Nullmailer is a minimal MTA (Mail Transport Agent) that provides mail delivery services to programs (cron jobs, system integrity checkers, log inspectors, etc.) in a host that otherwise does not require a full MTA like Exim or Postfix. Do not confuse an MTA with programs like Evolution or Thunderbird which are MUAs (Mail User Agent): programs that offer an interface to a human to write email.

Nullmailer is one of those packages that create a “well duh” moment when you find out about it. Normally, hosts with no MTA can’t send mail, which turns out to be a Bad Thing in terms of finding out when things like cron jobs break, or for monitoring logs or files. So you go and install a minimal system, then wonder why it’s being so quiet. Well, no MTA, no email. But Exim, Postfix or another full MTA is overkill and might be tedious to maintain. What you really need is just a basic MTA to send messages to the real mail server.

That’s nullmailer.

The package will prompt for your remote mail server and create /etc/nullmailer/remotes, where you can also specify authentication details. You probably also want to create /etc/nullmailer/adminaddr to receive in one mail account all mail destined to your local host. Each file is a oneliner that contains pretty much what you’d expect:

$ cat /etc/nullmailer/adminaddr
I_get_roots_mail@example.com

$ cat /etc/nullmailer/remotes
mail.example.com

There are also several other files that may be used by nullmailer: /etc/nullmailer/defaultdomain and /etc/nullmailer/defaulthost in case you don’t already have /etc/mailname. For a complete list of control files, see the nullmailer(7) man page. Detailed information can be found in the man pages for each part of nullmailer: nullmailer-queue(8), nullmailer-inject(1), and nullmailer-send(8).

Pros:

• Simple.
• Just Works.
• Avoids the configuration, maintenance, memory footprint, and larger attack surface of a full MTA.

Cons:

• Configuration is scattered about in multiple one-line files instead of just a trivial config file.
• Documentation is a also bit scattered.
• The package might be a little more helpful by asking more questions when it’s installed (e.g. prompting for root’s mail recipient).
• Doesn’t provide the -bs switch, so it’s not LSB compatible.
• Gets very chatty in your log files when it can’t connect to the remote mail server.

Other alternatives:

• ssmtp - extremely simple MTA to get mail off the system to a mail hub
• http://linuxmafia.com/faq/Mail/nullmailers.html
• http://www.davidgrant.ca/ssmtp_vs_postfix_no_contest

Nullmailer has been available in Debian at least since Etch, and in Ubuntu Universe since Dapper.

Article submitted by Paul Wise. DebADay needs you more than ever! Please submit good articles about software you like!

Chromium B.S.U. is a top down fast paced high action scrolling space shooter. In this game you are the captain of the cargo ship Chromium B.S.U., and responsible for delivering supplies to the troops on the front line. Your ship has a small fleet of robotic fighters which you control from the relative safety of the Chromium vessel.

You control the robotic fighters with your mouse and repel wave after wave of different kinds of enemy ships. Launch Chromium B.S.U. from the Applications / Games / Arcade menu and start a new game. You will soon be sending volleys of weapon fire toward the enemy ships while protecting yourself with super shields, waiting for powerups to get closer or dodging fire from the larger enemy ships at the end of each level:

If you keep getting killed, quitcher whinin’, you ninny! It’s supposed to be hard! Seriously, Chromium B.S.U. is intended to be a 15 minute adrenaline rush/mental cleanser. Frequent doses of explosions can be very therapeutic. There is always kamikaze attacks or the BIG RED BUTTON if you get into particularly nasty trouble.

The chromium package is in Debian since lenny and Ubuntu since dapper, but it has been recently renamed to chromium-bsu. Chromium B.S.U. is an old favourite of the Linux gaming community that has been neglected until recently. The project is still looking for developers, especially to help move it off obsolete libs like libglpng and fix the rest of the bugs.

iotop is a console application for monitoring the I/O usage of processes on your system. It is especially handy for answering the question “Grrr, sloooowness, why is my disk churning so much?”

