linux poison RSS
linux poison Email

Extract Images From a Video, or Create a Video from Images using ffmpeg in Linux

FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec - the leading audio/video codec library.

ffmpeg is a wonderful library for creating video applications or even general purpose utilities. ffmpeg takes care of all the hard work of video processing by doing all the decoding, encoding, muxing and demuxing for you. This can make media applications much simpler to write. It's simple, written in C, fast, and can decode almost any codec you'll find in use today, as well as encode several other formats.

OpenSuSe user can use "1-click" installer to install ffmpeg - here

Ubuntu user can install ffmpeg using command: sudo apt-get install ffmpeg

Extracting images from a video:
ffmpeg -i foo.avi -r 1 -s WxH -f image2 foo-%03d.jpeg
This will extract one video frame per second from the video and will output them in files named `foo-001.jpeg', `foo-002.jpeg', etc. Images will be rescaled to fit the new WxH values.

If you want to extract just a limited number of frames, you can use the above command in combination with the -vframes or -t option, or in combination with -ss to start extracting from a certain point in time.

Creating a video from many images:
ffmpeg -f image2 -i foo-%03d.jpeg -r 12 -s WxH foo.avi
The syntax foo-%03d.jpeg specifies to use a decimal number composed of three digits padded with zeroes to express the sequence number. It is the same syntax supported by the C printf function, but only formats accepting a normal integer are suitable.
Read more

Minitube : Youtube Desktop Client for Linux

Minitube is a native YouTube client. With it, you can watch YouTube videos in a new way: you type a keyword, and Minitube gives you an endless video stream. Minitube does not require the Flash Player. It is not about cloning the original YouTube Web interface, but strives to create a new TV-like experience.

OpenSuSe user can use "1-click" installer to install minitube - here

Ubuntu users needs to download .deb package from getdeb
Now you should be having minitube_0.8.1-1~getdeb1_i386.deb file install this .deb file using the following command: sudo dpkg -i minitube_0.8.1-1~getdeb1_i386.deb

The interface is clean and simple. You're greeted with a simple search box upon first launching Minitube. Enter your query, and results are displayed in a column. They'll automatically play one after another,

Read more

Checking Webserver Vulnerabilities using Nikto

Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is built on LibWhisker and can run any platform which has a Perl environment, and supports SSL, proxies, host authentication, IDS evasion and more.

Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It comes with thorough documentation which should be carefully reviewed prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.

OpenSuSe user can install nikto using "1-click" installer - here
Ubuntu / Debian: $ sudo apt-get install nikto

Using Nikto:
The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP on TCP port 80: nikto -h

To check on a different port, specify the port number with the -p (-port) option. This will scan the IP on TCP port 443:  
nikto -h -p 443
Hosts, ports and protocols may also be specified by using a full URL syntax, and it will be scanned:
nikto -h
Nikto can be automatically updated, To update to the latest plugins and databases, simply run Nikto with the -update command: nikto -update

If updates are available, you will see a list of the files getting downloaded.

Read more

Darkstat - Web Based Network Traffic & Bandwidth Monitoring Tool on Linux

darkstat is an ntop-workalike network statistics gatherer. It runs as a background process on a cable or DSL router, uses libpcap to capture network traffic, and has a Web interface that serves up reports of statistics such as data transferred by host, port, and protocol. It also has a neat bandwidth usage graph.

Author of the program, Emil Mikulic, had "ntop" in use for a long time. But he was disaffected of its stability issues and its bad memory behavior. For this reason he developed "darkstat".

OpenSuSe user can use "1-click" installer to install darkstat - here
Ubuntu / debian: $ sudo apt-get install darkstat

To start DarkStat
# darkstat -i eth0
where “eth0″ is the interface that you monitor traffic coming in and going out. Change it as in your system.

