Author Archives: Toledo12

  • 0

Citrix Workspace App for Linux: How to trust a CA certificate?

Category:Citrix,Linux Tags : 

Objective

This article’s objective is to describe the steps involved in trusting a CA certificate in Citrix Workspace App for Linux.


Under Ubuntu / Kubuntu, after installed Citrix Workspace App for Linux, you can get this kind off error, if the certificate is not trusted by the Workspace.

13.04 - Certificate error when using Citrix Receiver - Ask Ubuntu
Citrix Workspace: Fix "You have not chosen to trust 'Entrust Root  Certification Authority'… (SSL error 61)" error on Linux | Name Reserved

Instructions

  1. Download CA certificate in PEM format. 
  2. Save the certificate with .crt file extension. 
  3. Switch to root user and copy the .crt CA certificate file to /opt/Citrix/ICAClient/keystore/cacerts/ folder. 
  4. Make sure the CA certificate file is owned by Root user and Group, and it has -rw-r–r– or 644 as the File permissions. 
  5. Run  /opt/Citrix/ICAClient/util/ctx_rehash 

Note: Location of /opt/Citrix/ICAClient/keystore/cacerts/ and /opt/Citrix/ICAClient/util/ctx_rehash may vary depending on the distribution and location you would be installing Citrix Worskpace App for Linux. Above location is on default Ubuntu Distribution installation directory /opt/Citrix/ICAClient/


  • 0

Remove Nvidia Drivers on Ubuntu

Category:Linux Tags : 

And start a new install again. Sometime the GUI crash and you cannot use the X server again.

The following command will remove the proprietary Nvidia driver:

sudo dpkg -P $(dpkg -l | grep nvidia-driver | awk ‘{print $2}’) sudo apt autoremove

Switch back to nouveau driver:

sudo apt install xserver-xorg-video-nouveau
Reboot your system

Once your system has rebooted confirm loaded nouveau modules:

lsmod | grep nouveau
nouveau              1949696  4
mxm_wmi                16384  1 nouveau
ttm                   106496  1 nouveau
drm_kms_helper        184320  1 nouveau
drm                   491520  7 drm_kms_helper,ttm,nouveau
i2c_algo_bit           16384  1 nouveau
wmi                    32768  3 wmi_bmof,mxm_wmi,nouveau
video                  49152  1 nouveau
Reboot your system

You can reinstall the Nvidia drivers using the GUI


  • 0

Foobar2000 and bitperfect on Windows 10 with Aune X1 Pro DAC

Category:DAC,Hi-FI,Windows Tags : 

Aune XS1 Pro quick review

After I read an extremely good review of the Aune XS1 on the site

https://www.audiosciencereview.com

I decided to bought one.

Of course, it was an older model from 2015, with the older 9018K2M DAC from ESS Technology.

Actually, the last Aune XS1 Pro in an improved version, with the ES9038Q2M DAC, also from ESS Technology, and with an improved power to drive your cans.

The Aune X1s Pro arrives in a nice package, high end looking box, containing a power DC adapter with removable cable, USB cable of Type A to Printer plugs (Type B), mini-CD with the drivers and manual, and 6.35mm to 3.5mm adapter.

The X1s Pro is fairly transportable and relatively compact device. It has the right dimensions to be used with personal computers or notebooks without occupying too much space.

Build quality is very good, with the whole external chassis made by very thick aluminum in a matte finish, and in this case, all silver color (Black color is also available).

The design is very elegant and discreet, but the top part is not flat, with a slight curve from the right to left sides.

The layout is pretty simple and efficient. You have on the front panel there a single button that works to switch between the four different inputs, USB, optical, coaxial, and line-in, and also to toggle between the three audio filters supported by the X1s Pro.

The large round volume knob is made of aluminum, covering an ALPS RS60112-10KAX2 pot, Japan quality.

The real panel is just more populated with all the multiple connections supported by the X1s PRO, each one is labeled

The power button and DC power input are aligned together. In the middle there are the coaxial, optical and USB input sockets.

As I said before, the chip is now an ES9038Q2M, that supports three filters modes, standard ones, Fast and Slow roll-off and Apodizing Fast.

The integrated poweramp is enough to well drive my Seinheiser HD 650.

