I think about installing IPsec on computers in my home LAN for some time. There are many configurations possible: tunnel mode, transport mode, peer-to-peer solution or star topology with single VPN hub. Also there are different IPsec implementations. KAME for *BSD, Openswan, strongSwan and Linux 2.6 PF_KEY implementation (which can be used with setkey and racoon or with OpenBSD’s isakmpd). Choosing one is not easy, but for me the simplest method was best. I choose Linux 2.6 PF_KEY with ipsec-tools and racoon for dynamic key exchange (now part of ipsec-tools). Its simple, easy to implement and… configuration files without any modification (except file paths) can be used also in FreeBSD (tested with 6.3-RELEASE).
And after $MAILCHECK seconds I got You have new mail in /home/kb/Maildir.
To set $MAIL for all login shells and for all user I use pam_mail. To enable checking ~/Maildir for new mail use:
Probably modification in /etc/pam.d/login and /etc/pam.d/sshd are sufficient.
S3TC (sometimes called DXTn or DXTC) is a proprietary image compression algorithm. This was patented (US Patent 5,956,431) and thus Mesa cannot use it directly nor external library can enter Debian archive. If you want to have libtxc-dxtn installed you have to do it yourself.
ZSNES is a GPL licensed emulator of the Super Famicom and Super Nintendo Entertainment System (SNES) video game systems. Large part of ZSNES is written in assembly. Fortunately it works under GNU/Linux. Debian has a zsnes package, but unfortunately only for i386. Binary package is not available for AMD64. So? Lets build one!
Ability to trace and debug software on servers is not needed for most users. Giving them right to trace processes may leak information and if ptrace() is vulnerable lead to more problems.
Sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. It can disable strace (and ltrace) altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace() call.
ESE Key Daemon is a multimedia keyboard driver for Linux. With the 2.6 kernel series it can also handle remote controls, as they are presented as keyboards. No kernel patch is required. It is a userspace program that pools /dev/input/event? interfaces for incoming keyboard key presses. Package also includes Funkey daemon for 2.4.
- ARP Discover (arpdiscover), an Ethernet scanner based on ARP protocol;
- ARP Flood (arpflood), an ARP request flooder;
- ARP Poison (arppoison), for poisoning switches’ MAC address tables.
I decided to restrict Internet access from my LAN to known IP/MAC pairs only. Primary to block Internet access from my PS3, virtual machines and computers that do not need it. Simplest way to achieve this on Linux: filter packet coming from LAN interface in FORWARD chain.
On OpenWRT custom firewall rules can be defined in /etc/firewall.user. Before creating rules we need some method to create and (easily) maintain IP/MAC pairs. I decided t use /etc/ethers and /etc/hosts that already contains MACs, hostnames nad IPs (used by dnsmasq).
Installing, configuring and using Debian GNU/Linux on Acer Aspire 5102 WLMi notebook.