LMDE
Intro
Notes while replacing my Debian by LMDE.
This included recovery of some settings so those are not notes for an install from scratch.
LMDE 201403
Installation
See http://www.linuxmint.com/download_lmde.php
Linux Mint has a nice graphical tool for manual repartitioning but not yet LMDE...
Install LMDE with manual partitioning
- it tells us we should mount target partition ourselves under /target
- crypsetup luksOpen /dev/sda1 sda1_crypt # has to be the same ref as in the crypttab later
- mount /dev/sda1_crypt /target
- continue installation
- inject proper config in /etc/crypttab and /etc/fstab
First I mount /home in /home.old (mkdir /home.old) so I can access both fresh user homedir and old one, then move content of /home into /home.old and change fstab to mount on /home next time
Add Debian repos
LMDE is based on Debian testing but with some delay and I had quickly the issue that my chromium profile was saved by a chroimum version newer than the one in LMDE repos.
/etc/apt/sources.list.d/debian.list :
deb http://ftp.be.debian.org/debian/ jessie main contrib non-free
We need some pinning to avoid jessie taking over the LMDE repositories. The problem is that they have both the exact same keywords:
$ apt-cache policy [...] 500 http://debian.linuxmint.com/latest// testing/main amd64 Packages release o=Debian,a=testing,n=jessie,l=Debian,c=main 500 http://ftp.be.debian.org/debian/ jessie/main amd64 Packages release o=Debian,a=testing,n=jessie,l=Debian,c=main
So we can only differentiate by origin:
/etc/apt/preferences.d/debian-package-repositories.pref:
+Package: * Pin: origin ftp.be.debian.org Pin-Priority: 400
And to use Jessie repo e.g.:
apt-get install chromium/jessie
Tuning
To be able to use encfs & sshfs:
adduser <myuser> fuse
Cinnamon tuning:
- pin progs to panel: drag & drop from menu
- change user picture: Settings / Account details
- Hide Icons on the Desktop: Settings / Desktop
- Add a Program Shortcut to the Mint Menu: Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item".
applet Multicode System Monitor: see http://cinnamon-spices.linuxmint.com/applets/view/79
apt-get install gir1.2-gtop-2.0
Settings / Applets / Get more / search network -> NMulticode System Monitor
Right click on bar / add applets
Install software
First ones
First ones are:
etckeeper : store /etc in git, mercurial, bzr or darcs
to save /etc with git
intel-microcode : Processor microcode firmware for Intel CPUs
to fix some warnings at boot time about some missing ucode:
platform microcode: firmware: agent aborted loading intel-ucode/06-2a-07 (not found?)
debian
apt-listchanges : package change history notification tool apt-rdepends : Recursively lists package dependencies dlocate : fast alternative to dpkg -L and dpkg -S equivs : Circumvent Debian package dependencies
system tools
bridge-utils : Utilities for configuring the Linux Ethernet bridge extlinux : collection of boot loaders (ext2/3/4 and btrfs bootloader) memtest86+ : thorough real-mode memory tester openssh-server : secure shell (SSH) server, for secure access from remote machines openvpn : virtual private network daemon pcscd : Middleware to access a smart card using PC/SC (daemon side) pcsc-tools : Some tools to use with smart cards and PC/SC smartmontools : control and monitor storage systems using S.M.A.R.T. usbview : USB device viewer uuid : the Universally Unique Identifier Command-Line Tool wfrench : French dictionary words for /usr/share/dict wine : Windows API implementation - standard suite
utils
an : very fast anagram generator baobab : GNOME disk usage analyzer bleachbit : delete unnecessary files from the system calibre : e-book converter and library management comix : GTK Comic Book Viewer gnumeric : spreadsheet application for GNOME - main program gt5 : shell program to display visual disk usage with navigation htop : interactive processes viewer impressive : PDF presentation tool with eye candies iotop : simple top-like I/O monitor link-grammar : Carnegie Mellon University's link grammar parser mc : Midnight Commander - a powerful file manager mosh : Mobile shell that supports roaming and intelligent local echo polygen : generator of random sentences from grammar definitions powertop : diagnose issues with power consumption and management psutils : PostScript document handling utilities pv : Shell pipeline element to meter data passing through pyp : sed/awk-like tool with Python language screen : terminal multiplexer with VT100/ANSI terminal emulation signing-party : Various OpenPGP related tools synergy : Share mouse, keyboard and clipboard over the network transgui : Front-end to remotely control Transmission unetbootin : installer of Linux/BSD distributions to a partition or USB drive unison : file-synchronization tool for Unix and Windows wodim : command line CD/DVD writing tool
