Tuesday, December 11, 2012

Being prompted for Password for '(null)' GNOME keyring

You can commit your project using subversion as follows:
svn commit -m “Your comment message goes here ”  - - username <yourusername>
Then the following prompt should be displayed to you for committing your project successfully…
Password for ‘<yourusername>’:
For this password, you should provide your <yourusername> password assigned to you while hosting your project.
First time commit to your project using svn commit will work properly.
However for subsequent commit to your project, you can get the prompt like...

Password for ‘(null)’ GNOME keyring:
The reason for above error message  is multiple keyrings are present on a users system. All users will have a default keyring, and another which is only stored in memory. For each commit, gnome-keyring stores the user details in another keyring. 
To disable keyring, open the config file in the subversion from the home folder as follows:
patilkr@patilkr-desktop:~$ cd .subversion/
patilkr@patilkr-desktop:~$ ls
auth  config  README.txt  servers
Open the ‘config’ file with any text editor,
patilkr@patilkr-desktop:~/.subversion$ gedit config
Inside the text file, look for the line ‘password-stores = no’ under ‘[auth]‘ section and uncomment it & remove the value ‘no’ for it to look like ‘password-stores = ‘. 
Then, save and close config file.
Finally, open another file named ‘servers’ in any text editor,
patilkr@patilkr-desktop:~/.subversion$ gedit servers
Inside the text file, look for the line ‘store-passwords = no’ under ‘[global]‘ section and just uncomment it. 
Then, save and close ‘servers’ file.

Wednesday, September 19, 2012

User Specified Content Security Policy


Content Security Policy is a declarative policy that restricts what content can load on a page.  Its primary purpose is to mitigate Cross-Site Scripting vulnerabilities.  The core issue exploited by Cross-Site Scripting (XSS) attacks is the lack of knowledge in web browsers to distinguish between content that’s intended to be part of web application, and content that’s been maliciously injected into web application.
To address this problem, CSP defines the Content-Security-Policy HTTP header that allows web application developers to create a whitelist of sources of trusted content, and instruct the client browsers to only execute or render resources from those sources.  However, it is often difficult for developers to write a comprehensive Content Security Policy for their website.  They may worry about breaking their page by blocking unanticipated but necessary content.  They may not be able to easily change the CSP header for their site, which makes it challenging for them to experiment with policies until they find one that best protects their page without breaking site functionality.
UserCSP changes this!  A developer can now view the current policy applied to their site and create their own custom policy.  They can choose to apply their custom policy on the site, or even combine their policy with the website’s existing policy.  When combining policies, they have an option to choose from the strictest subset of the two, or the most lax subset.  They can locally test their site with the custom policy applied and tweak the policy until they have one that works.
The coolest feature of UserCSP is the Infer-CSP tab.  This feature can help a developer derive a usable and secure policy for their site.  By looking at the content the website loads, the add-on determines the strictest set of CSP rules it can apply to the site without breaking the current page.  The inferred policy is provided in the proper syntax for the CSP Header, so all a developer needs to do is start serving this policy for their site via the CSP header.
Please visit Tanvi's Blog on Mozilla for more information. 

Monday, August 27, 2012

Configure NFS on Ubuntu

Download: Fast, Fun, Awesome

Network File System (NFS) is useful to share space on other computers.

In this scenario we are going to configure NFS server on 10.1.1.15 host and NFS client on 10.1.1.17 machine.

1. Prerequisites
    Install nfs-common package on both NFS client and NFS server using following command.

     $ sudo apt-get install nfs-common

Additionally we need to install extra package on NFS server (10.1.1.15)

    $ sudo apt-get install nfs-kernel-server

This package is the actual NFS daemon listenning on both UDP and TCP 2049 ports. And portmap should be waiting for instructions on a port 111.

2. Create NFS Share on NFS Server (10.1.1.15)
Create a directory to share on NFS server(10.1.1.15).

Run following command on NFS server.

   $ mkdir /home/kailas

3. Apply Access Control Rules

In our scenario we want only 10.1.1.17 to access the nfs share.

Therefore, open /etc/exports file in any text editor (such as vi, gedit, or emacs) on NFS server (10.1.1.15).

Add following line in (/etc/exports) file.

A. Read/Write Permissions

    /home/kailas/     10.1.1.17(rw,sync)

Above line specifies that export /home/kailas directory for host with IP 10.1.1.17 with read, write permissions, synchronized mode.


B. Only Read Permissions

If you don't want to give write permission and only want to give read permission to client (10.1.1.17) then instead of above line use following line.

    /home/kailas/     10.1.1.17(ro,sync)

C. Read/Write + Root privileges

  /home/kailas/    10.1.1.17(rw,sync,no_root_squash)

Above line in "/etc/exports" file will export /home/kailas directory for host with an IP address 10.1.1.17 with read, write permissions, synchronized mode and the remote root user will be treated as a root and will be able to change any file and directory.