Now, darkstat starts and sniffs in the background and loads a simple web interface at http://localhost:667 or if you are browsing from a different machine then http://:667 (example:

At the "hosts" tab you can see all the machines which take part in the communication. These can be arranged by the caused traffic or their particular IP address. By this possibility you can detect the machines, which have produced the highest traffic in the local network, very fast. Thereby the responsible system administrator has a chance to get to the bottom of a problem.

Read more

Optimize DNS lookup time using NameBench

When you use the Web or send an e-mail message, you use a domain name to do it. For example, the URL "" contains the domain name

Human-readable names like "" are easy for people to remember, but they don't do machines any good. All of the machines use names called IP addresses to refer to one another. For example, the machine that humans refer to as "" has the IP address Every time you use a domain name, you use the Internet's domain name servers (DNS) to translate the human-readable domain name into the machine-readable IP address. Speeding up DNS lookups is one of the simplest, and most effective ways to speed up browsing.

Namebench. hunts down the fastest DNS servers available for your computer to use. namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way. This project began as a 20% project at Google.

namebench runs on Mac OS X, Windows, and UNIX, and is available with a graphical user interface as well as a command-line interface.

Download NameBench from here
Go to terminal (root) and type following command to install and run NameBench:

tar -zxvf namebench-1.0.5.tgz
cd namebench-1.0.5/
python install

namebench will test the nameservers your machine is currently using, plus the popular global DNS services, and the best 4-6 additional name servers that it can find for you. It will output some text-graphs and URL's for more a more detailed performance analysis of each nameserver.

If you want to specify an additional set of name services, simply add the IP to the command-line, or edit namebench.cfg:


Here are my DNS server test results:

Read more

Multiget - Multi-Threaded Graphical Download Manager for Ubuntu / Debian / OpenSuSe Linux

MultiGet is an easy-to-use GUI file downloader for Windows/Linux/BSDs/MacOs.  It's programmed in C++ and has a GUI based on wxWidgets. It supports HTTP/FTP protocols which covers the requirements of most users. It supports multi-task with multi-thread on multi-server. It supports resuming downloads if the Web server supports it, and if you like, you can reconfig the thread number without stopping the current task. It's also support SOCKS 4,4a,5 proxy, ftp proxy, http proxy.

Ubuntu: $ sudo apt-get install multiget
OpenSuSe user can use "1-click" installer to install MultiGet - here
You can start MultiGet in Ubuntu by going to Applications > Internet > MultiGet

Once installed, Multiget monitors your clipboard for download links -- or you can start putting the app to use via its floating drop box. Find something you want to download in your favorite browser, then click and drag a link onto the box to initiate the transfer. Downloads can also be started via Multiget's task menu.
Read more

Handbrake - Multiplatform, Multithreaded DVD to MPEG-4 Converter & Transcoder

HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded DVD to MPEG-4 converter. This software application therefore lets you compress DVDs so that they take less space on a hard disk.

HandBrake is a console (command-line interface) & GUI based  tool. The application requires many switches and variables to begin the conversion of a DVD to an MPEG video file.

Features include:
Supported sources:
Any DVD-like source: VIDEO_TS folder, DVD image or real DVD (encrypted or unencrypted, but protection methods other than CSS are not supported and must be handled externally with third-party software), and some .VOB and .TS files PAL or NTSC AC-3, DTS, LPCM or MPEG audio tracks

File format: MP4, MKV, AVI or OGM
Video: MPEG-4 or H.264 (1 or 2 passes or constant quantizer/rate encoding)
Audio: AAC, MP3, Vorbis or AC-3 pass-through (supports encoding of several audio tracks)

Misc features:
Chapter selection
Basic subtitle support (burned into the picture)
Integrated bitrate calculator
Picture deinterlacing, cropping and scaling
Grayscale encoding

Installing HandBrake
It is extremely easy to install HandBrake on Ubuntu 9.10 , HandBrake provides easily installable .deb file for Ubuntu 8.10. To install HandBrake issue the following command in the terminal window (Application >> Accessories >> Terminal)

sudo dpkg -i HandBrake-0.9.4-Ubuntu_GUI_i686.deb

This should install HandBrake onto your system , you can launch HandBrake from (Applications >> Sound Video >> HandBrake ).

