Skimbleshanks reinstall, Part III
Last night, when I finished up, I forgot something important.
IceWM startup executable
~/.icewm/startup must me made executable to work. One of the great things about Linux is that if a file is not marked executable, it won't run. So even if I have a malicious script, it won't do anything unless it gets marked as executable, because the OS will not run it.
So, I login to a secure shell as my regular user and type: chmod +x .icewm/startup
Now, when IceWM starts, gkrellm and the X screensaver will load, but not until I install the screensaver, which I forgot to do earlier.
su -
apt-get install xscreensaver solves that. Now, I just need to do one more thing for gkrellm. It won't show my sensors yet. I type sensors-detect and follow the on-screen prompts to find my sensors.
Setting up the firewall
Setting up the firewall is pretty simple. I'm going to demonstrate a simple script that fits the needs of most workstation machines. I type su - and then pico /etc/init.d/fwallset and put in these lines:
echo "Starting firewall..."
# flush tables:
iptables -F INPUT
iptables -F FORWARD
# set default policy to silently drop packets:
iptables -P INPUT DROP
iptables -P FORWARD DROP
# set rule to allow input for replies to my requests:
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# set rule to allow input from machines on my LAN:
iptables -A INPUT -j ACCEPT -i eth0 -s 192.168.1.0/24
# set rule to allow connections from networked applications on this machine:
iptables -A INPUT -j ACCEPT -i lo
I save and exit. Then I type:
cd /etc
chmod +x init.d/fwallset
ln -s init.d/fwallset rc2.d/S19fwallset
ln -s init.d/fwallset rc3.d/S19fwallset
ln -s init.d/fwallset rc4.d/S19fwallset
ln -s init.d/fwallset rc5.d/S19fwallset
This will make the firewall start on boot. The ln lines create symbolic links to the script for each runlevel, so that I can be sure my firewall is running.
Installing Flash, etc.
The Flash plugin that works well is not the one in the repository, so I downloaded it some time ago. Unfortunately, I don't know where I got it, but Altavista is your friend. It shouldn't be hard to find.
However, when I found it (or maybe I got it from Adobe's site), it was in an RPM, so I had to run alien on it. Alien is a wonderful program that converts packages between different formats, and I used it to convert the flash-plugin into a .deb file.
Since I have it on Koko, I'll just type scp username@koko:/location/flash-plugin_9.0.48.0-1_i386.deb . (Not the solitary dot here. That's a shorthand for my current location.) It asks for my password on Koko, and then copies the file to Skimbleshanks.
I then type dpkg -i flash-plugin and at this point I get lazy and hit tab to complete the filename. One thing I love about Linux is that I rarely have to type a long filename. Tab completion is wonderful. So, dpkg will install this local package as though it were one from the repository, and life will be peachy, because Flash will work pretty well. Sorry, Linux can't fix bad Web sites.
I also grab a package of Win32 codecs (so XMMS can play WMA files) that I can't remember where I got. It was a trustworthy source. I just don't remember what it was, so I won't talk much about it, because that wouldn't help you. Suffice it to say that using your favorite search engine, you can find this package.
Customizing my IceWM menu
I'm done doing system-wide things for a while, so I type exit to return to mere mortal status. I want to have my own personalized entries in my IceWM menus, so I'll need to have a file called ~/.icewm/menu to tell IceWM what I want. I have one on Koko, so I'll just use secure copy to grab it, but it's a very simple file to edit. You can figure it out just from looking at the example menu included with IceWM. It works like this:
prog "Friendly name for program (this shows on the menu)" icon-to-show-beside-entry command-to-run arguments-to-pass-to-command
menu "submenu name" folder {
prog "Another program" icon command arguments
}
The best part is that IceWM is smart when it reads this. If a program isn't installed, it doesn't show it on the menu, so you can add items you plan to install, and when you install them, they'll show up in your personalized menu.
That's the basic stuff to set up Skimbleshanks pretty much the way Koko is. Almost everything else can be done through the GUI and the options dialogs in the individual programs. Later, I'll explore XFCE4 and write about what I discover.
