Blog

Replacing a Maplin MOSFET poweramp module

Over the years I have built various DIY Hi-Fi equipment, one such item is a power amplifier which I have been using since I built it over 20 years ago ! One channel started playing up and eventually stop producing sound all together.

The power amplifier consists of two Maplin Electronics 150 watt Mosfet amp modules , a hi-grade power supply with a toroidal transformer and a soft start / speaker protection module , all built from kits.

One of the Mosfet amp modules had blown and rather than try to fix it I thought it would be a good opportunity to update the amp modules to something more modern. The power supply and the soft start / speaker protection unit were all good quality so I wanted to keep them.

I started looking for DIY Hi-Fi kits , the ones at Maplin looked too low end so I searched the web.

There seems a great deal of interest in Class-D amplifiers which brought back memories for me as I built one for my college project years ago when they were not generally used for audio amplifiers. I found a very interesting range of Class-D amplifier kits at 41HZ however I did not fancy soldering surface mount devices and the kits that did not have surface mount devices did not  suit my power supply.

I eventually found some pre-built Mosfet power amp modules at Class-d designs who are in the UK and despite the name of the company the modules are not Class-d which is fine for me as efficiency is not a problem as I have a pretty beefy PSU.

The layout of the components in the module enabled me to re-use the L-bracket heat sink from the Maplin modules ( there are finned heat sinks on the outside of the case to carry away the heat ).

The picture below shows one of the new modules in place with one of the original Maplin modules on the left , the soft start /speaker protection unit at the bottom and the power supply at the right. As you can see the new modules are quite a bit smaller. The sound is as good or better than the Maplin ones – although I’m not a “golden ear” person !

Power Amplifier with one new module
Power Amplifier with one new module

I tend to rebuild things over the years but keep various bits like PSUs and cases so things can look a bit untidy.

Below is my pre-amplifier which I use with the above poweramp – it has been re-built a few times and I’m thinking of rebuilding it again.

preamplifier
preamplifier

Web based bookmark manager SiteBar

Web based bookmark mangers

There are plenty of web based bookmark manager services out there but I wanted to install my own one on my Linux VPS server.

After looking at numerous bookmark managers I settled on SiteBar

See my post here for a walk through using SiteBar

It is open source , works with any browser, can import and export bookmarks.

SiteBar provides a service you sign up for if you don’t want to install your own server.

Installation is very easy. You need to have PHP and Mysql on your server.

Ensure in your php.ini system file ( /etc/php.ini  on Centos ) you have set the timezone like

date.timezone = ‘Europe/London’

otherwise you will get a warning

Warning: getdate() [function.getdate]: It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier.

Make a directory somewhere  under your web document root

mkdir /var/www/html/sitebar

You probably want to restrict access to the directory using Apache authentication controls

Download the zip file from the SiteBar site download page.

Unzip  :-

cd /var/www/html

unzip sitebar-master.zip
rename the directory to what you want to call it

mv sitebar-master.zip  sitebar
Fire up your browser and go to hostname/sitebar/index.php

Fill in the DB Password ( this is the root password you set when you setup MySql )

The rest  left as default

Click on Create Database

Click on Check Settings

Click on Download Settings and save the config.inc.php file to your desktop

Copy the config.inc.php file to /var/www/html/sitebar/adm directory

Click Check Settings and you should now go to a new page with an Install Button

Click Install

Click setup

Select language , fill in username , admin passwd, email , real name

Select the other options as required

Click on submit

Everything is now setup and you can start using things.

There is a link to the help documents but in general you right click on things to bring up an action menu. ( If right click does not work do Control-Right- click , you need to do this with some browsers like Galeon.).

 

Preventing ssh brute force attacks with DenyHosts

Looking in /var/log/secure

Well my VPS server has been up for just over a week and a check of /var/log/secure shows there have been a number of ssh brute force attacks.

