Category Archives: Články

How to setup OpenVPN with bridging on OpenWRT

http://wiki.openwrt.org/doc/howto/vpn.openvpn

opkg update
opkg install openvpn openvpn-easy-rsa

Or if you prefer configure openvpn via GUI:
opkg install luci-app-openvpn

/etc/easy-rsa/vars

export EASY_RSA="/etc/easy-rsa"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="CZ"
export KEY_PROVINCE=""
export KEY_CITY="Praha"
export KEY_ORG=""
export KEY_EMAIL="jan.faix@gmail.com"
export KEY_CN=home-router
export KEY_NAME="Jan Faix"
export KEY_OU=""

Build your certificates:

clean-all
build-ca
build-dh

Create the server key:
build-key-server server

Create as many client keys for each person who will connect:
build-key jan

PKCS12 Format (combines the key and ca certificate in one file):
build-key-pkcs12 jan

Copy the important files to the /etc/openvpn directory, so that they are duplicated:

cd /etc/easy-rsa/keys
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn/

Copy ca.crt and the client crt/key files off the router and onto the machines that will be connecting.

Client Config

client
remote faix.homelinux.net
port 1194
proto udp
dev tap
ns-cert-type server
persist-key
persist-tun
ca ca.crt
cert jan.crt
key jan.key
comp-lzo
verb 4
auth-user-pass

Modify your firewall
/etc/config/firewall

config 'rule'
        option 'target' 'ACCEPT'
        option 'dest_port' '1194'
        option 'src' 'wan'
        option 'proto' 'tcpudp'
        option 'family' 'ipv4'
        option '_name' 'openvpn'

/etc/init.d/firewall restart

Restrict your DHCP leases
/etc/config/dhcp

config 'dhcp' 'lan'
        option 'interface' 'lan'
        option 'start' '11'
        option 'limit' '20'
        option 'leasetime' '12h'
        list 'dhcp_option' '6,8.8.8.8,8.8.4.4'

/etc/init.d/dnsmasq restart

Create the server configuration
/etc/config/openvpn

config 'openvpn' 'lan'
        option 'enable' '1'
        option 'port' '1194'
        option 'proto' 'udp'
        option 'dev' 'tap0'
        option 'ca' '/etc/openvpn/ca.crt'
        option 'cert' '/etc/openvpn/server.crt'
        option 'key' '/etc/openvpn/server.key'
        option 'dh' '/etc/openvpn/dh1024.pem'
        option 'keepalive' '10 120'
        option 'comp_lzo' '1'
        option 'persist_key' '1'
        option 'persist_tun' '1'
        option 'status' '/tmp/openvpn-status.log'
        option 'log_append' '/var/log/openvpn.log'
        option 'verb' '4'
        option 'up' '/etc/openvpn/bridge-start.sh'
        option 'down_pre' '1'
        option 'server_bridge' '192.168.122.30 255.255.255.224 192.168.122.22 192.168.122.29'
        option 'down' '/etc/openvpn/bridge-stop.sh'

Note that addresses 192.168.122.22 to 192.168.122.29 are reserved for your VPN clients.

Bridged VPN Configuration

/etc/config/network

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'netmask' '255.255.255.224'
        option 'dns' '8.8.8.8 8.8.4.4'
        option 'ipaddr' '192.168.122.30'
        option 'ifname' 'eth0.1'
        option 'broadcast' '192.168.122.31'

config 'interface' 'wan'
        option 'ifname' 'eth0.2'
        option 'proto' 'static'
        option 'ipaddr' 'x.x.x.x'
        option 'netmask' '255.255.255.240'
        option 'gateway' 'x.x.x.x'
        option 'broadcast' 'x.x.x.x'
        option 'dns' '8.8.8.8 8.8.4.4'

Configure OpenVPN init script:
/etc/init.d/openvpn

In section start_service() add following:

ARGS="--script-security 2"

Troubleshooting

Show brigde status:
brctl show
bridge name bridge id STP enabled interfaces
br-lan 8000.f8d111adbf84 no eth0.1 wlan0 tap0

Check system log:
logread

Samba server and client configuration in Debian

http://www.debianhelp.co.uk/samba.htm
http://julien.herbin.ecranbleu.org/samba_client_howto/

Samba server configuration

apt-get install samba samba-client

Check an smb.conf configuration file for internal correctness.
testparm

Look what services are available on a server.
smbclient -L //server -U username

/etc/samba/smb.conf

[global]
workgroup = WORKGROUP
server string = %h server (Samba %v)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

[disk]
path = /disk
browseable = yes
writeable = yes
comment = Shared data
guest ok = no
read only = no
create mask = 0775

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

Synchronize Samba username with Linux
smbpasswd -L -a username (set a password)
smbpasswd -L -e username (enable user)

Example of a manual mount
mount -t smb //server/share /mnt/somedir

Example of automatic mount a startup
The first one is mounted read-only whereas the second one is mounted read-write. If you have need “user name/password” to authenticate, then add in the “” column "username=your_user_name,password=your_password,ro,user".

