Run Wireshark in openSUSE as non-root user

There are two aspects of using Wireshark in openSUSE: capturing packets and displaying packets. To display packets or view pcap files you don’t need to run Wireshark as root. You also don’t need to do anything extra other than installing it. However, to capture packets you need root privileges. If you don’t have root privileges or want to capture packets as your regular user then you need a few extra steps.

Install Wireshark: sudo zypper install wireshark

Run Wireshark as non-root user to view captures

There is one caveat to running Wireshark in openSUSE as non-root user: when you run Wireshark from the GUI (say GNOME Shell) you are prompted to enter the root password. There’s a simple workaround to this by creating a local wireshark.desktop file, copied from /usr/share/applications/wireshark.desktop, with a slight modification.

cat /usr/share/applications/wireshark.desktop | sed -e 's!Exec=/usr/bin/xdg-su -c /usr/bin/wireshark %f!Exec=/usr/bin/wireshark %f!g' > /home/cguser/.local/share/applications/wireshark.desktop

In the command above we are creating a copy of /usr/share/applications/wireshark.desktop and saving it to /home/cguser/.local/share/applications/wireshark.desktop. The one change we make is to execute Wireshark as a regular user and not as root. You’ll have to do this for all non-root users who need to run Wireshark.

Now when you start Wireshark as a regular (non-root) user you’ll be able to display packets without providing root credentials.

Run Wireshark as non-root user to capture packets

This portion was taken from Sniffing with Wireshark as a Non-Root User. Read that page first before proceeding.

Install setcap to set the capabilities of /usr/bin/dumpcap: sudo zypper install libcap-progs

Create a new group wireshark to restrict users who can use Wireshark to capture packets: sudo groupadd wireshark

Add your user to the wireshark group to be able to capture packets: sudo usermod -a -G wireshark cguser

Change the group of dumpcap to wireshark: sudo chgrp wireshark /usr/bin/dumpcap

Change the permissions of dumpcap to only allow users in wireshark group to be able to run it: sudo chmod o-rwx /usr/bin/dumpcap

Set the capabilities required by dumpcap to run since its group is no longer root: sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

View the capabilities of dumpcap to confirm they were set correctly: getcap /usr/bin/dumpcap

/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

Logout and login again to finalize the addition of your user to the wireshark group.

Now when you start Wireshark as a regular (non-root) user you’ll be able to capture packets without providing root credentials.

Note: This was tested working in openSUSE 13.1.

Using Wireshark in Ubuntu

There are two aspects of using Wireshark in Ubuntu (or Debian for that matter): capturing packets and displaying packets. To display packets or view pcap files you don’t need to run Wireshark as root. You also don’t need to do anything extra other than installing it. However, to capture packets you need root privileges. If you don’t have root privileges or want to capture packets as your regular user then you need a few extra steps.

Install Wireshark: sudo apt-get install wireshark

Configure Wireshark to allow non-root users to capture packets: sudo dpkg-reconfigure wireshark-common

Add your user to the wireshark group to be able to capture packets: sudo usermod -a -G wireshark cguser

Logout and login again to finalize the addition to the group.

Now when you start Wireshark as a regular (non-root) user you’ll be able to capture and display packets.

Note: This was tested working in Ubuntu 14.04 LTS Trusty Tahr.

zypper: The following package updates will not be installed

I was trying to update my openSUSE 13.1 install and got this:

sudo zypper update

Loading repository data...
Reading installed packages...

The following 8 package updates will NOT be installed:
  libeXosip2-6 libgsm1 libortp9 libosip2 libspandsp2 libspeex1 libspeexdsp1 linphone 

Nothing to do.

I had linphone installed already but why would it not update? So I tried a distribution update (bad idea if you’re not actually upgrading your distribution to a newer release!):

sudo zypper dup

Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
Loading repository data...
Reading installed packages...
Computing distribution upgrade...

