Archives May 2014

The XScreensaver packages are a series of fancy alternate screensavers that have a popular history. They are much more enjoyable than the boring default Ubuntu screensaver which is just… a black screen.

Unfortunately the XScreensavers package hasn’t really been updated in awhile and doesn’t integrate very nicely into the current flavours of Ubuntu without some manual tweaking, so that’s exactly what I’m going to cover right here.

Issues to deal with

This document will cover the following:

• Installing the XScreensaver packages Configuring Ubuntu to use XScreensaver instead of the default gnome-screensaver
• Configuring Ubuntu to lock the screen with the XScreensaver
• Fixing the bad fonts issue in XScreensaver Setting a custom RSS feed for text-based XScreensaver packages

These instructions have been tested on Ubuntu 12.04 (Precise Pangolin) and 14.04 (Trusty Tahr).

Making it happen

1. Open a terminal.
   
2. Uninstall the boring default Ubuntu screensaver with:
   
   $ sudo apt-get remove gnome-screensaver
   
3. Install the XScreensaver packages with:
   
   $ sudo apt-get install xscreensaver*
   
   (note the asterisk on the end to install all xscreensaver packages)
   
4. Open the Dash (Ubuntu logo at the top-left of screen) and type in the word “start”. An icon will appear referring to “Startup Applications”. Click on it.
   
5. The window that appears shows which applications will be started when you login to your machine. Click on the “Add” button.
   
6. In the new window that appears, type “XScreensaver” into the Name field, then type in “xscreensaver -nosplash” into the Command field, then type in “Start the XScreensaver” into the Comment field.

7. Click on the “Add” button and then click on the Close button on the previous window.
   
8. That takes care of starting the XScreensaver, so now let’s fix the lock screen keyboard shortcut. Click on the Dash again and type in “keyboard” and then click on the “Keyboard” icon.
   
9. In the window that appears, click on the “Shortcuts” tab.
   
10. At the bottom of the left pane, click on “Custom Shortcuts”.
    
11. Click on the “+” button to add a new custom shortcut.
    
12. Give the shortcut a name, eg: “Enable the lockscreen”.
    
13. In the Command field, type in “xscreensaver-command -lock” and then click on the Apply button.
    
14. You will now see your new shortcut listed, but it doesn’t have a keyboard combo for it yet, so click on the word “Disabled” with your mouse and it will change to “New accelerator…”.
    
15. Now using your keyboard, press the key combo you’d like to use to lock your PC and start the XScreensaver. The default combo is CTRL+ALT+L but you can use any combo you like. If you do use CTRL+ALT+L you will be told that it’s already in use by the Gnome-Screensaver (which you uninstalled earlier, remember?), so just tell it to reassign it to your shortcut.
    

16. Close the keyboard settings window.
    
17. Now we need to sort out the fonts. The way XScreensaver looks for fonts is not like any other application. It needs to have a predefined list of available fonts, so we need to provide that list. We will get the “Ubuntu Font Family” (that comes with current releases of Ubuntu) enabled for use in XScreensaver, but you can apply this to any of the font folders on your machine.
    
18. In your terminal, type in the following:
    
    $ cd /usr/share/fonts/truetype/ubuntu-font-family
$ sudo mkfontscale
$ sudo mkfontdir
    
19. Repeat the above for all the fonts you wish to add to your system, eg: substitute the path /usr/share/fonts/truetype/msttcorefonts for the Microsoft fonts from the ubuntu-restricted-packages meta-package or the ttf-mscorefonts-installer package.
    
20. Create a new file (or edit any existing file) as follows:
    
    $ sudo nano /usr/share/X11/xorg.conf.d/50-fonts.conf
    
21. Type/paste in the following into your new file:
    
    Section "Files"
    FontPath "/usr/share/fonts/truetype/ubuntu-font-family"
EndSection
    
22. Add as many FontPath entries you need between the Section/EndSection block for all the fonts you want available that you ran step 18 on.
    
23. Save your changes with CTRL+X, then “Y” and then Enter.
    
24. Now type in the following to enable the fonts now (or simply reboot):
    
    $ xset +fp /usr/share/fonts/truetype/ubuntu-font-family
$ xset fp rehash
    
25. Repeat the xset +fp <path> command as many times as required to add all the fonts you setup in Step 18 before the xset fp rehash command, or simply reboot to do them all in one hit from your X11 config file in step 21.
    
26. Now we’re ready to fix the fonts in XScreensaver. In this example we’re going to fix the fonts in the StarWars screensaver. What exactly is wrong with the fonts in the StarWars screensaver I hear you ask?
    
    Simply this:
    

27. Click on the Dash and then type in “screensaver”. An icon called “Screensaver” will appear below it. Click on it.
    
28. In the Screensaver Preferences window that appears, scroll down the list of available screensavers to find “StarWars”. Click on it to highlight it.