Bass, midrange and treble are very clean. Globally, the sound is very linear and pretty neutral.

Goal

Use an Aune X1 Pro DAC, a great and well-designed DAC from a Chinese Company, and configure it for bitperfect sound under Windows 10 / LTSC / Server 2019.

We think that WASAPI is a better choice over ASIO.

Download the driver provided by Aune and install it on the computers, use default setting.

Reboot.

Connect the Aune XS1 Pro device to the computer. It should be correctly detected.

Install Foobar2000

Download foobar2000 for Windows

Take latest stable version from the Foobar2000 site

https://www.foobar2000.org/

Make a standard installation in C:\Program Files (x86)\foobar2000

Choose any default visualization from setup. It can be changed later.

PLUGINS

If you want to get bit perfect (as in no resampling or additional processing) the best way is using any of the systems that avoid going through the Windows Mixer namely ASIO or WASAP. I said, we will cover only WASAPI, which seems to us more robust with the same performance of ASIO, and with broader compatibility.

WASAPI (Latest version: 3.3):

Microsoft’s version of ASIO, most card will play using one of the WASAPI modes.

Link: WASAPI plugin homepage

Configure WASAPI process high priority automatically:

Important NOTE: In case of drop-outs, clicks and pops or stutter, WASAPI buffer size can be adjusted in Preferences->Advanced->Playback->WASAPI. Notice separate values for Event and push mode are available (see image below) so adjust the one you are using.

If your soundcard/DAC accepts Event mode, we suggest to use the prefered mode.

Also, since version 3.0 it is possible to configure independently buffers for either mode and run the WASAPI process with real time priority. To access these settings, follow this path:
File->Options->Preferences->Advanced->Playback->WASAPI

SOURCE/INPUT PLUGINS:

Foobar2000 plays the most common files like MP3, MP4, AAC, CD Audio, WMA, Vorbis, FLAC, WavPack, WAV, AIFF, Musepack, Speex, AU, SND… as standard, but this list can be enlarged to cover almost any thinkable codec by using additional plugins. Next is a recommended selection for playing most common high-resolution material:

DVD-A(Current version: 0.4.11):

DVD-Audio Decoder input plugin and Watermark Detector/Neutralizer DSP plugins for foobar2000. Decoder is capable of playing back DVD-Audio discs, ISO images, AOB, MLP and Dolby TrueHD files in full resolution. Dedicated plugin for DTS-HD playback.”-

Link: DVD Audio plugin homepage

SACD(Current version: 1.1.9):

**RECOMMENDATION** Do not install nor use the DSDIFF decoder plugin available at the Foobar2000’s component page. It is obsolete, performs worse and has less functionality than foo_sacd_plugin and can make the player crash when both DSD related plugins are installed at the same time.

Link: SACD plugin homepage

Monkey (.APE files, Latest version 2.3.1):

Adds decoding support for Monkey’s Audio files (.APE) as well as APE Link files (.APL)

Link: Monkey audio plugin homepage

Other not so common but still interesting codecs are AC3 (AKA Dolby Digital) and DTS. If you happen to have files encoded with either of these codecs the following plugins will need to be installed:

AC3

Adds decoding support for ATSC A-52 bitstream files (.AC3). Also includes a packet decoder for Matroska files containing AC3 streams

Link: AC3 plugin homepage

DTS

Adds decoding support for DTS Coherent Acoustics files (.DTS) and DTS WAV files (.DTSWAV). Also includes a packet decoder for Matroska files containing DTS streams, and a decode postprocessor which supports decoding DTS streams from 44100Hz or 48KHz 16-bit lossless PCM streams. (Implementing support for this in other inputs is beyond my control. Currently implemented formats include WAV, audio CD, FLAC, Wavpack, and TAK.)

Link: DTS plugin homepage

Configuration

PLAYBACK CONFIGURATION Disable replay gain

Some files have a tag specifying replay gain that will adjust loudness automatically for that track, when used on all files it reduces de need to reach for the amps volume potentiometer but it does so at the expense of “bit perfectness”. If you prefer to control volume with your amp’s knob this can be disabled as follows:

When “Playback” is selected in the left pane the right pane will show this:

In the second drop down list labeled “Processing” select “None”
For extra security 0dB can be selected in both the Preamp sliders.