OpenSuSe user can use "1-click" installer to install Handbrake - here

Using Handbrake
The first time you launch Handbrake you should see a number of predefined presets on right hand side of the Window , allowing you to easily configure Handbrake to convert videos to format capable of being played on number of devices.

Once you have selected the device you want to convert video for, configure/tweak the settings further and select source to select the source video which you would like to convert to suitable format, Also select the destination where you would like to save the video. Now , press Start button to start encoding the video.
Read more

How to do CPU hotplug in Linux


As Linux becomes more prominent in the enterprise arena in mission critical data center type installations, features that support RAS (Reliability, Availability and Serviceability) are required. Since modern processor architectures provide advanced error and detection technology, offering the possibility to add and remove CPUs becomes extremely important for RAS support.

However CPU hotplug is not just useful to replace defective components it can also be applied in other contexts to increase the productivity of a system. For example on a single system running multiple Linux partitions, as the workloads change it would be extremely useful to be able to move CPUs from one partition to the next as required without rebooting or interrupting the workloads.This is known as dynamic partitioning.  Other applications include Instant Capacity on Demand where extra CPUs are present in a system but aren't activated. This is useful for customers that predict growth and therefore the need for more computing power but do not have at the time of purchase the means to afford.

First Get the list of CPU present in your system
    # cd /sys/devices/system/cpu
    # ls -l
      total 0
      drwxr-xr-x  10 root root 0 Sep 19 07:44 .
      drwxr-xr-x  13 root root 0 Sep 19 07:45 ..
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu0
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu1
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu2
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu3
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu4
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu5
      drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu6
      drwxr-xr-x   3 root root 0 Sep 19 07:48 cpu7
Under each directory you would find an "online" file which is the control file to logically online/offline a processor.

Do the following to put a specific CPU offline:
    # echo 0 > /sys/devices/system/cpu/cpu7/online
Once the logical offline is successful, check
    # cat /proc/interrupts
You should now not see the CPU that you removed. Also online file will report the state as 0 when a cpu if offline and 1 when its online.

To display the current cpu state: # cat /sys/devices/system/cpu/cpu7/online

Read more

How To Install Additional true-type (ttf) Fonts in Linux

If you are sitting at a Windows or Macintosh computer right now, then you are looking at a TrueType font as you read this! Fonts are the different styles of typefaces used by a computer to display text.

Installing true-type fonts in Ubuntu/Fedora/OpenSuse is an easy task. One can find thousands of free fonts on the Internet (from sites such as 1001 Free Fonts or DaFont), and with this one could add that extra spice to your documents or websites.

First, find and download your desired fonts into /home/nikesh/fonts diretory (user directory). Then extract them and copy to the system fonts directory as follows:
cd /usr/share/fonts/truetype
sudo mkdir customFonts
cd customFonts
sudo cp /home/nikesh/fonts/*.ttf .
sudo chown root.root *.ttf
sudo mkfontdir
cd ..
Now open Open Office Writer or Gimp, and your fonts should be available! You can access your new true type fonts in any graphics, design, text based document application that uses fonts.
Read more

How To Convert Existing ext3 non-root FileSystem to ext4 FileSystem

Any existing Ext3 filesystem can be migrated to Ext4 with an easy procedure (as long as you are converting a filesystem that can be unmounted and which is non-root) which consists in running a couple of commands.

This means that you can improve the performance, storage limits and features of your current filesystems without reformatting and/or reinstalling your OS and software environment.

