Commandes Vidéo diverses ffmpeg mencoder avisplit avimerge transcode

How can I fix AVI files with a broken index or bad interleaving?

To avoid having to use -idx to be able to seek in AVI files with a broken index or -ni to play AVI files with bad interleaving, use the command

mencoder -forceidx -nobps  -ovc copy -oac copy -o outidx.avi input.avi

to copy the video and audio streams into a new AVI file while regenerating the index and correctly interleaving the data.

Of course this cannot fix possible bugs in the video and/or audio streams

transcode -i input.avi -P 1 --avi_limit 128 -b 128  -o out.avi

Réaligner chunks vidéo et audio pour qu'il n'y ait pas de désynchronisation après le split

transcode -i input.avi -P1 -N 0x55 -y raw -o out.avi

Split

avisplit -i out.avi -o base -s 512

TOUT EN UNE SEULE OPERATION avec transcode

transcode -i input.avi -P1 -N 0x55 -y raw -o out --avi_limit 512

ffmpeg -threads N

ffmpeg -i input.mp4 -y -threads 2 -map 0.0:0.0 -f avi -vcodec copy -b 940 -aspect 4:3 -s 640x480 -r pal -g 240 -me epzs -qmin 2 -qmax 15 -acodec mp3 -ab 128 -ar 48000 -ac 2 -map 0.1:0.1 -benchmark out.avi

MUXING

mencoder -oac copy -ovc copy  -o output_movie.avi \
    -audiofile input_audio.mp2 input_video.avi

mencoder -of lavf -ovc copy -oac mp3lame -forceidx -lameopts cbr:br=128 -o outmencoder.avi -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames input.mp4

Pour joindre 2 fichiers avi

L'option -c set pour dropper des frames s'il manque de l'audio

avimerge -o bigvideo.avi -c -i avi1 avi2 avi3

launchtl can be used to disable and re-enable crash reporting or mDNSResponder or services mac os x

launchtl can be used to disable and re-enable crash reporting.  

To disable crash  reporting:

           launchctl unload -w /System/Library/LaunchAgents/com.apple.ReportCrash.plist
           sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist

     To re-enable crash reporting:

           launchctl load -w /System/Library/LaunchAgents/com.apple.ReportCrash.plist
           sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist

Disable mDNSResponder

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Disable  Apple Push Notification Service (apsd) on OS X 10.8

launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist

Secret SSH

Secret SSH 

SecretSSH est un petit programme en perl qui permet juste de montrer la

faisabilité d'une idée amusante : cacher sshd et l'activer à distance à

la demande.

Il permet de répondre à ma manière aux personnes qui ont peur du

débordement de buffer ou de la trappe dans un serveur SSH ;-)

L'activation de sshd se fait sur la réception d'un paquet TCP possédant des

caractéristiques particulières. Ainsi, le démon sshd n'est pas toujours en

écoute sur le réseau et à distance il est impossible (?) de le trouver.

Il est possible d'envisager un tel programme pour administrer une machine

aidant à la détection d'intrusion avec SNORT par exemple. Il est alors

possible de fermer tous les services sur cette machine même le port 22/tcp.

Le programme suivant n'est qu'une illustration permettant de montrer ce qui

est faisable mais il est fourni sans aucune garantie.

Pour tester secretssh (fourni ci-dessous) :

. Sur le serveur (en tant que root) : ./secretssh.pl

. Sur le client (en tant que root) : ./secretssh.pl [login@]server

secretssh nécessite perl RawIP qui peut être téléchargé à l'adresse :

http://quake.skif.net/RawIP/files/Net-RawIP-0.09c.tar.gz

Dans la configuration initiale, le client envoi un paquet SYN tcp sur le

port 80 du serveur avec le champ id, l'adresse ip source, le port source et

le numéro de séquence fixés à certaines valeurs. A la réception de ce paquet

le serveur lance sshd en mode debug sur le port 2222/tcp. Le client se connecte

ensuite via ssh sur le port 2222/tcp du serveur. Ce port n'est accessible sur

le serveur que pour une seule connexion ssh.

#------------------------------------------------------------------------------

#!/usr/local/bin/perl

# secretssh - sa/hsc

# RawIP homepage: http://quake.skif.net/RawIP/files/Net-RawIP-0.09c.tar.gz

use Net::RawIP;

## CONF (you should edit all these params) #####

my $key_port_dst = '80';

my $key_ip_src = '192.168.66.66';

my $key_port_src = '1666';

my $key_ip_id = '666';

my $key_tcp_seq = '66666666';

my $verbose = 0;

my $bindport = 2222;

my $SSH = '/usr/local/bin/ssh';

my $SSHD = '/usr/local/sbin/sshd';

## MAIN ########################################

print " --== Secret SSH - sa/hsc ==--\n";