devel
colormake : simple wrapper around make to colorize output ddd : The Data Display Debugger, a graphical debugger frontend dissy : graphical frontend for objdump git-annex : manage files with git, without checking their contents into git gitk : fast, scalable, distributed revision control system (revision tree visualizer) git-svn : fast, scalable, distributed revision control system (svn interoperability) gperf : Perfect hash function generator hexedit : view and edit files in hexadecimal or in ASCII indent : C language source code formatting program lua5.1 : Simple, extensible, embeddable programming language meld : graphical tool to diff and merge files nasm : General-purpose x86 assembler uncrustify : C, C++, C#, D, Java and Pawn source code beautifier wdiff : Compares two files word by word
elec/embedded
android-tools-adb : Android Debug Bridge CLI tool android-tools-fastboot : Android Fastboot protocol CLI tool arduino : AVR development board IDE and built-in libraries gerbv : Gerber file viewer for PCB design multimon : Linux Radio Transmission Decoder opensc : Smart card utilities with support for PKCS#15 compatible cards rtl-sdr : Software defined radio receiver for Realtek RTL2832U (tools)
security
network
arping : sends IP and/or ARP pings (to the MAC address) dsniff : Various tools to sniff network traffic for cleartext insecurities etherwake : tool to send magic Wake-on-LAN packets iodine : tool for tunneling IPv4 data through a DNS server kismet : wireless sniffer and monitor - core kismet-plugins : wireless sniffer and monitor - plugins ndisc6 : IPv6 diagnostic tools netcat : TCP/IP swiss army knife -- transitional package netsniff-ng : packet sniffing beast nmap : The Network Mapper socat : multipurpose relay for bidirectional data transfer sshfs : filesystem client based on SSH File Transfer Protocol themole : automatic SQL injection exploitation tool
forensics
autopsy : graphical interface to SleuthKit chkrootkit : rootkit detector cruft : program that finds any cruft built up on your system dc3dd : patched version of GNU dd with forensic features dcfldd : enhanced version of dd for forensics and security ext4magic : recover deleted files from ext3 or ext4 partitions foremost : forensic program to recover lost files gpart : Guess PC disk partition table, find lost partitions logkeys : keylogger for GNU/Linux systems mac-robber : collects data about allocated files in mounted filesystems memdump : utility to dump memory contents to standard output pdfresurrect : tool for extracting/scrubbing versioning data from PDF documents recover : Undelete files on ext2 partitions recoverdm : recover files/disks with damaged sectors recoverjpeg : tool to recover JPEG images from a filesystem image rkhunter : rootkit, backdoor, sniffer and exploit scanner tiger : Report system security vulnerabilities unhide.rb : Forensic tool to find processes hidden by rootkits vinetto : A forensics tool to examine Thumbs.db files wipe : Secure file deletion vbindiff : visual binary diff, visually compare binary files
stegano
outguess : Universal Steganographic tool steghide : A steganography hiding tool
data
antiword : Converts MS Word files to text, PS and PDF cabextract : Microsoft Cabinet file unpacker catdoc : MS-Word to TeX or plain text converter dos2unix : convert text file line endings between CRLF and LF furiusisomount : ISO, IMG, BIN, MDF and NRG image management utility gpsprune : visualize, edit, convert and prune GPS data lsdvd : read the content info of a DVD mtd-utils : Memory Technology Device Utilities mtp-tools : Media Transfer Protocol (MTP) library tools page-crunch : PDF and PS manipulation for printing needs pdfchain : graphical user interface for the PDF Tool Kit pdftk : tool for manipulating PDF documents pgpdump : PGP packet visualizer pst-utils : tools for reading Microsoft Outlook PST files qprint : encoder and decoder for quoted-printable encoding recode : Character set conversion utility rotix : A program to generate rotational obfuscations