The following 42 NEW packages are going to be installed:
  bash-doc dconf desktop-translations exim gsettings-backend-dconf libdconf1 libproxy1-config-gnome3 libtidyp-1_04-0 openssh-askpass perl-Data-Dump perl-Encode-Locale perl-File-Listing perl-HTML-Parser 
  perl-HTML-Tagset perl-HTML-Tidy perl-HTTP-Cookies perl-HTTP-Daemon perl-HTTP-Date perl-HTTP-Message perl-HTTP-Negotiate perl-IO-HTML perl-IO-Socket-SSL perl-LWP-MediaTypes perl-LWP-Protocol-https 
  perl-Net-DBus perl-Net-HTTP perl-Net-LibIDN perl-Net-SSLeay perl-Text-Wrapper perl-Tie-IxHash perl-TimeDate perl-URI perl-WWW-RobotRules perl-X11-Protocol perl-XML-Twig perl-XML-XPathEngine 
  perl-libwww-perl readline-doc ucode-intel vim-data xdg-utils zypper-log 

The following 8 packages are going to be upgraded:
  libeXosip2-6 libgsm1 libortp9 libosip2 libspandsp2 libspeex1 libspeexdsp1 linphone 

The following 8 packages are going to change vendor:
  libeXosip2-6  openSUSE -> obs://build.opensuse.org/network:telephony
  libgsm1       openSUSE -> obs://build.opensuse.org/network:telephony
  libortp9      openSUSE -> obs://build.opensuse.org/network:telephony
  libosip2      openSUSE -> obs://build.opensuse.org/network:telephony
  libspandsp2   openSUSE -> obs://build.opensuse.org/network:telephony
  libspeex1     openSUSE -> obs://build.opensuse.org/network:telephony
  libspeexdsp1  openSUSE -> obs://build.opensuse.org/network:telephony
  linphone      openSUSE -> obs://build.opensuse.org/network:telephony


8 packages to upgrade, 42 new, 8  to change vendor.
Overall download size: 18.5 MiB. After the operation, additional 62.2 MiB will be used.
Continue? [y/n/? shows all options] (y): 

I did not proceed with a dist-upgrade. As you can see, the vendor was being changed from openSUSE to an OBS repository.

That’s when I realized(*) that not only was linphone provided by the openSUSE repos but also this OBS repo I was using for SIPp. So what’s the solution? I need this OBS repo but I don’t want to keep seeing this message (for semi-OCD reasons). I haven’t found a solution yet but at least I can rest easy knowing why I was seeing this message.

(*) OK, I found a pointer to the actual cause. Hat tip to Zypper: The following package updates will NOT be installed

Self Exceptionalism in the Free and Open Software Communities

Recently, I have felt myself being pulled in three directions at once. There’s the RHEL ecosystem that I have immersed myself into over the past many months. Ubuntu 14.04 LTS Trusty Tahr released last week and is a very enticing option, especially since I started with Ubuntu many moons ago. Finally, there’s the BSD world beckoning, with its culture and technology. Which option do I pick for primarily two roles: my daily driver at work and a way for me to grow my knowledge and skills, prepared to take on tomorrow’s challenges?

The answer is not as simple as I had anticipated. And the reason is my belief in my own exceptionalism. I have convinced myself that my vote for any one of these three options will turn the tide of FOSS in that direction. That if I don’t support an option then that option will disappear and its community will wither away. That I need to be a part of the community so I can contribute my skills, preventing unforeseen catastrophes waiting to be unveiled. That the FOSS world is waiting for a hero: me.

Of course, this is an absurd way of thinking. One person does make a difference but not at the scale I have imagined. It doesn’t matter to Ubuntu or its community that I fired up Fedora in my VM today. It has no affect on FreeBSD if I don’t learn how to use it. It doesn’t matter to Fedora that I am slowly moving to using Ubuntu daily. In a sense it does matter to all three projects whether an individual stays within the community or leaves. But not in the way I have convinced myself it does.

I am no savior. I can’t save or condemn a FOSS project because of my participation or the lack thereof. The reason is simple: these projects are much bigger than an individual. They have existed before I became a part of their communities; not just existed but prospered. I am but one man.

