Saturday, March 29, 2008

Running a Script Automatically After Installing Packages

I'm rather certain that if any black-hat hacker would target my home PC he'll probably be able to own it in a matter of minutes (if not seconds). But I can't just sit there and wait for it to happen, so I do spend some effort trying to practice safe computing.

As part of this effort I've installed rootkit hunter:

aptitude install rkhunter

This tool scans my system daily, in an attempt to detect rootkits. It also performs some related generic security auditing, such as tracking modifications made to a select list of system files. Whenever a problem is detected by rkhunter it sends an email message to my local account (it's actually sent to the root user, and by default routed to me).

But guess what happens when I upgrade any package that includes files being tracked by rkhunter? - false alarms. I find myself having to update the database of files tracked by rkhunter every time I upgrade packages:

rkhunter --propupd

It only lately crossed my mind that this should be automated. All that needs to be done is coax apt to run this command after package installation is completed. A quick look at the manual page for apt.conf was enough to provide the basic method, and a bit of looking around at /etc/apt pointed me to the solution.

In order to launch a command (in this case rkhunter) after installing packages, create a file named 99local in /etc/apt/apt.conf.d, with the following contents:
DPkg::Post-Invoke { "if [ -x /usr/bin/rkhunter ]; then /usr/bin/rkhunter --propupd; fi"; };
If you intend to run more commands, you can add them in a similar manner, or place all your commands in a script and have 99local launch this script instead. Note that, according to the documentation, if the script happens to fail for some reason then apt will abort the installation process.

Thursday, March 20, 2008

totem-mozilla vs. mozilla-mplayer

Debian comes with totem as the default media player, and totem-mozilla provides plugins for iceweasel and its ilk, to view video clips embedded in web pages.

I prefer mplayer (from the Debian multimedia package repository) and mozilla-mplayer - while, in my opinion, mplayer itself is just marginally better than totem (my old laptop is challenged by both), the mplayer browser plugin is much better: embedded video clips look very similar to what you see on Window$ (with an added bonus of full-screen display), you can control the percentage of the clip that has to be downloaded before playback starts (I set it to 100% - I hate the stalls), and you can save the clip, copy its URL and more.

The totem plugin supports some mime-types that the mplayer plugin doesn't, so I keep it installed, just in case. The problem here is that when totem-mozilla is upgraded, it overrides the mplayer plugin. This can be verified in the browser via the about:plugins page - the totem plugin shows up on the top of the list - and I want mplayer to be first. But, unlike extensions and themes, there doesn't seem to be a way to manage plugins in iceweasel.

The seemingly obvious solution is to reinstall the package:
aptitude reinstall mozilla-mplayer
but this doesn't help.

I used
dpkg -L mozilla-mplayer
to list the files that are installed by this package, and found that the plugin files (.so and .xpt files) are installed at /usr/lib/mozilla/plugins.

My guess was that iceweasel sorts the plugins by the modification date of these files, so I updated their modification date (as root) like this:
touch /usr/lib/mozilla/plugins/mplayerplug-in*

I was probably right - it fixed the ordering of the plugins, and mplayer is again the default multimedia plugin.

Back to my favorite pastime activity: watching movie trailers.

Saturday, March 15, 2008

Running Applications Automatically when X Starts

I've been looking for a way to start applications automatically, when X starts. In GNOME it's just a matter of adding an entry to the list of programs that are launched when a session starts.

Other session/window managers use other methods, or do not provide a startup facility at all. In the latter case, you usually have to roll your own X startup script. But with GDM on Debian you just have to add your custom shell commands in ~/.xprofile. At the moment I use it to set the root window background color, and launch x11vnc, for non-GNOME sessions:
# start a few programs for non-gnome window managers
# the conditional is based on /etc/X11/Xsession.d/55gnome-session_gnomerc
BASESTARTUP=`basename "$1" | cut -d\ -f1`
if [ ! \
\( "$BASESTARTUP" = gnome-session -o \
\( "$BASESTARTUP" = x-session-manager -a \
"`readlink /etc/alternatives/x-session-manager`" = \
/usr/bin/gnome-session \) \) ]; then
# plug your stuff here
xsetroot -solid black
x11vnc --forever -localhost -display :0 -rfbauth .vnc/passwd &
fi
(don't forget to make it executable with chmod +x ~/.xprofile )

Monday, March 3, 2008

URL Highlighting in rxvt-unicode

urxvt is a lightweight X terminal emulator, with Unicode support. I use it instead of gnome-terminal for various reasons - none of these are important enough to mention here.

urxvt can be extended with perl, and one of the extension scripts that ship with it on Debian does URL highlighting - any text on the console window that looks like a URL is underlined, and can be opened in a browser by clicking on it. I saw this first in gnome-terminal, and was surprised - apart for being rather useful, it's an example of (original) thinking applied to an old concept.

In order to activate this feature add the following lines to ~/.Xdefaults

URxvt*perl-ext-common: default,matcher
URxvt*matcher.button: 3
URxvt*urlLauncher: x-www-browser

This will cause URLs to be underlined, and clicking mouse button 3 (left right-click on a normal right-handed mouse) while the pointer hovers over it will launch x-www-browser (which is setup as iceweasel on my box).

[24 Jun. 2008] UPDATE: I just found out that GPM doesn't work in urxvt if the URL matcher Perl extension is enabled. I can live with that - can you?