Just type iotop in your terminal and you will get a regularly updated list of processes and the amount of I/O they are currently using: reads and writesin bytes per second, and percentage of time spent swapping and waiting for I/O.

iotop is related to top and vmstat. In top you see a display of CPU and memory usage but not I/O. The vmstat utility shows it, but its just a stream of one-line reports instead of a dynamic display and doesn’t show the information in a per-process way.

Note that iotop needs the CONFIG_TASK_DELAY_ACCT and CONFIG_TASK_IO_ACCOUNTING options enabled in the kernel; in Debian stock kernels, that’s already the case.

iotop is available in Debian since Lenny and in Ubuntu (universe) since Intrepid.

dmidecode is a useful tool designed to extract system hardware information directly from the BIOS. This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. The information provided could potentially help in problem solving, like in the case of the screenshot provided; there’s no documentation to be found in regards to the setting of the CPU toggles, but the dmidecode output displays exactly which sequence can be used for each clock speed.

This information can be invaluable to administrators looking for tweaks, especially in legacy hardware. DMI data may not always be reliable, as the software is intended to report only what the BIOS tells it to.

Three additional tools are packaged with dmidecode which further enhances it’s usefulness:

• biosdecode prints all BIOS related information it can find.
• ownership retrieves the “ownership tag” that can be set on Compaq computers.
• vpddecode prints the “vital product data” information that can be found in almost all IBM computers.

dmidecode is available in Debian since Etch and in Ubuntu (universe) since Hardy.

• goplay Browse games.
• goadmin Browse admin packages.
• golearn Browse educational packages.
• gonet Browse networking related packages.
• gooffice Browse office packages, e.g. word processors, spreadsheets, project manager, finance managers, etc.
• gosafe Browse security packages.
• goweb Browse packages related with the web.

You can refine your search by specifying the type of package you are looking for, that is, the specific role it has. For example, gonet (the browser of networking related packages) has the following types: “Client”, “Configuration”, “Firewall”, “High Availability”, “Load Balancing”, “Routing”, “Scaning”, “Server”, “Service” and “VPN or Tunneling”. The screenshot in the right shows gonet browsing firewall packages. When you click on a package on the left pane, the right pane shows a description of the package and the DebTags (in the example, ferm, a recently featured package in this site). If a screenshot for the package is available, it is also shown.

The first and second field for classification are automatically set to “type” and “interface”, but you can change that using the options --primary and --secondary. For example, you can prune the list of packages based on the purpose of the package using the option --secondary=use. You can find more information about the predefined tags (also known as “facets”) in the Debian Wiki.

goplay is available in Debian Lenny and Ubuntu (since Hardy).

Your turn

Have you found an interesting package with goplay? Share it with the community and send us a good article! We’re running out of them!

cdargs is a command that enhances the good old cd by adding bookmarks and a browser. Sometimes you need to work on directories that are difficult to reach, even with the help of tab-completion (e.g. /var/www/mysite.com/subsection/includes). When you are in one of such directories, just type ca wwwinc and you’ll add a bookmark of the directory with the name wwwinc. Whenever you want to go back to that directory, no matter which is your current working directory, just type cv wwwinc and you’ll be back there. cdargs has tab-completion too and understands subdirectories of bookmarks. In the previous example, typing cv wwwinc/foo will be equivalent to cd /var/www/mysite.com/subsection/includes/foo

cdargs has a browser. Just type cv and cdargs will bring you a list of your bookmarks. You can use the arrow keys (or h, j, k and l if you are used to vim) to navigate the list. When you have selected your final directory hit enter, and you’ll return to the command line, in that directory. You can add new bookmarks by hitting ‘a’ and you can edit your list of bookmarks with your favorite editor hitting ‘e’. With ‘?’ you get a list of all of the available commands in cdargs.

