Meeting-2016-06-25 The Picnic!

When: Saturday, June 25th. 10:30 – Dark
Where: H.F. Walsh Shelter, Rentschler Forest (Follow Signs)
Who: Members (and family) are invited, others may join at the picnic!!!

Now, the important issues, what do we want to eat? Use the form below to let us know!
[easy_contact_forms fid=7]

* Bring something to share: Beverages, Side dishes, Desserts!
* We’ll provide meat, flatware, napkins, cups, etc.
* Also, bring outdoor games, group games, maybe water balloons, anything!
* Electricity is NOT available at the site.
* A Motor Vehicle Permit is not required (it’s included with the shelter)
* Membership rates are prorated for new members.

Information about the park;

Address of the preserve: 5701 Reigart Rd, Hamilton, OH 45011

The preserve is North of Hamilton, very near the intersection of Route 4
and the
Route 4 Bypass.

Map of the park; BC-MetroParks
Directions to the park; Google
Information about the park; Rentschler Preserve

A thousand apologies about the late notice, a car ran into a pole near my
house and took out my Internet – I’m recovering slowly, I don’t know about
the driver.

Meeting-2015-12-19 SSH, offering assistance in a hostile world

If you offer remote assistance to an unknown party, there are security implications that might not be obvious.
For you to connect to them, they need to have properly configured quite a lot of stuff, which is the issue.

This presentation will go over the security issues, ssh configuration issues, ssh usage, and more!

I’ll update this post with the full presentation next Sunday morning (Dec 20th), for the live presentation, come to the meeting.

Hope to see you there!


Meeting-2015-07-25 Update / Upgrade … Improvement in both … Dave Hemmerle

Update / Upgrade … Improvement in both … Method and Content. Dave Hemmerle / CLUG Handout
Traditional or Basic Update:

1. GUI : Through the “Update Manager” a GUI found by Applications > Systems Tools > Administration > Update Manager.

2. Command Line: Open the terminal or terminal emulator:
Type in a “sudo apt-get update -y && sudo apt-get upgrade -y”.
Followed by your password.
And finally the Update / Upgrade begins to run.

Improved automated method included:

1. A bash scrip, 2. a bin directory added to my home directory for the bash scrip, 3. password negated from sudo to run Update commands, and 4. Shortcut keys to run the Updare file showing the terminal as the file is ran so you know it ran.

Here are the steps to accomplish this:

1. The bash scrip and 2. a bin directory:
1. Create a “bin” directory in your ~/home/user_name/ directory.
2. Open a text editor an make the following bash scrip: “” file.

dave@dave-ThinkPad-T500:~/bin$ cat Update

# LOCATED: ~/home/dave/bin
# The following are the commands that I want to run to Update and Upgrade
# my applications as well as clean out some of the junk.
# This bash scrip or file( in ~/home/dave/bin/ and can be ran from the terminal
# or from, "Hot Keys" using " Alt + u".
# Although running a file that list files or having the ability to change files,
# requires "sudo" or "root" level permission the requirement for a "password" has
# been negated through the augmentation file "dave" .
# This file has been added to the /etc/sudoers.d/dave, and is read after the "sudoer" file.

# The last items read are used to establish the state of the password requirement.
# Thus,this augmenting file has the “last word” in the permission settings.
# And this indicate:
# NOPASSWD for user dave from ALL terminals, as ALL dave log on users, for the
# listed commands that follows:

sudo /usr/bin/apt-get -y update
sudo /usr/bin/apt-get -y upgrade
sudo /usr/bin/apt-get -y autoclean
sudo /usr/bin/apt-get -y autoremove


3. And make it into an executable ( “ chmod +x Update”), and then stored in your ~/home/user_name/bin/ .

This can be confirmed by “ls -lF Update” from the bin directory:

dave@dave-ThinkPad-T500:~$ cd bin && ls -lF
total 12
-rwxrwxr-x 1 dave dave 37 May 3 07:00*
-rwxrwxr-x 1 dave dave 231 May 1 18:58*
-rwxrwxr-x 1 dave dave 150 Jun 25 14:58 Update*

Note the file Update* has an asterisk , as well as -rwxrwx-x in ownership, both of which indicate an executable file. Since update and upgrade can make changes above your normal user permission level, you need to use “sudo” elevate your permission level to that of a superuser, or root, and it takes a password to authenticate yourself, unless the password requirement has been negated.