$a = new Net::RawIP;

my $remote = shift || "";

if( $remote=~/\S/ ) { #client

my $login="";

if($remote=~/^(\S+@)(\S+)$/) {$login=$1; $remote=$2;}

$a->set({ip=>{id=>$key_ip_id,saddr=>$key_ip_src,daddr =>$remote},

tcp=>{dest=>$key_port_dst,source=>$key_port_src,syn=>1,seq=>$key_tcp_seq}});

$a->send;

$verbose ? exec "$SSH", '-v', '-p', "$bindport", "${login}${remote}"

: exec "$SSH", '-p', "$bindport", "${login}${remote}";

}

else { #server

my $dev = Net::RawIP::lookupdev($tout);

print "Server using $dev and port $bindport ...\n" if($verbose);

$pcap=$a->pcapinit($dev,"tcp and src host $key_ip_src and src port $key_port_src".

" and ip[4:2] = $key_ip_id and ip[24:4] = $key_tcp_seq",1500,30);

loop $pcap,-1,\&Bindsshd,\@a;

}

## FUNC #########################################

sub Bindsshd { system "$SSHD", '-d', '-p', "$bindport"; }

## EOF ##########################################

#------------------------------------------------------------------------------

Exemples acl chmod Mac OS X et extended attributs xattr manipulations

Examples acl chmod Mac OS X

# ls -le

-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1

# chmod +a "admin allow write" file1

# ls -le

-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1

owner: juser

1: admin allow write

# chmod +a "guest deny read" file1

# ls -le

-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1

owner: juser

1: guest deny read

2: admin allow write

# chmod +a "admin allow delete" file1

# ls -le

-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1

owner: juser

1: guest deny read

2: admin allow write,delete

Use the xattr command. You can inspect the extended attributes:

$ xattr s.7z
com.apple.metadata:kMDItemWhereFroms
com.apple.quarantine

and use the -d option to delete one extended attribute:

$ xattr -d com.apple.quarantine s.7z
$ xattr s.7z
com.apple.metadata:kMDItemWhereFroms

you can also use the -c option to remove all extended attributes:

$ xattr -c s.7z
$ xattr s.7z

Preventing Creation of .DS_Store Files MAC OS X

Preventing Creation of .DS_Store Files MAC OS X

Open the Terminal.
Type:
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
Press Return.
Restart the computer.

transcode / Filter Plugins / Filter Ascii

$ transcode ... -J ascii=font:/default8x9.psf:pallete:/colors.pal


See



https://bitbucket.org/achurch_/transcode/wiki/Filter%20Plugins/Filter%20Ascii

Capabilities

Video	Audio	RGB	YUV	YUV422	multiple instances	processing type	frames needed
yes	no	yes	yes	no	yes	POST	1

Introduction

This filter renders a video in colored ascii-art !
Unkike current 'aalib' output drivers (that you will find in most players), the output of this filter is not display-dependent. This means that your ascii-art rendered video will be playable with any other player !
This filter is a video, post-process only filter. You can use it in both mono or multi-threaded mode. Please notice it supports RGB and YUV color spaces.

Requirements

This filter needs the 'aart' package as runtime dependency. You can download this package at http://aart.sourceforge.net/ (see INSTALL file for more details).
'aart' comes with a few data stuff. In particular, you will be provided a color pallete (colors.pal). This file is a matching index between your input video colors and your output ascii-art video colors. Please notice that you can define your own color pallete, but this is not a trivial task. In most of cases, the provided pallete will work properly.
'aart' also comes with some default fonts but you are free to use your own ones (ie installed on your system).

Warning

In version 0.5 (version documented here), this filter uses the aart package, which provides a very slow process. This means rendering a video in colored ascii-art will take a very long time. The 'libcaca' team has been contacted for a feature add. Therefore, filter_ascii should be ported to 'libcaca' pretty soon (which will decrease dramaticly process time). So, please only consider short video samples for the moment.

Parameters

Default values are shown in [green] in square brackets.

help Display a short help

Display a short description of the filter and its arguments.

font PSF font file [default8x9.psf]

A valid font file (*.psf). Font files that come with the aart package work well.

pallete PAL palette file [colors.pal]

A valid color pallete file (*.pal). The color pallete files that comes with the aart package works well.

threads Use multiple-threaded routine (0-oo) [0]

Use multiple-threaded routine for frame-processing. Recommended value for this option is 1, so don't use this option unless you know what you are doing.

buffer Use `aart` internal buffer for output

Use 'aart' internal buffer for ouput. Recommended value for this option is 'off', so don't use this option unless you know what you are doing.