PLAYING FILES FROM RAM IN FOOBAR2000

For those interested in playing from RAM here is are the required steps to setup Foobar2000 to load the entire file to played in RAM and play it from there instead of the HDD, this way there will no disk access during play avoiding possible mechanical noise, reducing heat and power consumption.

This only works for music files and not for large .ISOs, .CUEs or other “list” files. If a disc is ripped to a single file and loaded into Foobar2000 to play it from RAM it will be impossible to navigate tracks and guessing will be required to find the beginning and the end of each song. This can be avoided by simply ripping to an induvial file per track

When configuring the RAM buffer bear in mind total system memory, most modern PCs come at least with 3 or 4GB which should leave enough for a quite large buffer provided you are not running multiple apps when listening to music. Also, 32bit and 64bit have different requirements the later needing more RAM for system services and apps.

500,000KB (500MB) should be more than enough for an entire CD ripped to a single FLAC. If ripping to WAV the buffer may need to be increased to 800,000KB in order to make sure even the biggest file can be fully loaded. If all your music is in file per track format then 500,000KB should suffice for even 24/192 WAVs or DSD DSF or DIFF files. Note that the value entered is the maximum Foobar2000 will use only if needed, if file being played is smaller it will just use the equivalent to the file size + overhead + Foobar2000’s own code.

On the next pic the path to where to change this setting is shown:

Customizing the current track information in the status bar 

Here is an example of how it is possible customize the displayed information in the status bar (lower left part of the screen) so it shows relevant technical information about the track being played.

Clear whatever the “Status bar” box contains (see screen capture below) and paste the following into it:

%codec% | %samplerate% Hz | $iflonger(%samplerate%,6,’1 bit’,$if(%__bitspersample%,%__bitspersample% bits,’N/A’)) | %channels% | %playback_time%[ / %length%] | %bitrate% kbps | $if($info(hdcd),'(HDCD:’,) $if(%__hdcd%,PE: %__hdcd_peak_extend% LLE: %__hdcd_gain% TF: %__hdcd_transient_filter%’)’)

When applied you will get: file format, sample rate, bit depth, current time/total track time, bit rate and, in case an HDCD encoded file is played, all HDCD information.

Examples of information shown when using the above-mentioned code:

Regular Red Book (aka CD) source FLAC

regular20pcm_zpsjptqklgi

CD sourced HDCD encoded FLAC

the HDCD component decodes to 20bit and patches with ceros to 24bit hence the “24 bits” displayed

hdcd_zpsdl32nagr

High Resolution 24/192 PCM FLAC file

24-192_zpsotqnzyb7

Standard SACD quality (DSD64) file

dsd_zpshalce5f4

Higher resolution DSD256 file

dsd256_zpsrqgv9yti

Standard SACD multi channel (5.1) DSD64 file

51dsd_zps2i0n1et9

High resolution multi channel (5.1) 24/96 PCM FLAC file

51pcm_zpsrw6kbcg2

Configure Bitperfect for SACD

Download SACDDecoder

https://sourceforge.net/projects/sacddecoder/files/foo_input_sacd/

For Bitperfect mode only “foo_input_sacd.fb2k-component” needs to be installed.

First step would be configuring the plugin to use “DSD output” or “DSD+PCM” modes. Go to the menu “File” and click “Preferences”, in the left pane of the window that pops up look for Tools and, if closed, click the “+” sign to the left of the word to expand it and then click on SACD:

The difference between “DSD” and “DSD+PCM” is that the latter will send a converted to PCM stream to Foobar2000 so graphic add-ons like VU-meters, spectrographs and so on will work as they do when playing regular PCM files.

Other available items are:

  • Preferable Area: Options are: – None: it will show all available tracks on the SACD – Stereo: only stereo tracks are displayed – Multi channel: limits shown tracks to multi channel ones
  • Editable tags: Yes/No
  • Edited Master Playback: Yes/No
  • Store Tags With ISO: Yes/No (it actually doesn’t write to the ISO, it stores tag info in the plugin folder)
  • Linked 2CH/MCH Tags: When selected, tag editing of ISO files will apply to both stereo and multi channel versions of the track/tracks saving time.