First, unmount the partition: umount /dev/sda1

Next, run a filesystem check on it to make sure it is in sane condition.
fsck.ext3 -pf /dev/sda1
Enable new features of ext4 on the filesystem
tune2fs -O extents,uninit_bg,dir_index  /dev/sda1
Run a filesystem check. to make sure that the filesystem is now clean.
fsck -pf /dev/sda1
Now edit your /etc/fstab file and replace "ext3" with "ext4" for /dev/sda1. Other options may differ for your system.
/dev/sda1 /disk ext4 defaults 0 2
Try to mount your new ext4 filesystem: mount /disk
Read more

Understanding Packet Filtering using iptables

The Linux kernel uses the Netfilter facility to filter packets, allowing some of them to be received by or pass through the system while stopping others. This facility is built in to the Linux kernel, and has three built-in tables or rules lists, as follows:

    * filter — The default table for handling network packets.
    * nat — Used to alter packets that create a new connection and used for Network Address Translation (NAT).
    * mangle — Used for specific types of packet alteration.

Each table has a group of built-in chains, which correspond to the actions performed on the packet by netfilter.
The built-in chains for the filter table are as follows:

    * INPUT — Applies to network packets that are targeted for the host.
    * OUTPUT — Applies to locally-generated network packets.
    * FORWARD — Applies to network packets routed through the host.

The built-in chains for the nat table are as follows:

    * PREROUTING — Alters network packets when they arrive.
    * OUTPUT — Alters locally-generated network packets before they are sent out.
    * POSTROUTING — Alters network packets before they are sent out.

The built-in chains for the mangle table are as follows:

    * INPUT — Alters network packets targeted for the host.
    * OUTPUT — Alters locally-generated network packets before they are sent out.
    * FORWARD — Alters network packets routed through the host.
    * PREROUTING — Alters incoming network packets before they are routed.
    * POSTROUTING — Alters network packets before they are sent out.

Every network packet received by or sent from a Linux system is subject to at least one table. However, a packet may be subjected to multiple rules within each table before emerging at the end of the chain. The structure and purpose of these rules may vary, but they usually seek to identify a packet coming from or going to a particular IP address, or set of addresses, when using a particular protocol and network service.

Regardless of their destination, when packets match a particular rule in one of the tables, a target or action is applied to them. If the rule specifies an ACCEPT target for a matching packet, the packet skips the rest of the rule checks and is allowed to continue to its destination. If a rule specifies a DROP target, that packet is refused access to the system and nothing is sent back to the host that sent the packet. If a rule specifies a QUEUE target, the packet is passed to user-space. If a rule specifies the optional REJECT target, the packet is dropped, but an error packet is sent to the packet's originator.

Every chain has a default policy to ACCEPT, DROP, REJECT, or QUEUE. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy.

Note: The iptables service starts before any DNS-related services when a Linux system is booted. This means that firewall rules can only reference numeric IP addresses (for example, Domain names (for example, in such rules produce errors.
Read more

How To Identify Which Ports (or Services) Are Listening/Open

There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack using commands such as netstat -an or lsof -i. This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized network ports by replacing netstat and lsof with their own, modified versions.

A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.The following command issued from the console determines which ports are listening for TCP connections from the network:
nmap -sT -O localhost
The output of this command appears as follows:
Starting Nmap 5.00 ( ) at 2009-12-05 01:11 IST
Warning: Hostname localhost resolves to 2 IPs. Using
Interesting ports on localhost (
Not shown: 994 closed ports
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
3128/tcp open  squid-http
3306/tcp open  mysql
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.15 - 2.6.27
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds
Next, check for information about the port using netstat or lsof. To check for port 3128 using netstat, use the following command:
netstat -anp | grep 3128
The command returns the following output:

tcp        0      0*                        LISTEN      1909/(squid)
tcp        0      0         TIME_WAIT   -
tcp        0      0         TIME_WAIT   -

The lsof command reveals similar information to netstat since it is also capable of linking open ports to services:
lsof -i | grep 3128
Read more

How to Verify Signed Fedora Packages

All Fedora packages are signed with the Fedora GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Fedora does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.

