bookmark_borderPrevent / Block package updates under Ubuntu / Debian

Did you know that you can block package updates under Ubuntu and Debian? Let’s say you have a lot of packages installed on your Ubuntu / Debian system and (for whatever reason) you want that specific packages aren’t getting updated whenever you do a system upgrade. This short article is going to show you how to prevent this packages from being updated.

APT or Aptitude: Both can block package updates

Debian / Ubuntu basically has two ways to manage packages. To be more specific there are two package managers which can be used on the console for updating, installing and removing packages / software under your Ubuntu / Debian systems. These two solutions are APT and Aptitude. This article describes how to prevent packages from being updated with both solutions. If you don’t know which of those two you should go with: Simply go with the APT tools (apt-get, apt-mark, apt-cache, …).

How to prevent packages from being updated.

You can always prevent packages from being updated with the help of APT. APT comes with every Ubuntu / Debian installation, so the following command should definitely work on any Debian / Ubuntu based system:

user@system:~$ sudo apt-mark hold <name of the package>

You have to change <name of the package> with the package you want to hold of course. So for e.g. if you want to prevent vlc from getting updated, the command would look like this:

user@system:~$ sudo apt-mark hold vlc

If you’re and Aptitude user instead, the command (with the exact same result) looks like this:

user@system:~$ sudo aptitude hold vlc

If you now update your system with the classical apt-get upgrade command for e.g., the package vlc isn’t going to be upgraded. APT, as well as Aptitude, will echo a notice which is saying that the package has been prevented from being updated.

How to unhold the package?

So, to hold a package is rather easy. But what to do when you want to unhold this package in order to get it updated again? If we use our vlc package from the example above again, the command to unhold and make a package available for an update with APT looks like this:

user@system:~$ sudo apt-mark unhold vlc

Again, the same command with the exact same result in Aptitude does look like this:

user@system:~$ sudo aptitude unhold vlc

But why to hold a package anyway?

You may ask yourself why you should hold a package anyway. Well, there are several reasons to do this. For e.g. sometimes you update a package and after this update the software doesn’t work as expected. So if you encounter a problem after an update on a test system, you could hold / block the specific package which causes you trouble on a production system before updating that system. Another example would be that you might have to check the configuration files first before updating a specific software. However, you want to install the latest security updates for the other installed packages. With holding the package you can update the other packages without touching the once you block.
Of course there are many other reasons why holding a package is a useful and a needed feature. You can also do this with a graphical solution like Synaptics. However, the console way of block package updates is much more easier and faster (IMHO) ūüėČ

Further links

bookmark_borderSSH as a proxy on Windows, Mac or Linux

You can do a lot of things with SSH besides working securely remote on machines. I’ve already covered at another article how to tunnel (port forwarding) through SSH. This time we’re looking at a way to use SSH as a proxy.

SSH: A tool not only to do remote work

SSH (Secure Shell) is mostly used to do maintenance on your Linux machines. However, over the years the capabilities of SSH has been extended from a simple secure „remote maintenance protocol“ to a utility which is capable of doing things like X-Forwarding (for forwarding graphical application), port forwarding or providing a SOCKS proxy.

Why do you even want to use an proxy server?

Proxy servers are helpful in a lot of ways. For e.g. if you’re staying some nights in a hotel or you’re in any other public Wireless LAN which blocks a specific website you want to visit a proxy will help you to surpass the filter. Or if you are forced to use techniques like DSLight, were you have to share a single IPv4 address with other users. Or to unblock videos on Netflix which are blocked in your country. You see, the situations where a proxy server is helping you are almost countless.
But why would you want to „setup“ an proxy server on your own? The simple answer is, that a lot of the public proxy servers are simply overloaded. They have to handle so much traffic that you sometime barely be able to get 50% of your normal internet speed while using one of these public proxy servers. Besides this, using SSH as a proxy is really easy.

How start a SOCKS proxy server by using SSH

In order to establish a SSH connection to your server which will then be an SOCKS proxy, you have to have the SSH server installed on the server side and the client software on the client side of course.