And therein lies the crux of the matter. If I am not writing code, finding bugs, generating official documentation, etc. then I’m not really a part of the community. I may be a passive advocate at best or a user at worst; but not part of the community. The community is formed of people who actively participate in shaping a project not those who use the output of their efforts without giving back.

A lot of people like myself are delusional in this manner. Just because they can download Ubuntu for free does not give them the right to complain and criticize when the desktop does not behave the way they demand. Either they pitch in, take a leadership role in the community, and fix the problems they have, or they lose the right to criticize. It’s alright to point out bugs and papercuts in a constructive gesture. Anything else reeks of their own belief in their exceptionalism. They have to stop thinking that just because *they* don’t like something that the project’s priorities need to shift to cater to their whims.

No project or product can survive without users. No one disputes that. But it’s not necessary that a project has to be used by *everyone*. Those who participate in developing the product and nurturing the project are its users, too. As long as they use and are satisfied, that’s all it matters.

So all of you who think the world revolves around them and that somehow FOSS means their wishes are paramount, think again. Get off your high horse, throw away the cloak of self exceptionalism, and pitch in. Either you are part of the solution or you don’t matter.

A question now comes to mind: why did I think that I was exceptional? It’s because I *expect* a lot from myself. I want to excel in all things I do. If I’m using some FOSS application that needs contributors I expect of myself to become such a contributor. Alas, there’s only so much one person can do. I have so many other obligations taking up my time that it becomes impossible for me to participate in many platforms and forums concurrently. That’s just life. The problem, though, is that I continue to expect of myself anyways. This causes undue stress, a highly unhealthy trend.

Given this new light in which I see myself, I will attempt to stop worrying about what the Internet says is a viable project and which one to support. I will no longer allow myself to be bound to follow the herd. If Ubuntu on the desktop gives me a pleasurable experience, CentOS works when I need a server, and FreeBSD can protect my network better, then I’ll use the best tool for the job. All these projects deserve contributions from their users. I’ll try my best to become a contributor. Until I do so I know that I’m a user and only a user.

CrunchBang is Simply Awesome

I had a half-forgotten netbook lying around collecting dust, running Ubuntu 10.04 faithfully for a few years. It’s a Dell Inspiron 1012 with Intel Atom N450 and 1GB of memory. When I got my hands on it again I thought it was time to revive it for some light tasks around the house, something that I could hand to kids and let them watch You Tube or whatever.

I had been meaning to try out CrunchBang for a while now but always did it in VMs. This was my chance to try it out on “real” hardware. I got a 64-bit ISO downloaded, dded it to a USB flash drive, and booted the netbook with it.

The install was very simple and fairly fast. I overwrote the whole disk (after backing it up, of course) and the installer went on its merry way. After the installation completed it ran the cb-welcome script automatically, asking a bunch of questions to configure the system or install additional packages. After running updates and a reboot the netbook was ready to use.

CrunchBang is awesome because it’s Debian at its core with a functional desktop based on Openbox. It can take some getting used to because it doesn’t exactly function like a DE new users are used to. However, the keyboard shortcuts presented right on the desktop are a great starting point. And don’t get me started on the awesomeness that’s the low memoery usage. Less than 125MB after login is exceptional on this machine.

I made a few tweaks: auto-login (hint: edit /etc/slim.conf); reduce virtual desktops to a single desktop (hint: edit ~/.config/crunchbang/rc.xml); make DuckDuckGo the default search engine in Iceweasel (Firefox). Everything else is mostly default stuff.

