Main Page‎ > ‎

Misc configuration

Misc configuration



Misc configuration notes


  • apt-get install phpwiki
  • requires the presence of in /etc/php4/apache/php.ini
  • perform mysql configuration:
mysql -uroot -prootpasswd
        drop database phpwiki;
mysqladmin -uroot -prootpasswd create phpwiki
mysql -uroot phpwiki
        grant all on phpwiki.* to wikiuser@localhost identified by 'wikiuserpasswd';
mysql -uwikiuser -pwikiuserpasswd phpwiki < /usr/share/doc/phpwiki/schemas/mysql.sql
  • go though final tuning of the configuration in /etc/phpwiki/index.php
if (!defined('WIKI_NAME')) define('WIKI_NAME', ' PhpWiki');
if (!defined('ADMIN_USER')) define('ADMIN_USER', "wikiadmin");
if (!defined('ADMIN_PASSWD')) define('ADMIN_PASSWD', "?????????");
if (!defined('ZIPDUMP_AUTH')) define('ZIPDUMP_AUTH', false);
if (!defined('ENCRYPTED_PASSWD')) define('ENCRYPTED_PASSWD', true);
$DBParams = array(passencrypt.php
   'dbtype' => 'SQL',
   'dsn' => 'mysql://wikiuser:wikiuserpasswd@localhost/phpwiki',
if (!defined('ALLOW_USER_LOGIN')) define('ALLOW_USER_LOGIN', true);
if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', false);
  • in order to get the right admin password retreive the source package for phpwiki (apt-get source phpwiki) and copy the missing passencrypt.php and configurator.php files into/usr/share/phpwiki then browse the http://localhost/phpwiki/passencrypt.php.


  • retreive it at
  • untar in /usr/local/share and make the link under apache in /etc/apache/httpd.conf using
Alias /weeblefm/ /usr/local/share/weeblefm/
  • requires the presence of in /etc/php4/apache/php.ini


  • configure mysql section in /etc/twig/
  $dbconfig"sqlserver"             = "localhost";
  $dbconfig"sqlport"               = "3306";
  $dbconfig"sqlusername"           = "www-data";
  $dbconfig"sqlpassword"           = "wwwdatapasswd";
  $dbconfig"defaultdb"             = "twig";
  $dbconfig"sqltype"               = "mysql";
  • setup database
mysql -u root -prootpasswd mysql
mysql> CREATE DATABASE twig;
mysql> GRANT ALL PRIVILEGES ON twig.* TO "www-data"@localhost IDENTIFIED BY 'wwwdatapasswd';
mysql> \q
gunzip -c /usr/share/twig/setup/twig.table.mysql.gz | mysql -u root -prootpasswd twig
  • requires the presence of and in /etc/php4/apache/php.ini
  • apache or apache-ssl now need to recognize php3 extensions for that purpose modify /etc/apache{-ssl}/httpd.conf following:
<Directory />
    Options SymLinksIfOwnerMatch
#    AllowOverride None
    AllowOverride All
<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi .index.php index.php3 index.php4 index.php index.phtml
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
  1. Note that in order to have it working I had to specify in /etc/twig/ $config"imap_port" = "143/notls"; instead of the classical 143.
  2. apt-get install uw-mailutils
  3. enable plain text passwords with dpkg-reconfigure -plow libc-client2001 and respond YES to question: Allow insecure authentication using plaintext passwords?.
  4. create a /etc/ for libc-client with:
I accept the risk
set disable-plaintext nil

Reconfigure console keymap

Use dpkg-reconfigure console-common and answer the questions.

XFree nice issues?

In order to run appl smoothly, modify /etc/X11/Xwrapper.config by changing nice_value=-10 -> nice_value=0

Change dpi resolution

In order to get lower resolution fonts simply replace 100 by 75 (dpi) in the following file: /etc/X11/xinit/xserverrc.

