Posts

Showing posts from 2008

Playing with NuFW firewall.

Image
I have played with NuFW live CD and want to share my experience. NuFW is an application layer firewall with authentication support. It allows to build SSO-based infrastructure with minimal efforts. NuFW adds user-based filtering to Netfilter, the state of the art IP filtering layer from the Linux kernel. NuFW live CD provided web-based management system for setting up network, ACL, objects and all required rules. You can see a sample screenshot of editing ACL rule. Please notice that LiveCD is not working so stable, so be ready for certain glitches. Further I'll describe sample steps for setting up firewall for certain users. First, let's set up new user account. NuFW Live CD use only local users by default, but NuFW itself support LDAP directories. So I'll create an account via KUser. Second step - create an authenticate object in Nuface: And the last step - add ACL for the user: As you can see there are nothing special in such actions. Unfortunately, I...

Google Reader shared items

I have began to share my Google Reader items which are accessible on this page: http://www.google.com/reader/shared/08144242512191999080 Maybe you will find some interesting for you from these items. Happy reading!

New Mail Dispatcher executable

I have created Windows installer package for current version of Mail Dispatcher: http://downloads.sourceforge.net/maildispatcher/maildispatcher-0.3.exe It is built with slightly outdated Python and GTK, so I have not updated the project site with this new link. After releasing new version of Mail Dispatcher I'll release a new Windows installer package built with updated frameworks.

XSL transformations in Python

I want to describe how to do XSL transformations in Python by using 4Suite . It is a really easy, and requires just a few steps: Install 4Suite technologies for Python: $ sudo yum install python-4Suite-XML Create a required XML file (for example, simple1.xml): <!-- The stylesheet to apply --> <?xml-stylesheet href="simple.xsl" type="text/xsl"?> <document cache-methods="get,post"> <title>Simple XSLT sample</title> <body> <heading>Simple XSLT sample</heading> <paragraph> This is a sample text. </paragraph> </body> </document> Create a required XSL file (for example, simple1.xsl): <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <!-- Output an XHTML/transitional document (uses html output method ...

Backup LVM file system with SELinux context

Backup is one of the most crucial operations for providing availability of the computer system. Although writing backup scripts is an easy task, there are few points with LVM and SELinux which are described below. LVM is a logical volume manager for the Linux kernel. One of the key features of LVM is generating snapshots for logical volumes. This allows the administrator to create a new block device which presents an exact copy of a logical volume, frozen at some point in time. It is very useful for backups - we can make backups without stopping volumes. Snapshots can be created with 'lvcreate' command with '-s' option. SELinux is an implementation of a flexible mandatory access control architecture in the Linux operating system. It uses file labelling with special security context. During a usual file archiving this context could be lost, so the administrator should use special archivers like 'star'. So, the administrator should use following procedure for a...

Organizing Kerberos-based infrastructure

SSO ( Single Sign-On ) is a good method for organizing enterprise-level IT infrastructure. It can reduce TCO ( Total cost of ownership ) of user management, allowing to create/modify/delete user accounts in one place without changing configurations of servers and client workstations. Let's consider Kerberos as a basis for SSO in an enterprise infrastructure in details: Log in to a workstation. Most UNIX-based OS provide authorization mechanism for logging into a workstation using Kerberos PAM modules. Windows OS-based workstations can login only to domain controller, and doesn't support standard Kerberos servers by default due to Kerberos extensions by Microsoft. But there is a bypass way - use Samba PDC with Kerberos and OpenLDAP integration ( Article in Russian , I'll translate and publish it in the blog after setting up such infrastructure on my servers). Servers. Firewall: NuFW (see corresponding article ). Email: postfix, sendmail. IM: openfire. Web: apache....

Mail Dispatcher version 0.3 is released

Image
New release of Mail Dispatcher introduces major changes in internationalization and usability of the product. Parsing mail messages was added and now they are shown in required encoding. Also a user can select preferred encoding for messages preview. Selecting dates ranges was added and now a user can select required date interval for downloaded messages. Mail Dispatcher uses special algoritm for selecting messages based on binary searching. For more information, visit site: http://maildispatcher.sourceforge.net/history.shtml

Daemonize a script

Sometimes it is required to start script as daemon (for example Django site in development mode), and I want to provide guidance how to do it in Fedora 9. First, it is required to write auxiliary bash-script for running necessary script (let's call it 'site.sh'): #!/bin/sh cd /path/to/site/ nohup python manage.py runserver 0.0.0.0:8080 --noreload > site.log & echo "${!}" > /var/run/site.pid In this script I changed directory to site location, and ran it via 'nohup' command. Also I took PID of created process via '${!}' to manage it later. This script should be run under root privileges and should be checked via 'ps aux | grep python' for equality of PID of running process and stored in /var/run/site.pid. If everything is fine, let's move forward and create init-script (let's call it 'site'): #! /bin/sh # Startup script for site # # chkconfig: 2 96 04 # description: site service # Source function library. ....

