@euro’;

et mettre le Francais comme langue par défaut en lancant la configuration de SquirrelMail avec un : squirrelmail-configure. Choisir en suite 10 puis saisir “fr_FR@euro” dans “Default Language”

un petit refresh et ca marche

si quelqu’un a un autre moyen, par exemple en mettant un alias de fr_FR vers fr_FR@euro , je suis preneur