29. A preview of the screensaver will appear in the pane on the right. You will notice that the font in the screensaver looks awful as in the above image.
    
30. Click on the “Settings…” button. A new window will appear.
    
31. In the Settings window, click on the “Advanced>>” button at the bottom. The window content will change.

32. You will see the command line that starts the screensaver. Modify the line so that it looks like:
    
    starwars -root -font "-misc-ubuntu-bold-r-normal--180-0-0-0-p-0-iso8859-1"
    
33. Click OK and repeat this modification to any other screensaver that uses a proportional font in its text, for example the FlipText screensaver.
    
34. Finally, let’s set a custom RSS feed for the screensavers that use text so that they show something useful. Click on the “Advanced” tab in the Screensaver Preferences window.
    

35. At the bottom-left in the “Text Manipulation” section, make sure “URL” is selected and change the URL text to your favourite RSS feed’s URL, for example ITNews’ RSS feed for “all content” is:
    
    http://www.itnews.com.au/RSS/rss.ashx
    
36. Test the StarWars screensaver now by clicking on the “Display Modes” tab and then select “StarWars” from the left pane to make it appear in the preview window. The time the fonts should look much nicer as follows:

37. Now go through the list of screensavers, enabling and disabling those that you want to use. As you click each one, its preview will appear on the right.
    
38. Set the Blank After, Cycle After and Lock Screen After values accordingly, eg: 10 minutes a piece.
    
39. Close the Screensaver Preferences window and test locking your PC by pressing CTRL+ALT+L or whatever combo you set in step 15, and your screen should fade out and start displaying a random screensaver from your list of enabled screensavers. When you move the mouse or press a key, a login prompt should appear.
    
40. Pat yourself on the back. You are done.

Choosing your own font to use instead of the Ubuntu Font Family fonts

1. Choosing your own font is simple. For each set of fonts that you processed in Step 18, type in the following, using the Ubuntu Font Family as this example:
   
   $ cat /usr/share/fonts/truetype/ubuntu-font-family/fonts.dir
   
2. This lists all the possible fonts available for that family. Copy to the clipboard the font description you wish to use.
   
3. Paste the description as the font argument in the command line of the screensaver you wish to modify.Note that you will need to adjust the font size/quality value in your command line because they are rendered as scaled bitmaps, not outlines. For example, in Step 32 we specify the font size to be “180” so that the fonts appear smooth and clean when scaled. If you don’t specify this, then the font will be generated into a bitmap using the smallest size before being scaled up in the screensaver, resulting in pixelated fonts.
   
   SPECIAL NOTE: Some screensavers require proportional fonts to be used and others require fixed-width fonts. If you try to use the wrong type of font, the screensaver will likely crash.
   
4. Choose the appropriate font type from the list of available fonts.
   
5. Preview your screensaver and make adjustments as required. If you’d like to test the screensaver directly without running up the Preferences tool, launch the screensaver binary in a terminal with the font description as an argument.
   
   For example, for the StarWars screensaver, you can run it in a window as follows:
   
   /usr/lib/xscreensaver/starwars -font "-misc-ubuntu-bold-r-normal--180-0-0-0-p-0-iso8859-1"
   
6. Pat yourself on the back again. You are done.

Darik’s Boot and Nuke (abbreviated as DBAN) is a popular tool used by many organisations and individuals to securely erase hard-drives prior to disposal, or perhaps just to fix Windows problems  . It typically comprises a small 15MB ISO image that you can burn to CD or make a bootable USB stick from so you can boot up a PC on it and set about erasing all detected storage devices.

When you’re doing a lot of machines, however, booting a CD is tedious, especially when you accidentally scratch the disc and need to burn a new one. Using a USB stick and either misplacing it, or forgetting to remove it before erasing starts means you lose the content of the boot stick too.

Wouldn’t it be nice to be able to simply boot DBAN from the network so it’s always available whenever you need it and have it automatically use your preferred options instead of being manually run each time?

Pre-requisites

• A copy of DBAN. You can get it from the project site here. I will be using version 2.2.8 in this article.
  
• A working Linux PXE server. If you’ve not built one before, you can use my previous guide here.
  
• A sacrificial hard-drive or a virtual machine to test with. You will be completely destroying the data on the drive. When this exercise is over, there will be nothing recognisable on the drive so operating systems will typically recognise the drive as a brand new, never-before-used drive.
  
• The PC housing the sacrifical drive needs to have the ability to boot from PXE. All modern computers built in the last 15 years should be able to do this.

Let’s get it going

1. First up, we need to extract DBAN’s files from the ISO image since we’re not going to burn it to a disc. Open the downloaded ISO image in Archive Manager by right-clicking on it and choose “Open with Archive Manager”.
   