The RPM utility within Fedora automatically tries to verify the GPG signature of an RPM package before installing it. If the Fedora GPG key is not installed, install it from a secure, static location, such as an Fedora installation CD-ROM or DVD.

Assuming the fedora installation disc is mounted in /mnt/cdrom, use the following command to import it into the keyring (a database of trusted keys on the system):
rpm --import /mnt/cdrom/RPM-GPG-KEY
To display a list of all keys installed for RPM verification, execute the following command:
rpm -qa gpg-pubkey*
The output will look similar to the following:
To display details about a specific key, use the rpm -qi command followed by the output from the previous command, as in this example:
rpm -qi gpg-pubkey-db42a60e-37ea5438
It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:
rpm -K /tmp/updates/*.rpm
For each package, if the GPG key verifies successfully, the command returns gpg OK. If it doesn't, make sure you are using the correct Fedora public key, as well as verifying the source of the content. Packages that do not pass GPG verifications should not be installed, as they may have been altered by a third party.

After verifying the GPG key and downloading all the packages associated with the errata report, install the packages as root at a shell prompt.
Read more

How to Use & Configure Google Public DNS on Linux System

When you use Google Public DNS, you are changing your DNS operator from your ISP to Google Public DNS.

In most cases, the IP addresses used by your ISP's domain name servers are automatically set by your ISP via the Dynamic Host Configuration Protocol (DHCP). To use Google Public DNS, you need to explicitly change the DNS settings in your operating system or device to use the Google Public DNS IP addresses. The procedure for changing your DNS settings varies according to operating system and version (Windows, Mac or Linux) or the device (computer, phone, or router).

Benefits and enhancements:
Performance: Many DNS service providers are not sufficiently provisioned to be able to support high-volume input/output and caching, and adequately balance load among their servers. In addition to load-balancing user traffic to ensure shared caching, Google Public DNS implements "smart" caching to increase the speed of responses. Google Public DNS independently resolves domain names and keeps the resolutions in the cache until their time-to-live (TTL) expires, at which point they are automatically refreshed. The cycle of caching and refreshing is performed offline, asynchronously with user requests, so that responses are almost always available directly from cache.

Security: DNS is vulnerable to various kinds of spoofing attacks that can "poison" a nameserver's cache and route its users to malicious sites. The prevalence of DNS exploits means that providers have to frequently apply server updates and patches. In addition, open DNS resolvers are vulnerable to being used to launch denial-of-service (DoS) attacks on other systems. To defend against such attacks, Google has implemented several recommended solutions to help guarantee the authenticity of the responses it receives from other nameservers, and to ensure Google servers are not used for launching DoS attacks. These include adding entropy to requests, rate-limiting client traffic, and more.

Correct results: Google Public DNS does its best to return the right answer to every query every time, in accordance with the DNS standards. Sometimes, in the case of a query for a mistyped or non-existent domain name, the right answer means no answer, or an error message stating the domain name could not be resolved. Google Public DNS never blocks, filters, or redirects users, unlike some open resolvers and ISPs.

Note: Before you change your DNS settings to use Google Public DNS, be sure to write down the current server addresses or settings on a piece of paper. It is very important that you keep these numbers for backup purposes, in case you need to revert to them at any time.

The Google Public DNS IP addresses are as follows:
You can use either number as your primary or secondary DNS server. You can specify both numbers, but do not specify one number as both primary and secondary.

1) Edit /etc/resolv.conf:
sudo vi /etc/resolv.conf
2) Replace the nameserver lines with, or add, the following lines:
3) Save and exit.
4) Restart any Internet clients you are using.

Configuring DHCP client for dynamic ip address:
1) Edit /etc/dhclient.conf:
sudo vi /etc/dhclient.conf
2) If there is a line containing domain-name-servers, write down the IP addresses for future reference. Replace that line with, or add, the following line:
prepend domain-name-servers,;
2) Save and exit.
4) Restart your system.
Read more
Related Posts with Thumbnails