Firewalls in Ubuntu -- details and configuration

Ubuntu Linux has mainly two strong firewalls, namely:

1. Netfilter
2. Firestarter

Netfilter firewall:

Ubuntu has a powerful firewall called netfilter that is part of the central kernel program. The ufw command at the terminal allows us to configure the firewall. However, this command needs you to be root of the system. For this purpose, we add sudo in before the command. For example, to enable the netfilter firewall we type the command as: sudo ufw enable. The manual pages for this firewall can be seen by typing the command: man ufw. 

However, this firewall can be operated in a more user-friendly way, by installing the package named Firewall Configuration. This package supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports, and many others. Rules can be easily added, removed and edited with the help of this interface. The interface is simple with easy usage and is recommended for beginner users.

We can configure the netfilter firewall by --

1. Adding allow, deny and limit rules.
2. Enabling, disabling and reloading the firewall.
3. Deleting and Inserting rules.
4. Displaying the information and status of the firewall.

Firestarter firewall:

Another user-friendly Firewall in Ubuntu is Firestarter. On the start-up for the first time, a wizard will be run, for configuring the network states. You can read the manual pages of this firewall by the command: man firestarter. There are three pages/tabs in the Firestarter interface, namely --

1. Status page giving an overview of the firewall state. 
2. Events page, where blocked intrusion attempts and the firewall history is shown.
3. Policy page for altering the behaviour of the firewall.

This firewall can be in one of these three states: Active, Disabled and Locked (Nothing is allowed through the firewall, neither in nor out). The Network section of the status page gives an overview of the network resource usage. In addition, the status page also lists the Active connections, the firewall is tracking every moment. The entries in the Active connections are color coded as: Gray for a terminated connection and black for a currently active connection. However, terminated connections are removed from the list after 10 seconds.

The Events page shows the history of connections blocked by the firewall. The entries in the Events page can be allowed connections from source, port or everyone or can be disabled events from source or port. The Firestarter colour codes the entries as:

1. Black -- A regular connection.
2. Red -- A possible attempt to access a non-public service and needs special attention.
3. Gray -- Harmless connections, mostly broadcast.

The third page, Policy can add, edit or remove rules for the firewall. Two types of rules can be created: Inbound rules, that allow through connections from the network or Internet, and Outbound rules, that can block unauthorised data emissions from your computer, such as those from potential virus infections, or spyware. Inbound rules allow you to filter all incoming connections. When it comes to blocking data emanating from your computer, Firestarter can enact two different modes:

1. Whitelist: In this mode, network traffic is not allowed out of the computer unless a rule allows it. This is also known as restrictive policy. 
2. Blacklist: In this mode, which is default, all traffic is allowed out of the computer unless a rule specifically forbids it. This is also known as permission policy.

Java Swing applications -- Telephone and Address Book -- II

Implementation:

The Telephone Book application is now designed and we need to just put the coding for that. We already know which objects in swing package are used as the components in the panels for the application. For example, we have mentioned in the last post about some components such as Drop-down list (JComboBox), Labels for the appropriate components(JLabel), Buttons (JButton), Text-Boxes (JTextBox), Scroll Panes (JScrollPane), Results displayed in Tables (JTable), Confirmation of the results through Dialogs (JDialog) etc.

The Front end is Java Swing while the application has a database connectivity with MS Access database. As mentioned in the previous post, there is only one table in the database. The coding is done in two packages: 

1. TeleAddress package for Component design and Action listeners &
2. dao package for accessing database from the MS Access database through JDBC API

In all the classes, the constructors play a key role with initializing the frame window processing purposes. Mouse action listeners are applied to the buttons in the interface that interacts with the user, most of them being applied when the user clicks the mouse.

The confirmation dialogs are present in a separate class, named Dialogs with separate dialogs for contact creation, updating contacts and contact-deletion. The Dialogs class contains the following:

1. Two Constructors -- one for Deletion and the other for Updation / Addition of contacts
2. dialog( ) and deldialog( ) functions for processing one of the two constructors.