Using SSH as a proxy on Linux or Mac

For Linux or Mac you can use the SSH client command which is integrated in both systems. The following command would start an SSH connection, where your SOCKS proxy would then be locally reachable on port 19999 (19999 is just an suggestion and can be changed to almost everything starting from 1024 to 49151 (so called „user ports“)) :

user@client:~$ ssh -D 19999 user@server

After the connection has been successfully established, configure your browser to use the proxy server (follow the instructions below).

Using SSH as a proxy on Windows

Windows doesn’t comes with an SSH command integrated. This means we need an additional software in order to get connected and use the SSH server as a proxy. My recommendation here is PuTTY. PuTTY is a lightweight SSH client for Windows, which is the counterpart of the SSH command on Linux / Mac. You can download it here. After the download is finished, start PuTTY and enter the server you want to connect to like this:

Hostname you want to connect to

Navigate to Connection –> SSH –> Tunnels and enter the port 19999 in the¬†Source port field (19999 is just an suggestion and can be almost everything starting from 1024 to 49151 (so called „user ports“)). After you’ve entered the desired port number, ensure that you’ve selected Dynamic instead of Local:
Settings to tell SSH to create a SOCKS proxy

Click on the button Add in order to tell PuTTY to actually use the given information for the next connection. If you clicked on Add, you should see the port number you have chosen with the letter D in the upper box. If you’ve done this as well, you’re ready to connect to your server. After the connection is successfully established, go on and configure your browser (follow the instructions below).

Configure Firefox / Google Chrome to use the SOCKS proxy

Now that we’ve connected successfully to our server via SSH, we can actually use the SOCKS proxy which has been provided with the actual SSH connection.

Configuring Firefox to use the SOCKS proxy

Click on the upper right options Symbol (represented as three horizontal lines) and click on Preferences. On the upcoming window, select General and scroll down until you see the context Network proxy. Click on Settings and enter your SOCKS proxy details like this:

Firefox proxy settings

Ensure that you’ve checked the box Use this proxy server for all protocols. After you’ve clicked on OK you’re ready to go. Use portals like BearsMyIp to check if you’re actually surfing through your SSH SOCKS proxy tunnel.
Configuring Google Chrome (or Chromium) to use the SOCKS proxy
For Googles Chrome browser you have to use the command line in order to set your SOCKS proxy. This includes Windows users as well. To start Googles Chrome using your SSH SOCKS proxy start the browser like this:

google-chrome --socks-proxy="socks5://localhost:19999"

The windows command line may look like this:

google-chrome.exe --socks-proxy="socks5://localhost:19999"

Of course you can change google-chrome to chromium if you’re an Chromium user instead.

Final words

An proxy server does have it’s advantages. However, public proxies are sometimes overloaded and you will recognize that as a significantly slow down of your internet connection when you start using them. As an alternative you can use SSH as a simple and fast way to make yourself an SOCKS proxy. Using SSH as a SOCKS proxy is a lot easier than configuring an Apache with Squid for e.g.. If you have a server and you need a proxy, I highly recommend you to use SSH in order to get a safe, fast and stable proxy server with a single command or a few clicks.

Further links

 

bookmark_borderHow to easily merge PDF documents under Linux

It’s a well known problem. You have two PDF documents and you want to merge both into one. For e.g. you want to bring your application and your personal data sheet together. This short an easy tutorial shows you how to merge PDF documents under Linux on a graphical way or with the help of the command line.

First option: commando line

Of course there is a way to use the console to do this. The command line tool pdfunite is an easy way to do this. You can use APT on Ubuntu or Debian to easily install pdfunite:

user@client:~$ sudo apt-get update
user@client:~$ sudo apt-get install poppler-utils

pdfunite is part of the poppler-utils package, which basically means that when you install poppler-utils you will also get the desired pdfunite. After the installation is finished, you can just go ahead and merge some PDF files!
To merge start merging, you have to enter the command pdfunite followed by the PDFs you want to merge. The last PDF file in the command line represents the output PDF:

user@client:~$ pdfunite source1.pdf source2.pdf merged_output.pdf

The number of PDF documents you can merge is infinite so this line can be extended like this to merge 4 documents, for e.g.:

user@client:~$ pdfunite source1.pdf source2.pdf source3.pdf source4.pdf merged_output.pdf