The bookmarks of cdargs can be extended to other commands. The distribution of cdargs provides examples for the commands cp and mv, under the aliases cpb and mvb. For example, if you want to copy the file bar to the bookmark in the previous example, a quick cpb bar wwwinc will do the trick.

cdargs needs some aliases in the shell to work correctly. If you use the bash shell, you need to add this to your ~/.bashrc:

if [ -e /usr/share/doc/cdargs/examples/cdargs-bash.sh ]; then
  . /usr/share/doc/cdargs/examples/cdargs-bash.sh
fi

The aliases are also available for tcsh, but not for zsh. The author is looking for someone who knows zsh shell scripting to write them.

Other alternatives

• pushd, popd they are useful, but they are stack based and don’t provide any bookmark functionality.
• CDPATH You can achieve a similar behavior using the shell variable CDPATH, symbolic links and aliasing cv to cd -P. However, the bookmarks are easier to maintain with cdargs and the browser is a nice way to navigate through the filesystem. Moreover, with CDPATH you can’t extend other commands as cdargs does with cp and mv.

Availability

cdargs has been in Debian since at least Sarge and in Ubuntu since at least Dapper.

This thing is great! If you manage a set of files (e.g., a code base) and end up needing to perform a search/replace across the files, or some subset thereof, maybe regexxer will end up being counted among your friends.

The regexxer web site summarizes regexxer as “a nifty GUI search/replace tool featuring Perl-style regular expressions”. After using regexxer, I have to agree…

If you have a code base that needs some search/replace time spent on it, regexxer really does seem to be the way to go. Again, the web site sums things up well: “If you need project-wide substitution and you’re tired of hacking sed command lines together, then you should definitely give it a try.”

The GUI

The regexxer GUI is a straightforward, logically organized window with file management on the left and search/replace management on the right. The beauty of the thing is that the author(s?) seem to have added a lot of flexibility to the search/replace process while keeping the user interface relatively simple and clean.

File Management

One can select one or many files from a given folder. Recursion is optional and a pattern (e.g., *.lisp) can be defined to further limit files being acted on. A ‘find’ button then triggers execution of the search and the corresponding files are shown in the window below. Not much more to say…

The Search Replace process

The user interface makes it easy on the noggin with top-to-bottom arrangement of controls which follow the logic of the search replace. The perl-style search regex and the corresponding replacement are entered at the top of the window. Another ‘find’ button triggers the search and the corresponding matches are shown in context in the window below. At this point, I found the regexxer user interface close to ideal. The flexibility available to the user includes:

• ‘On the fly’ editing of the file.
• Performing the replace action one-at-a-time or per file or upon all files as a unit.
• The ability to navigate through the matches (little green arrows at the bottom let the user ‘back up’ or ’skip’ matches as desired).

Alternatives

It’s likely I’m simply unaware of many of the alternatives ‘out there’. Typically, for this type of thing, many turn to sed, a powerful command-line tool. However, sed has a substantial learning curve. In contrast, if one has already mastered perl regex, regexxer requires very little in the way of additional investment of energy. Other command-line tools which provide some of sed’s functionality, such as modifile, rpl, and replace, perhaps have their place but they certainly don’t offer the warm fuzzies of the GUI interface of regexxer.

Emacs, which typically seems to already have an extension for just about any task except cooking breakfast, didn’t seem to shine here. I can’t help but suspect that there’s an emacs tool available for this sort of thing but I haven’t happened across it yet.

Among other GUI tools, several offer similar functionality. For example, the text editor jedit can act in much the same way as regexxer. Unfortunately, jedit relies on java and, thus, things get dicey on planet Debian. Another, more focused tool, kfilereplace, is very straightforward but does not seem to be under active development and has much more limited functionality (e.g., the option to perform replacements ‘one-at-a-time’ is greyed out in the configuration window). Other utilities which seem to be designed to perform this type of task (e.g., modifile or regexsearch) don’t seem to be available for Debian.

Distros

Apparently those on planet Debian and planet Ubuntu have Ross Burton and Daniel Holbach to thank for the packaging of this excelent tool.

