Crea sito

HOWTO

HOWTO about Unix, Linux, BSD and security by Antenore Gatta

How to sync your bashrc between servers

2

Sync out of the box – Sync your bashrc using a CVS

Sync your bashrc between servers

Sync your bashrc between servers

If you work on several Unix servers you may need to keep in sync your shell profile (bashrc, kshrc, zshrc, .profile, etc).

When available on the servers, you can use Rync, or if your servers are directly connected to Internet, you can use a CVS system (bazaar, git, cvs, svn) and store your user settings, for example, on github (Using Git and Github to Manage Your Dotfiles by Smalley Creative Blog).
Obviously you can also develop a script or a software that does something similar.

A nifty alternative, sync your bashrc with ssh

When you don’t want or you cannot use one of the above methods, an alternative is to use an awesome functionality of OpenSSH.

OpenSSH allow you to set a local command to be executed every time you successfully connect to a remote host.

We can use this functionality to just execute an scp of our .bashrc on each server we connect to.

$ cat .ssh/config
Host *
PermitLocalCommand yes
LocalCommand scp -q %d/.bashrc %h:

In this example we set for all the ssh connection (Host *) that we allow ssh to execute local commands (PermitLocalCommand yes). The command is specified in the last line, where %d is substituted by the local home directory and %h by the target host.

Using Host * is not a good idea except if you have a really basic and anonymous shell profile.

I usually have Host sections in my ssh/config file based on domain names (like *.simbiosi.org) and instead of a “naked” scp I advice to use a script that transfer a list of files only if they have not been synchronized previously (may be the subject of a future article)

The big advantage of using LocalCommand is that you don’t need to keep an inventory of the servers you connect to and neither setup manually all of them.

Safe with FreeBSD + Tor + Polipo + xxxterm

11

Staying absolutely safe on the Internet is nearly impossible. However, there are certain tools and software to help achieve at least a comfortable amount of anonymity and privacy. Here I will explain how to setup a safe environment using PC-BSD (FreeBSD), TorPolipo and xxxterm.

xxxterm – a minimalist secured browser

xxxterm is a minimalist web browser with sophisticated security features built-in rather than through an add-on. In addition to providing a familiar mouse-based interface like other web browsers, it offers a set of vi-like keyboard commands for users who prefer to keep their hands on the home row of their keyboard. The default settings provide a secure environment. With simple keyboard commands, the user can “whitelist” specific sites, allowing cookies and scripts from those sites. It is ISC licensed.

Tor – The Onion router

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Polipo – a caching web proxy

Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group.

PC-BSD – a FreeBSD based Operating System

PC-BSD is a user friendly desktop Operating System based on FreeBSD. Known widely for its stability and security in server environments, FreeBSD provides an excellent base on which to build a desktop operating system. PC-BSD uses a host of popular open source window managers and uses a custom-tailored application installer that puts popular applications in easy reach of users.

How to install and use them?

This is very easy, like drinking a cup of coffee (a home made good one please!)

Software installation(user is root)

portmaster www/xxxterm www/polipo security/tor

Configure tor

cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc
  • Add/Modify the following lines in /usr/local/etc/tor/torrc
RunAsDaemon 1

Configure polipo

cp /usr/local/etc/polipo/config.sample /usr/local/etc/polipo/config
  • Add/Modify the following lines in /usr/local/etc/polipo/config
socksParentProxy = "localhost:9050"

diskCacheRoot = ""

daemonise = true

logSyslog = true

Start tor and polipo daemons

tor_enable="YES"
polipo_enable="YES"

Configure xxxterm (with your regular user)

echo “http_proxy = http://127.0.0.1:8123/” >> ~/.xxxterm.conf

Start browsing the internet safe.

xxxterm

Careful internet is watching you!!!

Using the software discussed here cannot protect you against bad behavior. For instance, it is not very wise to login using your user name and passwords (especially if you use the same password everywhere) on to websites like GMail or Facebook. Using this software will not protect you from malicious Internet sites that collect your personal information or sites that phish you. Also, software is not perfect. It may contain bugs and security holes. Do not rely completely on this software. Be careful. As pointed out by one reader, this configuration, without hiding clients DNS requests, can be dangerous in the case someone wants to find you. Therefore it’s absolutely important to run xxxterm with a socks proxy, this way the DNS query will be executed inside the tor network, giving you much more protection. To do this you can install torsock and execute xxxterm through usewithtor

portmaster net/torsocks
usewithtor xxxterm

Don’t forget to comment the proxy in the xxxterm.conf

Acknowledgements

Thanks a lot to 10wattmindtrip for the help.

Go to Top