The TelephoneBook class in TeleAddress package is the main class in the application and binds all the classes together. The TelephoneBook class contains the following:

1. All the Interface-Components such as Buttons, Drop-down lists, Text-Boxes,Labels,Tables etc. are defined in this class.
2. 5 Panel functions for adding the components into each panel.
3. A Constructor having function calls to the Action-listeners.
4. A function named initComponents( ) for the lay-out of components.
5. All Action-listeners for all the buttons such as Create, Delete, Update, Refresh, Cancel etc.

The SearchTable class allows the user to view the results in a table in a different Frame window. The Database class consists of all the database-connections, where we use the JDBC-ODBC Bridge Driver for connecting to MS Access. The static methods in this class are used for every database operation being done in the application. The dao package makes use of PreparedStatement and Statement for database query executions. The Database connectivity with MS Access can be done as shown clearly in these posts as part 1, part 2 and part 3. The dao package has the data access objects listed below:

1. Database class for Database connection.
2. AddDAO class for insertion of new contact into the database table.
3. DeleteDAO class for deletion of contact records from the database table.
4. OtherDAO class to get all the records from the database table
5. SearchDAO class to facilitate searching upon inputs given in the Search and Delete panels.
6. UpdateDAO class for updating contact details.

The documentation for the classes of this application have been automatically generated by NetBeans IDE through Javadocs which can be downloaded here.

Installation and Configuring the application:

Pre-requisites:

1. The system should have Java (JDK and JRE) installed on your system, which can be downloaded from this page.
2. The system should have Microsoft Office Access DBMS.

Configuring and Installation:

1. Invoke Control Panel -- Administrative Tools -- Data Sources (ODBC). Go to UserDSN tab and click on Add button.
2. Select Microsoft Access Driver (*.mdb, *.accdb) and click on Finish button.
3. Give the Data Source Name as TeleAddressBook and select the Database Select button and give the path of the database file which can be downloaded from here. After selecting the .accdb file, click OK. Any doubts regarding the configuration of DSN (Data Source Name) can be clarified with the tutorial specified previously at this post with screen-shots.
4. Download the JAR file which can be downloaded here.
5. After configuring the DSN and downloading the JAR file, double-click on the JAR file to invoke the application. If its not invoked with the double-click then open Command-Prompt and type the one specified as: java -jar "/* Complete Path of the JAR file */"

Java Swing applications -- Telephone and Address Book -- I

Before starting the design and implementation of Telephone cum Address Book, I recommend you to go through the following post which gives an insight of how a layout should be in Java Swing.
How to choose a layout in Java Swing

It is quite common to have a telephone book to note the contact numbers, addresses and other notes of relatives, colleagues, acquaintances and so on. The search operation still has be improved under such circumstances. We need to find the contact quickly in the telephone-contacts book. In addition to that, updation, deletion of contacts is quite cumbersome in such circumstances. I have come up with a typical CRUD (Create, Read, Update, Delete) kind of an application built on Java -- a Java Swing application to be precise, which provides the following:

1. Create / Add a new contact to the Telephone book
2. Update the details of a contact
3. Delete the contact details
4. Search functionality based on many parameters such as Name, City, Contact Numbers, Address etc.
5. List the entire list of contacts
6. Refresh capability for the changes to be applied to the database.

Advantages over the normal telephone book:

1. Quick search and display of details
2. Easy updation and deletion of contacts
3. Robust contact addition

User Interface Analysis and Design:

The entire application is built on tabs, rather than using Menus and sub-menus in the application as most of them do. But to avoid complexity in the application, the results are maintained in tabs (JPanel). The results of the search and listing functionality are displayed in a Scroll Pane (JScrollPane). The items in individual panels are programmed in separate functions to provide easy maintainability. There are 5 panels in the application which are listed below:

1. Create Panel
2. Delete Panel
3. Update Panel
4. Search Panel
5. List Panel

The search results and the listing operations are displayed in a tabular format (JTable), with 7 different contact details. The operations on the table can be made by clicking on that particular cell and deleting the corresponding record. The table is added to the Scroll Pane (JScrollPane) with vertical and horizontal scroll bars as needed.