Usage Examples

• Render a video sample in colored ascii-art :

$ transcode ... -J ascii=font:/default8x9.psf:pallete:/colors.pal

fifo pipe mplayer ffmpeg

Create a fifo pipe between mplayer and ffmpeg 

mplayer -vo yuv4mpeg:file=videoout.fifo

ffmpeg -f yuv4mpegpipe -i videoout.fifo

lister et créer samba users

Creating samba users

The last part of this tutorial will involve us creating samba users. These users must represent Linux users but their password can and should be different to the Linux password for security. This is not enforced though. Using the command smbpasswd(/usr/bin/smbpasswd) as the root user we can add new samba users. A user must have a password in samba to access shares.

smbpasswd -a root
 -a pi

The above commands add root and pi as samba users. By default a TDB database is used to store this information. You can list current samba users with the command pdbedit(/usr/bin/pdbedit).

pdbedit -L

VIRTUALBOX MAC OS X aio_queue_async_request FIX

aio_queue_async_request FIX

Mac OS X kernel configuration

sudo sysctl -w  kern.aiomax=512 kern.aioprocmax=128 kern.aiothreads=16

then restart VirtualBox. These settings will apply until you reboot. To make the changes permanent, add/update the following lines in  

/etc/sysctl.conf:

kern.aiomax=512

kern.aioprocmax=128

kern.aiothreads=16

Note: you can probably set those limits even higher, as

documentation for Sybase

Enabling Host I/O caching for controllers that have local and file-based disks attached seems to have fixed 99% of the issues described above.

The following line enables the Host I/O cache:

VBoxManage storagectl --name --hostiocache on

In my case it was:

VBoxManage storagectl pintail --name SATA --hostiocache on

This probably also makes all the kern.aio* settings irrelevant.

Further implications of enabling the Host I/O cache are described here:

 http://www.virtualbox.org/manual/ch05.html#iocaching

iportable OS X blogs

http://lifehacker.com/5739259/how-to-create-a-portable-hackintosh-on-a-usb-thumb-drive

http://xsolutions.free.fr/home/netbook/inetbook/iportable/secteurdeboot.php

Blog sur outils de sécurisation

https://securityinabox.org/fr

Suppression de tous les programmes Norton pour Mac à l'aide de l'utilitaire de suppression RemoveSymantecMacFiles

Apparemment Norton antivirus de Symantec ne fonctionne pas bien avec EL CAPITAN = toutes les communications réseau bloquées.

La simple désinstallation ne suffirait pas à rétablir la situation.


Pour le supprimer  :

https://support.norton.com/sp/fr/ca/home/current/solutions/kb20080427024142EN_EndUserProfile_fr_fr


RemoveSymantecMacFiles.zip sur mon google drive



Pour désinstaller manuellement votre produit Norton pour Mac, consultez l'article Désinstallation de votre produit Norton pour Mac.
Avant de désinstaller votre produit Norton pour Mac, lisez ce qui suit :

• RemoveSymantecMacFiles supprime tous les fichiers Mac OS X de Symantec du volume de démarrage Mac OS X. Ces fichiers incluent des fichiers invisibles, tels que les fichiers Norton AntiVirus for Macintosh QuickScan et Norton FileSaver.
  
• RemoveSymantecMacFiles supprime toutes les versions bêta des produits Symantec.
  
• RemoveSymantecMacFiles est fourni à titre d'aide uniquement et n'est pas un utilitaire pris en charge.
  

RemoveSymantecMacFiles supprime tous les dossiers créés par les programmes d'installation de Norton et tous les fichiers dans ces dossiers. Vous perdrez tous les fichiers qui résident dans ces dossiers, y compris ceux que vous avez créés.

Si vous êtes connecté en tant qu'utilisateur standard et que votre ordinateur exécute Mac OS X 10.6.8 ou une version antérieure, suivez les instructions de la section Téléchargement et exécution de RemoveSymantecMacFiles en tant qu'utilisateur standard de l'article.

Téléchargement et exécution de RemoveSymantecMacFiles en tant qu'administrateur

1. Téléchargez le RemoveSymantecMacFiles.zip fichier.
   
2. Cliquez deux fois sur le fichier RemoveSymantecMacFiles.zip téléchargé.
   Le fichier est développé.
   
3. Ouvrez le dossier RemoveSymantecMacFiles.
   
4. Cliquez deux fois sur le fichier RemoveSymantecMacFiles.command.
   
   Pour exécuter cet outil, vous devez être connecté à votre Mac avec un compte administrateur et un mot de passe non vide.
   
5. Dans la boîte de dialogue d'avertissement d'application, cliquez sur Ouvrir.
   Le fichier RemoveSymantecMacFiles.command est lancé dans l'utilitaire Terminal.
   
6. Saisissez votre mot de passe d'administrateur Mac OS X et puis appuyez sur Entrée.
   Quand vous saisissez votre mot de passe, aucun caractère n'apparaît.
   
7. Effectuez l'une des opérations suivantes :
   
   • Pour supprimer tous les fichiers et dossiers Symantec, tapez 1.
     