//server/share /mnt/somedir smbfs password=,ro,fmask=755,dmask=755
//server/share /mnt/somedir smbfs password=,fmask=777,dmask=777

HOWTO: NFS Server/Client

http://ubuntuforums.org/showthread.php?t=249889

I found using NFS just as easy if not easier than using Samba for sharing between a few of my Unix based systems. In order to share a folder it only required a single line in a configuration file under /etc/exports, and a single line under /etc/fstab on the client to mount the share on each client at boot.

Install NFS Server Support

sudo apt-get install nfs-kernel-server nfs-common portmap
When configuring portmap do =not= bind loopback. If you do you can either edit /etc/default/portmap by hand or run:

sudo dpkg-reconfigure portmap
sudo /etc/init.d/portmap restart

You want to start the idmapd daemon. It is NOT only needed for NFSv4.
/etc/default/nfs-common

NEED_IDMAPD=YES

Editing /etc/exports
the /etc/exports file is used for creating a share on the NFS server

invoke your favorite text editor or
sudo nano /etc/exports

For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255

* /files 192.168.1.0/24(rw,no_root_squash,async)

Or for Read Only from a single machine

* /files 192.168.1.2 (ro,async)

My personal choice is:

/disk            192.168.1.0/27(rw,no_root_squash,async,no_subtree_check,crossmnt,fsid=0)

sudo /etc/init.d/nfs-kernel-server restart

Also aftter making changes to /etc/exports in a terminal you must type
sudo exportfs -a

Install NFS client support
sudo apt-get install portmap nfs-common

Mounting manually
Example to mount server.mydomain.com:/files to /files. In this example server.mydomain.com is the name of the server containing the nfs share, and files is the name of the share on the nfs server

The mount point /files must first exist on the client machine.

cd /
sudo mkdir files

to mount the share from a terminal type

sudo mount server.mydomain.com:/files /files

Note you may need to restart above services:

sudo /etc/init.d/portmap restart
sudo /etc/init.d/nfs-common restart

Mounting at boot using /etc/fstab
Invoke the text editor using your favorite editor, or
sudo nano /etc/fstab

In this example my /etc/fstab was like this:

server_hostname:/files /files nfs rw,rsize=8192,wsize=8192,timeo=14,intr

You could copy and paste my line, and change servername.mydomain.com:/files, and /files to match your server name share name, and the name of the mount point you created.
It is a good idea to test this before a reboot in case a mistake was made.
type
mount /files
in a terminal, and the mount point /files will be mounted from the server.

If you want to change permissons recursively on files and folders, you can run:
find /files \( -type d -exec chmod 775 {} \; \) -o \( -type f -exec chmod 664 {} \; \)

And do not forget, the NFS mount is originated from the server hence the directory permissions on the server will be used for client. The mount points do not follow the local server’s permission as they are not local.

How to install Linux Mint from the USB stick

http://community.linuxmint.com/tutorial/view/744

Using the Terminal

It is really simple. Go to a Terminal and type:

sudo dd if=~/Desktop/linuxmint.iso of=/dev/sdx oflag=direct  bs=1048576

Where ‘~/Desktop/linuxmint.iso’ is the name and location of your downloaded image (located at the desktop in this example) and ‘/dev/sdx’ is the target USB drive. If your system doesn’t support ‘oflag=direct’, you can just leave it out as it is simply intended to speed up the process a bit.

If you don’t know about the target USB drive path, run this command and figure out your destination drive.

sudo fdisk -l
Warning: Make sure to set the correct device path, as this process will delete all data that was on the specified device previously!

Remember, don’t include an integer for the USB drive, e.g. ‘/dev/sdx1’, as it would refer to the existing partition on that drive and not the drive itself.

When the USB has been properly created by ‘dd’, there should be an output similar to this:

sudo dd if=~/Desktop/linuxmint.iso of=/dev/sdb oflag=direct bs=1048576
706+1 records in
706+1 records out
740601856 bytes (741 MB) copied, 91.7024 s, 8.1 MB/s

Using imageWriter

To install imageWriter, open a Terminal and run this command:

apt install usb-imagewriter

Launch imageWriter from the menu, select your ISO image and your USB device and press “Write to device”.

