I have 2 questions:


Question #1 - I have a program in my /home/tools/ directory called john. When I cd to /home/tools I can execute the command with ./john. However, I was wondering how to set up this command so I can type in 'john' from anywhere on my system and the program runs. How do I do this?


Question #2 - My server is setup so that when the power goes out then comes back on, it automatically starts back up. This works great, however, there's a problem. When the power goes out, so does my cable modem. The computer boots up before the cable modem connects, and therefore my server does not pull an IP, so it's dead in the water until I reboot it.

Is there a way at startup to detect if my server was Improperly shut down, and if it was, wait 10 minutes then reboot? If it was properly shut down, then run normally and DO NOT reboot?

1) I suggest to create a subdirectory /home/tools/bin,
put all your executables into it and add it in your path,
say for system-wide, create :
/etc/profile.d/tools.sh
with content :
then chmod +x /etc/profile.d/tools.sh
(create the bin sub dir is not mandatory but is standard way
and if you want add man pages or docs you can create
man or docs sub dir as well)

For question 1, you've got two options: the first is to add the directory /home/tools to your PATH environment variable. This probably isn't a very good idea though. A better option would be to create a symlink in a directory in your PATH to this script. For example: ln -s /home/tools/john /usr/bin/john (you'll need to be root to do this, but will be able to run the program with the same permissions as before).

I'm afraid I can't help you with question 2 though.

This normally does the trick for me, get the Slackbuild or source code (in this case the source since there is no Slackbuild for john the ripper) and a program called createpkg. Make the package for john and install it. much easier to upgrade and remove. you should try rainbow crack its very nice when your looking for common passwords.

Also for the 2) no need to reboot, just
/etc/rc.d/rc.inet1 restart
killall -HUP inetd
should do the job

Maybe you could put a large timeout value in your bootloader (ie 5 or 10 minutes) so your computer will sit at the bootmenu for a long time before starting the OS, and then pray that the modem comes online before the OS starts up.

Not the most graceful solution, but it might work

You might also consider investing in a UPS. I'm using one for my website (lasts about an hour), and aside from when I've taken it offline, it hasn't been offline in over a year. There have been power failures in that time, but none of 'em have lasted that long.

As for the cable modem, setting a long timeout in the bootloader would definitely fix it. Alternatively, you could invest in a UPS, or you can trick at into running /etc/rc.d/rc.inet1 10 minutes after booting.

I'd like to make a suggestion, though. Go to your nearest flea market, and pick up an old '486 for 10 bucks. Doesn't matter if it's got a CDROM or hard drive, but a floppy is needed, and it's nice if it's got a network card. You'll actually need 2 network cards. Download floppyfw, and use that.

AFAIK, it'll automatically reconnect if the connection dies. I know it does for my ADSL. It's not a good idea to have your server directly connected to the internet. Better, instead, to have it running behind a firewall, with port forwarding for the services you actually want to be accessable to the world at large.

For example, my superserver has the following services enabled: FTP, SSH, SMTP, DNS, HTTP, POP3, NetBIOS/Samba, IMAP, HTTPS, IPP, and MySQL. They're all running off the same system, but that system is sitting behind a firewall. Some of those services are for internal network only, and in fact, the only services that are currently being portforwarded from my outside IP are SMTP, HTTP, and HTTPS. You're welcome to portscan me to confirm.

See, I don't want people at large being able to access my FTP. It's used internally to allow me to upload my webpages. Same with Samba, though that's for network drives on windows shares. The POP3 is enabled, but almost never used. IMAP is for internal network only, and the only way to check mail outside my network is to use the IlohaMail I've got installed. Lastly, there is no way in heck that I'm going to let somebody on the internet access my MySQL directly. Not only is the MySQL configured to ignore connections that don't come from localhost, the port isn't even open to the world. It's a good idea for your security to hide services from the world if they aren't needed by the world, because in so doing, it's one less headache, and one less server to worry about.

another solution to #1 would be to create an alias in your .bashrc (in your home directory). i've got one for firefox like this:

alias firefox='/home/mcd/src/mozilla-firefox/firefox'


and i think #2 has been answered already. i have a question for killerbob though, which is why not just buy a $50 router instead of a new computer? they'd both be hardware firewalls right? and you could set up port forwarding on the router for only the services you want the outside world to have access to.

I didn't say a new computer, I said an old computer....

Why buy a $50 router, when a 10-year old computer will do the trick?

A router is easier to configure, and takes up a lot less space.

exactly.

but i'm actually curious if there's any real difference. when people talk about using an old computer as a firewall the effect is exactly the same as using a router right? killerbob, do you know of any benefits to using a dedicated computer?

The main reason I don't use a router, even though I do have one lying around, is because I don't like the idea that it can be accessed remotely. If I want to make any changes to my firewall's configuration, I need to be in front of it. More than that, with the floppyfw, if I want to change the settings, I have to take the diskette out of the drive, switch the read-only to read-write, and mount it with another computer.

With web-based configuration of routers, there's the ability to change the settings remotely. When dealing with a wireless net, "remotely" could mean the people next door, and I don't like that possibility. I'm resigned to my neighbours being theoretically able to wardrive me, and I am really uncomfortable with the security implications in allowing remote administration with that situation.

As for the wireless net, I do have a solution that I think works pretty well... The real net is 802.11g. It's also encrypted and not broadcasting the SSID. There's also an 802.11b network that has a wider coverage area, which is not encrypted, and *is* broadcasting the SSID. It's decidedly unsecured, and completely intentional. See, this network is running in a de-militarized zone, and internet access is throttled at 20kbit.

fair enough. i've got strong passwords, i use encryption whenever possible, have a limit on the number of dhcp clients allowed, stuff like that. it's just a small home network with nothing critical, so i'm comfortable with the risk/reward ratio. nmap confirms that port 80 (which provides access to my router's config) is only open inside my LAN. from outside the only ones open are the ones i'm specifically forwarding. oh, and as a bonus, a regular nmap scan determined that there was no host because pings weren't returned. it only showed up when i used -P0.

one more quick question if that's ok - where do you determine whether or not to broadcast the SSID?

Depends on the access point. Some don't support that option. For my Belkin, it's under Setup > Channel and SSID. Just a checkbox for whether it's enabled or not.