I am beginning to think I may use this revived netbook for more things than just a plaything for the kids. All thanks to the awesome work of Debian and CrunchBang.

dnf and yum show different updates

Problem

I have started to use dnf in Fedora 20 more than yum. I do miss drpm and yum ps when using dnf but it works just fine. Today, I ran into a problem where yum and dnf saw different updates.

root @ codeghar [~] $ yum check-update
Loaded plugins: langpacks, ps, refresh-packagekit
updates/20/x86_64/metalink                                          |  16 kB  00:00:00     
updates                                                             | 4.6 kB  00:00:00     
updates/20/x86_64/primary_db                                        | 7.2 MB  00:00:02     
(1/2): updates/20/x86_64/updateinfo                                 | 660 kB  00:00:00     
(2/2): updates/20/x86_64/pkgtags                                    | 887 kB  00:00:05     

NetworkManager.x86_64                       1:0.9.9.0-28.git20131003.fc20           updates
NetworkManager-glib.x86_64                  1:0.9.9.0-28.git20131003.fc20           updates
NetworkManager-openvpn.x86_64               1:0.9.9.0-0.1.git20140128.fc20          updates
NetworkManager-openvpn-gnome.x86_64         1:0.9.9.0-0.1.git20140128.fc20          updates
anaconda.x86_64                             20.25.16-1.fc20                         updates
anaconda-widgets.x86_64                     20.25.16-1.fc20                         updates
clutter.x86_64                              1.16.2-3.fc20                           updates
curl.x86_64                                 7.32.0-4.fc20                           updates
glibc.x86_64                                2.18-12.fc20                            updates
glibc-common.x86_64                         2.18-12.fc20                            updates
glibc-devel.x86_64                          2.18-12.fc20                            updates
glibc-headers.x86_64                        2.18-12.fc20                            updates
kernel.x86_64                               3.12.9-301.fc20                         updates
kernel-debug-devel.x86_64                   3.12.9-301.fc20                         updates
kernel-devel.x86_64                         3.12.9-301.fc20                         updates
kernel-headers.x86_64                       3.12.9-301.fc20                         updates
kernel-modules-extra.x86_64                 3.12.9-301.fc20                         updates
libcurl.x86_64                              7.32.0-4.fc20                           updates
pango.x86_64                                1.36.1-2.fc20                           updates


root @ codeghar [~] $ dnf check-update

NetworkManager.x86_64                   1:0.9.9.0-28.git20131003.fc20               updates
NetworkManager-glib.x86_64              1:0.9.9.0-28.git20131003.fc20               updates
clutter.x86_64                          1.16.2-3.fc20                               updates
glibc.x86_64                            2.18-12.fc20                                updates
glibc-common.x86_64                     2.18-12.fc20                                updates
glibc-devel.x86_64                      2.18-12.fc20                                updates
glibc-headers.x86_64                    2.18-12.fc20                                updates
pango.x86_64                            1.36.1-2.fc20                               updates

Solution

There’s a forum post (dnf and yum seeing different updates) and one solution was to clear the caches.

root @ codeghar [~] $ yum clean expire-cache
Loaded plugins: langpacks, ps, refresh-packagekit
Cleaning repos: fedora updates
2 metadata files removed


root @ codeghar [~] $ dnf clean expire-cache
Cleaning repos: fedora updates
The enabled repos were expired

I then ran check-update on both yum and dnf and that solved the problem. dnf check-update needed to be run twice but it was no big deal.

root @ codeghar [~] $ dnf check-update
Error: Problem with repo 'updates': Cannot prepare internal mirrorlist: Curl error: Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f20&arch=x86_64


root @ codeghar [~] $ dnf check-update
Fedora 20 - x86_64 - Updates                               3.2 MB/s |  15 MB     00:04    

NetworkManager.x86_64                       1:0.9.9.0-28.git20131003.fc20           updates
NetworkManager-glib.x86_64                  1:0.9.9.0-28.git20131003.fc20           updates
NetworkManager-openvpn.x86_64               1:0.9.9.0-0.1.git20140128.fc20          updates
NetworkManager-openvpn-gnome.x86_64         1:0.9.9.0-0.1.git20140128.fc20          updates
anaconda.x86_64                             20.25.16-1.fc20                         updates
anaconda-widgets.x86_64                     20.25.16-1.fc20                         updates
clutter.x86_64                              1.16.2-3.fc20                           updates
curl.x86_64                                 7.32.0-4.fc20                           updates
glibc.x86_64                                2.18-12.fc20                            updates
glibc-common.x86_64                         2.18-12.fc20                            updates
glibc-devel.x86_64                          2.18-12.fc20                            updates
glibc-headers.x86_64                        2.18-12.fc20                            updates
kernel.x86_64                               3.12.9-301.fc20                         updates
kernel-debug-devel.x86_64                   3.12.9-301.fc20                         updates
kernel-devel.x86_64                         3.12.9-301.fc20                         updates
kernel-headers.x86_64                       3.12.9-301.fc20                         updates
kernel-modules-extra.x86_64                 3.12.9-301.fc20                         updates
libcurl.x86_64                              7.32.0-4.fc20                           updates
pango.x86_64                                1.36.1-2.fc20                           updates