With the proliferation of XML-based formats, it is nice to have tools that manipulate XML documents in the traditional Unix-like fashion, as the good old grep(1), sed(1) and other tools do for plain text. xmlstarlet is one of such tools. In fact, it is an entire toolkit packed into one program: xmlstarlet can extract data from XML documents, alter them, validate them, and perform many other useful operations. xmlstarlet has been available in Debian since at least release 4.0 “etch”, and in Ubuntu since at least release 6.06 “Dapper Drake”.

Let’s look at a few features of xmlstarlet more closely.

Extracting Data from XML Documents

There is a flexible way of processing XML documents and extracting data from them — a language known as XSLT. Both Debian and Ubuntu provide utilities, such as xsltproc, to deal with XSLT. However, this language is not exactly terse, and it requires you to first compose a separate document defining the desired transformation, and then apply it to the original document. When all you want to do is extract a few values from a document, you’d like something more approachable.

xmlstarlet is your friend. It features a relatively simple command syntax for selecting data, based on an auxiliary language called XPath, which allows for addressing elements in XML documents in a style reminiscent of filesystem paths. Behind the scenes, xmlstarlet still generates XSLT code, and it helps to know the actual XSLT language, but simple queries can be done almost intuitively.

Suppose we’d like to get a list of the recent headlines from the Debian Package of the Day website. We can use xmlstarlet to extract titles from the site’s RSS feed, because RSS is an application of XML. In RSS, entry titles are contained in title elements, in turn contained in item elements, which are in channel elements under the root rss element. The feed itself can be easily fetched with wget(1). Our pipeline would then look like this:

$ wget -O - http://debaday.debian.net/feed/ 2>/dev/null | 
> xmlstarlet sel -t -m /rss/channel/item -v title -n
Fonty Python: manage your fonts
localepurge: Automagically remove unnecessary locale data
vnstat: a console-based network traffic monitor
rtpg-www: Please your dearest with rtorrent’s power
iftop - display bandwidth usage on an interface by host
atop: an ASCII full-screen performance monitor
dstat: versatile tool for generating system resource statistics
tellico: collection manager for books, videos, music, and a whole lot more
atool: handling archives without headaches
watch (from procps): execute a program at regular intervals, and show the output

The wget invocation is hopefully obvious (if it isn’t, just believe me that it downloads the feed and prints it to the standard output), so let’s dissect the xmlstarlet part.

1. sel, which stands for “select”, is the subcommand to invoke within xmlstalrlet — since it’s a toolkit, it contains a number of such subcommands.
2. The -t option designates the beginning of a template — roughly, a group of processing instructions.
3. The -m option specifies a match, and /rss/channel/item is an XPath expression; together they translate to “for each item element found under a channel element under the rss element”.
4. Then we specify what to do for that match: in our case, -v title prints out the value of the title element under the current item, and -n prints a newline separator.

The various options to xmlstarlet’s sel subcommand can be combined to produce fairly complex XSLT transformations. You can view the XSLT code generated by your command by adding the -C option.

Validating XML Documents

There are several ways of defining an XML document format, and the simplest of them is called document type definition, or DTD. A DTD defines which elements are allowed to appear in a document and what they can contain. DTDs for some popular formats, such as XHTML, are included in the Debian and Ubuntu archives. The val subcommand of xmlstarlet can validate documents against a DTD — that is, check if the documents comply with the formal requirements laid out in a DTD. In addition to DTD, xmlstarlet can also handle the more advanced XML Schema and RELAX NG languages.

As an example, let’s integrate xmlstarlet with gedit, the GNOME text editor, to enable easy validation of XHTML 1.0 Strict documents. We will need the w3c-dtd-xhtml package that contains the DTD files.

