Schlagwort-Archive: lang:en

Install a full syslog-ng in pfsense

Some quick notes.

# Remove old syslog-ng package
pkg_info | grep syslog-ng
pkg_delete syslog-ng-1.6.12_1

# Installing new version
pkg_add -r syslog-ng

# Make sure there is a /usr/local/etc/syslog-ng.conf

# Autostart syslog-ng, edit /etc/rc.conf.local

# Disable default syslog, /etc/rc.conf.local

# Kill syslogd, start syslog-ng
kill `cat /var/run/`
/usr/local/etc/rc.d/syslog-ng start


FreeBSD based version info:

Raspberry Pi: Owncloud setup revisited

The Raspberry and owncloud ran for a few months now and I really enjoyed my own personal cloud. But I was really annoyed by the poor performance. One possible solution was to switch the sd card, which I did. I replaced the Transcend 16GB SDHC card with a 4GB one. Performance is much better now. Since setting up the system is a pretty simple and fast process, I didn’t bother about cloning the card etc. I reinstalled raspbian and followed my own guide on how to setup nginx and php and oriented on my other tutorial on how to install owncloud 6 beta. Of course I needed to change some links etc.

Some more things (I) changed:

  1. owncloud added security for trusted domains
  2. moved owncloud storage to an external usb drive
  3. changed the nginx webserver configuration: restrict to https only and …
  4. accessing php-fpm through network socket


1. If you access the webinterface of your owncloud instance using different ips, names etc., you need to add them to the „trusted_domains“ parameter.

pi@raspberrypi ~ $ sudo vi /var/www/owncloud/config/config.php

‚trusted_domains‘ =>
array (
0 => ‚′,
1 => ‚‚,

2. Connect the usb drive and use lsblk and blkid to find the needed UUID.

pi@raspberrypi ~ $ lsblk && blkid
sda 8:0 0 2,7T 0 disk
└─sda1 8:1 0 2,7T 0 part /media/usb
mmcblk0 179:0 0 3,7G 0 disk
├─mmcblk0p1 179:1 0 56M 0 part /boot
└─mmcblk0p2 179:2 0 3,7G 0 part /
/dev/mmcblk0p1: SEC_TYPE=“msdos“ LABEL=“boot“ UUID=“7D5C-A285″ TYPE=“vfat“
/dev/mmcblk0p2: UUID=“5d18be51-3217-4679-9c72-a54e0fc53d6b“ TYPE=“ext4″
/dev/sda1: LABEL=“Backup3TB“ UUID=“1D3F163D4EEC069E“ TYPE=“ntfs“

Create the mountpoint /media/usb and edit /etc/fstab to mount the drive on startup.

pi@raspberrypi ~ $ sudo mkdir /media/usb

pi@raspberrypi ~ $ sudo vi /etc/fstab
proc /proc proc defaults 0 0
/dev/mmcblk0p1 /boot vfat defaults 0 2
/dev/mmcblk0p2 / ext4 defaults,noatime 0 1
UUID=1D3F163D4EEC069E /media/usb ntfs-3g defaults,auto, uid=pi,gid=wwwdata,umask=007,users 0 0

While setting up your owncloud, you can now define /media/usb as your data storage. Not sure if there is a way to change this on a already running owncloud setup.


3. Change the nginx configuration (/etc/nginx/sites-availabe/default) according to the owncloud 6 documentation

upstream php-handler {

server {
listen 80;
return 301$request_uri; # enforce https

# HTTPS server
server {
listen 443 ssl;
server_name localhost;

root /var/www;

autoindex off;
index index.php index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/conf.d/ssl/server.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/server.key;

client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;

rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;

location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;

location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ index.php;

location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 =404;

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;

# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don’t log access to assets
access_log off;

4. Modify the php5-fpm config to listen on a netsocket.

 pi@raspberrypi ~ $ sudo vi /etc/php5/fpm/pool.d/www.conf

;listen = /var/run/php5-fpm.sock
listen =

Restart the services.

pi@raspberrypi ~ $ sudo service php5-fpm restart
pi@raspberrypi ~ $ sudo service nginx restart





Raspberry Pi: Update owncloud beta to owncloud 6

The final release of owncloud 6 is now available. Just like the update how to for beta 3, here is how to install it manually.