root @ codeghar [~] $ yum check-update
Loaded plugins: langpacks, ps, refresh-packagekit
fedora/20/x86_64/metalink                                           |  18 kB  00:00:00     
updates/20/x86_64/metalink                                          |  16 kB  00:00:00     

NetworkManager.x86_64                       1:0.9.9.0-28.git20131003.fc20           updates
NetworkManager-glib.x86_64                  1:0.9.9.0-28.git20131003.fc20           updates
NetworkManager-openvpn.x86_64               1:0.9.9.0-0.1.git20140128.fc20          updates
NetworkManager-openvpn-gnome.x86_64         1:0.9.9.0-0.1.git20140128.fc20          updates
anaconda.x86_64                             20.25.16-1.fc20                         updates
anaconda-widgets.x86_64                     20.25.16-1.fc20                         updates
clutter.x86_64                              1.16.2-3.fc20                           updates
curl.x86_64                                 7.32.0-4.fc20                           updates
glibc.x86_64                                2.18-12.fc20                            updates
glibc-common.x86_64                         2.18-12.fc20                            updates
glibc-devel.x86_64                          2.18-12.fc20                            updates
glibc-headers.x86_64                        2.18-12.fc20                            updates
kernel.x86_64                               3.12.9-301.fc20                         updates
kernel-debug-devel.x86_64                   3.12.9-301.fc20                         updates
kernel-devel.x86_64                         3.12.9-301.fc20                         updates
kernel-headers.x86_64                       3.12.9-301.fc20                         updates
kernel-modules-extra.x86_64                 3.12.9-301.fc20                         updates
libcurl.x86_64                              7.32.0-4.fc20                           updates
pango.x86_64                                1.36.1-2.fc20                           updates

Install Arch Linux on ESX 5.5

I have been meaning to delve into Linux with Arch for a while. I’ve been using a VM in ESX to learn the install process. The installation has been pretty easy maybe because I have spent a fair number of years using Linux. The Arch wiki is an awesome resource and one mistake I keep making is not reading the whole page. This causes many headaches that could be avoided if I didn’t just gloss over the information.

Anyways, I wanted to provide a simple step-by-step tutorial to serve as a quick checklist. Remember that these steps can quickly get out of date as Arch moves fast. So always reference the Arch wiki first. Here are the major steps.

  1. Download Arch installer
  2. Create VM
  3. Boot VM and install Arch

I downloaded the dual 2013.12.01 version of the installer: archlinux-2013.12.01-dual.iso. The VM I created was of “type” Red Hat Enterprise Linux 6 (64-bit) and had 2 dual-core CPUs, 2GB memory, 100GB disk, and EFI was enabled. I attached the installer ISO and started the VM. These instructions begin from when you get the root console after boot up.

