Imran's Tech Blog

Though I am not a server or network administrator I have always been interested in learning how to secure a network. From some initial reading I learned that firewall is the starting point and trust me when I say that with Ubuntu 8.04 Server (code-named 'Hardy Heron') its seriously easy to setup a firewall. This article of mine will attempt to show beginners like myself how easy it is.

I am assuming that readers will have Hardy Heron installed before embarking on testing out the firewall. Once its installed once install the firewall front end 'ufw' using the following command -

For details reading on it one may try the Ubuntu wiki or 'man ufw'. So now I can get started in doing what I wanted to.

We have a network at my place and I want to restrict SSH from IPs other than mine and not only that I also want to ensure that pinging my servers return nothing. Being a newcomer to network firewalling to me it would be quite nice to achieve it. In general what I have seen for SSH is, there is only one gateway for the outside world to SSH into a network and from there one can SSH to the servers one is permitted to. Now SSH'ng the Gateway could be made further challening by specifying a IP to achieve which one has to be connected to the network VPN. Does it sound complicated to achieve? After using UFW I am pretty confident its not that difficult to set something up like this and hopefully you will feel the same.

I will skip the VPN part as that is a topic of it self and hopefully will have a writeup on how-to set it up sometime soon; setting a VPN server is not that difficult either thanks to OpenVPN, so interested readers if required can jump into it. My target is to block ping and block SSH from any IP other than my designated range.

Once one has UFW installed, first step would be to enable it and to that use the following command -

Once it is enabled and one wants to check the status, one can use the following to see it -

If one wants to enable logging one can do -

I suppose one can easily guess how to turn logging 'off'.
The next step would be to instruct firewall to allow SSH from a particular IP or IP range. One can use the following command respectively to allow if for the 2 cases mentioned above -

Now the obvious question could be why mention to IP address, its because a server may have more than 1 IP address and to mention which IP address this rule would apply to the to IP address is required. If you wondering how to calculate IP range you might want to have a look at the wikipedia page and IP Address range calculator.
Now one will need to ensure that default policy is deny and to achieve that issue the following command -

At this point I feel that I should also mention how delete a rule; its simply just add 'delete' before the start of rule definition. For example, for the rules of SSH one can issue the following commands to delete them -

Setting up firewall in Ubuntu

Since starting developing some code generation plugins (toString() generator and Java Util Logger Generator) using/for the NetBeans 6.1Beta I have learnt a lot and the more I worked on it I kept asking myself how could I make it easier. Once both the plugins took rudimentary form I learnt and discovered that patterns could make this task whole lot easier for me. So I started re-implementing the Logger generator (if you are interested in getting the resources please check the logger blog) plugin.

Now I wanted to implement that the plugin will search for System.out.print(ln) and out.print(ln) if static import exists. In doing so I had to walk the PARSED tree of a Java Source file. Just to give me a flavour that I am implementing something cool I called it JavaSourceTreeParser. Basically what it does is breaks down each every Java Statement to a form which can not be further decomposed. In the initial version the conversion was done in the parser it self (Revision 21). Then it felt that I could easily use Observer pattern for it and after implementing it (Revision 31) I saw that I am right and I achieved something which every code generator can use. (As I use GIT SCM I usually work offline and make bunch of commits together so dont worry how I make multiple commits at a go :)).

Once implementing it I found that for performance improvement and communication between various listeners I felt the need of session for state information sharing and then I decided to use Composite pattern for the purpose. and it also worked like a charm and as a result improving the overall performance of the plugins. The following diagram might give an idea how to use it using the API I designed.



What I implemented in the listener simply that the listener will get notified whenever the parser come across a particular type of tree, for System.out.println it would be MethodInvocationTree (Kind.METHOD_INVOCATION), and the listener according to its implementation will handle the Tree; in my case I replaced the method invocation with a logger invocation. In case where I inserted a Log method at the beginning of every method body I listened to Kind.METHOD. Now I am implementing Log insertion for Throw, Return and End of Method block. In process I will also add parsing life cycle listener to the API so that modification to the class is done only once when the parsing is completed. I hope this API helps users interested in code generation. I am very interested to learn what users think about it.

Code generation made easy using patterns

Java Util Logger has enabled us to ship application without having dependency on any external JARs or APIs for logging purpose. After starting to use it I felt the necessity of a Logger creation tool which will create and initialize a logger for me instead of me either writing it or Copy-Pasting it for every file or worse every class. Also using a tool will enable me to maintain a coherence of naming and initialization of loggers across a project.

With the release of Java Source API with NetBeans 6.1Beta I finally got the chance to write such a tool for myself :). In sequence with my toString() generator module I started this module as well. You can download the NBM file and install it as it is free and open source. How-to of this tool is as follows.

Basically what I needed for it can be stated in 3 steps -

1. Parse/read the Java File
2. Find declared classes
   
3. Check if Logger exists if not create it and add utility methods.

With the new Java Source API and Java Compiler Tree API it is nothing more than simple tree traversing for the purpose. You can have a peek at the implementation in the addLogger method in the source file (after opening the file 'Find' might be useful). One will find these NetBeans Wiki pages being helpful.