Second step would be selecting to our preference or our DAC’s driver options either “DSD:ASIO:xxxxxxxxx”, “DSD:WASAPI (Event):xxxxxxxxx” or “DSD:WASAPI (Push):xxxxxxxxx” (where xxxxxxxxx our DAC’s driver name) as Foobar2000’s output device:

Better to use DSD WASAPI Event

Play Wavpack compressed files

To play Wavpack compressed files from DSF to WV in native DSD, you also need to install the plugin foo_dsd_processor.fb2k-component.

But there is another step…You have to rearrange the position of the decoder by dragging the plugin to the top position:

Check that you WV files plays in DSD 1 bit in Foobar2000:

Extra Customization

Add FLAC Converter

In case you need to convert to FLAC sound file, you need to add the FLAC converter. Download it from

https://xiph.org/flac/download.html

Take the Windows version: FLAC for Windows (command-line tools only, the file flac-X.Y.Z-win.zip contains both 32 and 64 bit binaries).

[   ]flac-1.3.2-win.zip2017-01-01 01:581.2M

Extract the 64 bits release anc copy the file to the Foobar2000 Folder. So it will ne usuable next time you need to convert a file using Foobar2000.

Ad plugin Music Spectrum

Download from

https://wiki.hydrogenaud.io/index.php?title=Foobar2000:Components/Musical_Spectrum_(foo_musical_spectrum)

Install it as a standard Foobar2000 plugin:

Play with the layout editing mode to enable it:

Rename and move the tab

Quit Editing mode.

Customize other part of UI, like the font size and color.

Extra information

Convert DFF files to DSF files with DFF to DSF conversion utility

In some case you want to convert DFF files to DSF files to support tagging. A great (and free) tools is made by Signalyst, it can be downloaded at the bottom of the page:

https://www.signalyst.com/professional.html

The tool run in command line. Just run

dff2dsf.exe file.dff file.dsf

You can use TAB autocompletion to save time.

Maria PEREZ, audiophile alcoholic ;>)

P.S The best ressources for HIFI on the Net ?

https://www.audiosciencereview.com

Other great links

https://hydrogenaud.io/

http://dr.loudness-war.info/

https://www.rtings.com/

https://diyaudioheaven.wordpress.com/

http://dr.loudness-war.info/

http://www.sengpielaudio.com/Calculations03.htm


  • 0

Install NordVPN on Ubuntu

Category:Linux,Network,Réseaux,Sécurité,Uncategorized,WAN Tags : 

1. Get the NordVPN repo setup .deb package

You can the file here. ( https://nordvpn.com/download/linux/ )

2. Install the NordVPN repository

cd Downloads
sudo apt-get install ./nordvpn-release_1.0.0_all.deb


3. Update the apt-get package list

sudo apt-get update

4. Install NordVPN

sudo apt-get install nordvpn

5. Connect to Nordvpn Server

Nordvpn Connect

You will be asked to type your Email/Username and Password.

Enable Wiregard

By default, NordVPN for Linux runs on the OpenVPN protocol. Follow these steps to switch to NordLynx:

Update your app to the latest version.

nordvpn set technology NordLynx

Reverse to OpenVPN

nordvpn set technology OpenVPN


  • 0

How do I remove old kernel in Ubuntu – Graphically ?

Category:Linux Tags : 

An alternative is Synaptic (Install withsudo apt install synaptic)

Take care !

You have to know wich kernel are you running with uname -r

Synaptic though will not attempt to verify what you are trying to remove… you could inadvertently delete your newest kernel – or even delete all of your kernels via this tool leaving you with an unbootable Ubuntu!.

Recommendation

My recommendation is to keep at least two or preferably three kernels including the latest. The reason for the recommendation is that you will have at least one/two other kernels to boot with, if for what-ever reason the latest kernel you are unable to boot with or introducing a regressed capability such as broken wireless.

Search for linux-image, right-click a kernel and choose complete removal and finally click the Apply button to delete the kernel.

Repeat the search but this time for linux-header – you can delete the associated headers for the kernel image chosen previously.

Synaptic Package Manager

Repeat the search but this time for linux-header – you can delete the associated headers for the kernel image chosen previously.