3. No Password for the commands:

Now there is another change that is needed. The ability to run the apt-get commands without stopping to input your password. This is accomplished through “sudoers”, and a file in the “sudoers.d” directory
that has files read, after “sudoers” that amends “sudoers” default permissions. ( .d files / augmentation )

Make a file “your user name” in /root/etc/sudoers.d directory. Keep in mind that this file is above your normal user home and other users may need to add similar files. Putting them in the user’s name will keep it easier to maintain.

Change directory to your “root /etc “directory and then … from the root/ … ls | grep “sudo” , ( there are a lot of files in “etc” and and we are only interested in the ones with sudo in their names ), here is what I get:

dave@dave-ThinkPad-T500:/$ cd etc
dave@dave-ThinkPad-T500:/etc$ ls | grep “sudo”

1. If you do not have a “sudoers.backup ”, backup the “sudoers”.

2. Then sudo cat sudoers:

dave@dave-ThinkPad-T500:/etc$ sudo cat sudoers
[sudo] password for dave:
# This file MUST be edited with the ‘visudo’ command as root.
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
# See the man page for details on how to write a sudoers file.
Defaults env_reset
Defaults secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command

# See sudoers(5) for more information on “#include” directives:

#includedir /etc/sudoers.d

3. “sudoers.d” is a directory … change into itand list its contenance … then “sudo cat README”.

This is what it says:

dave@dave-ThinkPad-T500:/etc/sudoers.d$ sudo cat README
# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
# installation of the package now includes the directive:
# #includedir /etc/sudoers.d
# This will cause sudo to read and parse any files in the /etc/sudoers.d
# directory that do not end in ‘~’ or contain a ‘.’ character.
# Note that there must be at least one file in the sudoers.d directory (this
# one will do), and all files in this directory should be mode 0440.
# Note also, that because sudoers contents can vary widely, no attempt is
# made to add this directive to existing sudoers files on upgrade. Feel free
# to add the above directive to the end of your /etc/sudoers file to enable
# this functionality for existing installations if you wish!

I used my text editor and made the file “dave” that has additional user privilege specification:

dave@dave-ThinkPad-T500:/etc/sudoers.d$ sudo cat dave

# This file is in the sudoers.d directory and will be read
# after the sudoers file. Thus these permissions will be
# the last read and thus will be used.

# The statements indicate that when dave is the log in person …
# he can use ALL (terminals) … =(ALL) (as all users) … with
# NOPASSWD … needed for the following commands in the
# /usr/bin/apt-get -y update ….

dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y update
dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y upgrade
dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y autoclean
dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y autoremove

( user name (ALL=(ALL) ALL = MUC,
M=Machine or terminal, U=Users (or any other user name this user name may be using, and C=Commands, what Commands are involved. )

The file dave is not an “executable” file as there is no scrip to be run. However this file need read permission (0440), so “sudoers” can be read and thus be used to change/augment the sudo password requirement.

We now have a “executable” bash scrip file called “Upgrade” in my users /home/user_name/bin/ directory. The sudo permission does not require a password when the log in person is dave
and the apt-get commands have had their permission changed to NOPASSWD , the -y option ( is so there is no stopping for input when the commands are ran.

To check for special sudo permissions type “sudo -l”
I now show:

dave@dave-ThinkPad-T500:~$ sudo -l
Matching Defaults entries for dave on this host:

User dave may run the following commands on this host:
(ALL) NOPASSWD: /usr/bin/apt-get -y update
(ALL) NOPASSWD: /usr/bin/apt-get -y upgrade
(ALL) NOPASSWD: /usr/bin/apt-get -y autoclean
(ALL) NOPASSWD: /usr/bin/apt-get -y autoremove

4. Shortcut Keys:

All we need now is to have the “Update” file explicable from “Shortcut keys”.

Go to “Systems Settings”, Applications > Systems Tools > Systems Settings

When Systems Settings opens up go to the Hardware grouping and open the Keyboard …
in the Keyboard window select the Shortcut tab. Near the bottom of this window there is a narrow strip with a + and – sign. Click on the + and a window will open up so you can add a custom shortcut key.

In the Name window put “Update”. ( This is not the file but just any name to identify this command.)
In the Command window input the command to be run. At first I used “/home/dave/bin/Update”.

Clicked Apply and the new shortcut command name will appear, however, it will be listed as
“Disabled” where the hot keys should be noted.

Click on the term “Disabled” and input the hot key the keys you want to use to run this command. I used “Alt + u”. Close the shortcut window and try the shortcut key.