The form-elements in the panels such as Create, Update and Search Panels is arranged in Grid Layout. Go through the guidelines to use Grid Layout. All the guidelines listed to use Grid Layout will have to be followed for better look and feel. The text-boxes (JTextArea) and buttons (JButton) are mainly used in all these forms, with the drop-down lists (JComboBox) also being added to the Search and Update Panels for better functionality and ease of use. The screen-shots can be downloaded here.

Database Analysis and Design:

This is a simple application with only a few contact-details which allows us to design the entire database using a single table. The main motto of this series of posts is to work with Java Swing and database is the easiest way to access data. So, we make an assumption that a contact has only single Office, Residence and Mobile contact numbers. The Normalization is not needed as per this assumption and a single table prevents the joining of tables. The database table telephone consists of fields listed below:

1. Contact-Name
2. Street, Area and City details of the person's residence
3. Office, Residence and Mobile phone numbers 

The Best Instant Messengers in Ubuntu Linux

As many of us use Instant messengers, we need to select the best of the best on any platform and Linux is not an exception to this. There are as many as 18 Instant messengers for various chat networks in the Ubuntu Software Center. While Windows has Digsby judged as the best and most popular Instant messenger, Ubuntu has three of them that are popular. If Digsby were in Linux also, I would be more than satisfied to use it because of its real time notifications, the look and feel and the features it provides. But unfortunately, Digsby is currently unavailable on Linux and Mac platforms and works only on Windows. But well, there is no need to worry as there are others which fulfill your requirements. I found the following three to be interesting in Ubuntu:

1. Pidgin
2. Kopete
3. Empathy

Pidgin:

Pidgin was the most popular IM in Windows (and Linux) before Digsby came into picture. It was the default IM till Ubuntu version 8.10, but from Karmic Koala, Empathy became its default IM. It is an impressive master piece with a lot of features, with as many as 30 useful plugins and support for over 15 different protocol services such as AIM, MSN, Google Talk, Jabber, Yahoo etc. The only disadvantage I found with this IM is the slow start-up though it might not be a problem with the modern hardware configurations.
Some of the plugins are listed below:

• Voice and video chat support
• Message highlighting
• Enhanced history
• SSL plugins
• Topic change notification
• Spell checker
• Recent conversations and many more

As you can see from the above plugin list, this IM has something for every level of user. It suits advanced users, beginners and intermediate users as well. Pidgin is quick at mail notifications, buddy status notifications. I would recommend you this IM if you have not got any on your Linux (not just Ubuntu).

Kopete:

Kopete is an instant messaging and chat application with support for a wide variety of services, such as AIM, Yahoo, ICQ, MSN, IRC, and Jabber. This package is part of the KDE 4 networking module. The layout of Kopete is glossy as it is available in KDE desktop environment. One good feature of Kopete is the KDE Wallet, which acts similar to the master password in Web Browsers. The KDE Wallet has passwords, cookies which once lost cannot be recovered. Besides this, the IM provides indexing for faster file search. Unlike Pidgin, it starts quickly with its look and feel being an extra asset. Notifications part is pretty good. It has got an extensive range of plugins including:

• Video, voice chat support
• Translator
• Logging of all messages
• Statistics
• Bookmarks
• Auto replace
• Message highlighting and so on...

Empathy:

The Empathy Instant messenger is now the default IM in Ubuntu Linux. The premier advantage of this IM is the notifications. This supports as many as 20 different protocol services including Google talk, Facebook chat, Yahoo etc. It supports all protocols supported by Pidgin. It has support for voice, video chat, file transfers. Apart from this, it supports logging of messages according to date and it is quick.