crypto
fcrackzip : password cracker for zip archives john : active password cracking tool password-gorilla : cross-platform password manager pdfcrack : PDF files password cracker ssss : Shamir's secret sharing scheme implementation
reverse-engineering
flasm : assembler and disassembler for Flash (SWF) bytecode
coding
ckport : portability analysis and security checking tool cppcheck : tool for static C/C++ code analysis flawfinder : examines source code and looks for security weaknesses pychecker : tool to find common bugs in Python source code pylint : python code static checker and UML diagram generator
audio
id3v2 : A command line id3v2 tag editor mp3blaster : Full-screen console mp3 and Ogg Vorbis player musescore : Full featured WYSIWYG score editor sox : Swiss army knife of sound processing
picture
darktable : virtual lighttable and darkroom for photographers exif : command-line utility to show EXIF information in JPEG files gifsicle : Tool for manipulating GIF images gimp-data-extras : An extra set of brushes, palettes, and gradients for The GIMP gimp-lensfun : Gimp plugin to correct lens distortion using the lensfun library gimp-texturize : generates large textures from a small sample gnuplot : Command-line driven interactive plotting program graphviz : rich set of graph drawing tools inkscape : vector-based drawing program jhead : manipulate the non-image part of Exif compliant JPEG files jpeginfo : Prints information and tests integrity of JPEG/JFIF files jpegpixi : Remove hot spots from JPEG images with minimal quality loss netpbm : Graphics conversion tools between image formats plotutils : GNU plotutils command line tools based on libplot pngtools : series of tools for PNG (Portable Network Graphics) images rawtherapee : raw image converter and digital photo processor
hugin : panorama photo stitcher - GUI tools autopano-sift-c : Automatically create control points for panorama image
video
cheese : tool to take pictures and videos from your webcam gaupol : subtitle editor for text-based subtitle files mencoder : MPlayer's Movie Encoder metacam : extract EXIF information from digital camera files mkvtoolnix : Set of command-line tools to work with Matroska files mkvtoolnix-gui : Set of tools to work with Matroska files - GUI frontend mp4tools : Suite of scripts to encode Audio and Video in many formats mpegdemux : MPEG1/2 system stream demultiplexer mplayer2 : next generation movie player for Unix-like systems
cclive : lightweight command line video extraction tool mimms : mms (e.g. mms://) stream downloader quvi : command line program to extract video download links youtube-dl : downloader of videos from YouTube and other sites
net
chromium-inspector : page inspector for the Chromium browser chromium : Chromium web browser esniper : simple, lightweight tool for sniping ebay auctions iftop : displays bandwidth usage information on an network interface ipcalc : parameter calculator for IPv4 addresses ipmitool : utility for IPMI control with kernel driver or LAN interface iptraf : Interactive Colorful IP LAN Monitor ipv6calc : small utility for manipulating IPv6 addresses mozplugger : Plugin allowing external viewers to be launched inside Mozilla subnetcalc : IPv4/IPv6 Subnet Calculator upnp-inspector : Python UPnP framework analyser upnp-router-control : UPnP compliant router manager
icedove : mail/news client with RSS and integrated spam filter support enigmail : GPG support for Thunderbird and Debian Icedove
Install special software
pwsafe
Have to backport from squeeze: get and install those
http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb
virtualbox
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add - echo "deb http://download.virtualbox.org/virtualbox/debian wheezy contrib" > /etc/apt/sources.list.d/virtualbox.list apt-get update apt-get install virtualbox-4.3
And extension pack at https://www.virtualbox.org/wiki/Downloads
google-musicmanager
https://dl.google.com/linux/direct/google-musicmanager-beta_current_amd64.deb
bp-tools