All seemed to run ok no error messages ??? , however, there was no observed sign that it was working, so the command in the “Shortcut key” was improved / changed to:
“gnome-terminal -e /home/dave/bin/Update”

When this command is ran, the gnome-terminal is displayed for a brief time and the scrip can be seen running.

“Wa La” … Press Alt + u, and the applications that were downloaded through the PPA’s are updated / upgraded, and purged of obsolete junk.

Meeting-2015-06-27 The Picnic!

This meeting is open to members only!

If you are not currently a member (nobody is, see previous post), then pro-rated dues are expected. Those dues are;

  • $12.50 for a Family Membership
  • $10.00 for an Individual Membership
  • $5.00 for a Student Membership

The June meeting of the Cincinnati Linux Users Group will be our annual picnic, held at the GE Condo shelter in Rentschler Park, Butler County, Ohio.

For a Google map to the park, click here. This should open in a new tab or window.

For a .pdf file of the park, click here. This should open in a new tab or window.

The group provides the meat and cooking, Members are requested to bring drinks and side dishes.

This post will be updated as the event draws near!


The meeting today concerned the format of future meetings. Over the years the group has moved away from the formal style we started with to a far more casual and unstructured format. Dues have not been collected for years, introductions are rarely made, topics have been spotty at best.

I take responsibility for these issues and others, and am trying to rectify them now.
The CLUG Bylaws have been posted, please read them and be aware that in the future, they will be used to govern the direction and intent of the group.

Technically, there were no members in attendance as we have no dues paying members. The following folks showed up to discuss where the group is headed;

  • Bill Stowell
  • Parker Jones
  • Mike Bechtold
  • Dave Hemmerle
  • Mike Lau
  • Anthony Strauss
  • Edwin Clements
  • Jonathan Jacobs
  • Lance Feldmen
  • Mike Humerickhouse
  • Sandi Jones
  • Duncan Jones
  • Brett Birdsall
  • Steve Jones

Offices were discussed and volunteers stepped forward to fill the positions of;

  • President: Steve Jones
  • Vice President: Dave Hemmerle
  • Secretary: Bill Stowell
  • Treasurer: Mike Bechtold
  • Program Director: Mike Lau
  • Program Director: Anthony Strauss
  • Program Director: Jonathan Jacobs

The treasury currently holds approximately $1225.00, after debiting $75.00 for a picnic shelter for the June meeting.

The group was called to order at 10:35, and was released to disorder at 12:00.

How to run a sub-domain of CLUG.Org


Because DNS is a great enabler!

Let’s say you want to share some information with the world but you have a regular, dynamic xDSL Internet connection. You start up a web server, open port 80 on your router, find your IP address is, then call some friends to let them know that address. All is amazing and wonderful. Every so often though, your IP address will change, and then you become lost to the world. You need to find out what your IP address is, then call those you want to share with and tell them your new address, it’s tedious and you have to wait for them to find a pen.

Enter Dynamic DNS!

Dynamic DNS allows you to associate a host name with an IP address which changes, such as one assigned to a dial-up intenet connection or a cable modem.

Instead of, you can be! Even I can remember that.


Step zero is to send an e-mail to, requesting a sub-domain, and it must include a phone number, I will not set up someone until I’ve talked to them! You can call me if you want, I have a Cincinnati number, Six Zero Four-5916.

Step one is to set up a service on your server, it can be SSH, HTTP, FTP, FreeCiv or anything else you like, but not Telnet, telnet is bad. A note on security, if you aren’t sure of the security implications of the software you want to run, at a minimum, do a Google search like “Linux howto secure ipp” beforehand, and no, there isn’t a space between how and to. Figure out what port or ports your service runs on, you can look in /etc/services or the man page, or use sudo nmap -sS (where that last part is the LAN address of your server). Make sure that you can get to that service from another machine on your local network and that it gives back sane responses.

sudo nmap -sS

Starting Nmap 5.21 ( ) at 2013-10-27 11:03 EDT
Nmap scan report for
Host is up (0.0000090s latency).
Not shown: 996 closed ports
22/tcp open ssh
631/tcp open ipp
2222/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

Step two is to set up your router, this is pretty much beyond the scope of this little howto, as there are a zillion different routers out there, and some of them can be a pain to set up in what the original builders think might be insecure (Apple Airport, I’m looking at you!). What you want to do is find an entry like “Port Forwarding” or “Game Access” in some cases, this is done by connecting to the built-in web-server that runs on the router itself, usually at and looking through the menus you find there, after you change the password to something secure resembling ho3r0cqh@m – and no, that isn’t my password. In my case, I wanted to open access to SSH on the non-default port of 2222, so I forward port 2222 through 2222 to, port 2222. The port xx through yy is for a contiguous range of ports, the destination port is the lowest port in the range. Not all routers do this kind of range, but it is the most confusing of the ones I’ve found.