2. Extract the following files: DBAN.BZI and ISOLINUX.CFG
   
3. On your PXE server, assuming you have all your files under /srv/tftp as per my previous tutorial, make a new folder called “dban” under it:
   
   $ mkdir /srv/tftp/dban
   
4. Now copy over the DBAN.BZI file you extracted in Step 1 to the /srv/tftp/dban directory. You don’t need to copy ISOLINUX.CFG because we’re simply using that for boot command reference.
   
5. Now rename the file so that it’s all in lowercase:
   
   $ mv /srv/tftp/dban/DBAN.BZI /srv/tftp/dban/dban.bzi
   
   (We don’t actually need to do this, but since everything else in the Linux world is typically in lower-case, we may as well do the same here)
   
6. Now make sure that the permissions are set for TFTP correctly:
   
   $ sudo chmod 777 -R /srv/tftp
   
7. Now let’s setup a simple PXE menu boot option that is simply going to write zeros across all detected storage devices when you boot up on it (which is the fastest method of wiping while remaining secure). Open your PXE boot menu config file. If using my previous tutorial, then that will be:
   
   $ nano /srv/tftp/mybootmenu.cfg
   
8. Scroll to the bottom (or insert where you’d like to have it) and add the following lines:
   
   LABEL Auto ^Nuke EVERYTHING With Zeros NOW! No Questions Asked!
KERNEL dban/dban.bzi APPEND nuke="dwipe --autonuke --method zero" silent
   
9. Press CTRL+X, then Y and then Enter to save your changes.
   
10. Boot up your sacrificial system into PXE. When your menu appears, you should see a new entry called “Auto Nuke EVERYTHING With Zeros NOW! No Questions Asked!” and the “N” character will be highlighted to indicate the keyboard shortcut for it.
    
11. Use the arrow keys or the keyboard shortcut to launch DBAN. It should boot quite quickly since it’s such a small application.
    
12. You will see a lot of text appear while the system boots up, enumerating hardware and searching for storage devices. At this time, any attached direct-writable storage mediums such as hard-drives and USB sticks will become targets for DBAN. Network drives/shares and other PC’s on your network will not become targets.

13. Once the system has detected everything it can find, DBAN will begin. All detected storage devices will be listed on their own line and will show their erasure status. You will notice that all this starts automatically and with no further interaction from you.
    
14. Once the system has completed erasing all devices, it will advise accordingly and halt the system. Your drives are now securely erased!

Additional Options

So you might be wondering, what did we need the ISOLINUX.CFG file for if we weren’t going to use it? Will, this is just for your reference – it contains all the command line parameters for all of the other options that DBAN offers you for the truly paranoid data hoarder. Please note that these additional options are superfluous – hard-drives are magnetic devices that can only hold one set of ones and zeros. Overwriting the drive multiple times with sequential or random ones and zeros is not going to make the erasure any more or less secure. Once a drive is wiped with just one pass of ones or zeros or a random combo, it is impossible to recover any data from it, and you certainly cannot “unformat” it or “unwipe” it.

To save you some time, here’s a complete list of the extra options presented as a sub-menu for your PXE boot menu. Simply copy and paste it into your boot menu configuration, or pick and choose the options you want.

Note: To prevent accidental erasing of a system from PXE boot, the default menu option is set to run DBAN in manual mode where you are asked to choose which drives you wish to erase, which gives you a chance to back out.

# ================================================================
# BEGIN: SECURE HDD ERASE OPTIONS
# ================================================================

menu begin Secure HDD erase options
 menu title ^Secure HDD erase options
 label mainmenu
 menu label ^Back..
 menu exit

LABEL Auto ^Nuke EVERYTHING With Zeros NOW! No Questions Asked!
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method zero" silent

LABEL ^Manual Setup of Wipe Options
 MENU default
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe"

LABEL ^Default 3-Pass Random Wipe (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke" silent

LABEL US Dept Defence ^Standard Wipe Method (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method dod522022m" silent

LABEL US Dept Defence ^3-Pass Wipe Method (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method dod3pass" silent

LABEL US Dept Defence Short Wipe Method (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method dodshort" silent

LABEL Peter ^Gutmann Wipe Method (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method gutmann" silent

LABEL ^RCMP TSSIT OPS-II Wipe Method (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method ops2" silent

LABEL ^Paranoid 8x Wipe with Full Verify (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method prng --rounds 8 --verify all" silent

LABEL PRNG Stream ^8x Wipe Method (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method prng --rounds 8" silent

LABEL ^Quick Wipe - Not 100% Secure (AUTO)
 KERNEL dban/dban.bzi
 APPEND nuke="dwipe --autonuke --method quick" silent

menu end

# ================================================================
# END: SECURE HDD ERASE OPTIONS
# ================================================================

Happy erasing!