Note: Some early versions of imageWriter only accept .img files. If the tool won’t accept .iso files, simply rename the ISO file from .iso to .img.

SSH Server configuration

Change following settings:

/etc/ssh/sshd_config

Port 22
Protocol 2
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
X11Forwarding yes
UsePAM yes
UseDNS no

Set up the Firewall Using UFW

http://1000umbrellas.com/2010/04/29/how-to-set-up-the-firewall-using-ufw-on-ubuntu-lucid-lynx-server

Today I learned a different way to configure the firewall on my Ubuntu / Debian Server: the ufw command. UFW stands for “Uncomplicated FireWall” and it’s just that. It provides a simpler interface to add or remove firewall rules to iptables, the default Linux firewall. It’s installed on Ubuntu Server by default. To set up UFW is a lot easier than setting up iptables manually!

A new Ubuntu Server install contains a firewall (iptables) that is not enabled. Ubuntu.com has a great tutorial that explains that ufw is the default configuration tool for iptables. After I set up my server, I used ufw to close all ports by default, then open up ports for the services I use. I don’t have complex security needs or run a proxy server, so my rules are simple.

Adding Rules

Before adding rules, it’s best to explicitly set the default behavior. By default, I like to block everything: both incoming and outgoing traffic. After that is done, I selectively open ports to support the services I wish to run. In contrast, UFW, by default, denies all incoming traffic but allows all outgoing traffic. That setup is accomplished manually with the following commands.

ufw default deny incoming
ufw default allow outgoing

The following commands open ports for named services that I use: namely, SSH (port 22), a web server (port 80), and Webmin (port 10000). Any services named in /etc/services may be identified by name instead of port number.

ufw allow ssh
ufw allow www
ufw allow webmin

UFW also has a list of application presets, for common servers such as Apache, OpenSSH, Lighttpd, and Samba. You can view the list by issuing the command:
ufw app list

You can implement firewall rules for Samba and Lighttpd by using the commands below, which specify the application name, not the service name. Note that you must enclose in quotation marks any application names that include spaces.

ufw allow Samba
It’s better to limit Samba access to hosts on your LAN. Using ufw’s more complex syntax, you can do just that. Note that you have to add “app” before the application name in this case.

ufw allow from 10.0.0.0/8 to 127.0.0.1 app Samba
ufw allow to 10.0.0.0/8 from 127.0.0.1 app Samba

The following commands open the ports required by my Transmission-Daemon server. Here I must specify port numbers explicitly. Note that you use a colon instead of a dash to specify port ranges. Plus, when creating rules for port ranges, you must specify whether they apply to TCP or UDP.

ufw allow 9091
ufw allow 6881:6891/tcp
ufw allow 6881:6891/udp

The following command opens up ports needed for MySQL, but only to hosts within the local network.

ufw allow from 10.0.0.0/8 to any port 3306/tcp
If you wish to open up MySQL to the world, you could use a simpler syntax.
ufw allow mysql

If you like to use NFS, follow the installation and configuration in Securing NFS. To see if correct ports for NFS and RPC are open, use rpcinfo -p.

ufw allow from 192.168.122.0/28 to any port 111
ufw allow from 192.168.122.0/28 to any port 2049
ufw allow from 192.168.122.0/28 proto udp to any port 32764:32769
ufw allow from 192.168.122.0/28 proto tcp to any port 32764:32769

Allow a specific ip address and port

ufw allow from <ipaddress> to any port <port number>

Allowing access from an ip address range 10.120.0.1 – 10.120.0.255 to port 22
ufw allow from 10.0.0.0/24 to any port 22

Deleting Rules

Deleting rules is pretty simple. Just use the following syntax, and replace <…> with the entire rule that you wish to delete.
ufw delete <...>
For example:

ufw delete allow ssh
ufw delete allow 10000

You can also delete all the rules with a single command.
ufw reset

Enabling the Firewall

The following command enables the firewall rules immediately, and upon subsequent system restarts. This command will also refresh the rules. Run this command each time you update your firewall configuration.

ufw enable

Disabling the Firewall

To disable the firewall, simply issue the following command.
ufw disable

Checking the Configuration

You can check your configuration by issuing one of the following commands. The “verbose” version shows more information.

ufw status
ufw status verbose

Open ports for Lighttpd
ufw allow "Lighttpd Full"

Open port for network time protocol (ntpd)
ufw allow ntp

It is also possible to allow access from specific hosts or networks to a port. The following example allows SSH access from host 192.168.0.2 to any ip address on this host:
ufw allow proto tcp from 192.168.0.2 to any port 22
Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire subnet.