An example from /var/log/secure :-

Feb 18 19:30:17 vm sshd[29470]: pam_succeed_if(sshd:auth): error retrieving information about user jodie
Feb 18 19:30:19 vm sshd[29470]: Failed password for invalid user jodie from 222.122.227.26 port 35485 ssh2
Feb 18 19:30:19 vm sshd[29471]: Received disconnect from 222.122.227.26: 11: Bye Bye
Feb 18 19:30:21 vm sshd[29478]: Invalid user jody from 222.122.227.26
Feb 18 19:30:21 vm sshd[29479]: input_userauth_request: invalid user jody
Feb 18 19:30:21 vm sshd[29478]: pam_unix(sshd:auth): check pass; user unknown
Feb 18 19:30:21 vm sshd[29478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.122.227.26
Feb 18 19:30:21 vm sshd[29478]: pam_succeed_if(sshd:auth): error retrieving information about user jody
Feb 18 19:30:23 vm sshd[29478]: Failed password for invalid user jody from 222.122.227.26 port 35986 ssh2
Feb 18 19:30:23 vm sshd[29479]: Received disconnect from 222.122.227.26: 11: Bye Bye
Feb 18 19:30:25 vm sshd[29486]: Invalid user joe from 222.122.227.26
Feb 18 19:30:25 vm sshd[29487]: input_userauth_request: invalid user joe
Feb 18 19:30:25 vm sshd[29486]: pam_unix(sshd:auth): check pass; user unknown

I started adding the IP addresses to /etc/hosts.deny but I thought there must be a way of automating things.

A Google search found DenyHosts which parses the secure log and automatically updates hosts.deny

DenyHosts has plenty of useful options ( including listing IP addresses that will never be added to hosts.deny – very handy so you don’t lock yourself out ! ). It can run from cron or in daemon mode.

Installation on Centos

Get the RPM from the Epel repository ( there are a great number of useful RPMS in the Epel repository and it is well worth adding to yum.

yum install denyhosts

Edit the configuration file

vi /etc/denyhosts.conf

The default setting will work fine but you may want to change things such as :-

ADMIN_EMAIL   if you want to be emailed about blocked hosts

The date format and log format.

The configuration file is very well documented.

Run the script on your /var/log/secure file :-

denyhosts.py –file=/var/log/secure

cat /etc/hosts.deny to see all the hosts it has found causing problems.

vi /var/lib/denyhosts/allowed-hosts  and add IP addresses you never want to be blocked each one on their own line.

Check if denyhosts will be started automatically at boot :-

-bash-3.2# chkconfig –list denyhosts
denyhosts          0:off    1:off    2:on    3:on    4:on    5:on    6:off

Then start it up :-

-bash-3.2# service denyhosts start

Yum update

Checking for Centos updates and fixes

Centos yum command has an option of check-update  which has a return code of 100 if there are updates together with a list of the updates. If there are no updates but the command worked then it returns 0.

I wrote a quick script to be run from cron to check for updates and send an email if they are any.

#!/bin/bash
# Checks for updates from Centos

MAILADDR=user@yourdomain
YUMTMPF=/var/tmp/yumcheck.$$

yum check-update  > $YUMTMPF  2>&1
RETCODE=”$?”
if  [ “$RETCODE”  -eq 100 ]
then
cat $YUMTMPF | mail -s  “There are Centos updates available on `hostname`” $MAILADDR

else
if   [ “$RETCODE” -ne 0 ]
then
{
cat $YUMTMPF | mail -s   ” Problems with yum check-updates on `hostname`” $MAILADDR
rm  $YUMTMPF
exit 1
}
fi
fi
rm $YUMTMPF
When I actually ran the yum update command I got some errors :-

Transaction Check Error:
file /usr/share/emacs/site-lisp/psvn.el from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5
file /usr/share/man/man1/svn.1.gz from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5
file /usr/share/man/man1/svnadmin.1.gz from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5
file /usr/share/man/man1/svnlook.1.gz from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5
file /usr/share/man/man5/svnserve.conf.5.gz from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5
file /usr/share/man/man8/svnserve.8.gz from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5
file /usr/share/xemacs/site-packages/lisp/psvn.el from install of subversion-1.5.5-0.1.el5.rf conflicts with file from package subversion-1.4.2-2.el5

Doing a rpm -qa | grep subversion

-bash-3.2# rpm -qa | grep subversion
subversion-1.5.0-0.1.el5.rf
subversion-1.4.2-2.el5