IceWM startup executable
~/.icewm/startup must me made executable to work. One of the great things about Linux is that if a file is not marked executable, it won't run. So even if I have a malicious script, it won't do anything unless it gets marked as executable, because the OS will not run it.
So, I login to a secure shell as my regular user and type: chmod +x .icewm/startup
Now, when IceWM starts, gkrellm and the X screensaver will load, but not until I install the screensaver, which I forgot to do earlier.
su -
apt-get install xscreensaver solves that. Now, I just need to do one more thing for gkrellm. It won't show my sensors yet. I type sensors-detect and follow the on-screen prompts to find my sensors.
Setting up the firewall
Setting up the firewall is pretty simple. I'm going to demonstrate a simple script that fits the needs of most workstation machines. I type su - and then pico /etc/init.d/fwallset and put in these lines:
echo "Starting firewall..."
# flush tables:
iptables -F INPUT
iptables -F FORWARD
# set default policy to silently drop packets:
iptables -P INPUT DROP
iptables -P FORWARD DROP
# set rule to allow input for replies to my requests:
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# set rule to allow input from machines on my LAN:
iptables -A INPUT -j ACCEPT -i eth0 -s 192.168.1.0/24
# set rule to allow connections from networked applications on this machine:
iptables -A INPUT -j ACCEPT -i lo
I save and exit. Then I type:
cd /etc
chmod +x init.d/fwallset
ln -s init.d/fwallset rc2.d/S19fwallset
ln -s init.d/fwallset rc3.d/S19fwallset
ln -s init.d/fwallset rc4.d/S19fwallset
ln -s init.d/fwallset rc5.d/S19fwallset
This will make the firewall start on boot. The ln lines create symbolic links to the script for each runlevel, so that I can be sure my firewall is running.
Installing Flash, etc.
The Flash plugin that works well is not the one in the repository, so I downloaded it some time ago. Unfortunately, I don't know where I got it, but Altavista is your friend. It shouldn't be hard to find.
However, when I found it (or maybe I got it from Adobe's site), it was in an RPM, so I had to run alien on it. Alien is a wonderful program that converts packages between different formats, and I used it to convert the flash-plugin into a .deb file.
Since I have it on Koko, I'll just type scp username@koko:/location/flash-plugin_9.0.48.0-1_i386.deb . (Not the solitary dot here. That's a shorthand for my current location.) It asks for my password on Koko, and then copies the file to Skimbleshanks.
I then type dpkg -i flash-plugin and at this point I get lazy and hit tab to complete the filename. One thing I love about Linux is that I rarely have to type a long filename. Tab completion is wonderful. So, dpkg will install this local package as though it were one from the repository, and life will be peachy, because Flash will work pretty well. Sorry, Linux can't fix bad Web sites.
I also grab a package of Win32 codecs (so XMMS can play WMA files) that I can't remember where I got. It was a trustworthy source. I just don't remember what it was, so I won't talk much about it, because that wouldn't help you. Suffice it to say that using your favorite search engine, you can find this package.
Customizing my IceWM menu
I'm done doing system-wide things for a while, so I type exit to return to mere mortal status. I want to have my own personalized entries in my IceWM menus, so I'll need to have a file called ~/.icewm/menu to tell IceWM what I want. I have one on Koko, so I'll just use secure copy to grab it, but it's a very simple file to edit. You can figure it out just from looking at the example menu included with IceWM. It works like this:
prog "Friendly name for program (this shows on the menu)" icon-to-show-beside-entry command-to-run arguments-to-pass-to-command
menu "submenu name" folder {
prog "Another program" icon command arguments
}
The best part is that IceWM is smart when it reads this. If a program isn't installed, it doesn't show it on the menu, so you can add items you plan to install, and when you install them, they'll show up in your personalized menu.
That's the basic stuff to set up Skimbleshanks pretty much the way Koko is. Almost everything else can be done through the GUI and the options dialogs in the individual programs. Later, I'll explore XFCE4 and write about what I discover.