Setup CUPS (Common UNIX Printing System) Server and Client in Debian

http://www.debianadmin.com/setup-cups-common-unix-printing-system-server-and-client-in-debian.html

The Common UNIX Printing System™, or CUPS, is the software you use to print from applications like the web browser you are using to read this page. It converts the page descriptions produced by your application (put a paragraph here, draw a line there, and so forth) into something your printer can understand and then sends the information to the printer for printing.

Now, since every printer manufacturer does things differently, printing can be very complicated. CUPS does its best to hide this from you and your application so that you can concentrate on printing and less on how to print. Generally, the only time you need to know anything about your printer is when you use it for the first time, and even then CUPS can often figure things out on its own.

Install CUPS printer server in Debian

apt-get install cupsys cupsys-driver-gutenprint foomatic-db-gutenprint foomatic-filters fontconfig libtiff4 libfreetype6

NOTE: If your network use DHCP it’s a good idea to set up your server to use static IP. I will use as 172.20.22.74 for the server and 172.20.22.150 for administration workstation.

Configure CUPS

Default configuration file located at /etc/cups/cupsd.conf in this file you need to configure the following sections to make it work.

First, check the encryption setting and change
# Default authentication type, when authentication is required…

DefaultAuthType Basic
to
DefaultAuthType Basic
DefaultEncryption IfRequested

Then we need to tell it to listen for the server change
# Only listen for connections from the local machine.

Listen localhost:631
Listen /var/run/cups/cups.sock
to
Listen localhost:631
Listen 172.20.22.74
Listen /var/run/cups/cups.sock

We need it to be visible to the entire network
# Show shared printers on the local network.

Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
what machines that may access the server change

Restrict access to the server…

<code><Location/>
Order allow,deny
Allow localhost
</Location>
to
<Location/>
Order allow,deny
Allow localhost
Allow 172.20.22.*
</Location>

And the same for the configuration files change
# Restrict access to configuration files…

<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
</Location>
to
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
Allow 172.20.22.150
</Location>

Other configuration I left default one so need to change anything.

Now you need to restart CUPS using the following command
/etc/init.d/cupsys restart

You should now be able to connect to the CUPS web interface from the administrator workstation (IP 172.20.22.150 in this example) by pointing your web browser at http://172.20.22.74:631/.

Setting up the CUPS clients

The CUPS clients are easy to set up and the config is identical on all machines.You need to install the following packages for client

apt-get install cupsys cupsys-client

Configuring CUPS Client

You need to create /etc/cups/client.conf as root
touch /etc/cups/client.conf

Now you need to edit the /etc/cups/client.conf file
vi /etc/cups/client.conf
Enter the following information the server IP and the encryption requirement

# Servername
ServerName 172.20.22.74
# Encryption
Encryption IfRequested

Save the file, then restart the client
/etc/init.d/cupsys restart

/etc/cups/cupsd.conf

LogLevel warning 
SystemGroup lpadmin 
# Allow remote access 
Port 631 
Listen /var/run/cups/cups.sock 
# Enable printer sharing and shared printers. 
Browsing On 
BrowseOrder allow,deny 
BrowseAllow all 
BrowseRemoteProtocols CUPS 
BrowseAddress @LOCAL 
BrowseLocalProtocols CUPS dnssd 
DefaultAuthType Basic 
DefaultEncryption IfRequested 
<Location /> 
  # Allow shared printing and remote administration... 
  Order allow,deny 
  Allow @LOCAL 
</Location> 
<Location /admin> 
  # Allow remote administration... 
  Order allow,deny 
  Allow @LOCAL 
</Location> 
<Location /admin/conf> 
  AuthType Basic 
  Require user @SYSTEM 
  # Allow remote access to the configuration files... 
  Order allow,deny 
  Allow @LOCAL 
</Location> 
<Policy default> 
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> 
    Require user @OWNER @SYSTEM 
    Order deny,allow 
  </Limit> 
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> 
    AuthType Default 
    Require user @SYSTEM 
    Order deny,allow 
  </Limit> 
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs> 
    AuthType Default 
    Require user @SYSTEM 
    Order deny,allow 
  </Limit> 
  <Limit Cancel-Job CUPS-Authenticate-Job> 
    Require user @OWNER @SYSTEM 
    Order deny,allow 
  </Limit> 
  <Limit All> 
    Order deny,allow 
  </Limit> 
</Policy> 