Showed two versions of subversion installed so I removed the older one :-

-bash-3.2# yum remove subversion-1.4.2-2.el5
Loading “fastestmirror” plugin
Setting up Remove Process
Loading mirror speeds from cached hostfile
* dag: apt.sw.be
* base: centosb2.centos.org
* updates: centosh2.centos.org
* addons: centosj3.centos.org
* extras: centosb2.centos.org
Resolving Dependencies
–> Running transaction check
—> Package subversion.i386 0:1.4.2-2.el5 set to be erased
–> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Removing:
subversion              i386       1.4.2-2.el5      installed         7.6 M

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       0 Package(s)
Remove       1 Package(s)

Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing   : subversion                   ######################### [1/1]

Removed: subversion.i386 0:1.4.2-2.el5
Complete!

Looking at the Dependencies Resolved section it showed the RPM to be i386 whereas my system is X86_64 so that looked like it was the problem. The update worked after that successfully.

Had a problem today with yum update :-

Resolving Dependencies
–> Running transaction check
—> Package file.x86_64 0:4.17-15.el5_3.1 set to be updated
Traceback (most recent call last):
File “/usr/bin/yum”, line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File “/usr/share/yum-cli/yummain.py”, line 229, in user_main
errcode = main(args)
File “/usr/share/yum-cli/yummain.py”, line 145, in main
(result, resultmsgs) = base.buildTransaction()
File “/usr/lib/python2.4/site-packages/yum/sqlitesack.py”, line 94, in _read_db_obj
setattr(self, item, _share_data(db_obj[item]))
TypeError: unsubscriptable object

A search on Google gave me the answer  :-

yum clean all

Afterwards I was able to do the yum update successfully

WordPress backups

My WordPress is only a few days old but logging in on the admin dashboard showed a new version of WordPress is out. I was going to sort out backups a little later but now seems a very good time to do it and then I can do the upgrade.

The Worpress site has a section on backing up Worpress , basically you backup the database and backup the flat files in your WordPress HTML directory.

First create a directory to store the backups :-

mkdir -p /backups

chmod 700 /backups

To backup the WordPress database I created a little script in /usr/local/bin :-

#!/bin/bash

TODAY=`date  ‘+%Y%m%d’`

DBNAME=wordpress

DBPASS=wpdbpasswd

DBUSER=wpdbuser

mysqldump –opt -u ${DBUSER} ${DBNAME} | gzip > /backups/wordpress.dump.${TODAY}.gz

————————————————————————————————————-

The values for DBNAME , DBPASS and DBUSER  are those setup in the wp-config.php file for your install.

To backup the flat files I just did a tar :-

cd /var/www/html ; tar cvf /backups/my-wordpress.20090211.tar  wordpress

Of course no one cares about backups – only restores count, so you should test your restore on another server. You should also backup the Mysql database which holds the usernames and passwords

mysqldump mysql -p > /backups/mysql.db.dump.20090211

You will be prompted for the root user password for the Mysql database which you would have set when you first started up mysqld at install time.

Don’t forget to copy the dumps and tars to another server in case of a total server loss !

I will automate all the above with cron and rsync in the future


Setting up email on a Linux VPS server

Email

In my previous blogs I have documented getting my Linux VPS server and installing WordPress blogging software. Next comes email.

There are really two parts – the sending and receiving of emails at the server level and the reading and sending emails from the desktop client. I will also setup Webmail sometime in the future.

For the server the two most popular *IX  MTAs are Sendmail and Postfix , with Sendmail being the standard on Unix servers and Postfix the standard on Linux servers. I choose Postfix as I’ve exclusively used Sendmail in the past and I wanted to see what it was like.

As for the client reading and sending emails I decided to use Dovecot which has become very popular at providing POP3 and IMAP services.

I wanted to avoid connecting to the server with plain text passwords and so TLS was to be used for encryption and  SASL for authentication.

There are two excellent Wiki entries for setting up Postfix , Dovecot and SASL/TLS on Centos.

Setup basic Postfix and Dovecot first ( the only thing extra I had to do was a chown -R user /home/user/Maildir in section 3.3 )

Once the above works then do the  SASL/TLS setup

If you have a firewall setup like me then you need to allow ports 993 and 995 for the encrypted versions of imap and pop3.