To validate against a DTD, xmlstarlet should be invoked with the val subcommand, the -d option (for “DTD”), and a path to the DTD file. As in the previous example, the document can be piped into xmlstarlet. We will integrate it into gedit by means of the latter’s “External Tools” plugin. Enable it by choosing “Edit” → “Preferences” → “Plugins” and marking “External Tools”. Then, in the “Tools” menu, select “External Tools” and click “New”. Name the tool as you wish, and optionally give it a description and a shortcut key. For “Command(s)”, enter this simple script:

#! /bin/sh
xmlstarlet val -d /usr/share/xml/xhtml/schema/dtd/1.0/xhtml1-strict.dtd -

Choose “Current document” for input, “Display in the bottom pane” for “Output”, and set “Applicability” to “All documents”. And that’s it. You can now validate any document you open in gedit from the “Tools” menu — even if the document comes from a remote location by way of the GNOME virtual filesystem.

With some more effort, you can write a script to validate any document for which you have the DTD installed. (Hint: you may use xmlcatalog(1) from the libxml2-utils package to locate DTD files by their public identifiers.)

Other Uses

This article cannot cover many other features of this toolkit, such as editing XML documents (ed), listing their element structure (el), or pretty-printing (fo). You may want to check out the examples that come with the xmlstarlet package (/usr/share/doc/xmlstarlet/examples), and to the reference help available by invoking xmlstarlet ‹COMMAND› –help.

Related Tools

The Debian archive also contains the python-4suite-xml package, which among other things provides some command tools for XML processing similar to xmlstarlet. However, 4suite seems to be intended more as a Python package, and consequently its command tools appear to be less feature-complete than xmlstarlet.

For solving specific XML-related problems, such as converting XML to and from other formats, you may want to have a look at the more specialized packages available in Debian and Ubuntu. The Debian Reference has an overview of some of those.

Firewall Builder is available from the libfwbuilder and fwbuilder packages in both Debian and Ubuntu in Universe. Packages for the current development builds are available from the project download area on SourceForge.

Eveyone knows about netfilter/iptables, a powerful firewall framework and command line tool that is part of every Linux distribution. Unfortunately, managing a security policy with it remains a non-trivial task for several reasons. Partially this is because of the complex syntax of the command line interface and the vast amount of available options and parameters. Another reason is that the administrator has to understand the internal path of the packet inside the Linux kernel and its interaction with different parts of netfilter in order to build rules correctly. This is not a specific problem of iptables though, other popular Open Source firewall platforms, such as OpenBSD PF, ipfilter and ipfw present similar challenges.

What is needed is a tool that lets an administrator define the security policy on a higher level of abstraction and hide the internal structure of the target firewall platform. For example, such a tool should decide which iptables chain is right for each generated iptables rule automatically, without the administrator’s input. It should also pick the right iptables targets for both policy and NAT rules as well as properly use most popular iptables modules, all automatically. Such tool should also implement best practices in policy design and help administrator deploy and activate generated policy on the firewall.

Firewall Builder does just that.

Introduction

Firewall Builder is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. It presents all supported firewalls to the administrator in terms of unified abstract firewall that takes the best features from all of them and hides their specifics and inconveniences. Firewall Builder is more complex than many basic firewall configuration GUIs such as Firestarter, but on the other hand one can build very complex policies with Firewall Builder and fully utilize flexibility and power of iptables and other supported firewalls.

The general idea should be familiar to anyone who has ever worked with commercial firewall management systems. All configuration management operations can be performed from one central place: the Firewall Builder GUI. You create and manage collection of objects that describe network addresses, hosts and firewalls, as well as services, and then build firewall policy and NAT rules using these objects. Policy rules are defined in terms of “Source” and “Destination” addresses and “Service” and can have additional parameters such as interface association, direction, time interval and optional platform-dependent attributes. NAT rules are defined by addresses and services before and after translation.

Rules are built with simple drag and drop operations and then firewall configuration can be generated with one click of a mouse. In the end, Firewall Builder produces a script or configuration file in the language of the target firewall. For iptables, it creates shell script that loads iptables rules, while for other platforms it creates a configuration file suitable for them. This makes it simple to deploy and activate the generated policy and also helps integrate Firewall Builder with existing automation scripts.

The program comes with a collection of over 100 standard objects that can be used to describe popular TCP, UDP and ICMP services.