/etc/cups/client.conf

# Servername 
ServerName 192.168.1.100 
# Encryption 
Encryption IfRequested

Troubleshooting

In case CUPS stop printing, check following:

Show current print queue: lpq

Show printer status: lpc status all / lpstat -a / lpstat -a

Remove all documents from queue: lprm -

Send test document to printer: lpr test.txt

Stop CUPS daemon: /etc/init.d/cups stop

Check CUPS configuration, if there is something like following, comment those lines:

#State Stopped
#StateMessage /usr/lib/cups/filter/foomatic-rip failed
#Reason paused

Start CUPS daemon: /etc/init.d/cups start

Gallery 3 installation / upgrade in Ubuntu

Installation

aptitude install apache2 mysql-server-5.1

su - www-data
cd /var/www/user
wget http://downloads.sourceforge.net/gallery/gallery-3.0.4.zip
unzip gallery-3.0.4.zip
mv gallery3 gallery
rm gallery-3.0.4.zip
cd gallery
mkdir var
chmod 777 var
exit

mysql -u root -p
SHOW DATABASES;
SELECT User FROM mysql.user;
CREATE DATABASE `user-gallery3`;
CREATE USER `user-gallery`;
SET PASSWORD FOR 'user-gallery' = PASSWORD('mysecretpassword');
GRANT ALL PRIVILEGES ON `user-gallery3`.* TO 'user-gallery'@'localhost' IDENTIFIED BY 'mysecretpassword';
FLUSH PRIVILEGES;
EXIT
rm -f ~/.mysql_history

/etc/apache2/sites-enabled/user-ssl

<VirtualHost *:443>
        ServerAdmin user@zviretnik.eu
        ServerName user.zviretnik.eu
        ServerAlias user-nick.zviretnik.eu
        DocumentRoot /var/www/user/wordpress/

        <Directory /var/www/user/gallery>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
                DirectoryIndex index.php
        </Directory>

        Alias /gallery /var/www/user/gallery

        ErrorLog /var/log/apache2/user.zviretnik.eu-ssl-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/user.zviretnik.eu-ssl-access.log combined

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
        SSLCertificateFile /etc/ssl/user.zviretnik.cer
        SSLCertificateKeyFile /etc/ssl/private/user.zviretnik.key
        SSLCertificateChainFile /etc/ssl/startssl.sub.ca.pem
        SSLCACertificateFile /etc/ssl/startssl.root.cs.pem
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

        CustomLog /var/log/apache2/user.zviretnik.eu-ssl-request.log \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

http://user.zviretnik.eu/gallery/installer/

rmdir /var/www/user/gallery/var/albums
ln -s /mnt/data/user/albums/ albums

Upgrade

/etc/init.d/apache2 stop

su - www-data
cd /var/www/user
wget http://downloads.sourceforge.net/gallery/gallery-3.0.4.zip
unzip gallery-3.0.4.zip
mv ./gallery/var ./gallery3/var
mv gallery gallery.old
mv gallery3 gallery
cd ./gallery
php index.php upgrade

Copy any custom or downloaded Themes or Modules from your old folder to the new one.

cd ..
rm gallery-3.0.4.zip
rm -rf gallery.old

/etc/init.d/apache2 start

Generate certificate StartSSL for virtual hosts in Apache

Generate certificate StartSSL for virtual hosts in Apache

openssl req -new -newkey rsa:2048 -nodes -out /etc/ssl/user.zviretnik.csr -keyout /etc/ssl/private/user.zviretnik.key -subj "/C=CZ/ST=cs/L=Praha/O=/CN=user.zviretnik.eu"
chmod 640 /etc/ssl/private/user.zviretnik.key

https://www.startssl.com/

copy StartSSL certificate to:
touch /etc/ssl/user.zviretnik.cer

Show content of CSR:
openssl req -in user.zviretnik.csr -noout -text

Repair splash screen of Ubuntu or Linux Mint

Quick Tip: Fix for Ugly Plymouth themes in Ubuntu / Mint
http://www.ubuntugeek.com/quick-tipplymouth-themes-in-ubuntu-10-04-lucid-lynx.html

Quick tip for those having trouble with their splash screens in Ubuntu / Mint.

To change the default splash screen:

sudo update-alternatives --config default.plymouth
sudo update-initramfs -u

To fix the delayed loading of the splash:

sudo -s
echo FRAMEBUFFER=y >>/etc/initramfs-tools/conf.d/splash
update-initramfs -u