Step three is to figure out what your external IP address is. The script at the end of this article reads the address from my gateway router, however there are plenty of places on the Internet that can give you this information, for instance;

links -dump | grep -oP "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"


links -dump | grep -oP "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"

In both of these, I’m using links, but you can use elinks, w3m, wget, lynx or anything else that returns a page on the command line. The pipe to grep takes the output before and returns only (o) the match for the perl (P) expression that matches an IPv4 address (Okay, it doesn’t, but it’s good enough).

My opinion is that reading the router is the better idea as it’s on the end of a very fast wire that doesn’t slow down my surfing speed.

Step four is to request a dynamic update of your hostname from with an argument of the SecretString that I provide you with. Each sub-domain has a unique SecretString, so these can be distributed easily, and used on a router if it runs dd-wrt or Tomato. As soon as you run;

wget -q --read-timeout=0.0 --waitretry=5 --tries=400 -O- \${SecretString}

your sub-domain should be active, a ping sent to should give my address, one sent to should give your ip address (They may or not succeed, but the addresses should be correct. Also, it doesn’t need to be run from your server, any machine that uses the same gateway router will work, though I can’t come up with a good reason to do this. One of the interesting things about this method is that it doesn’t need to be run as root, any user can run the script below.

You could just run the wget line above as a cron job, but please don’t, it puts an excessive load on the machines at and that irritates Joshua Anderson, the owner of

Step five is to set up a cron job to do this work while you sleep,

crontab -l
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0-7) (Sun=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * command to be executed
*/10 * * * * ~/bin/

The script looks up your external address, compares it to whatever it had been, and if it changes, requests an update. Save the script below as ~/bin/ and change the SecretString variable in line nine, replace the value shown with the one I give you. Don’t forget to make it executable!

# Run me to set the external address up
# This script only tries to update if there is a change in our IP address
# or we loose the connection to the World Wide Web.



# The lines below gets our IP address from the crappy little CBT Wireless
# router at home.
# They need to be modified if that router changes, or we use another service.
links -source \
| grep WanIPRoutingState_WanIPAddress \
| grep -oP "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"

# Present the date in an easily grepable fashion.
date +"%Y-%m-%d+%H:%M"

# If the Logfile doesn't exist, create it with a known IP address.
if [ ! -f $Logfile ] ; then
echo "$Date" >> $Logfile

# If the Logfile still does not exist, something is wrong, cry for help.
if [ ! -f $Logfile ] ; then
echo "Cannot create $Logfile - check directory permissions"
exit 1

cat $Logfile | tail -1 | cut -d " " -f 2

if [ "$Current" = "$Last" ] ; then # No update is required, silently exit.
exit 0

echo "Update of external IP address needed."
echo "$Date $Current" >> $Logfile
# The line below is from and is what actually sets the DNS entries
# for the domain.
wget -q --read-timeout=0.0 --waitretry=5 --tries=400 -O- \${SecretString}

Step six, why didn’t it work?

It probably did work, you just can’t see the forest through the trees. Say you are on a machine with IP of, and your server is at, with the router at, your external address is, and port 80 is forwarded to the server.

When I try to connect from my machine at my house, everything works properly, DNS resolves your external address and I see the web page on your machine because your router forwards my request to your server.

When you try to connect, you resolve your external address, send the request out your router, which doesn’t understand why an internal address is trying to connect to another internal address through the router, so it drops the packet.

Before you spend hours trying to figure out what is going on, call somebody and ask if they can see your page, if they can, you’re golden.

To fix things so they work properly inside as well, add your server to your /etc/hosts file ( %SystemRoot%\system32\drivers\etc\hosts on Windows, /lib/ndb/hosts on Plan 9), and everything is good, unless you are on a laptop. If you are using a laptop and take the laptop to a friends house, when you try to connect, you resolve which won’t work. It wouldn’t be difficult to write a script that looks at the name of your access point and modifies the hosts file if you are home, but your access point would need a unique name.

The proper way to fix this is to run your own internal DNS server, either on your router or on your server. The advantage of the router is that it’s pretty simple and you don’t need to worry about it once everything is set up, the advantage of the server is that you can do more with it, but you need to do more with it.