Gedit -- The complete Text Editor

Gedit is the default text-based editor for GNOME desktop. I can say its complete because of its enormous features. Gedit is an open source text based text editor that can be installed in operating systems such as Windows, Linux and Mac (not just Linux). It is powerful for programmers with its wide range of features and plugins, which makes it appealing to any level and type of user. 

Computer world is changing from time to time and I can say there is a considerable transition in the field of the text editors. In the early days,  many machines were GUI less and the users had to learn vi editor. Well, fewer and fewer machines are GUI less now. However, it is always important and is considered an extra edge to learn the vi editor, which is more often than not, useful to edit configuration files. Gedit gives more productivity than all the other predecessor editors such as vi, emacs etc.

Syntax Highlighting:

Gedit provides syntax-highlighting capability with a large number of

1. Programming languages, 
2. Hardware programming, 
3. Scripting languages, 
4. Markup languages and 
5. Scientific purposes. (FCL, Octave, GAP, R)

 

To select the highlighting mode, select View -> Highlighting mode -> Select the mode from the drop down list.

Gedit Features and Plugins:

In addition to the highlighting mode, Gedit supports a number of features such as:

1. Bracket Completion -- Automatically adds closing brackets
2. Change case  -- Inverts the case in the entire file
3. Commenting or uncommenting a selected block of code.
4. Document statistics -- Gives some information about the number of characters, words, lines etc., of the file
5. Embedded Terminal
6. Spell checker
7. Tag list -- Inserts commonly used tags and words into document
8. Word completion
9. Sorting a document or selected text
10. Snippets -- Insert often used pieces of text quickly mostly becoming the templates of documents with a specified highlighting mode
11. Python console in the bottom pane and thus can run python programs.
12. Language Support

However, some of the above plugins will work only if you add the external plugins, which can be installed with the help of Ubuntu Software Center, by typing in the filter text as "gedit-plugins" and click Install.

Colour Schemes:

Apart from all these plugins and features, Gedit consists of some Colour Schemes which customise the environment of this text editor. Some of the colour schemes can be downloaded here. These colour schemes can be installed by selecting Edit -> Preferences -> Font and Colors tab and then adding the schemes (.xml files) by clicking on the Add button there under.

10 Beginner Mistakes to be avoided by Linux newbies

Ever increasingly, Linux is becoming more and more popular. Along the way, there are several common mistakes that users new to Linux tend to make. In fact, from time to time, you can even find some seasoned Linux users making some of these same mistakes. If you can avoid these mistakes, the transition to Linux will be a lot easier.

1. Installing from outside the official repositories:

This mistake is generally done by those who have used mostly Windows before. They try to programs and software from outside the official repositories just as  in Windows. Almost all Linux distributions have official repositories and the software packages need to be installed from them. For example, in Ubuntu, install the software from the Ubuntu Software Center. This Center contains a list of all the softwares available officially. If you have installed the software outside the official repositories, there is a little chance to get assistance.

2. Doing selective updates:

This undoubtedly will make your system unstable mostly by broken links. It's considered a good practice to install all the updates periodically. To install all the updates, goto System > Administration > Update Manager. Not only this, but delaying these updates would be costly for you. So, it is always suggested to do complete update periodically.

3. Linux is not Windows:

There may be a lot of similarities in between Linux and Windows. But, don't expect Linux to be exactly like Windows. The similarities help in making an easy transition towards Linux.

4. Avoid learning command line:

The computer world has been changing continuously in the field of user interfaces. Its getting easier and easier for the users to use many operating systems and applications now-a-days. But, the whole process started with the command line user interface. And Linux is an operating system which expects you to learn a bit of command-list. Command line way of doing things is a lot quicker than the GUI. Besides all this, some things can be done only through the command line. So, if you have decided to work with Linux, then learn commands.

