## LaTeX Shell Escape

by on Mar.13, 2011, under How To ..., LaTeX

One of the lesser known features of LaTeX is its “shell-escape” mode. This is achieved using the LaTeX command \write18{cmdlist} in the document. This facility can be used to incorporate dynamic content or simply run additional processes during the compilation phase. An example document may look something like:

\documentclass{article}
\begin{document}
\immediate\write18{date > tmpdate.tex}
\input{tmpdate}
\immediate\write18{rm tmpdate.tex}
\end{document}


As \write18 is usually disabled on most systems for obvious security reasons, it must be enabled explicitly:

$latex -shell-escape input_file More details are available in the MiKTeX documentation under the heading “Running Programs From Within TeX“. 1 Comment more... ## Restricting access to SFTP / SCP by on Oct.18, 2009, under How To ..., Linux, Software rssh is a tool that allows SFTP/SCP for file transfers over SSH but denies shell access — useful for preventing users from running commands on the system. More details are available on the tool’s homepage. I first came across it on this page. Leave a Comment more... ## SSH Blacklisting by on Nov.29, 2007, under How To ..., Linux, Software After getting around 1500 failed ssh login attempts a day for a while on a server I manage, I decided to look into tools that automatically blacklist offending IPs. Sshblack fits the bill perfectly. A HOWTO (including an init-script) for REDHAT-like systems is available from the OSS Watch Wiki. 1 Comment more... ## Network Security by on Aug.09, 2007, under How To ..., Linux, Software Leave a Comment more... ## Linux authentication using LDAP by on Feb.27, 2007, under How To ..., Linux, Software There’s a lot of information out there but none really provide a step-by-step guide that would be useful to a novice: This one however, sheds some light on the bigger picture: LDAP Authentication In Linux Once the initial configuration of the server is complete, LDAP Browser/Editor serves as a very useful client/admin tool. Leave a Comment more... ## Installing RPMs as a regular user by on Apr.20, 2006, under How To ..., Linux, Software A while back I needed some packages on a machine that I don’t have admin rights to. Grabbing the source and recompiling would have been a pain the a** so I decided to read the rpm man pages and look for a way to install packages in the user home directory. Since it’s such a nice package manager, it comes with options that allows me to do just that. The command needed is: $ rpm -ivh --relocate OLDPATH1=NEWPATH1 [--relocate OLDPATH2=NEWPATH2 ...] \


where OLDPATH is the path in the package; and NEWPATH is something like /home/user/userroot/usr, etc.

It’s best to run

$rpm -qpl package.rpm  to see exactly which paths are going to be used by the package. For example, if the package foo.rpm produces: $ rpm -qpl foo.rpm
/usr/bin/foo
/usr/lib/foo.so.0.0
/usr/lib/foo.so.0


then the steps needed are:

$mkdir -p ~/myroot/usr/bin ~/myroot/usr/lib ~/myroot/usr/share/doc$ rpm -ivh --relocate /usr=/home/$USER/myroot/usr --badreloc foo.rpm  That’ll install the package under the hierarchy ~/myroot. There will some errors from rpmdb but this is fine since the rpmdb is in a filesystem that we do not have write access to. The only repercussion is that rpm will have no record of the package foo being installed (so packages will have to be removed by hand); but that’s okay since we cannot possibly mess up the system while installing stuff under our own home dirs. The only steps remaining are to add the new paths to the binary and library search paths. To so this, add the following lines to ~/.bash_profile  PATH=$PATH:$HOME/myroot/usr/bin LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/myroot/usr/lib export PATH LD_LIBRARY_PATH  This is only efficient as long as the package does not have too many unmet dependencies — since you will need to grab and install all missing dependencies along with the package itself. And even if you had installed some of the dependencies earlier using this method, rpm will not know about it since there will be no entry in the system rpmdb. Leave a Comment more... ## HTTP Access Control by on Jan.25, 2006, under How To ..., Software Finally figured out how to password protect individual directories on the server: Authentication, Authorization and Access Control It’s a simple 2-step process: 1. Create a passwords file for the users using “htpasswd“: jsmith@server:~/public_html/db$ htpasswd -c ~/htpasswds jdoe
jsmith@server:~/public_html/db$ 2. Create a file “.htaccess” in the directory to be protected: jsmith@server:~/public_html/db$ cat .htaccess
AuthType Basic
AuthName "db"
AuthUserFile /home/jsmith/htpasswds
Require user jdoe


## Proxy tools

by on Jan.25, 2006, under Software

There’s a very nice list of servers here:

Proxyz.net

This Firefox extension is handy for changing Proxies quickly: SwitchProxy

## Return of DARKWORLD

by on Jan.15, 2006, under Hardware, Software

Yup! My favorite PC just regained Net connectivity today. I moved into the new apartment this morning and was up and running by the evening. The guy who I share the place with wasn’t around and so I would have had to wait till I got the info about the wireless network. So, instead of waiting, I just decided to see what kind of a WLAN he has … and oh my oh my … there were 5 freakin’ access points around — and 3 of them completely unsecured! As it turned out, one belonged to the dude I share the place with …

Anyway, then I decided to catch up on my TV eps (Stargate SG1/Atlantis, Threshold, Supernatural, Doctor Who) and f*** the speed sux! It’s a bloody T-Online DSL1000 Flat deal. Anyway, the IP I got was “192.168.0.5”, so I deduced that the router should be at “192.168.0.1” or “192.168.0.254”. And sure enough there it was in the first address. Obviously, it asked me for a password that I didn’t know. So, I just tried “admin:1234” .. and nope, no go .. Then I thought I’d just do a little net search. The router was NETGEAR (deduced from the WLAN SSID), so I just googled “netgear default password” and the 4th hit came up with “admin:password”. Turns out the guy didn’t even change that password 😀 So, I got in, fiddled around with the NAT settings and Azureus was NAT free in no time. This has got to be the prime example of an unsecured network …

Anyway, once the guy got back, I explained everything to him and changed the router password and setup a WEP-key. It seems there was a machine leeching off of this net and things improved a little once that dude got kicked out. It turns out DSL6000 costs just as much as he pays right now — but he has no use for so much bandwidth when I’m gone — so we’ll just change to DSL2000 with 384k upload for now. That should be enough for me to download the occasional SG1 / Doctor Who episode 😀

## Proxy Bypass

by on Jan.10, 2006, under How To ..., Linux, Software

I guess it’s usual for every institution to have a central firewall/proxy that all internal traffic must go through to reach the outside world. I am by no means paranoid about security/privacy but it got me thinking.

… And once again, SSH to the rescue! It almost feels like the possibilites of a SSH tunnel with Local port forwarding are limitless 😀