From http://www.eftlab.co.uk/index.php/downloads/bp-tools
Needs libpthread-stubs0:
http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb
apt-get install libsqlite3-dev sqlite3 dpkg --purge bp-tools dpkg -i bp-tools_14.04_amd64_free.deb
dropbox
apt-get install nemo-dropbox
To avoid autostart:
- Settings / Startup Apps Prefs / disable Dropbox
Belgian eID
cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/
-> debian 64
See also https://code.google.com/p/eid-mw/wiki/ChromeLinux :
libnss3-tools : Network Security Service tools
Close Chrome
cd modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so modutil -dbdir sql:.pki/nssdb/ -list
EMV-CAP
python setup.py install
And install:
python-pyscard : Python wrapper above PC/SC API
IDA Pro
See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html
Run installation file
It requires libglib2.0-0 but because of chromium/jessie we need the jessie one:
apt-get install -t jessie libglib2.0-0:i386 libselinux1:i386
apt-get install libstdc++6:i386 libc6-i686:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libglib2.0-0:i386 \ libice6:i386 libpcre3:i386 libpng12-0:i386 libsm6:i386 libstdc++6:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 \ libxdmcp6:i386 libxext6:i386 libxrender1:i386 zlib1g:i386 apt-get install libpython2.7:i386
Skype
Take Debian 7 multiarch version: http://www.skype.com/en/download-skype/skype-for-linux/downloading/?type=debian32
dpkg -i skype-debian_4.2.0.13-1_i386.deb apt-get -f install dpkg -i skype-debian_4.2.0.13-1_i386.deb
Problem of sound? see http://forums.linuxmint.com/viewtopic.php?f=48&t=143634
Edit /etc/pulse/default.pa:
-load-module module-udev-detect +load-module module-udev-detect tsched=0
Googleearth
apt-get install googleearth-package make-googleearth-package dpkg -i googleearth_6.0.3.2197+1.1.0-1_amd64.deb apt-get -f install (dpkg -i googleearth_6.0.3.2197+1.1.0-1_amd64.deb)
Psi-plus
psi-plus : Qt-based XMPP/Jabber client (basic version) psi-plus-plugins : plugins for Psi+ libqca2-plugin-ossl : SSL/TLS support for the Qt Cryptographic Architecture
Recover backuped config:
~/.cache/psi+ ~/.config/psi+ ~/.local/share/psi+
Gogoc
gogoc : Client to connect to IPv6 tunnel brokers
Recover backuped config:
/etc/gogoc/
Avoid it to start automatically:
update-rc.d gogoc disable
logkeys
apt-get install logkeys
Find keyboard device to see which eventX to use:
grep "^[NH]" /proc/bus/input/devices
Edit /etc/default/logkeys:
ENABLED=1 LOGFILE=/var/log/logkeys DEVICE=/dev/input/event0
Avoid it to start automatically:
update-rc.d logkeys disable
Allow starting it without password prompt:
Create /etc/sudoers.d/logkeys:
<myuser> ALL = NOPASSWD: /etc/init.d/logkeys
Provide stealth hooks, under your choice name, e.g. "sl" (for mispelled "ls") etc:
#!/bin/bash sudo /etc/init.d/logkeys start >/dev/null echo "bash: $(basename $0): command not found" exit 127
#!/bin/bash sudo /etc/init.d/logkeys stop >/dev/null echo "bash: $(basename $0): command not found" exit 127
Wireshark
tshark : network traffic analyzer - console version wireshark : network traffic analyzer - GTK+ version
apt-get install wireshark tshark dpkg-reconfigure wireshark-common adduser <myuser> wireshark
GUFW
Firewall:
apt-get install gufw
Add entry in menu manually... see /usr/share/applications/gufw.desktop
Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item".
libnfc
apt-get install libnfc5 libnfc-bin libnfc-examples libnfc-dev libnfc-pn53x-examples apt-get install libfreefare0 libfreefare-bin libfreefare-dev libfreefare-doc modprobe -r pn533 adduser <myuser> plugdev
Exim4
apt-get install exim4-daemon-light bsd-mailx
Check /etc/mailname for your machine FQDN
Add to /etc/aliases:
root: <myuser>
Add to /etc/email-addresses:
<myuser>: <myemail>
Add to /etc/exim4/passwd.client:
<mysmtpserver>:<myuser>:<mypwd>
Edit /etc/exim4/update-exim4.conf.conf:
+dc_eximconfig_configtype='satellite' +dc_other_hostnames= +dc_readhost='<mydomain>' +dc_smarthost='<mysmtpserver>::<mysmtpserverport>' +dc_hide_mailname='true'
mitmproxy
mitmproxy : SSL-capable man-in-the-middle HTTP proxy
apt-get install mitmproxy/jessie python-netlib/jessie
After first run of mitmproxy, certs are created.
Install ~/.mitmproxy/mitmproxy-ca-cert.cer as authority or:
Run mitmproxy, visit http://mitm.it and install certificate