Firewall Builder implements many best practices in firewall policy design and firewall management procedures. Here are just a few examples:

• It enforces a policy structure that denies all traffic by default and only permits what is necessary.
• The administrator can easily define IP address of the management workstation and Firewall Builder will automatically add a rule to ensure that ssh access from it to the firewall is always permitted. This rule is designed to assure that ssh session over which the installer activates a new policy does not break or hang. This helps to avoid accidents when errors in the policy rules cut off remote access to the firewall in the middle of an activation, making it impossible to fix the error and causing prolonged network outage.
• For Cisco PIX (ASA) and IOS access lists, where each access-list commands are immediately activated as they are entered, Firewall Builder can optionally create temporary access lists to ensure uninterrupted ssh access from the management workstation to the firewall for the duration of the policy reload session. This method provides the best protection against outages caused by loss of contact with the firewall because of errors in policy.
• For iptables, Firewall Builder can generate a script using iptables-restore for atomic activation. If iptables-resore detects an error in the script and refuses to load the policy, script leaves the firewall in the state it was in before. For other firewall platforms it uses appropriate activation methods to achieve the same goal.
• The built-in policy installer supports “test” install mode with automatic roll-back. This is another safety mechanism that helps minimize outages in case of errors in the policy. These measures are available for all supported systems, such as Linux/iptables, *BSD/pf, Cisco PIX and Cisco IOS.

Quick Tour

The main window of the program includes objects tree on the left (1), brief information about object selected in the tree (2), current firewall policy view (3) and a dialog panel where you can edit objects parameters (4).

As all Open Source projects, Firewall Builder depends on the user community who provide testing, bug reports and other forms of feedback. You can file bug reports and feature requests using the bug tracking system. The mailing list is a great place to ask for help and discuss the program with other users.

This was just a brief introduction to the Firewall Builder package. If you are interested in the program, you can find more information on the project web site at http://www.fwbuilder.org. The slideshows Introduction to Firewall Builder 3.0 for the impatient and Getting starter with Firewall Builder can help you get more familiar with the program.

PIDA is an IDE (integrated development environment) written in Python and the pygtk graphical toolkit. It is slightly different from other IDEs: rather than attempting to write a set of development tools of its own, PIDA reuses available tools. In this regards PIDA can be used as a framework for putting together your own customized IDE.

Although still a young application, PIDA already boasts a huge number of features because of the power of some of the tools it integrates. For example features such as code completion and syntax highlighting are well implemented in PIDA’s integrated editors far better than any editor built for a commercial IDE. PIDA currently features many code editing helpers: syntax highlighting, code completion, automatic indenting, block commenting, etc; project management, version control management, Python debugger and profiler, GTK+ GUI building and rapid application design.

Among the already integrated components you can find:

• VIM and Emacs as embedded editors with full support of each one’s features:
  • Syntax Higlighting
  • Code completion
  • Plugins
• Bazaar, Git, Subversion (and more) as version control systems.

It’s actually designed to program in any language, but it has some Python specific features like a Python shell. You can program you own plugins, and there’s a very nice API documentation to help you go trought the plugin development path.

Some already available plugins are:

Pastebin

Send code to a pastebin service

PdfTex preview

PdfTex preview compiles and displays pdf documents every time the buffer is saved.

Python

Show class/function from python file, and show compilation errors

Python Debugger

Python Debugger based on RPDB2 the WinPDB Back End

Unit Tester

Perform unit tests

Docbook browser

Browse local docbook

Todo manager

Manage a personnal todo list per project

RFC Viewer

Download RFC index, search and view RFC pages inside PIDA

Bazaar

This plugin, developed outside of the project, integrates lots of Bazaar function that are not included in the base version control integration

PIDA is a great way of keep using Vim and have a nice GUI around to help you work faster with the file browser, the project manager and the internal shells. You can get more info on using and developing PIDA in the handbook

There are official packages available in both Debian and Ubuntu for a long time now.

And remember: PIDA LOVES YOU!