Download the update on your owncloud server

pi@raspberrypi ~ $  wget

pi@raspberrypi ~ $  tar xfv owncloud-6.0.0.tar.bz2


Create a backup of the files and database

pi@raspberrypi ~ $  mkdir 2013_12_12_Backup_owncloud_beta3/

pi@raspberrypi ~ $  sudo rsync -a /var/www/owncloud/ /home/pi/2013_12_12_Backup_owncloud_beta3/

pi@raspberrypi ~ $  sudo mysqldump owncloud -u root -p > /home/pi/2013_12_12_Backup_owncloud_beta3/owncloud.sql


Copy the update

pi@raspberrypi ~ $  sudo rsync –inplace -rtv owncloud/ /var/www/owncloud/

pi@raspberrypi ~ $  rm -r owncloud owncloud-6.0.0.tar.bz2


Visiting the webinterface of your installation will complete the update.

Raspberry Pi: Selfhosted cloud with ownCloud 6 beta

Quick writeup on how to install the new owncloud 6 beta on your raspberry Pi.

Disclaimer: If you want something superfast, leave this site now. If you’re looking for a really cheap way to get your own cloud (No NSA. So yay!) and give some use to your raspberry pi which is sitting on the shelf since months, here you go. Just don’t expect a 1 to 1 dropbox/drive/$whatever clone.

Prequirements: Working Raspberry Pi with Raspbian (path etc. may vary on other distributions) and a running webserver with php and ssl.

Installation on the Pi
Download the package from here, extract it, move it to the right location and set the correct user rights:

pi@raspberrypi ~ $ wget
pi@raspberrypi ~ $ unzip
pi@raspberrypi ~ $ sudo mv owncloud /var/www/
pi@raspberrypi ~ $ sudo chown -R www-data:www-data /var/www/owncloud
pi@raspberrypi ~ $ cd /var/www/owncloud/

We need to change a few settings in the php config.

pi@raspberrypi /var/www/owncloud $ sudo vi /etc/php5/fpm/php.ini


upload_max_filesize = 2M
post_max_size = 8M


upload_max_filesize = 1024M
post_max_size = 1024M

and add some lines to the end of the file (we will install apc later):

upload_tmp_dir = /srv/www/owncloud/data/temp
extension =
apc.enabled = 1
apc.include_once_override = 0
apc.shm_size = 256

Create the directory for uploads

pi@raspberrypi /var/www/owncloud $ sudo mkdir -p data/temp
pi@raspberrypi /var/www/owncloud $ sudo chown -R www-data:www-data data

After editing your webserver config according to the documentation, visit http://localhost/owncloud or http://raspberryip/owncloud and check for error messages. In my case, I got two:

1. PHP module GD is not installed. Please ask your server administrator to install the module.

So I needed to install this:

pi@raspberrypi /var/www/owncloud $ sudo aptitude install php5-gd


2. No database drivers (sqlite, mysql, or postgresql) installed.

Of course. After some searching and reading the official documentation about the database configuration, I decided to use MySQL as backend. Mainly because there will be at least two persons using the system. So I installed the mysql-server and php5-mysql package.

pi@raspberrypi /var/www/owncloud $sudo aptitude install mysql-server php5-mysql

After settings the root password, connect to your mysql server. Create a user for owncloud and a database.

pi@raspberrypi /var/www/owncloud $ mysql -u root -h localhost -p
CREATE USER ‚owncloud’@’localhost‘ IDENTIFIED BY ‚password‘;
GRANT ALL PRIVILEGES ON owncloud.* TO ‚owncloud’@’localhost‘ IDENTIFIED BY ‚password‘;

Return to http://localhost/owncloud or http://raspberryip/owncloud and complete the setup process.

Some tips to improve performance:
There are a few guides and tips on the net on how to improve performance of owncloud on your pi. Here are some of them.

1. Install the PHP Accelerator (see modified php.ini at the top)

pi@raspberrypi /var/www/owncloud $ sudo aptitude install php-apc

2. Use a cronjob to update the database and fasten up the webinterface. Open the crontab for the webserver user:

pi@raspberrypi /var/www/owncloud $ sudo crontab -u www-data -e

For updates every 15 minutes add:

*/15 * * * * php -f /var/www/owncloud/cron.php

On the webinterface go to Administration -> Cron and change the setting to Cron.