Keep in mind that the source files have to be in the same directory where the command pdfunite is executed. If your PDF files are stored in different places, you have to enter the relative or absolute path, for e.g.:

user@client:~$ $HOME/pdfs/source1.pdf $HOME/pdfs/source2.pdf $HOME/Downloads/source3.pdf /mnt/externalhdd/source4.pdf merged_output.pdf

And that’s it. All the magic is done ūüôā

Second option: Using a GUI

There are several GUIs which are doing all the work for you but one of those GUIs is (for me) the real shining star: PDFsam. The main reason for this is that PDFsam is capable of doing a lot of more things than just merging: Split, Rotate, Extract, Split bookmarks and many more. PDFsam is written in Java and (of course) available in most Linux distributions. For Ubuntu / Debian you can easily install PDFsam like this:

user@client:~$ sudo apt-get update
user@client:~$ sudo apt-get install pdfsam

After PDFsam is successfully installed, you can start PDFsam through your start menu or by entering the command pdfsam in a terminal window.

PDFsam start window

With an click on the button Merge the merge window is going to pop up. The rest is almost self-explaining. Click on the button Add to choose the source PDF documents from your drive you want to merge, go down to the Destination file, click on Browse and select a place + filename for the merged destination PDF. Click on Run and that’s it.
PDFsam merge dialog

Final words

As you can see, merging PDF documents under Linux is super easy. If you want a graphical toolset which offers more possibilities than just merging, go with PDFsam. If you just want to merge PDF documents on a simple and easy way or if you are just a fan of the command line, go with pdfunite. However, it doesn’t matter which program you use. There are both fast, reliable and easy ūüôā
 

bookmark_borderSetup a TeamSpeak 3 Server on Linux (Ubuntu / Debian)

This article is about how to setup a TeamSpeak 3 server on your Linux box. Thanks to the TeamSpeak 3 developers, this process is rather easy and you should have a running TeamSpeak 3 server within minutes.
TeamSpeak 3 is a heavily used solution (if not the most used one) to do low latency voice chat while gaming. For e.g. if you use Skype, the delay and the traffic between the talking people will be much higher, besides the Skype client being way more bloated than TeamSpeak. Besides TeamSpeak 3 there are other gaming based low latency solutions like Discord (which uses central servers without the possibility to setup your own instance) and Mumble.

Install requirements

The TeamSpeak 3 Server doesn’t really need any extra libraries in order to work. With a new Debian 9 setup for e.g. it start without any additional libraries. However to download and extract the server software we need some additional software, in this case a download manger (wget) and the utility to extract the compromised server software (bzip2). With the following command you will install this needed utilities. In this case we use Debian / Ubuntus package manager APT:

user@server:~$ sudo apt-get update
user@server:~$ sudo apt-get install wget bzip2

Now that all the needed utilities are on board, let’s move forward and install the server software itself.

Download and install the TeamSpeak 3 Server

TeamSpeak 3 is a proprietary software solution. Due to this fact you will not be able to install it from the repositories of your Linux distribution. So this means you have to download it from the developers homepage onto your server. You can download the latest TeamSpeak 3 Server software here. As of writing this tutorial the latest and greatest TeamSpeak 3 Server version was 3.0.13.8. Whenever you go through this tutorial, your version number may be a newer one. The following command downloads version 3.0.13.8 to your server:

user@server:~$ wget http://dl.4players.de/ts/releases/3.0.13.8/teamspeak3-server_linux_amd64-3.0.13.8.tar.bz2

After the download is finished (which can take some time depending on your network speed), we can extract the downloaded server software. The following command is doing this:

user@server:~$ tar xfvj teamspeak3-server_linux_amd64-3.0.13.8.tar.bz2

Now it’s time to start the server for the first time.