   • Pour quitter RemoveSymantecMacFiles sans supprimer aucun fichier, tapez 2.
     
8. Appuyez sur Retour.
   
9. Avant de redémarrer votre ordinateur, enregistrez votre travail et fermez les applications ouvertes, puis tapez y et appuyez sur Retour.
   

Téléchargement et exécution de RemoveSymantecMacFiles en tant qu'utilisateur standard

1. Téléchargez le RemoveSymantecMacFiles.zip fichier.
   
2. Cliquez deux fois sur le fichier RemoveSymantecMacFiles.zip téléchargé.
   Le fichier est développé.
   
3. Dans la barre de menu, cliquez sur Aller > Utilitaires.
   
4. Cliquez deux fois sur Terminal pour lancer l'utilitaire.
   
5. Dans la fenêtre Terminal, saisissez su admin_username et appuyez sur Retour.
   Où admin_username est le nom du compte administrateur sur votre Mac.
   
6. Dans l'invite Mot de passe, saisissez le mot de passe de votre compte administrateur.
   
7. Dans le Dock, cliquez sur l'icône Téléchargements et sélectionnez RemoveSymantecMacFiles.
   
8. A l'invite bash, saisissez sudo, puis faites glisser le fichier RemoveSymantecMacFiles.command depuis le dossier RemoveSymantecMacFiles dans la fenêtre Terminal.
   Si vous souhaitez saisir manuellement la chaîne de commande, remplacez TestAccount par le nom de votre compte utilisateur standard.
   
9. Appuyez sur Retour.
   
10. Saisissez votre mot de passe d'administrateur Mac OS X, puis appuyez sur Retour.
    
11. Pour supprimer tous les fichiers et dossiers Symantec, tapez 1, puis appuyez sur Retour.
    
12. Avant de redémarrer votre ordinateur, enregistrez votre travail et fermez les applications ouvertes, puis tapez y et appuyez sur Retour.
    

VIRTUALBOX Using a raw host hard disk from a guest

See

https://www.virtualbox.org/manual/ch09.html#rawdisk

Notes on Configuration Raspbian Server dovecot exim4 Mail Maildir printer and files server samba

stopper swat

swat est démarré par inetd.conf
Donc commenter la ligne.

----------

changer les alias au niveau unix

/etc/aliases

-----------

Changer les alias pour le mail

/etc/email-addresses

--------------

exim smarthost with authentification

sudo nano /etc/exim4/passwd.client

...and add the line

*:login:password

sudo nano /etc/exim4/exim4.conf.localmacros

...add the line

AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = 1

sudo /etc/init.d/exim4 restart



-----

.mailrc

pour conserver dans un folder ex. .Sent les mails envoyés en ligne de commande, voici

ce qu'il faut mettre dans .mailrc

set record="~/Maildir/.Sent"

... autres réglages utilisés :

set EDITOR=/usr/bin/vi
set VISUAL=/usr/bin/vi
set PAGER=/usr/bin/less
set indentprefix="   >"


----------------------

Attention dovecot a besoin de l'ipv6, sinon erreur d'installation.

Donc modprobe ipv6

mais surtout mettre dans /etc/modules ipv6 sur une ligne

How do I enable or use IPv6?

Easy. sudo modprobe ipv6 will enable it immediately. If you want it to automatically be enabled at boot, just add ipv6 on a line by itself at the end of /etc/modules.

DOVECOT

/etc/dovecot/conf.d#

Dovecot SSL configuration

The most important SSL settings are (in conf.d/10-ssl.conf):

ssl = yes
# Preferred permissions: root:root 0444
ssl_cert =
# Preferred permissions: root:root 0400
ssl_key =
In 10-auth.conf

There are a couple of different ways to specify when SSL/TLS is required:

disable_plaintext_auth=yes # allows plaintext authentication only when SSL/TLS is used first.

    #ssl = required requires SSL/TLS also for non-plaintext authentication.

    If you have only plaintext mechanisms enabled (auth { mechanisms = plain login } ), you can use either (or both) of the above settings. They behave exactly the same way then.

Note that plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they're assumed to be secure anyway. This applies to all connections where the local and the remote IP addresses are equal. Also IP ranges specified by login_trusted_networks setting are assumed to be secure.


-----

disable pop imap etc.