Initial Steps

Check to make sure EFI is recognized and working.

efivar -l

I didn’t have DHCP running so instead used static IP. Find the name of your NIC; mine was ens32.

ip link

Setup IP address and gateway

ip addr add 192.168.0.55/24 dev ens32

ip route add default via 192.168.0.1

Configure DNS.

echo "nameserver 8.8.8.8" >> /etc/resolv.conf

echo "search codeghar.com" >> /etc/resolv.conf

Disk Partitioning

Get the name of the disk. It was sda in my case.

lsblk

I used LVM because I wanted to learn a bit more about it. I also prefer to have a single root partition because it makes things easier for me. I used parted to partition my disk into four partitions: 1 for boot and 3 for root.

parted /dev/sda print

parted /dev/sda mklabel gpt

parted /dev/sda mkpart primary 1049KB 2GB

parted /dev/sda mkpart primary 2GB 19GB

parted /dev/sda mkpart primary 19GB 49GB

parted /dev/sda mkpart primary 49GB 99GB

parted /dev/sda set 1 boot on

parted /dev/sda set 2 lvm on

parted /dev/sda set 3 lvm on

parted /dev/sda set 4 lvm on

parted /dev/sda print

lsblk

LVM

pvdisplay

pvcreate /dev/sda2

pvcreate /dev/sda3

pvdisplay

vgdisplay

vgcreate vgcodeghar /dev/sda2

vgextend vgcodeghar /dev/sda3

vgdisplay

lvdisplay

lvcreate -L 25G vgcodeghar -n lvroot

lvdisplay

modprobe dm-mod

vgscan

vgchange -ay

Format the first partition as FAT32 because we’ll use it for /boot and EFI requires(?) the boot partition to be FAT32.

mkfs.fat -F32 /dev/sda1

mkfs.ext4 /dev/mapper/vgcodeghar-lvroot

Base Install

mount /dev/mapper/vgcodeghar-lvroot /mnt

mkdir -p /mnt/boot

mount /dev/sda1 /mnt/boot

pacstrap /mnt base

genfstab -U -p /mnt >> /mnt/etc/fstab

cat /mnt/etc/fstab

Base Configuration (Start)

arch-chroot /mnt

Base Configuration – Swap File

Instead of a swap partition I decided to use a swap file.

fallocate -l 4G /swapfile

chmod 600 /swapfile

mkswap /swapfile

swapon /swapfile

echo "/swapfile none swap defaults 0 0" >> /etc/fstab

cat /etc/fstab

Base Configuration – Locale

sed -i -e 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen

locale-gen

echo LANG=en_US.UTF-8 > /etc/locale.conf

export LANG=en_US.UTF-8

Base Configuration – Time

ln -s /usr/share/zoneinfo/US/Pacific /etc/localtime

hwclock --systohc --utc

Base Configuration – Network

echo codeghar > /etc/hostname

cp /etc/netctl/examples/ethernet-static /etc/netctl/ens32.cfg

Edit the file ens32.cfg and provide your static IP information.

nano /etc/netctl/ens32.cfg

Enable the configuration.

cd /etc/netctl

netctl enable ens32.cfg

Base Configuration – initram

Edit file /etc/mkinitcpio.conf and add lvm2 between block and filesystems in the HOOKS settings.

nano /etc/mkinitcpio.conf

Before:

HOOKS="base udev ... block filesystems ..."

After:

HOOKS="base udev ... block lvm2 filesystems ..."

mkinitcpio -p linux

Base Configuration – grub

mount -t efivarfs efivarfs /sys/firmware/efi/efivars

pacman -S grub efibootmgr

There seems to be a bug where I couldn’t get grub to work properly. The solution was to add an entry to the /etc/default/grub file.

nano /etc/default/grub

Add to file:

GRUB_DISABLE_SUBMENU=y

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=arch_grub --recheck

grub-mkconfig -o /boot/grub/grub.cfg

Base Configuration – User

Set root password.

passwd root

Create new user. I tried to follow the example of a user account from Fedora.

groupadd cguser

useradd -m -g cguser -G users,wheel,storage,power -s /bin/bash cguser

passwd cguser

Base Configuration – Remote Access

pacman -S openssh

Configure SSH to disable root access and make any other changes you want.

nano /etc/ssh/sshd_config

systemctl enable sshd.service

Base Configuration (End)

I like to use vim so I install it as well.

pacman -S vim

Exit out of the chroot.

exit

umount -R /mnt

reboot

First Boot

You should now be able to boot to Arch and login via console or SSH.

Follow

Get every new post delivered to your Inbox.

Join 32 other followers