D. Read/Write Privilege to all computers on network

 /home/kailas/     *(rw,sync)

Above line indicates, export /home/kailas directory for any host with read, write permissions and synchronized mode.


E. Read Privilege to All computers on network

   /home/kailas/     *(ro,sync)

Above line indicates, export /home/kailas directory for any host with read only permissions and synchronized mode.


3. Restart NFS daemon

Use following command on Ubuntu to restart NFS service.

$ sudo /etc/init.d/nfs-kernel-server restart 

Note: After any modification you will made  in "/etc/exports" file please restart NFS service to reflect your changes. 


4. Mount NFS directory on client (10.1.1.17) machine

NFS client needs portmap service, simply install nfs-comman package on client (10.1.1.17)

   $ sudo apt-get install nfs-common


Make sure portmap service is running:
  $ sudo service portmap status

Sample outputs:
  portmap start/running, process 4193

If not just start it:
    $ sudo service portmap start

Create a mount directory on Client (10.1.1.17)
  $ sudo mkdir /nfs

$ sudo  mount  10.1.1.15:/home/kailas   /nfs/

To see the content of the directory use following command.
 $ ls /nfs


5. Configure automount

To make this completely transparent to end users, you can automount the NFS file system every time a user boots a Linux system. Simply edit "/etc/fstab" to mount system automatically during a system boot. You can use your favorite editor and create new line like this within /etc/fstab:

10.1.1.15:/home/kailas   /nfs/  nfs  defaults  0  0


 6. Appendix

If above steps doesn't work then please try to stop iptables or configure iptable rules to allow nfs communication.

# service iptables stop








Friday, April 27, 2012

IRC command help

The goal of this post is to play with some IRC commands.

To Register your nickname:
/msg nickserv register [password] [your@email.address.com]
You should substitute an actual password for [password] and actual email address for [your@email.address.com].  You don't need the "["brackets"]".

To identify yourself to IRC nickserv:
If your nickname is registered you can use the following command to identify to it (ensure your current nickname is that of the one you want to identify to):
/msg nickserv identify [password]
You should substitute an actual password for [password].

There are actually a number of ways to identify to a nickname. You can also identify to a nickname that you are not using at the time.
/nickserv identify [nicknamepassword

Example:
/nickserv identify PeanutButter ILovePeanutButter

To change your password:
/msg nickserv set password [YourNewPassword]

To enforce users to identify your nickname with password to protect from identity theft:
/msg nickserv set secure ON

To remove nickname currently in use:
If somehow you close your IRC but didn't get a chance to disconnect from server then server believes you are still online and you cannot use it until server recognizes it. Use following command to resolve this problem.
/nickserv ghost [nickname] [password]
For example, if your nickname is "abc123" and password is "xyz123", then command to use is as follows:

/nickserv ghost abc123 xyz123

How do I check if a nickname is registered or identified
To check if a nickname is already registered, or if someone is identified to a nickname, use the command:
   /ns info nickname

How do I change my email address?
/ns set email password email@address repeatemail@address

Somebody is on my nickname - how can I recover it?
First type:
/ns recover yournickame yourpassword

and then type:
/ns release yournickname yourpassword

After this you can just get back on your nickname.

How can I view what channels I have access in?
/ns alist

How do I view information about my nickname?
 /ns info nickname all

Alternatively, you can use following command:
/nickserv info nickname

Example:
/nickserv info PeanutButter


How do I stop people using my nickname?
First ensure that your nickname is registered! To prevent people from using your nickname without identifying to it you must set protection on your nickname. The best settings is to use 'Quick kill', which will give users 20 seconds to identify after which their nickname will be changed. To do this use:

/ns set kill quick



"I forgot my password". How to recover it?
Keep in mind that passwords are CaSe SeNsItIvE.

/nickserv sendpass [nick] [email address]

The email address that you specify must match the email address that we have on file for the nickname in question.




Monday, March 26, 2012

Unable to ping Guest VM in VirtualBox

Download: Fast, Fun, Awesome

Suppose you have installed guest OS (such as Windows, Ubuntu, etc) in VirtualBox and want to ping it from host OS then you might not be able to ping it,  if Network adapter is configured as NAT mode adapter in VirtualBox for the VM.

To solve this problem. First shutdown your gust VM. Second, change the Guest VM's network adapter settings of "Attached to" from "NAT" to "Bridged Adapter".  Also change "Name" to "vmnet1" or  any other similar name.

The cause of this problem is, in NAT mode the IP headers of any packets that are going out the guest VM are re-written to match the hosts network settings. But VirtualBox does not do any kind of reverse NAT, not even for packets originating from the host machine.  It only does it for established connections.

Hope this helps!