Maria Perez


  • 0

How To Upgrade Ubuntu To 20.04 LTS Focal Fossa

Category:Linux Tags : 

The latest Ubuntu release, 20.04, marks an opportunity for both LTS users and people on the previous 19.10 release to update Ubuntu and take advantage of the latest features.

Software Requirements

An existing Ubuntu 18.04 LTS or 19.10 install with root privileges.

Run your Ubuntu Update

Before you do anything, make sure that your system is already up-to-date.

$ sudo apt update
$ sudo apt upgrade
$ sudo apt dist-upgrade

This will help to ensure that the difference between packages is as small as possible.

$ sudo apt autoremove

How to Upgrade Ubuntu

Ubuntu have developed their own automatic way of upgrading between releases. It essentially scripts the traditional Debian approach. This way, you can set it up to upgrade and walk away. Ubuntu will handle the rest.

Please Note: Upgrades from 19.10 will not be enabled until a few days after 20.04’s release. Upgrades from 18.04 LTS will not be enabled until a few days after the 20.04.1 release expected in late July 2020. There are no offline upgrade options for Ubuntu Desktop and Ubuntu Server.

$ sudo apt install update-manager-core

When that finishes, run the Ubuntu upgrade utility.

$ sudo do-release-upgrade

If you’re doing this too soon, it will tell you that there is No new release found. In that case, and at your own risk, add the -d flag at the end of the command to force the upgrade. For more information read the below “No new release found” section.

$ sudo do-release-upgrade -d

Then it can takes at least 1 hour to complete…

Maria Perez


  • 0

Not a ScarletBook disc!

Category:Uncategorized

Ou encore… Can’t read Master TOC

Si certains ISO semblent ne pas fonctionner avec sacd_extract-gui-winforms-dotnet.exe, c’est qu’elles ne sont pas compatibles avec sacd_extract.exe.

Si l’extraction avait été effectuée en ligne de commande on aurait obtenu le message d’erreur suivant:

libsacdread: Not a ScarletBook disc!
libsacdread: Can’t read Master TOC.

C’est par ce que l’ISO a été créé a partie d’une console PS modifier avec un blocksize 2064 et non 2048.
Il faut donc convertir l’image ISO à un blocksize 2048.

Télécharger WinCDEmu : http://wincdemu.sysprogs.org/

– faire un clic droit sur l’ISO puis sélectionner “choisir une lettre de lecteur & monter”
– ensuite clique droit sur le lecteur CD virtuel puis puis sélectionner “créer une image ISO”

Une fois l’opération terminée la table d’allocation aura été modifiée et la l’extraction pourras commencer.


  • 0

Automatic Package Updates on CentOS 8

Category:Uncategorized

Security updates, are very important.

Under Linux it is always advisable to keep the installed packages up to date, especially when it comes to security.

This ensures that the system automatically downloads packages and performs updates without manual intervention.

The dnf-automatic is systemd units that can download package upgrades and apply them automatically.  The dnf-automatic provides three different systemd units to control the automatic update.

Below are three systemd units provided by dnf-automatic.

  • dnf-automatic-download.timer for download only
  • dnf-automatic-install.timer for download package updates and install
  • dnf-automatic-notifyonly.timer will only notify via the omitter configuration
sudo dnf install dnf-automatic

The dnf-automatic are not installed by default on the CentOS system, it’s available on the BaseOS repository. Install the dnf-automatic

Once the installation is complete, go to the ‘/etc/dnf’ directory and edit the configuration ‘automatic.conf’:

cd /etc/dnf/
nano automatic.conf

On the ‘[commands]’ section, change the ‘upgrade_type’ as you need. You can use ‘default’ for upgrading all packages or use the ‘security’ option to upgrade all packages related security.

[commands]upgrade_type = defaultdownload_updates = yes

On the ‘[emitters]’ section, uncomment the ‘system_name’ option and change the value with your hostname. Then change the ’emit_via’ option to motd, so you will be displayed about package updates on every login.

[emitters]system_name = hakase-centos8emit_via = motd

Save and close.

Automatic Install Package Upgrades

For the automatic installation of package upgrades, you can run the ‘dnf-automatic-install’ timer service.