Starting the TeamSpeak 3 Server

Now, that we’ve downloaded and extracted the server software, we will be able to start the server software. To do so, we have to change into the TeamSpeak Server directory (which has been automatically created with extracting the server software) and issue the command to start the server:

user@server:~$ cd teamspeak3-server_linux_amd64
user@server:~/teamspeak3-server_linux_amd64$ ./ts3server_startscript.sh start

The first start takes some time, approximate 1-3 minutes. After the first start is finished, you will get an output like this:

------------------------------------------------------------------
 I M P O R T A N T
------------------------------------------------------------------
 Server Query Admin Account created
 loginname= "serveradmin", password= "BVV2YUIJ"
------------------------------------------------------------------
------------------------------------------------------------------
 I M P O R T A N T
------------------------------------------------------------------
 ServerAdmin privilege key created, please use it to gain
 serveradmin rights for your virtualserver. please
 also check the doc/privilegekey_guide.txt for details.
token=zvCYfUTRlcYl12dviAMuGKR7e+nQYKSE0bD9O4CI
------------------------------------------------------------------

Important: You should write down the server query admin account on a piece of paper, or you save these informations in a password database. This account is needed in emergency cases, like lost TeamSpeak user data or hacking attempts.
In this case we only need the privilege key for now. Store the line, starting with token= in a text file. We need this token later on.
To finally ensure if you’re server is running correctly, you can issue the following command:

user@server:~/teamspeak3-server_linux_amd64$ ./ts3server_startscript.sh status
Server is running

If the output Server is running is welcoming you, it’s time to connect to your new server.

Connect to your server and give yourself admin rights

At this point I assume, that you’ve already installed the TeamSpeak 3 client onto your computer. If you didn’t, you should download it here. If you’re a Linux user, you have to download the TeamSpeak 3 client through the link. You will not find the TeamSpeak 3 client in the distribution repositories due to the same reason as you will not find the TeamSpeak 3 server software.
To connect to your server, start the TeamSpeak 3 client and click on Connections –> Connect or use the hotkey CTRL+S. In the upcoming dialog, enter the IP address or name of your server and pick a nickname which you want to use on that server and hit the Connect button.

Connection dialog

The server recognizes that the server was initially setup and pops up another dialog where it asks for a so called Privilege Key. This Privilege Key is the generated token we’ve saved a few steps before in a text file. Open the text file (if not already) and copy everything after token= and insert this key into the dialog box like this:
TeamSpeak privilege key

After you’ve used the privilege key you can delete the text file. A privilege key is for onetime use only. However, you should now see a new symbol besides your nickname which states that you’re an Administrator. From now on, you should be able to create channels, server groups, edit the servers name and so on.
Indicator that you’re an Admin (click to enlarge)

After this step your TeamSpeak 3 server is completely and fully setup. You can now close the SSH connection to your server and start to share your servers address with your friends and start talking ūüôā

Useful tips

While the TeamSpeak 3 software is mainly rock solid, you should take care that your server is always up to date. To update the TeamSpeak 3 server software go to their official homepage, download the newest version (like you did before in this tutorial with wget) and extract it. The files will be overwritten besides the database files. This ensures that you don’t have to start all over again when you do an update. However, you have to stop the TeamSpeak 3 server before you update it. You can do this easily like this:

user@server:~$ cd teamspeak3-server_linux_amd64
user@server:~/teamspeak3-server_linux_amd64$ ./ts3server_startscript.sh stop

After you’ve extracted the updated server files you can start the server again:

user@server:~/teamspeak3-server_linux_amd64$ ./ts3server_startscript.sh start

Please be also aware that you should use a firewall or package filter solution like IPTables. A server with the latest security patches is good, but a firewall solution will always increases the security these days.

Final words

In times where almost everything goes more and more centralized (Discord, WhatsApp, …) I feel that a solution like TeamSpeak 3 is really needed. I know there are other solutions like Mumble which has the additional benefit of being Open Source, however, we can’t have enough decentralized solutions if you ask me ūüėČ
I hope this tutorial is helpful for you. If you have any questions or if you just want to leave a feedback, use the comment section below.