For Centos 6 use system-config-firewall-tui to easily configure the firewall for IMAP and optionally pop3.

Future things to do are to install a Spam control system and a Webmail application.

Installing WordPress on a Linux VPS

WordPress blogging software

Having setup my Linux VPS server ( see previous blog ) it’s time to install some web applications.

I wanted to install a blog so I could recount my experiances with a Linux VPS server. WordPress was chosen as it is open source and had very good reviews.

WordPress needs PHP and mysql – both of which were installed already.

Note current versions of WordPress require a later version of PHP than that shipped by default with Centos 5, If you are using Centos 5  update php to version 5.3 see here

First setup Apache so it will use PHP files

vi /etc/httpd/conf/httpd.conf and search for DirectoryIndex

Add index.php index.php3 index.pl index.htm index.cgi

( they are not all needed for WordPress but as I’m going to add other software I put them in )

Restart apache :-

service httpd restart

Create the database

As this is the first application I’m installing that uses mysql there a few steps needed to get msql up and running.

chkconfig  mysqld on

/etc/init.d/mysqld start

mysqladmin -u root password ‘apassword’

‘apassword’ is the password you want to set for the mysql root user

mysqladmin -u root -p -h localhost password ‘apassword’

Now create a database and a user for the database

mysql  -u root -p

create database wordpress ;

grant all privileges on wordpress.* to “wordpressadmin”@”localhost” identified by “passwd” ;

flush privileges ;

exit

passwd” is the password you want the wordpressadmin user to have. You don’t have to call the database wordpress or the user wordpressadmin.

Get the latest WordPress version :-

cd /root

wget http://wordpress.org/latest.tar.gz

cd /var/www/html

tar xvfz /root/latest.tar.gz

Now for the setup and install

cd wordpress

cp wp-config-sample.php wp-config.php

vi wp-config.php

change DB_NAME , DB_USER, DB_PASSWORD    to the values you used above in mysql.

Assuming you have your site enabled for SSL then add the following to force all login and admin sessions to be over SSL ( https )

define('FORCE_SSL_ADMIN', true);

Point your browser to https://yourhostname/wordpress/wp-config.php

Fill in the blog name  and an email address ( you can change these later ) then click install.

If successful you will get a password for the admin user displayed – make a note of this and login as user admin with that password.

Click on the Settings link at the left hand side and fill in the Blog Title , Tag Line , Worpress Address URL ( http://yourdomain/wordpress ) , Blog Address ( http://yourdomain/wordpress ).

Check and change any of the other settings such as date format as you want then save the changes.

Next setup your profile – click Users and Edit the admin user, fill in your first and last names ( these are not made public ) , a nick name  , select from the drop-down box the name you want to appear as and  an email address.

Finally change your password , then click on Update Profile

Now you are ready to blog. Click on Posts at the left hand side – you will see the is already one post which you can either edit or delete. Once you have created your post hit the Publish or Update Post button at the right hand side.

There are loads of different themes and plugins available for WordPress – give them a go.

Linux VPS server – the first steps

Pay your money and get your Linux VPS server

Having decided on Tagadab as my Linux VPS hosting company it was time to get the credit card out and get things  rolling. Once the payment was made I received an email thanking me for my order and they are configuring it and will let me know by email when it complete. A mere six minutes later the email arrived saying it was complete and a link to the control panel login.

Once logged in on the control panel I was able to see the IP address given and the root password.

Then it was a quick ssh from my desktop and I was in. I setup a non privileged user and changed root’s password.

As I had no existing domain name it was out with the credit card again to get a domain name. I used Tagadab to get the domain but you could use anyone.

While I was waiting for the Domain name stuff to be setup it was on with some preparation work.

First I disabled selinux – selinux is an excellent idea but I have had problems in the past with working out why things won’t work and after checking things over and over it was selinux stopping things. On Centos you can use the system-config-securitylevel command to disable selinux and also enable ports on the firewall. I set selinux to disabled , security level enabled and ticked the boxes to enable ssh , http, https and smtp. Reboot the server so selinux is disabled.