If you run dd-wrt, you can fix this by enabling dnsmasq, then adding your hostname to the Additional DNSMasq Options


Free DNS from Afraid.Org

Dr. Richard Stallman

Richard Matthew Stallman (born March 16, 1953), often known by his initials, RMS, is an American software freedom activist and computer programmer. He campaigns for software to be distributed in a manner, such that a user receiving it, likewise receives with it the freedoms to use, study, distribute and modify that software: software that ensures these freedoms (on receipt) is termed free software. He is best known for launching the GNU Project, founding the Free Software Foundation, developing the GNU Compiler Collection and GNU Emacs, and writing the GNU General Public License.

Stallman launched the GNU Project in September 1983 to create a Unix-like computer operating system composed entirely of free software. With this, he also launched the free software movement. He has been the GNU project’s lead architect and organizer, and developed a number of pieces of widely used GNU software including, among others, the GNU Compiler Collection, the GNU Debugger and the GNU Emacs text editor. In October 1985 he founded the Free Software Foundation.

Stallman pioneered the concept of copyleft, which uses the principles of copyright law to preserve the right to use, modify and distribute free software, and is the main author of free software licenses which describe those terms, most notably the GNU General Public License (GPL), the most widely used free software license. In 1989 he co-founded the League for Programming Freedom. Since the mid-1990s, Stallman has spent most of his time advocating for free software, as well as campaigning against software patents, digital rights management, and other legal and technical systems which he sees as taking away users’ freedoms, including software license agreements, non-disclosure agreements, activation keys, dongles, copy restriction, proprietary formats and binary executables without source code.

He has received fourteen honorary doctorates and professorships for this work.

Wikipedia Link to Richard Stallman


There will be a meeting Saturday, August 24th, 2013, 10:00am, at the Pleasant Ridge Branch of the Cincinnati Public Library, located at 6233 Montgomery Road, Cincinnati, OH

Google Maps Goodness

The topic is setting up a web based camera server on the Raspberry PI, if there’s something specific you want to hear about, let me know, but leave out the Spam!
Steve Jones E-Mail

Thank you and hope to see you at the meeting!

Steve Jones


There will be a meeting Saturday, July 27th, 2013, 10:00am, at the Pleasant Ridge Branch of the Cincinnati Public Library, located at 6233 Montgomery Road, Cincinnati, OH

Google Maps Goodness

I don’t have a topic yet, if there’s something you want to hear about, let me know, but leave out the Spam!
Steve Jones E-Mail

Thank you and hope to see you at the meeting!

Steve Jones

The Meeting Minutes were as follows;
Bill Stowell says:
2013/07/29 at 10:44

My notes on Meeting 7-27-13: Please feel free to comment and add or modify my recollections based on your recollections.

Ideas for the Cincinnati Linux Users Group From meeting 7-27-13

I. Possible interactions with other groups:
a) Python Group in Cincinnati, have members of their group give lectures to Clug, have a joint meeting from time to time
b) University of Cincinnati Linux group, have members of their group give lectures to Clug, have a joint meeting from time to time

interact via special interest groups

Need: Point of contact for discussions
II. Special Interest Groups:
a) Linux Certification Group
1. Comprised of folks who would like to become certified linux administrators, software experts or other.
2. Lay-out certification requirements and materials/study/information needs
3. Develop timelines and milestone events
4. Get the work done—
b) Vulnerability studies group
1. Folks interested in IT security, Current tools for breaching computer security and how they work
2. Choose various available tools to study; obtain source code; ask questions

II. Desired Presentations:
a) New presentation on how to set up MYTH TV
1. Includes general discussion on how the program works and general hardware discussion to include problem areas and insights
2. Includes one “set-up for Dummies”–i.e. This is the specific hardware, software and set-up used and it works.
b) How to set up a web server on Raspberry Pi

c)How to set up and use Amazon cloud/web services

d) Raspberry PI/Arduino Robot how it was done and details

III. Meeting Format:
1) Start meeting with introductions and possible with a linux question of some sort

2) Always have a time to “Solve the Problem” or “Answer the Question”

IV: Other: Community Involvement*

a) Talk with the library we meet in about having a linux install meeting
1. Talk with vendors, refurbishers, schools, businesses about free computers for distribution to the community
b) Talk with churches, schools, etc. about having a linux install time
* The first contacts/viable places to help folks with linux will be the first one we do. In CLUG each member is “the leadership”.