5. Misusing the help forums:

Even though Linux is free, help for getting started is close at hand, and available from multiple sources. There are help files, user manuals, and even the "man pages" that are easily accessed through either the command line or the other graphical way. For each Linux distribution, there is a separate user forum for getting help regarding all the operating system issues. By searching, you are likely to learn other important things. So, get the most of these user help forums.

6. Avoid running as root (when needed):

Running the operating system with root privileges will surely inflict some damage to your system. So, avoid running as root as far as possible.

7. Avoid relying too much on WINE:

WINE is a utility to run Windows executable programs on Linux. Find Linux software counterparts and try using that instead of installing all the softwares through WINE.

8. Ignoring the system messages and errors.

9. Its not Ctrl-Alt-Delete:

In Windows, this shortcut gives you the Task Manager. However, Linux restarts when these buttons are toggled. There is an applet named "Force quit" which can be used for force quitting unresponsive programs.

10. Giving up too early:

This happens mostly as far as Linux is concerned. Everyone must realise that they are not born knowing Windows. So, put some efforts to learn Linux and you will get rich dividends.

Sources: PC Linux OS Magazine

Ubuntu -- Analysis of the versions 8, 9 and 10

Ubuntu, a variant of Linux is continuously making its mark in the race among the operating systems as advancements are being made continuously with respect to many operating system aspects. I found huge advancements in regions such as GUI, CPU Utilisation, Networking, booting time etc. though some features were getting down. The Ubuntu Operating system versions will be released in the April and October months of every year with advancements made in some operating system aspects.

The versions and the code names of Ubuntu are given below:

8.04          HARDY HERON
8.10          INTREPID IBEX
9.04          JAUNTY JACKALOPE
9.10          KARMIC KOALA
10.04        LUCID LYNX
10.10        MAVERICK MEERKAT

The Ubuntu versions 8.04 and 8.10 had nothing to talk much about them. The software packages were not efficiently run besides the high CPU utilisation. The security settings were also not that strong. Networking was not good and connection to Internet through DSL was not present in Ubuntu 8.04. The look and feel was not appealing and the dependencies had to be looked after every now and then while installing the software packages. The Web Browser consumed much of the CPU resources when it was running, making it uncomfortable to use.

The Ubuntu versions 9.04 and 9.10 started using ext4 file system which made them to reduce the boot times three times than that of the 8.10 version. These versions boot in 25 seconds much better than the 65 seconds taken by the previous version (8.10). With the same, it managed to efficiently improve the system performance. These versions also made the look and feel better by introducing an absolute candy for notification purposes. The Empathy Instant messenger came into play with the version 9.10. The wireless network support was included in the 9.04 version. However, the network applet had some bugs, which made the connection to Internet (Wired using DSL) difficult. Besides all this, the Jaunty Jackalope newly had Tablet and Netbook support.

I should say that Ubuntu 10.04 and Ubuntu 10.10 are the best which we are having at present. These versions take only 10 seconds for the booting purpose, much better than the previous releases (25 seconds in the previous releases). In addition to the booting time, the software seemed to start quickly. The GUI has changed suddenly and the default theme settings are appealing to the eyes. The Internet got very much slowed down in Ubuntu 10.04 but all those major issues in Ubuntu 10.04 have been rectified now. The security settings are improving version after version in Ubuntu. I can find a lot of difference in the security in Ubuntu 8.10. The Ubuntu Software Center has undoubtedly become charming and more handy than ever, especially in the categorisation of the software. I should say, users had to face a bit of problem with the dependencies, broken links earlier; but now everything is managed so well by the Ubuntu software center, making it more user-friendly. Apart from this, the Instant messaging has added the new features of audio and voice chatting using Empathy Instant Messenger. I found that when the system files are being accessed, the system was taking so much time and was consuming large amount of CPU (almost 90% of CPU utilisation). This is the case when we open it in the GUI. The situation is however different when accessed through the Linux terminal. The authentication is a bit slow in Ubuntu 10.10 even though it was alright in Ubuntu 10.04.