Regeneration of XF86Config-4 file in /tmp/foo

dpkg-reconfigure -plow xserver-xfree86
dexconf --output=/tmp/foo

Migration to ext3:

tune2fs -j /dev/hda2

modify /etc/fstab and /etc/lilo.conf

append="bootfs=ext3 vga=0x317 video=vesa:ywrap,pmipal,mtrr"

Mrtg: view nice graphs of the router traffic history

  • get the marvellous mrtg package and retreive the configuration of your router through:
apt-get install mrtg mrtg-contrib
snmpwalk -Os -c public -v 1
cfgmaker --global 'WorkDir: /var/www/mrtg' \
  --global 'Options[[_]]: kbytes,growright' --ifref=ATM \
  --output /etc/mrtg.cfg public@
  • no need for modification of /etc/crontab since /etc/cron.d/mrtg already contains:
#cat /etc/cron.d/mrtg
0-55/5 * * * * root if  -x /usr/bin/mrtg  &&  -r /etc/mrtg.cfg ; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi
  • after some modification on the verbose output of cfgmaker the /etc/mrtg.cfg file looks like:
# Created by
# /usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[[_]]: bits,growright' --ifref=ip --output /etc/mrtg.cfg public@

WorkDir: /var/www/mrtg
Options[[_]]: bits,growright

Target192.168.254.254_127.0.0.1: /
SetEnv192.168.254.254_127.0.0.1: MRTG_INT_IP="" MRTG_INT_DESCR="loopback (pseudo ethernet)"
MaxBytes192.168.254.254_127.0.0.1: 1250000
Title192.168.254.254_127.0.0.1: Traffic Analysis for -- 004-E240-A1X/003-7080-406/Build 69-22

Traffic Analysis for -- 004-E240-A1X/003-7080-406/Build 69-22

### Interface 3 >> Descr: 'Bridge' | Name:  | Ip: '' | Eth:  ###

Target192.168.254.254_192.168.254.254: /
SetEnv192.168.254.254_192.168.254.254: MRTG_INT_IP="" MRTG_INT_DESCR="Bridge"
MaxBytes192.168.254.254_192.168.254.254: 1250000
Title192.168.254.254_192.168.254.254: Traffic Analysis for

Traffic Analysis for

### SYSTEM Temperature ###
#Optionsgritche_temp: gauge,nopercent
#Targetgritche_temp: `/var/www/script/`
#MaxBytesgritche_temp: 100
#YLegendgritche_temp: Temperature
#LegendIgritche_temp: M/B temp:
#ShortLegendgritche_temp: degrees
#Titlegritche_temp: temperature
#PageTopgritche_temp: temperature


  • edit /etc/default/spamassassin and enable spamd
  • install good filtering rules:
cd /etc/spamassassin

usb camera permission settings for a user

mkdir /etc/hotplug/usb
/usr/lib/libgphoto2-2/print-usb-usermap > /etc/hotplug/usb/usbcam.usermap
cp /usr/share/doc/libgphoto2-2/linux-hotplug/* /etc/hotplug/usb/
addgroup camera
adduser marc camera

put labels for easy mount

e2label /dev/sda1 040Go-HD-IBM-01
mkdir /mnt/040Go-HD-IBM-01
tail -n 1 /etc/fstab
LABEL=040Go-HD-IBM-01 /mnt/040Go-HD-IBM-01 ext2 user,noauto 0 0
cat /etc/fstab
#Not supermount section
/dev/hdc  /mnt/cdrom  auto ro,iocharset=iso8859-15,codepage=850,umask=0      0 0
/dev/hdc  /mnt/dvd    auto ro,iocharset=iso8859-15,codepage=850,umask=0      0 0
/dev/fd0  /mnt/floppy auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sda1 /mnt/flash  auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sda1 /mnt/flasha auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sdb1 /mnt/flashb auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0
/dev/sdc1 /mnt/flashc auto rw,iocharset=iso8859-15,sync,codepage=850,umask=0 0 0

Debug apache when it is not starting

  • uncomment in /etc/apache/modules.conf the libphp4 loadmodule
  • restart apache service
/etc/init.d/apache stop
rm /var/run/
/etc/init.d/apache start
ps -auxww | grep apache
  • if it works then re-enable libphp4 and look in /etc/php4/apache/php.ini and uncomment both:
  • reiterate... sometimes it is due to imap sometimes mysql!
  • latest hot news: laurent advise, apt-get install libapache-mod-ssl and create proper certificate with a mod-ssl-makecert; select custom 1 and do not encrypt private key
  • in order to check config with apache issue a apachectl configtest and then launch in case of success a apache -X

Select default dictionary under debian


turboprint installation

I use this software [1] in order to get the full capabilities of my deskjet printer. In order to get it working with stock debian and devfs I had to edit manually the device of the printer in the /etc/turboprint and /etc/cups replacing /dev/usblp0 with /dev/usb/lp0 (mainly in /etc/turboprint/turboprint.cfg and in /etc/cups/printers.conf).