> Is it possible to disable unsecure POP3 protocol at all in Dovecot 2.1?
> There was "protocols" option in 1.x version, and there was separate
> pop3 and pop3s modules.
> There is no "pop3s" in configuration files in 2.1.

sure, set inet_listner pop3 to port = 0

there is a pop3s if you add one

more help show dovecot -n


-------------

tasksel pour installer mail server print server files server

--------------------

Converting Mbox mailboxes to Maildir format

http://batleth.sapienti-sat.org/projects/mb2md/

http://wiki2.dovecot.org/Migration/MailFormat



------------------

Pour utiliser Maildir comme système mail par défaut

Changer la variable MAIL
rot@jupi:/etc/profile.d# cat maildir.sh
export MAIL=$HOME/Maildir/

------

notification nouveaux mails

 First, /etc/login.defs. You will want to locate the QMAIL_DIR and MAIL_FILE environment variables and uncomment them. Then, comment out the MAIL_DIR environment variable. The value of MAIL_FILE will be appended to the user's home directory, such that the MAIL environment variable becomes defined as MAIL=$HOME/$MAIL_FILE, which is what you want. An example follows.


QMAIL_DIR    Maildir/
#MAIL_DIR    /var/mail
MAIL_FILE    Maildir/

Second, modify your /etc/pam.d/login to receive new mail notifications when you login on the console. Your /etc/pam.d/login with the correction options for pam_mail.so should look like the example below.


session    optional   pam_mail.so standard noenv dir=~/Maildir

Last, you need to make a similar modification to /etc/pam.d/ssh so you receive new mail notifications when you login via ssh. In order for the MAIL environment variable to be set correctly, you must ensure that the noenv is not passed to pam_mail.so.


# Print the status of the user's mailbox upon successful login.
session    optional     pam_mail.so standard dir=~/Maildir # [1]

-----

PROCMAIL

créer le fichier

/etc/procmailrc

# system-wide settings for procmail
SHELL="/bin/bash"
LOGFILE="/var/log/procmail.log"
DEFAULT="$HOME/Maildir/"
MAILDIR="$HOME/Maildir/"
~                       


http://blog.edseek.com/~jasonb/articles/exim4_courier/exim4.html

dpkg-reconfigure exim4-config

parmi les options choisir Maildir

OU BIEN

2.3. Configuring Exim4 for Maildir Delivery

Unlike configuring Exim3 for Maildir, the configuration for Exim4 is straightforward. If you choose to use the debconf generated configuration file, you need merely open /etc/exim4/update-exim4.conf.conf and make a single edit. Add the option dc_localdelivery to the end of the file with a value of maildir_home, or change its value if it already exists, as shown below. (Future versions of debconf configuration will likely include this as a configuration time option for the Debian package of Exim4.)


dc_localdelivery=maildir_home

Now, restart the daemon.


nebula:~# invoke-rc.d exim4 reload
Reloading exim4 configuration files


----

http://dev.mutt.org/trac/wiki/MuttFaq/Maildir

Pour que Mutt fonctionne avec maildir

dans /etc/Muttrc

set mbox_type=Maildir

 set spoolfile="~/Maildir/"
 set folder="~/Maildir/"
 set mask=".*"    # the default mask hides dotfiles and maildirs are dotfiles now.
 # set mask="!^\.[^.]"  # this line intentionally commented out
 set record="+.Sent"
 set postponed="+.Drafts"

 mailboxes ! + `\
 for file in ~/Maildir/.*; do \
   box=$(basename "$file"); \
   if [ ! "$box" = '.' -a ! "$box" = '..' -a ! "$box" = '.customflags' \
       -a ! "$box" = '.subscriptions' ]; then \
     echo -n "\"+$box\" "; \
   fi; \
 done`

 macro index c "?" "open a different folder"
 macro pager c "?" "open a different folder"
  macro index C "?" "copy a message to a mailbox"
 macro index M "?" "move a message to a mailbox"


------------------------

SAMBA

apt-get install samba-common-bin pour fournir testparm

Pour générer le fichier de config fonctionnel et optimisé (meilleures performances)
testparm -s smb.conf.master >smb.conf

In the Authentication section, uncomment

   security = user

ajouter les passwords des users

pi@raspberrypi ~ $ sudo smbpasswd -a pi


-----------------

CONTOURNEMENT BUG CUPS SAMBA NT_STATUS_ACCESS_DENIED

il faut ajouter cette directive :

  use client driver = yes

  load printers = yes
  printing = cups
  printcap name = cups
    

---------------------

export DISPLAY

Sur ubuntu client :

To enable it, add xserver-allow-tcp=true to lightdm:
  
sudo vi /usr/share/lightdm/lightdm.conf.d/50-xserver-command.conf

[SeatDefaults]
# Dump core
xserver-command=X -core
xserver-allow-tcp=true

----------------

Changer les alternative pour l'editor

installer vim
modifier /usr/share/vim/vimrc
syntax on

/etc/alternatives# rm editor;ln -s /usr/bin/vim.basic editor


------------

CUPSD

pour qu'un utilisateur puisse modifier le serveur il doit être dans le group lpadmin

le fichier /etc/cups/cups-files-conf détermine ce group par la directive

# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
SystemGroup lpadmin

----------------------------------

problème certificat non valide base

http://www.fetchmail.info/fetchmail-FAQ.html#K5

fetchmail -v in.base.be

Signature:  9C:F1:CF:DD:C2:73:E6:30:70:B6:85:3A:CD:2E:46:33


ajouter dans fetchmail.rc
en dessous de chaque username
sslfingerprint "9C:F1:CF:DD:C2:73:E6:30:70:B6:85:3A:CD:2E:46:33"

Remarque : pas utilisé en fait. Pose un problème, mais je ne sais plus lequel.