Django admin changes in SVN trunk

Recently in Django SVN trunk all admin interface changed to newforms. It doesn't have backward compatibility, so I provide some hints to upgrade existing Django applications. There are at least 3 steps for upgrading: Update urls.py to follow new admin URLs. Update admin classes. Change all newforms imports. Update urls.py to follow new admin URLs. Initially urls.py looks like: urlpatterns = patterns('', (r'^admin/', include('django.contrib.admin.urls')), ) Now it should look like: from django.contrib import admin admin.autodiscover() urlpatterns = patterns('', (r'^admin/doc/', include('django.contrib.admindocs.urls')), (r'^admin/(.*)', admin.site.root), ) Update admin classes. Initially admin classes were a part of model classes. Now they should be moved to independent classes. If a model had empty class: class Model1(models.Model): class Admin: pass Now it is enough just register a model...

Adding security features to Django projects

Security is most valuable feature of any software, and each developer should keep in mind security issues during programming. In this article I show how to restrict user's access to view, but not modify objects in Django project. It could be an equivalent of 'Readers' field in Lotus Notes/Domino application. First of all, let's set up Django . Check out Django’s main development branch (the ‘trunk’) like so: svn co http://code.djangoproject.com/svn/django/trunk/ django-trunk Install it: cd django-trunk sudo python setup.py install Create project, which be called 'secure_site': django-admin.py startproject secure_site Test the installation - start our project: cd secure_site/ chmod +x manage.py ./manage.py runserver 9000 Open browser by URL: http://localhost:9000/ and if 'It worked!' page is shown, then go further. Create two applications - sample (for testing) and secure (for handling security information): ./manage.py startapp sample ....

My sf.net projects

I manage few projects on sf.net , and hope that they will be useful for community: Mail Dispatcher - A tool for dispatching (basically, deleting) email messages on POP3 server via Plain or SSL connection with advanced filtering capabilities. sdict2db - Parser for SDict-based format dictionaries with ability to save in a SQL server (with creating table, index and filling data) and in a text file (SDict text format). DNN Dictionary - A DotNetNuke module for translating texts using SDict-based ( http://swaj.net/sdict/ ) dictionaries. It works using AJAX mechanism so there is no pages reloading during the process of translation. DHCP Explorer - A console cross-platform tool for locating all available DHCP servers. Though there is no serious activity in these projects, I am working on them as far as possible, so wait for new updates soon.

Static code analysis tools (with multicasting chat sample)

In the modern world with the fast cycles of software development it is critical to develop applications with high quality but without long periods of testing and bug fixing. One of the key points for gaining such performance is using static code analysis tools. Let me provide some samples of such tools which can be useful for software development: Clang Static Analyzer - open source source code analysis tool that finds bugs in C, C++, and Objective-C programs; PyLint - a static code analyser for Python; Perl-Critic - a static code analysis tool for Perl; FxCop - static analysis for Microsoft .NET programs. There are many other tools, a list of which you can find in wikipedia . Let's do static code analysis of a simple multicasting chat application: Run PyLint for this script. See results below: <skipped> C: 1, 0: Missing module docstring (missing-docstring) C: 9, 0: Invalid constant name "is_listening" (invalid-name) W: 12,20: Redefining name '...

Useful designer links

One of the major problems in creating a GUI prototype for some websites or applications is developing an initial design. To make the task a little bit less complicated I've listed the websites where you can get templates and pictures for free: https://material.io/resources/icons/ - symbols for common actions and items; https://www.openwebdesign.org/ - many templates for websites available by various licenses; http://www.iconarchive.com/ - many icons for web and other applications available by various licenses; https://www.clipsafari.com/ - many icons and other images distributed under the CC0 "No Rights Reserved" license. You can copy, modify, and distribute these images, even for commercial purposes, all without asking permission. Also there are certain standards which are highly recommended to developers to follow: Material Design principles by Google; GNOME Human Interface Guidelines describe ways to create GNOME applications; Design applications for ...

Simple password generator in Python

There could be a situation when you need to create a password quickly, and do not want to bother too much about it. In this case password generators are very useful, but most of them require too many actions to do. In this article I am going to show how to create a simple utility that works from command line and just displays a line with the automatically generated password (and of course it can be used in many administrative automated tasks too). First, I create a prototype in Python shell and then write the utility itself. I recommend to use IPython shell ( https://ipython.org/ ) - it is superior to a standard Python shell in many ways. In the example below ipython3 (particularly, IPython 4.2.1 for Python 3.5.2) is used. Import 'random' module: In [1]: import random Check the generation of a random number in the required range (from 32 - space symbol to 126 - symbol '~'): In [2]: random.randrange(32, 126) Out [2]: 109 Check the conversion a number to a charact...