3. Disable unused apps. Disable all apps you don’t need.


Installation of the owncloud ubuntu client

pat@think:~$ wget
pat@think:~$ sudo apt-key add Release.key
pat@think:~$ echo ‚deb /‘ >> sudo tee /etc/apt/sources.list.d/owncloud-client.list
pat@think:~$ sudo aptitude update
pat@think:~$ sudo aptitude install owncloud-client

Sources: (german) (german)

Raspberry Pi: nginx Webserver with PHP and SSL

Installing the needed packages:

pi@raspberrypi ~ $ sudo aptitude install nginx php5-fpm php5-cgi php5-cli php5-common

There are different version of nginx available. For a comparison take a look at the debian wiki:

Create the needed directory and php test file for later:

pi@raspberrypi ~ $ sudo mkdir /var/www
pi@raspberrypi ~ $ echo „<?php phpinfo(); ?>“ | sudo  tee /var/www/index.php
pi@raspberrypi ~ $ sudo chown -R www-data:www-data /var/www

Setting up SSL:

pi@raspberrypi ~ $ sudo mkdir /etc/nginx/conf.d/ssl && cd /etc/nginx/conf.d/ssl
pi@raspberrypi /etc/nginx/conf.d/ssl $ sudo openssl genrsa -out server.key 2048
pi@raspberrypi /etc/nginx/conf.d/ssl $ sudo openssl req -new -key server.key -out server.csr
pi@raspberrypi /etc/nginx/conf.d/ssl $ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

And finally configure nginx:

pi@raspberrypi /etc/nginx/conf.d/ssl $ sudo vi /etc/nginx/sites-available/default

server {
listen 80;
root /var/www;
index index.php index.html index.htm;
server_name localhost;
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
try_files $uri $uri/ /index.html;

# HTTPS server
server {
listen 443;
server_name localhost;
root /var/www;
autoindex on;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/conf.d/ssl/server.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/server.key;
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
try_files $uri $uri/ /index.html;

Visit http://localhost or https://localhost and you should see your php configuration.

Raspberry Pi: Mount and unmount truecrypt on startup and shutdown

My Raspberry Pi functions as a lokal NAS and data haven for backing up remote servers and all my clients. The data is stored in a truecrypt container on an external usb harddrive. The drive is mounted on bootup, as well as the decrypted container. If you follow my notes, please be aware that the password to unlock the files is stored in cleartext in the automount script and could show up when running e.g. ps. So maybe this isn’t the right solution when you grant access to your Pi to other people.


Create the two directories to mount the external harddrive and the truecrypt container.

sudo mkdir /mnt/{usb,truecrypt}

If you use NTFS as a filesystem on your external drive, install the ntfs-3g package and try mounting the it manually first:

pi@raspberrypi ~ $ sudo aptitude install ntfs-3g
pi@raspberrypi ~ $ mount -t ntfs-3g /dev/sda1 /mnt/usb

When everything works, add the permanent mount entry to your /etc/fstab:

/dev/sda1 /mnt/usb ntfs-3g defaults 0 0

To automount the truecrypt container on startup, install truecrypt like explained here and create the two init scripts for mounting and unmounting the container.


# Provides:          tc_mount
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2
# Default-Stop:
# Short-Description: tc_mount
# Description:      Mount the truecrypt container
echo „Mounting truecrypt container“
/usr/local/bin/truecrypt -t -k „“ –protect-hidden=no –mount /mnt/usb/crypt /mnt/truecrypt/ -v -m=nokernelcrypto -p ‚YOURPASSWORD‘
exit 0


# Provides:          tc_unmount
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:
# Default-Stop:      0 1 6
# Short-Description: tc_unmount
# Description:       Unmount the truecrypt container
echo „Unmounting truecrypt containers“
/usr/local/bin/truecrypt -d
exit 0

And add them to the correct runlevels:

pi@raspberrypi ~ $ sudo update-rc.d tc_mount start 02 2 .
pi@raspberrypi ~ $ sudo update-rc.d tc_unmount stop 02 0 1 6 .



RAM Analysis – Part 1: Introduction and Obtaining the RAM image

I just found this old draft from July 2010, which I completely forgot about. This was supposed to be a series of blogposts but I didn’t had the time back then. Even this post is far from complete, but maybe it’s useful for somebody.

1.1 Introduction

This multiparted series will summarize the various aspects, possibilities and methods to obtain and analyse a computers physical memory. You can find a lot of information about memory analysis on the net and this series neither wants to nor won’t be able to cover all aspects. Part I will focus on the different methods to obtain an memory dump, which will be analyzed later. If you’re not interested in getting a memory dump and just want to take a look at its content, you can download some of the sample memory images for example from here, here, or here.

1.2 Hardware Tools

There are a few PCI cards out there, but most of them are research projects or not available to the costumer.