Apparemment, j'ai choisi de laisser ceci

#sslfingerprint "9C:F1:CF:DD:C2:73:E6:30:70:B6:85:3A:CD:2E:46:33"
sslcommonname "imap.example.com"
#sslproto TLS1

mais je ne sais plus pourquoi...

dans le log mail.err 

Dec  9 19:16:56 jupi fetchmail[14061]: Attention: la connexion n'est pas sûre mais on continue quand même (il vaut mieux utiliser --sslcertck !).
Dec  9 19:16:57 jupi fetchmail[14061]: Erreur de vérification du certificat du serveur : self signed certificate
Dec  9 19:16:57 jupi fetchmail[14061]: Cela signifie que le certificat racine (fourni pour /OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com) n'est pas dans la liste des certificats des CA de confiance ou que c_rehash doit être exécuté sur le répertoire des certificats. Pour plus de détails, consultez la documentation de --sslcertpath et --sslcertfile dans la page de manuel.


---------------------------------------------

réglages syslog

/etc/rsyslog.conf

root@jupi:/var/log# cat /etc/rsyslog.conf
#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640  
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;\
     auth,authpriv,mail.none;\
     local0.none                /var/log/syslog
#cron.*                         /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
#mail.*                         -/var/log/mail.log
user.*                          -/var/log/user.log
local0.*                        -/var/log/ipupdate.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.=info                     /var/log/mail.info
#mail.=debug                    /var/log/mail.debug
#mail.=notice                   /var/log/mail.notice
mail.warn                       /var/log/mail.err
mail.=debug;mail.=info;\
        mail.=notice            /var/log/mail.log

#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none;\
        local0.none             -/var/log/debug
*.=info;*.=notice;*.=warn;\
       auth,authpriv.none;\
        cron,daemon.none;\
        mail,news,local0.none   -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                         :omusrmsg:*

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#       news.=crit;news.=err;news.=notice;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
#daemon.*;mail.*;\
#       news.err;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       |/dev/xconsole

configuration wheezy sur raspberry pi

timezone
dpkg-reconfigure tzdata

network static
vi /etc/network/interfaces

auto lo

iface lo inet loopback
iface eth0 inet static
 address 10.0.1.68
 netmask 255.255.255.0
 gateway 10.0.1.1

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Vérifier que les dns sont bien indiqués dans /etc/resolv.conf

keyboard

vi /etc/default/keyboard

# KEYBOARD CONFIGURATION FILE

# Consult the keyboard(5) manual page.

XKBMODEL="pc105"
XKBLAYOUT="be"
XKBVARIANT=""
XKBOPTIONS=""

BACKSPACE="guess"


SAMBA

apt-get install samba samba-common-bin


~                  

finalisation installation HP elitebook 8470p ubuntu 14.04

natilus open terminal here

sudo apt-get install nautilus-open-terminal

-------------


pour effacer la liste des connexions récentes de nautilus

./config/nautilus/servers

-------

~/.local/share/gvfs-metadata

on y trouve tous les anciens points de montage de nautilus

--------------------------

Supprimer historique récent de nautilus

The method with editing ~/.config/gtk-3.0/settings.ini doesn't work with Nautilus 3.8. But there is better and simpler way. Simply open dconf-editor, navigate to org->gnome->desktop->privacy and uncheck the remember-recent-files key. That takes care of it, once for all!


------

fstrim / pour libérer tout les blocs libres du ssd

------

/lib/plymouh/themes/linux-is-sexy#

------

To turn off bluetooth at startup

/etc/rc.local
rfkill block bluetooth

-------

Contournement du bug consistant à la capricieuse activation du corner pour activer le plugin expo

~/.config/autostart$ ls
fixbugcorners.desktop  variety.desktop

~/.config/autostart$ cat fixbugcorners.desktop

[Desktop Entry]
Name=Fixbugcorners
Comment=Fix bug about corners and desktop wall
Icon=/opt/extras.ubuntu.com/variety/share/variety/media/variety.svg
Exec=sh -c "/home/moi/bin/fixbugcorners.sh"
Terminal=false
Type=Application
X-GNOME-Autostart-Delay=25