Start the ‘dnf-automatic-install’ timer service and add it to the system boot.

sudo systemctl enable --now dnf-automatic-install.timer

After that, check the status of the dnf-automatic timer.

sudo systemctl list-timers *dnf-*

You will get the ‘dnf-automatic-install’ timer on the list.

Install timer

Now on every login action to the CentOS 8 server, you will see the summary of package upgrade applied as a motd (message of the day).

Package updates applied

And all package upgrades have been applied automatically through the ‘dnf-automatic-install’ timer service.


  • -

Installer Clamav sur CentOS 7.6

Category:Antivirus,Linux,Sécurité Tags : 

Note

ClamAV (« Clam AntiVirus »), est un logiciel antivirus pour systèmes UNIX et Linux. Il est souvent utilisé avec les serveurs de courriels pour filtrer les virus transportés par ce vecteur. Les virus ciblés sont majoritairement des virus s’attaquant au système d’exploitation Microsoft Windows, et non pas aux systèmes sur lesquels ClamAV s’installe. Toutefois, UNIX et Linux (Tout comme MacOS…) sont vulnérables à quelques dizaines de souches de virus, et il est important de protéger également les machines fonctionnant dans ces environnements, sans compter sur le fait que si ces serveurs abritent des dossiers utilisateurs, on va y trouver tout et n’importe quoi…Le 1 mars 2017, ClamAV affichait 5 902 241 signatures

Installer ClamAV

Pour installer ClamAV sur CENTOS, nous utilisons le repostory EPEL (Extra Packages for Enterprise Linux).

Installer EPEL

yum install epel-release

Installer les composants CLAMAV

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Configurer SELinux pour ClamAV

Si l’on souhaiter utiliser ClamAV avec CentOS et SELinux activé, il faut rajouter une configuration particulière afin que ClamAV puisse accéder à tous les fichiers du disque, et mettre à jour ses fichiers de définition. Permettre « antivirus_can_scan_system »:

setsebool -P antivirus_can_scan_system 1

Configuration du daemon Clam

Créer un lien symbolique sur le chemin de fichier par défaut

ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

Editer le fichier de configuration installé par le package clamd-scanner:

nano /etc/clamd.d/scan.conf

Commenter la ligne

#Example

Dé-commenter la ligne LocalSocket pour l’activer

LocalSocket /var/run/clamd.scan/clamd.sock

Sauver et quitter l’éditeur de texte

Démarrer le service et l’activer au démarrage

Démarrer le service

systemctl start clamd@scan

Et l’activer au démarrage…

systemctl enable clamd@scan

Redémarrer la machine. Pour vérifier le statut du daemon, taper

systemctl status clamd@scan

Au besoin, pour désactiver l’agent, tout de même gourmand en ressources…(Souvent ClamAV n’est utilisé que pour des analyses occasionnelles…

systemctl disable clamd@scan

Installer et configure l’updater ClamAV

Pour bénéficier des mises à jour automatique (Le package doit déjà être installé…)

yum install clamav-update

Editer le fichier de configuration:

nano /etc/freshclam.conf

Commenter la ligne d’exemple:

#Example

Editer le second fichier de configuration (dans sysconfig…):

nano /etc/sysconfig/freshclam

Comment cette ligne pour pouvoir utiliser crontab (Les mises à jour sont désactivées par défaut):

#FRESHCLAM_DELAY=disabled-warn

Sauver et quitter l’éditeur de texte. Lancer la commande freshclam pour mettre à jour la base d’antivirus. Au besoin vous pouvez créer une tâche crontab pour l’exécuter régulièrement.

freshclam

Tester votre scanner ClamAV

Il est possible de scanner en utilisant le daemon, avec clamdscan, ou en utilisant le client interactif clamscan. Les deux exemples sont fournis ici. On considère que clamdscan est plus économe en ressource, mais il faut qu’il soit chargé en mémoire, et si ce n’est pas le cas, utilisez donc clamscan.