Further links

bookmark_borderHowTo setup a Counter Strike: Global Offensive Server on Linux

A lot of people who are running a rented Linux (v)Server are interested in creating a Counter-Strike: Global Offensive server. Creating a CSGO server under Linux is rather easy, Valve really did their homework here. The following short tutorial will give you the needed instructions to create a Counter-Strike: Global Offensive Server under Debian, Ubuntu or openSUSE:

1. Create a new user

First of all, you should really create a new user in your Linux system. The reason for that is simple: security! If your main user, or even your root user, is running the CS:GO server and is hacked later on, the hacker maybe is in the position to get access to the system behind the Server. With that being said, he may be able to get full access to the shell and he may be able to manipulate the system. To create new account on your Debian, Ubuntu or openSUSE system, you have to enter the following commands:

root@server:~# useradd csgosrv
root@server:~# passwd csgosrv
root@server:~# mkdir /home/csgosrv
root@server:~# chown csgosrv:users /home/csgosrv

So, the first commands creates a new user, called csgosrv. The seconds commands sets a new password for this user. The password you enter here will not be prompted.
The third command creates a new directory called¬†csgosrv under the directory¬†/home. This will be the standard home directory for the user¬†csgosrv we’ve created before.
The fourth and last command sets the owner to the created user csgosrv and the group owner of the created csgosrv home directory to users.

2. Install needed dependencies

In this step we need to download the needed libraries in order to get the Steam command line tool working. If these libraries / tools are not installed, the Steam command line client (provided by Valve), will fail to start.
If you’re on a 64-Bit Debian or Ubuntu system you have to enable the i386 architecture in the first place. This is needed because the server software is written for the 32-Bit architecture. If you’re on a 32-Bit Ubuntu or Debian, you can skip this command:

root@server:~# dpkg --add-architecture i386

The following two commands are needed for 32-Bit and 64-Bit systems. They will update the repository information and install the needed libraries:

root@server:~# apt-get update
root@server:~# apt-get install gcc-multilib libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386 libc6:i386 wget screen

If you’re on a openSUSE system, the commands are doing the same, but the syntax is different. The following two commands are¬†updating the package repository and installs the needed libraries on a openSUSE system:

root@server:~# zypper ref
root@server:~# zypper in wget libgcc_s1-32bit libgcc_s1-gcc6-32bit ca-certificates screen

Now, that you have installed all the needed libraries, we can go on and start downloading and installing the server software.

3. Download Steam

Downloading the Steam command line tool is very easy. You can always get it directly from Valve. But before we start downloading the client, we should change to the beforehand created user csgosrv. We can do this with the following command:

root@server:~# su - csgosrv

As an alternative you could close your SSH session and reconnect with the user csgosrv.
Now that we’re working with the right user, it’s time to download and extract Steam:

csgosrv@server:~$ mkdir steam
csgosrv@server:~/steam> cd steam
csgosrv@server:~/steam> wget http://media.steampowered.com/client/steamcmd_linux.tar.gz
csgosrv@server:~/steam> tar xfvz steamcmd_linux.tar.gz

So, the first two commands are creating a new directory, called steam, and directly changed into it with the help of the cd command. The third command is downloading the Steam CMD tool with the help of the tool wget. The fourth and last command extracts the so downloaded .tar.gz archive.
After you’ve done this steps successfully you can go on and download the CS:GO server software.

4. Setup Steam and install CS:GO server files

This command will update the steam command line tool and installs the application „740“ which is the Counter-Strike: Global Offensive server. For now you don’t need to have your steam credentials ready. You can update steam and install the server software as an anonymous user:

csgosrv@server:~/steam> ./steamcmd.sh +login anonymous +force_install_dir ./csgo_server/ +app_update 740 validate +quit

This command will take some time and the so downloaded server software needs round about 15 GB hard disk space. The Server software will be installed in the directory /home/csgosrv/steam/csgo_server.

