Wednesday, April 25, 2018

Security Software on Microsoft Windows 10

These instructions should also work on Microsoft Windows 7 and 8.1.

For home use, I run the following free security products on Microsoft Windows 10:
Microsoft's Enhanced Mitigation Experience Toolkit (EMET) does not work on Windows 10. Users are directed to Microsoft's Windows Defender Exploit Guard.

Saturday, April 21, 2018

Dynamic DNS For Your Changing IP Address

Anyone hosting a web service on a consumer-grade internet connections knows what happens without a static IP address... the IP address eventually changes and your web service can no longer be accessed. Many of the home-monitoring devices such as video cameras and thermostats avoid the problem of changing IP addresses by having the device connect to a centralized "phone home" service to register and provide a consistent point of access to the device.

Anyone wanting to host a service from their own machines or PCs will typically use a static IP (often with a monthly cost from the internet provider) or use a service which provides a generic, consistent means of accessing the changing IP address. These services, some free, are called "dynamic DNS". Typically, a subdomain is registered with the "dyn DNS" service, and software is installed on a device within the home network to regularly update the dyn DNS information. Thus a user will be able to go to theirExampleSubdomainName.exampleDynamicDNSservice.com, which will redirect to the actual IP address.


These instructions describe how to set up dynamic DNS using DuckDNS and updating the DuckDNS with Ubuntu 17.10.

If you have a Google account, use a web browser to log in to your gmail/google account. Otherwise, use one of the other authentication methods.

Use a web browser to go to DuckDNS.org, and authenticate the log on.

At DuckDNS, create a subdomain. Write down the name of your <subdomain>.duckdns.org.

Install software on one of your network devices to regularly update the DuckDNS configuration with your current IP. The website has extensive instructions for many operating systems.

On Ubuntu 17.10, create the directory to hold the duckdns script:
$ cd /var/opt
$ sudo mkdir duckdns
$ sudo chown install:install duckdns ## Use whatever user/group you desire.
$ chmod 750 duckdns

Place the script in the directory with the proper permissions.
$ cd duckdns

To install the updating software on Ubuntu 17.10, log in as a user and check that cron and curl are available:
install:~$ ps -ef|grep -i cron
root       650     1  0 Apr08 ?        00:00:00 /usr/sbin/cron -f
install  18295 18270  0 09:45 pts/3    00:00:00 grep --color=auto -i cron
install:~$ crontab -l
no crontab for install
install:~$ curl
curl: try 'curl --help' or 'curl --manual' for more information
install:/var/opt/duckdns$ which curl
/usr/bin/curl

If cron and curl are installed, follow the instructions at DuckDNS.org to create the file (specific to your subdomain!), install the crontab entry, and test a run of ./duck.sh.

If testing ./duck.sh fails, ensure the path to curl is pointed to the proper location for your machine. Also ensure the line in duck.sh with the curl command is actually on one line and not two or three lines.

Monitor the cron entry is running correctly:
install:~$ tail /var/log/syslog

You can now access your web service by using domain <subdomain>.duckdns.org and it will continue to resolve correctly when your ISP changes your IP address.

------------------------------------------------

The prior instructions (above) for Ubuntu 17 ran okay after the system was upgraded to Ubuntu 18. The following are changes to increase readability and debugging on Ubuntu 18.


In /var/opt/duckdns/duck.sh the file contents are the following. Please use your correct domain and token.
#!/bin/sh
DOMAINFQ="YOUR_FULLYQUALIFIEDDOMAIN_HERE.duckdns.org"
curl_out=$(echo url="https://www.duckdns.org/update?domains=YOUR_DOMAIN_HERE&token=YOUR_TOKEN_HERE" | /usr/bin/curl --insecure --silent --config - )

# Whatever is running this script (cron?) may want to direct output to a file in /tmp.
/bin/echo
/bin/date
/bin/echo duckdns updated $curl_out
/bin/echo 'dig output:'
/usr/bin/dig $DOMAINFQ | /bin/grep ^$DOMAINFQ

if [ $curl_out = "OK" ]; then
    /usr/bin/logger -p daemon.info "duckdns update ok. rc=" $curl_out
else
    /usr/bin/logger -p daemon.err "duckdns update failed. rc=" $curl_out
fi


Schedule the recurring job with crontab.
$ crontab -e
*/5 * * * * /var/opt/duckdns/duck.sh >>/tmp/duckdns.log 2>&1


Monitor the output in /tmp/duckdns.log and /var/log/syslog.

Thursday, April 05, 2018

Short Guide To Configure Linux X On Microsoft Windows

This post contains minimal instructions to run X programs on Microsoft Windows from a Ubuntu Linux machine.


On Windows, install PuTTY from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

On Windows, install Xming from https://sourceforge.net/projects/xming/?source=directory
or http://www.straightrunning.com/XmingNotes



















On Windows, run XLaunch (was installed by Xming) and go through prompts:
Display Settings "Multiple Windows"
Session Type "Start no client"
Additional Parameters "Check Clipboard box"

On Windows run PuTTY.
Load a session profile or create a session profile for a Linux machine.
In left panel, go to Connection, SSH, X11.
Click "Enable X11 Forwarding"
X display location "localhost:0.0"
Save that connection profile in PuTTY, so the X11 configuration will be there tomorrow.























On Windows, run Xming. It will run in the background without a Windows display.
On Windows, open the configured PuTTY connection that was previously configured for X11. This should open a command-window on the Linux machine. Enter the following in the command window:
$ echo $TERM
xterm
$ echo $DISPLAY
localhost:10.0


Test X by typing "xclock". A GUI clock from the Linux machine should display on the Windows machine.
Typing "xclock&" will allow you to continue to type in the command window while the xclock GUI also runs.