Secure web services through clean configuration of apache and ssl

  • Ground rule: do not use apache-ssl: apt-get remove --purge apache-ssl
  • Activate ssl support through apache ssl module apt-get install libapache-mod-ssl
  • create proper certificate without mod-ssl-makecert but with dpkg-reconfigure libapache-mod-ssl (otherwise your config will be wiped out next dist-upgrade); select custom 1 and do not encrypt private key otherwise you will have to type the pass phrase at each start of apache service
  • modify /etc/apache/conf.f/mod-ssl-01-vhost.conf to reflect new certificates, i.e.:
# Server Certificate:
SSLCertificateFile /etc/apache/ssl.crt/server.crt
# Server Private Key:
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
  • now ssl documents are in /var/www-ssl, you need to edit there index.html
  • add your links to the services requiring passwd input that you are using through your webgate in file /etc/apache/conf.f/mod-ssl-01-vhost.conf adding for example at the end of the virtual host the following lines:
Alias /ssh /usr/share/mindterm/
Alias /twig /usr/share/twig/
Alias /weeblefm /usr/local/share/weeblefm/
Alias /squirrelmail/ /usr/share/squirrelmail/
Include /etc/gallery/apache.conf
Include /etc/phpwiki/apache.conf

how to make windows use cups ipp: add a remote printer under windows

  • first edit with notepad c:\windows\system32\drivers\etc\hosts and add a name to cups server (ip addresses won't work with windows...), e.g.: gritche
  • on cups server e.g. gritche add a class e.g. maison where your local printer will be a member
  • in control panel select "add printer", then "network printer" and then "connect to printer on the internet or intranet". The url to use is http://gritche:631/classes/maison. Substitute gritche with your cups server and maison with your own class.
  • if you do not want to create a class and point directly to printer use: http://gritche:631/printers/plume if plume is your printer
  • for a free generic ipp driver for windows get it from the ESP Print Pro home page at

webalizer and dns lookups

  • in debian reverse dns is not enabled by default in order, to enable it add at bootom of file /etc/webalizer.conf:
DNSCache        /var/log/apache/dns_cache.db
DNSChildren     20
  • generate cache file with existing logs and reprocess access log files to see results in out directory:
mkdir /tmp/coucou
cd /tmp/coucou
cp /var/log/apache/access* .
gzip -d access*gz
for i in access.log*
  webazolver -N 20 -D /var/log/apache/dns_cache.db $i
mkdir out
for i in access.log*
  webalizer -o out -N 20 -D /var/log/apache/dns_cache.db $i

Samba configuration tips

  • in order to visualize correctly from a windows machine files containing french accents I use the following charset option in /etc/samba/smb.conf in the general section:
unix charset = iso8859-15

Automatic update

In order to download every day all the packages without installing them except the security fixes I use the following script in my daily crontab (this requires the use of dual lists):

mkdir -p /var/lib/aptsec/lists/partial
cat /etc/cron.daily/debupd

apt-get update
apt-get --assume-yes --download-only dist-upgrade

apt-get -o Dir::Etc::SourceList=/etc/apt/security_updates.list -o Dir::State::Lists=/var/lib/aptsec/lists/ update
apt-get --assume-yes -o Dir::Etc::SourceList=/etc/apt/security_updates.list -o Dir::State::Lists=/var/lib/aptsec/lists/ upgrade

Apache rewrite rule to maintain backward compatibility with phpwiki

The issue: when I upgraded phpwiki, it broke the former syntax for the pages and since my wiki was already referenced it was quite frustrating for the visitors to be redirected to non existing pages. The following rewrite rule fixes this problem. All you need to add is the following line in /etc/phpwiki/apache.conf:

<IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteRule ^/phpwiki/index.php/(.*)$   /phpwiki/$1

java setup

  • get it at [2]
  • install it in /opt
  • make the right links with your preferred navigator
ln -s /opt/j2re1.4.2_04 /opt/j2re
ln -s /opt/j2re/plugin/i386/ns610-gcc32/ /usr/lib/mozilla/plugins/
ln -s /opt/j2re/plugin/i386/ns610-gcc32/ /usr/lib/mozilla-firefox/plugins/

Income revenue declaration (déclaration d'impots)

  • install crypto jar in relevant directory and get it there [3]
cp teleir_cryptolib.jar /opt/j2re/lib/ext/
chmod 770 /opt/j2re/lib/ext/
chown root.adm /opt/j2re/lib/ext/
  • generate a certificate following instructions available at [4]
  • declare revenues at [5]

flash plugin autoupdate

Simply apt-get install flashplugin-nonfree

my mouse is going crazy when switching back from another node with my KVM

  • /etc/X11/XF86Config-4 mouse section relies on gpmdata device
Section "InputDevice"
        Identifier      "Configured Mouse"
        Driver          "mouse"
        Option          "CorePointer"
#       Option          "Device"                "/dev/misc/psaux"
        Option          "Device"                "/dev/gpmdata"
        Option          "Protocol"              "IMPS/2"
# fix for KVM switch? yes but wheel do not work after
#       Option          "Protocol"              "auto"
        Option          "Emulate3Buttons"       "false"
        Option          "Buttons"               "5"
        Option          "ZAxisMapping"          "4 5"
  • /etc/gpm.conf need to be put in raw repeater mode
# try this one first!!!
# if you have issues with the wheel under Xfree then switch to broken imps2

Convert Windows TTF to bdf and pfc format

#!/usr/bin/perl -w
use strict;
# converts True Type Fonts from Windows or other sources to
# bdf-files and pfc-files
# needs ttf2dbf, bdftopcf and perl

foreach my $i (@ARGV) {
   if ($i =~ /(.*?)(|b|bi|bd|i)\.ttf$/) {
      my $base = "$1$2";
      my $face = $2;
      my $ttf = $i;
      for my $p (8..16) {
         my $bdf = "$base$p.bdf";
         my $pcf = "$base$p.pcf";
         print "ttf2bdf -v -r 82 -p $p -o $bdf $ttf\n";
         print "bdftopcf -o $pcf $bdf\n";
print "mkfontdir\n";

Add ttf fonts:

  • add in your font server configuration file or in /etc/X11/XF86Config-4 reference to the font directory /usr/local/share/fonts/truetype
        FontPath        "/usr/local/share/fonts/truetype/windows"
  • create fonts.dir directly from TTF files
apt-get install fttools
cd /usr/local/share/fonts/truetype/windows
  • restart the font server to get access to new fonts
  • tell X to rehash its font cache using xset fp rehash
  • wine issue: get rid of the only font metric to get new ones rm .wine/cachedmetrics.:0.0

Convert windows format font to unix world

  • converts *.fon-files from Windows to *.bdf-files.

You need to convert these files to *.pcf-files afterwards

for i in *.fon
  file=`echo $i | sed 's/\.pcf$//g'`
  bdftopcf $file.pcf $file.bdf
  fnt2bdf -c $file $file.fon
  • converts *.bdf-files to *.pcf which may be installed
for i in *.pcf
  file=`echo $i | sed 's/\.pcf$//g'`
  bdftopcf $file.pcf $file.bdf
  • after installation call mkfontdir and add directory to fontdirs of xserver

ssh key generation and propagation

ssh-keygen -t dsa -b 1024
ssh-copy-id -i ~/.ssh/ root@localhost

freetv adsltv configuration

  • first method
    • get patched version of vlc from crazyfred which assigns a specific port for video streaming
    • edit in vlc under the tab parameters/preferences/input-codecs/demuxer/rtp-rtsp strike advanced options and specify port 31337
    • in the router forwarding rules add a custom one forwarding udp port 31336-31337 to the designated machine from source (
    • note that the downside of this method is that only one stream viewing/recording is then possible
  • second method
    • on the router activate port triggering on port 554 forwarding port range 1024:65535

netinstall debian