Check for updates to Centos :-

yum check-update

Then update if necessary :-

yum update

Using chkconfig –list I was able to see what was set to run on the server. httpd was running , as I wanted to install some web software like WordPress , I wanted to restrict access to the web server. As I was paranoid about plain text password I wanted https up and running first. A quick check showed modssl was installed but nothing was running on port 443.

The following was necessary to get https going :-

  1. Create your certificate ( this assumes like me you don’t want to or need to pay for a signed certificate ).
  2. genkey   –days 1825  yoursite.com           obviously use the name of your site and follow the instructions on the screen. The –days says how long the certificate is valid for.
  3. vi /etc/httpd/conf.d/ssl.conf  and change :-

SSLCACertificateFile /etc/pki/tls/certs/yousitename.com.cert

SSLCACertificateKeyFile /etc/pki/tls/private/yoursitename.com.key

  1. Restart Apache :-  service httpd restart

If you have problems check in /var/log/httpd/ssl_error_log

Check https access using your browser – as it is a self signed certificate you will have to add an exception to allow your browser to stop moaning and connect!

Now we want to restrict access to the web server while we install and configure some web applications.

  1. Create a username and password to be used for accessing the web server :-

htpasswd -c /etc/apache.passwds     username

Note /etc/apache.passwds can be any filename , username is the username you want to login to the web site with and does not have to be a real Linux username. It will prompt you for a password.

  1. vi /etc/httpd/conf/httpd.conf  and find the <Directory “/var/www/html”>  section and add

AuthType Basic
AuthName “By Invitation Only”
AuthUserFile /etc/apache.passwds
Require user username

Where /etc/apache.passwds and username are those you setup above.

Restart apache –          service httpd restart

Now check with your browser when you access your server you will be prompted for a username and password.

Setting the domain name

Log in to your front panel and select Domains. Click on the domain you have purchased and the add the following A records using the IP address of your server as the content:-

@

www

mail

Then add an MX record for email with mail.yourdomain as the content . e.g. if your domain is example.com the content would be mail.example.com

@

It takes a while for the records to be properagted to the Internet but eventually you will be able to use names rather than IP adresses.

Edit Apache configuration :-

vi /etc/httpd/conf/httpd.conf and search for ServerName

Set this to www.yourdomain:80

e.g. if your domain is example.com it would be www.example.com:80

Restart Apache :-

service httpd restart

The version of PHP shipped with Centos 5 is 5.1.6 which is quite old and many new versions of PHP applications require a newer version see my instructions for updating PHP to 5.3 on Centos 5.

In the next blog I will show installing WordPress blogging software

The search for a web hosting plan

The web hosting plan I wanted had to give me full control.
It had to be Centos Linux and allow me to install what software I wanted.
A dedicated server would be ideal but I could not justify the cost so I looked at VPS ( Virtual Private Servers ). These give you pretty much full control and are fairly reasonable.

The Search

A Google search for Linux VPS servers brings up a huge choice of hosting companies and plans.

So how to choose ?

I suggest getting a VPS with a minimum of 512MB of memory if you want host web apps that use a Mysql backend – WordPress for example.

If you want  to use your own IPtables firewall rules  and I suggest you do – then ensure that the hypervisor supports this – if in doubt email the hosting company before buying a plan.

Some VPS plans had easy to use front panels where you can just click to install software packages but I’m quite happy to install and configure things manually.

Most plans offer a choice of Linux versions – I was after Centos which is hugely popular for self hosting so there were lots of companies and plans to chose from.

Cost was of course a big decider. The fact I was willing to do manual installs without a fancy front panel meant I could look at the cheaper no frills plans.

In the end I decided to get a VPS server from Tagadab

They are very reasonable and I had my VPS  available in 10mins.

 

Uses for a Web site

I’ve been looking a getting a we presence for ages and I’ve finally got around to doing it.

There are several things I want to do :-

  1. Host my own blog
  2. Setup a “to-do” manager
  3. Have a password manager
  4. My own Wiki
  5. A depository for the shell scripts I write ( maybe version controlled )
  6. Bookmark manager accessible from anywhere
  7. Learn managing a website by managing by managing a web site!

OK you can do all of the above on your own PC at home or use some hosted applications but I want control of my data  – hence my search for a hosting plan.