Toujours utiliser l’option –fdpass pour donner les permissions correctes si vous utilisez le daemon clamdscan.

clamdscan --fdpass /var/log/*

Pour scanner tout votre système avec lamscan

clamscan -r /

Pour scanner tout votre système en t’ache de fond, mais seulement afficher les fichiers infectés:

clamscan -r -i / &

Pour scanner les fichiers dans tous les dossiers utilisateurs “home”

clamscan -r /home

Pour scanner les fichiers dans le dossier “home” d’un utilisateur et déplacer le fichier infecté dans le dossier =/home/USER/VIRUS

clamscan -r --move=/home/USER/VIRUS /home/USER

Pour scanner les fichiers dans le dossier “home” d’un utilisateur et supprimer le /les  fichier (s) infecté (s). Attention, les fichiers seront vraiment supprimés…

clamscan -r --remove /home/USER

  • -

Le service de notification Pushover.Net

Category:Linux,Notification,Surveillance Tags : 

Pushover.Net

Pour faire court, Pushover (https://pushover.net/) est un service qui permet de recevoir des notifications instantanées sur votre téléphone ou votre tablette depuis une grande variété de sources.

Il faut toutefois installer l’application associée qui se trouvera sur le “store” approprié.

Sur le serveur, il est possible d’utiliser une API pouvant être intégrée dans un script ou un programme, que cela soit du Bash Shell, du PHP ou du C, qui utilisera une URL du serveur Pushover.net pour générer l’alerte.

Pushover coute 5 US$ par client (Android, IOS ou desktop en plugin Chrome & Firefox) qui recevront les notifications, au maximum de 7500 par mois.

Si de nombreuses utilisations sont possibles, un cas d’école qui peut être retenu est l’installation de ce service de notification avec le logiciel de surveillance « Monit », qui enverra des alertes en fonction de l’état des services surveillés, comme Apache ou MariaDB.

Note

La procédure est donnée telle quelle, sans garantie de fonctionnement.

User Key

Après avoir créé un compte, vous recevrez votre clé utilisateur  « User Key” qui sera composée de 30 caractères alphanumériques, ex. Td5vz6wfqg6s2cmcjSkSus4p5FrF41

Api Token

Si vous souhaitez utiliser un script, il faudra préalablement créer une application qui générera une “Api Token “ également de 30 caractères alphanumériques. J’en ai créé une appelée LinuxAlert qui a créé un token utilisé dans l’exemple plus bas.

Lien avec Monit

Dans notre exemple précédent avec Monit, il était indiqué que dans les scripts de surveillance la quatrième ligne était liée à l’expédition d’une alerte via un système de push dont le tutoriel sera créé ultérieurement par une collègue, c’est donc chose faite.

… then exec "/root/pushover.sh/pushover.sh" if failed port 80 for 2 cycles then restart if 3 restarts within 5 cycles then exec "/root/pushover.sh"

En effet, cette ligne invoque le script « pushover.sh » qui nous fait notre « colle » avec le service Monit.

L’utilisation du programme cURL (client URL request library ou see URL)  est au centre du script, car il permet de créer une ressource correctement formatée qui va créer un objet d’entrée directement sur le service de Pushover.net.

Toutefois, pour que le message passe, il devra comprendre la clé du Token API créé sur le site de PushOver.net, et la clé utilisateur qui vous a été attribuée.

Tests du service PushOver.net

Avant de se lancer dans le script proprement, il est bien de faire un test de notification afin de s’assurer que tout fonctionne correctement (clés Token et utilisateur, firewall, etc…). Créer le fichier texte « alerte » avec le contenu suivant :

#!/bin/bash

curl -s \

--form-string "token=avdrt678902345d1qri86easbav3" \

--form-string "user=alsorditz8d9s9" \

--form-string "message=Hello WORLD" \

https://api.pushover.net/1/messages.json

Enregistrer et marquer le fichier comme exécutable avec

chmod +x alert

Et exécutez le script en tapant

./alert

Le script final

Immédiatement, vous devriez recevoir une notification sur votre récepteur avec le message « Hello World » depuis l’API LinuxAlert créée dans la console. Si cela fonctionne, il faudra adapter le script pour prendre en compte les entrées retournées par les actions Monit. Cela donnera

#!/bin/bash

curl -s \

--form-string "token= avdrt678902345d1qri86easbav3" \

--form-string "user= alsorditz8d9s9" \

--form-string "message=[$MONIT_HOST] $MONIT_SERVICE - $MONIT_DESCRIPTION" \

https://api.pushover.net/1/messages.json

Bons tests !

Maria Perez