~/.config/autostart$ cat /home/moi/bin/fixbugcorners.sh

#!/bin/bash
#
# Contournement du bug consistant à la capricieuse activation du corner pour
# activer le plugin expo
# script en démarrage auto



dconf write /org/compiz/profiles/unity/plugins/expo/expo-edge "'TopLeft'"
sleep 5
dconf write /org/compiz/profiles/unity/plugins/expo/expo-edge "'TopRight'"

exit 0

Mac OS X Mail remove auto-completed addresses list

Entries are store in

/user/Library/Applications Support/AddressBook/MailRecents-v4.abcdmr

On peut effacer les entrées aussi via l'interface

mail/window/previous receipts

UPSTART job control UBUNTU / LINUX

from http://upstart.ubuntu.com/cookbook/

A job does not necessarily need a stop on stanza. If it lacks one, any running instances can still be stopped by an Administrator running either of:

    initctl stop
    stop



4.7.1   Display Runlevel

To display your current and previous runlevels separated by a space character, run the /sbin/runlevel command. Note that if this command is unable to determine the system runlevel, it may display simply "unknown":

$ runlevel
N 2

The output above shows that:

    there was no previous runlevel (the system was booted and went straight to the current runlevel).
    the current runlevel is "2".


4.7.2   Change Runlevel Immediately

To change runlevel immediately, use one of the commands below:

    reboot(8)
    shutdown(8)
    telinit(8)




6.33   start on

This stanza defines the set of Events that will cause the Job to be automatically started.

Syntax:

start on EVENT [[KEY=]VALUE]... [and|or...]

Each event EVENT is given by its name. Multiple events are permitted using the operators "and" and "or" and complex expressions may be performed with parentheses (within which line breaks are permitted).

You may also match on the environment variables contained within the event by specifying the KEY and expected VALUE. If you know the order in which the variables are given to the event you may omit the KEY.

VALUE may contain wildcard matches and globs as permitted by fnmatch(3) and may expand the value of any variable defined with the env stanza.

Negation is permitted by using "!=" between the KEY and VALUE.

Note that if the job is already running and is not an instance job, if the start on condition becomes true (again), no further action will be taken.

Note that the start on stanza expects a token to follow on the same line. Thus:

# ERROR: invalid
start on
  foo or bar

# OK
start on foo or bar

If no environment variables are specified via KEY to restrict the match, the condition will match all instances of the specified event.

See Really understanding start on and stop on for further details.
6.33.1   Normal start

If you are just writing an upstart job that needs to start the service after the basic facilities are up, either of these will work:

start on (local-filesystems and net-device-up IFACE!=lo)

or:

start on runlevel [2345]

The difference in whether to use the more generic 'runlevel' or the more explicit local-filesystems(7) and net-device-up events should be guided by your job's behaviour. If your service will come up without a valid network interface (for instance, it binds to 0.0.0.0, or uses setsockopt(2) SO_FREEBIND), then the runlevel event is preferable, as your service will start a bit earlier and start in parallel with other services.

However if your service requires that a non-loopback interface is configured for some reason (i.e., it will not start without broadcasting capabilities), then explicitly saying "once a non loopback device has come up" can help.

In addition, services may be aggregated around an abstract job, such as network-services:

start on started network-services

The network-services job is a generic job that most network services should follow in releases where it is available. [19] This allows the system administrator and/or the distribution maintainers to change the general startup of services that don't need any special case start on criteria.

We use the started(7) event so that anything that must be started before all network services can do "start on starting network-services".
6.33.2   Start depends on another service

start on started other-service

6.33.3   Start must precede another service

start on starting other-service

Example: your web app needs memcached to be started before apache:

start on starting apache2
stop on stopped apache2
respawn

exec /usr/sbin/memcached

6.34   stop on

This stanza defines the set of Events that will cause the Job to be automatically stopped if it is already running.

Syntax:

stop on EVENT [[KEY=]VALUE]... [and|or...]

Like the stop on stanza, start on expects a token to follow on the same line:

# ERROR: invalid
stop on
  foo or bar

# OK
stop on foo or bar

See start on for further syntax details.
6.34.1   Normal shutdown

stop on runlevel [016]

Or if a generic job is available such as network-services [19]

stop on stopping network-services

6.34.2   Stop before depended-upon service

stop on stopping other-service

Note that this also will stop when other-service is restarted, so you will generally want to couple this with the start on condition:

start on started other-service

6.34.3   Stop after dependent service

stop on stopped other-service




6.28   respawn

Note

If you are creating a new Job Configuration File, do not specify the respawn stanza until you are fully satisfied you have specified the expect stanza correctly. If you do, you will find the behaviour potentially very confusing.

Without this stanza, a job that exits quietly transitions into the stop/waiting state, no matter how it exited.

With this stanza, whenever the main script/exec exits, without the goal of the job having been changed to stop, the job will be started again. This includes running pre-start, post-start and post-stop. Note that pre-stop will not be run.