5. First start of the CS:GO server

Now that you have successfully downloaded and updated the Counter-Strike: Global Offensive server, we can do a test run. With the following command we can start the server with the mode Classic Casual and the Mapgroup mg_bomb which includes the old bomb spot maps like de_atztec or de_dust / de_dust2:

csgosrv@server:~/steam> cd csgo_server
csgosrv@server:~/steam/csgo_server> ./srcds_run -game csgo -console -usercon +game_type 0 +game_mode 0 +mapgroup mg_bomb +map de_dust

You will now get a lot of output. This is normal and shows you, that the software is working. However, at the end of all the lines you will find a message like this one:

****************************************************
*                                                  *
*  No Steam account token was specified.           *
*  Logging into anonymous game server account.     *
*  Connections will be restricted to LAN only.     *
*                                                  *
*  To create a game server account go to           *
*  http://steamcommunity.com/dev/managegameservers *
*                                                  *
****************************************************

Basically this message means that your server is not registered at Vale. As long as you don’t register your server at Vale, you will only be able to connect to the server via LAN, not via the internet. It will never be an official server played on. To make your server ready for the internet, you have to go on with the next step (you can terminate the actual running session with an CTRL+C combination).

6. Make your server an official registered one

To register your CS:GO server at Valve and make it ready for internet play, you have to register the server directly at Valve. To do so, visit the following link: Steam Server management.¬†Login with your steam credentials (if you haven’t already) and enter the number 730¬†as the App ID in the first text box. The second text box can be filled with whatever you want. It’s just a comment field. For e.g. if you have more than one server you could write down the hostname here so that you can always directly see which token belongs to which server. Click on¬†Create¬†to get your Token:
After you clicked on¬†Create¬†you will see your token for your server. The token can only be used on one server for one active session. You can’t use the token for multiple servers at the same time. You have to create a new token for each of your servers.
Now that you have created your token, you can use it to start the server as an official CS:GO server with the following command:

csgosrv@server:~/steam/csgo_server> ./srcds_run -game csgo -console -usercon +game_type 0 +game_mode 0 +mapgroup mg_bomb +map de_dust +sv_setsteamaccount YOURTOKEN -net_port_try 1

Of course you have to replace the¬†YOURTOKEN¬†with the token you’ve created¬†before. If there is no firewall blocking the traffic, you should now be able to find your server via the CS:GO server browser or connect directly via the hostname / IP to it.

7. Start the CS:GO server in the background

You may already noticed, that the CS:GO server stops running when you close the SSH connection. This is, because the CS:GO server software needs an active terminal / SSH session to go on running. However, there is a tool which is called¬†screen. If you’ve followed this tutorial, you already have installed screen at the first steps. The following commands starts the CS:GO server in the background with the help of¬†screen.

csgosrv@server:~/steam/csgo_server> screen -A -m -d -S csgo_server ./srcds -game csgo -console -usercon +game_type 0 +game_mode 0 +mapgroup mg_bomb +map de_dust +sv_setsteamaccount YOURTOKEN -net_port_try 1

If you want to jump into the screen session you can easily do this with this command:

csgosrv@server:~/steam/csgo_server> screen -r csgo_server

As long as you are connected (attached) to the screen session, you can do anything here like in a normal terminal session. If you want to leave the screen session again, just press CTRL+a, followed by the key d (CTRL+a sends a signal to the screen program that the next key stroke is something screen has to handle. The d key says to screen than: detach!).

Optional information

If you have problems connecting to your server, you should check if there is no firewall blocking the traffic. If there is any firewall doing so, you have to unlock the port 27015 (UDP) for your server.
For a more further configuration of the server (settings like warm up, max player count, map rotation and so on) you should visit the following page. It contains a almost complete server.cfg with a lot of comments: server.cfg on csgodev
For further fine tuning at the game modes you should read the official tutorial wikipedia page from Valve about this: CS:GO Server gamemodes
I also want to provide my own server.cfg file here. It’s rather simple and just sets some basic features, like friendly fire and warm up time. You can see my server.cfg file here: server.cfg
T
he server.cfg has to be stored in the directory cfg which is a subdirectory of the csgo_server directory, the directory which we had chosen while downloading the CS:GO server software.
 
Enough of the words. I wish you a good time in CS:GO and best wishes for you and your server ūüôā