Tribbel PCI card
Tribble is a proof-of-concept research project by Joe Grand of Grand Idea Studio and Brian Carrier of Most information about the device can be found in this paper.

CoPilot was developed by Komoku as a malware protection and rootkit detection PCI card and was later on acquired by Microsoft.

FRED: Forensic RAM extraction device
Only a few information about this project is available on the developers website at BBN Technologies.

1.3 Software Tools

1.3.1 Windows (free)

1.3.2 Windows (paid)

1.3.2 Unix/Linux/Mac


Firewire, only for use by law enforcement

1.4 Forensic live cds


1.5 Links

How to use the Twitter API with PHP and OAuth (single user)

Since a few months, applications have to use OAuth to authenticate a Twitter account using the REST API. If you want to write a php application for just one account (like your own small webclient), you don’t have to go the „ping-pong“ way of authentication. You only need this to authenticate different users and as we only need access for one single user, it is possible to simplify the oauth authentication step. Nevertheless I find it much more comfortable to you a finished library. In this example we will use Abraham Williams‘ awesome TwitterOAuth library for PHP, which requires a minimum PHP version of 5.2.x, cURL and OpenSSL.

First you have to visit an register a new application. Choose „Browser“ as application type and set the default access level to „Read & Write“. You will need the printed „Consumer key“ and „Consumer secret“ in the next step. Also you will need the „Access Token (oauth_token)“ and „Access Token Secret (oauth_token_secret)“, which can be found under „My Access Token“ in the right menu.

Include the library in your PHP script. Change the path accordingly.


Open your config file and define the 4 needed keys like:

define(‚CONSUMER_KEY‘, ‚aAaAaAaAaAaAaAaAaAaA‘);
define(‚CONSUMER_SECRET‘, ‚bBbBbBbBbBbBbBbBbBbB‘);
define(‚OAUTH_TOKEN‘, ‚cCcCcCcCcCcCcCcCcCcC‘);
define(‚OAUTH_TOKEN_SECRET‘, ‚dDdDdDdDdDdDdDdDdDdD‘);

To connect to Twitter, add in your PHP script:


You can now use the $twitter object to interact with the Twitter API. For example fetch your user information or post an update.

$twitter->post(„statuses/update“, array(„status'“=> „First tweet using my own Twitter app!“));

Check out the TwitterOAuth documentation for more options and the Twitter documentation for available ressources.

I hope this small guide helps you getting started and I would love to see some of your results. Questions? Comments!

Public Key Authentication on OpenWRT using dropbear

OpenWRT is a linux distribution for embedded devices like a router. The installation of OpenWRT on your device instead of the original vendor’s firmware allows you to do some nifty stuff with your router like installing additional software out of openWRT’s own repository.

Although there is a package for the openSSH server available, dropbear is the default choice. To enable password-less ssh access you first need to generate the ssh keys on your client machine if you haven’t already. If you want, you can secure your key by typing in a password, otherwise just press enter.

pat@earth:~$ ssh-keygen

Next you have to transfer your public key (the file ending with .pub) to your openWRT installation.

pat@earth:~$ scp ~/.ssh/

Replace with the IP of your router. If you changed the Port of your ssh server, you have to define it using the -P parameter like scp -P 4321 etc.

Connect to your router and add the transferred public key file to your authorized_keys. Unlike OpenSSH, Dropbear doesn’t look in .ssh underneath your home directory for the authorized_keys file, so you have to create the file in /etc/dropbear/.

root@router:~# cd /etc/dropbear/
root@router:~# cat /tmp/ >> authorized_keys
root@router:~# chmod 0600 authorized_keys

Now you should be able to ssh from your client pc to your openWRT device without the need of a password.

HAMA WLAN USB-Stick 300Mbps on Ubuntu – Ralink and rt2800usb

The rt2800usb module is quite buggy, so you have to blacklist it and use rt2870sta instead.


pat@htpc:~$ lsusb
Bus 001 Device 002: ID 148f:2870 Ralink Technology, Corp.


htpc kernel: [ 5.273678] Registered led device: rt2800usb-phy0::radio
htpc kernel: [ 5.273689] Registered led device: rt2800usb-phy0::assoc
htpc kernel: [ 5.273710] Registered led device: rt2800usb-phy0::quality
htpc kernel: [ 5.274304] usbcore: registered new interface driver rt2800usb


echo blacklist rt2800usb | sudo tee -a /etc/modprobe.d/blacklist.conf
echo blacklist rt2x00usb | sudo tee -a /etc/modprobe.d/blacklist.conf

Restart and you’re fine.