Linux -- User Communication -- Part-3 -- news command

The system administrator is the sole person who can make news under the Linux. He types the information which he wants everyone on the network to know of in different files in /var/lib/sysnews directory. 

Whenever we log in if any fresh news has come in since we logged out last time then a message is displayed on our terminal saying, news: appeal rally where appeal and rally are the names of files in which the news items are available. We may either choose to ignore it, or if any news item interests us we may decide to pursue the same.

• First, we can look at the names of the news articles by the command news with -n option. Similarly, to know the number of unread news articles that are present in the /var/lib/sysnews directory, we use the command news with -s option. If you try news -s after you have gone through all the news items it promtly displays the message "NEWS: 0 news articles".

• The command without any options would yield the list of unread news articles one after another.

• At the same time, the user can pursue only a particular news article  from several items by specifying the article name after the command. For example, if you want to pursue the article named appeal, then you can run the command at the prompt as news appeal. 

• If the user decided to pursue all the news articles (read and unread), then the option -a has to be used with the command.

Linux -- User Communication -- Part-2 -- wall command

The write command is used for communication between two users connected to a network. However, if a user wants to send a message to everyone in the network; then the wall command will be used. The command is mostly used by the administrators for purposes such as the situation where the Unix/Linux system will be shut down in 10 minutes. He does so using wall. After giving the entire message, Ctrl - D must be pressed. The default behaviour of wall command is as shown in the below figure:

Another important thing to note about this command is that it writes to all the terminals irrespective of whether the users have given write permission to their terminals or not, as important messages are often posted using the wall.

Thus, this command is used to broadcast a message to everyone on the network and the necessary message is written onto the terminals of all the users.

A variation of wall would be to broadcast the contents in a file to all the terminals. This is done by the command given as: "wall < [file-name]". In this case, Ctrl-D need not be pressed. This is shown in the below figure:

To know about the next part of the Linux user communication, click here.

Linux -- User Communication -- Part-1 -- write command

The communication between/among different users in Linux systems connected in a network is actually just as simple as running some commands. A direct application of a network system, communication is handled expertly by Unix. The commands used for such a communication are as follows:

1. write
2. wall
3. news
4. mail

The "write" command:

The write command can be used by any user to write something on someone else's terminal, provided the recipient of the message permits communication. There are two pre-requisites for a smooth write operation:

• The recipient must be logged in, else an error message is inevitable.
• The recipient must have given permission for messages to reach his or her terminal.

If you do not want the messages to be posted on your terminal, just type the command: mesg n. But, by default the terminal allows messages to be posted on it. To know if the messages can be posted on your terminal or not, just type the command mesg. If the command returns "is y", then messages can be posted on your terminal, otherwise they cannot be posted. Before using the write command, it is a good idea to first ascertain who all are logged in and who allow messages to their terminals.

finger is one command that tells you which users are connected and which, if any can receive messages. It displays a list of all those who have logged in and places a * next to those terminals where mesg is set to n.

Another command that may be used for this purpose is who -T. The command who lists all the users who are currently logged in. When used with -T option, it places a '+' next to users who have allowed messages and a '-' sign beside others.

Now, the default behaviour of write command is as shown below. The first screen-shot is the terminal on the sender side and the second on the receiver side.

Variations of write:

• Writing to somebody who has set mesg to n on his terminal. The permission gets denied on such occasions. However, if the sender has mesg set to n and the receiver has mesg set to y then the reply to the message is not possible.

• A user logged in at more than one terminal and you want to send a message only to one terminal. The terminal specified in the command will be sent a message simply. If we do not mention the terminal to which the message should be sent, then the write command comes up with a smart solution in case of confusion. In all the above screen-shots the user is logged in at more than one place. For example, write user tty9 writes to the terminal tty9 of user-name user.

To know about the next part in Linux user communication to know the wall command, click here.