NetBeans: Generating Java Util Logger

My friend and colleague Shams developed a maven plugin to generate toString and equals method using Eclipse source code manipulation API and since then, being a NetBeans fan, I wanted to develop a similar component using NetBeans API. Though the Java Source API of NetBeans was available in the developer version, but it is finally going to be released with NetBeans 6.1 and one can have a look at it in 6.1Beta release.

So I started doing what I have been wanting to do for a long time :) - develop a NetBeans module to generate toString() for my Java classes. In this endeavour I came up with this open source project. In the generation of toString() I added iteration over array and collection over what Shams did. Users can simply download the NBM file from here and install it into your NetBeans 6.1 installation. To confirm that the installation is successful check the "Source" menu and you should see "Generate toString()" at the top of the list. To see the module in action simply open a Java Source file and choose the menu action and you will see that it will add/replace toString() methods of the classes in the file.

As future works to this plugin I have plans to add it to the context menu in project explorer for Java projects, provide a UI for user to choose what properties should be in toString and whether to replace toString or not. Additionally generate the current toString content in a separate method and invoke it from toString().

I also have plans for further plugins ; lets hope I have enough time for it :). Please create issues in the project to report issues or enhancements. Participation in development is most welcomed.

NetBeans - Generating toString for Java classes

I like Picasa to share photographs with my friends and relatives. I find it quiet annoying to use Picasaweb to upload pictures, Picasa (the desktop application) is just so cool. Thus I decided to install it on my Ubuntu; before starting the installation I did not except it to be a walk in the park, believe it or not it was.

Install Wine as specified in this blog; Then type winecfg in your console and you will see a GUI popping up. Ensure that your Windows Version in the Applications tab is Windows XP. Download Picasa and double click the exe it should start the installer in the Wine emulator; if not use the following command -
wine (Path-to-exe)/picasaweb-current-setup.exe
Now proceed with the installation as you would in Windows. If you choose to have a desktop shortcut you will see one in your desktop double clicking it would start picasa in your wine emulator. You can also start Picasa from your Applications -> Wine -> Programs -> Picasa2 -> Picasa2; you will also find the uninstall action there (which I did not use).
Now you can enjoy using Picasa on your Ubuntu; Happy Image Sharing!

Picasa on Ubuntu

While doing a bug hunting we needed to find a file containing a certain string and we did not know where to look for it. At one stage of "file hunting" we needed to be able to search for the file in jars (Java Archives). Thus in searching for it we came up with this shell script; using this script not only can we find jars containing certain filename but also search file content to get results. Lets take three use cases - "I want to find jars that contain .properties file", "I want to find jars containing .properties file containing the word com.smartitengineering" and "I want to find jars, whose name has smart, containing .properties file containing the word com.smartitengineering". Using the script all these use cases can be achieved by using the following commands respectively:

./search-jar.sh - /home/user/ .properties -
./search-jar.sh - /home/user/ .properties com.smartitengineering
./search-jar.sh *smart*.jar /home/user/ .properties com.smartitengineering

The command takes exactly 4 arguments - jar_filename_pattern, search_dir_path, search_file_name and content_to_search. If jar_filename is "-" than it will search within all jars within search_dir_path. If content_to_search is "-" it will not search for content, but rather jars with certain filename.

As the script is in open domain I would appreciate if users would make their own edit and submit or request for features through this post's comments.

Finding files in jars by their content

I was having problem to get Applet working in Firefox, primarily because I work with manually installed JDKs (that is not downloaded using apt-get). I did the following to get Applets working going through the following procedure.

locate libjavaplugin_oji.so

After I do this I will get the list of this file present in my machine. In my case one of the paths was -

/opt/jdk1.6.0_01/jre/plugin/i386/ns7/libjavaplugin_oji.so

Now I did the following and restarted my machine -

sudo ln -s /opt/jdk1.6.0_01/jre/plugin/i386/ns7/libjavaplugin_oji.so /usr/lib/mozilla-firefox/plugins/libjavaplugin_oji.so

After this I got applets to work in Mozilla Firefox. Just for fun delete the symlink and without restarting the browser check whether you can see the applet or not :).

Ubuntu: Getting Java Applets to work with Firefox

GIT submodules is an idea (of many) that actually played an extremely important role in me moving to GIT. As a new user I started playing around with GIT and I noticed that GIT commands executed on the parent module is not propagated to the child modules. In some use cases it would be extremely useful (at least for me) to be able to be propagate a command from the master module to all its child at all depth. I wrote this bash shell script to simply propagate commands from parent to its child. To use this script you can simply do the following (I am assuming that the TXT will have the name git-modules and will be an executable in $PATH):

for: git-pull
do: git-modules pull

for: git-status
do: git-modules status

for: git-commit -a -m "This is a test commit"
do: git-modules commit -a -m "This is a test commit"

for: git-checkout master
do: git-modules checkout master

Basically any git-X command can be simply be done as "git-modules X args-as-usual".

I would really appreciate/welcome criticism, feedback and addition to the script. I will be publishing it to the repo.or.cz tomorrow after a little bit more testing.

Propagating GIT commands to its submodules