There are a number of reasons why you may or may not want to use this. For most traditional network services this makes good sense. If the tracked process exits for some reason that wasn't the administrator's intent, you probably want to start it back up again.

Likewise, for tasks, (see below), respawning means that you want that task to be retried until it exits with zero (0) as its exit code.

One situation where it may seem like respawn should be avoided, is when a daemon does not respond well to SIGTERM for stopping it. You may believe that you need to send the service its shutdown command without Upstart being involved, and therefore, you don't want to use respawn because Upstart will keep trying to start your service back up when you told it to shutdown.

However, the appropriate way to handle that situation is a pre-stop which runs this shutdown command. Since the job's goal will already be 'stop' when a pre-stop is run, you can shutdown the process through any means, and the process won't be re-spawned (even with the respawn stanza).

Note that if a job is respawned, the variable "$PROCESS" will be set to the name of the job process that failed (for example "pre-start" or "main"). See stopped(7) for further details.

Further note that if the job does not specify the respawn limit stanza as well as the respawn stanza, the job will have the default respawn limit applied (see respawn limit).
6.29   respawn limit

Yes, this is different to a plain respawn: specifying respawn limit does not imply respawn.

Syntax:

respawn limit COUNT INTERVAL | unlimited

Example:

# respawn the job up to 10 times within a 5 second period.
# If the job exceeds these values, it will be stopped and
# marked as failed.
respawn
respawn limit 10 5

# respawn the job indefinitely
respawn limit unlimited

Respawning is subject to a limit. If the job is respawned more than COUNT times in INTERVAL seconds, it will be considered to be having deeper problems and will be stopped. Default COUNT is 10. Default INTERVAL is 5 seconds.

To have the job respawn indefinitely, specify an argument of "unlimited". However, care should be taken using this option: does your service really stop that frequently? Should it?

Specifying either COUNT or INTERVAL as 0 (zero) implies unlimited.

Note that respawn only applies to automatic respawns and not the restart(8) command.

If the job has been respawned up to its respawn limit, the variable "$PROCESS" will be set to "respawn" to denote that the respawn limit was reached. See stopped(7) for further details.

UFW enable no logging UBUNTU / LINUX

vi /lib/ufw/ufw-init-functions


Coller ça:

 if [ ! -z "$LOGLEVEL" ]; then
            /usr/sbin/ufw logging $LOGLEVEL || true
        fi

juste avant ça dans la fonction ufw_start()

 if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then
            sysctl -e -q -p $IPT_SYSCTL || true
        fi

        if [ "$error" = "yes" ]; then
            /bin/echo -e "$out"
            return 1
        fi


/etc/ufw# vi ufw.conf

# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=off

Change DISK UUID LINUX / UBUNTU

tune2fs /dev/sdb1 -U 310fd3b1-bc68-45cf-b04b-c9498ae59e27






Problème sur disque monté

when I tried to change my root filesystem's uuid on new 14.04 ubuntu, tune2fs reported back: I can't do that to mounted file systems.

There's a flag that needs to be disabled, to allow mounted-uuid changes with the new tune2fs. this is what my process looked like:

root@ubuntu1404:~# blkid
/dev/sda1: UUID="2ec827b0-72be-4c73-b58a-102a37aa24a3" TYPE="ext4"
root@ubuntu1404:~# uuid="deafcafe-abba-daba-deca-fc0ffee05065"
root@ubuntu1404:~# root_disk=$(df /|grep /|cut -d' ' -f1)
root@ubuntu1404:~# echo $root_disk
/dev/sda1
root@ubuntu1404:~# tune2fs -U $uuid $root_disk
tune2fs 1.42.9 (4-Feb-2014)
The UUID may only be changed when the filesystem is unmounted.
root@ubuntu1404:~# tune2fs -O ^uninit_bg $root_disk
tune2fs 1.42.9 (4-Feb-2014)
root@ubuntu1404:~# tune2fs -U $uuid $root_disk
tune2fs 1.42.9 (4-Feb-2014)
root@ubuntu1404:~# tune2fs -O +uninit_bg $root_disk
tune2fs 1.42.9 (4-Feb-2014)
root@ubuntu1404:~# df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       7.3G  3.9G  3.0G  58% /
root@ubuntu1404:~# blkid
/dev/sda1: UUID="deafcafe-abba-daba-deca-fc0ffee05065" TYPE="ext4"
root@ubuntu1404:~#

Générer une image ISO de DVD à partir d'un dossier VIDEO_TS en CLI / UBUNTU

Utiliser la commande :

genisoimage -dvd-video -o dvd.iso DIRECTORY/

Le dossier VIDEO_TS doit être un sous-dossier de DIRECTORY

La commande genisoimage semble installée d'origine sur ubuntu 14.04 (en tout cas je ne me souviens pas de l'avoir installée).