Adsense Leaderboard Ad


How to Install DoD Root Certificates in Google Chrome on Linux

I was unable to find full working directions for this so hopefully this helps someone.  I tested on Fedora 25 and Red Hat 7.

Go to:

Scroll all the way to the bottom until you see "PKI CA Certificate Bundles: PKCS#7"

Click the download link that says "For DoD PKI Only - Version 5.0"

When the zip file is done downloading, open a terminal and go to that directory and unzip the file.


Now cd into the newly created directory.

cd Certificates_PKCS7_v5.0u1_DoD/

Now run the following command to import the p7b files:

for n in *.p7b; do certutil -d sql:$HOME/.pki/nssdb -A -t TC -n $n -i $n; done

To check the status of the certs installed you can run:

certutil -d sql:$HOME/.pki/nssdb/ -L


Google Drive Linux Clients - Options?

Google has been promising a Linux support for Drive since it first debuted in 2012.  Here we are on the cusp of 2017 and there is no official Drive support in sight.

I have played around with a few options and figured I would share my experiences here to hopefully help someone.

All of my testing has been done of Fedora 23,24 or 25 which is my distro of choice.  I have also dabbled a bit with Ubuntu, but not enough to give a recommendation.

If you do a quick search you will find a few command line options for using Google Drive.  All of which I have found painful to get working.  On top of that the projects seem dead.  Some not being updated in 2+ years.  Plus, command line utilities are not exactly what I was looking for.  These are my least favorite options.  I can not really recommend these to anyone who will depend on them for daily workflow.  If you want to tinker here are a few examples.

My favorite CLI option is g sync, which basically gives you rsync functionality to your Google Drive.  This allowed me to sync the way I wanted to, but can be painful to get working and I had issues setting it up with 2 factor authentication.  Once I had it configured, I wrote some scripts to two way sync.  Worked well.

If you are willing to pay a few dollars, there is a decent option called overGrive.  It has both Ubuntu and Fedora packages and installs fairly easily.  This client adds a Google Drive folder and if you put anything in it, it will sync it to your Google Drive, perfect right?  Well not for me.  This works similar to Google's official offering on Windows. Although it does offer two way sync (Drive to Local, Local to Drive) it does so only within a certain Google Drive Folder.  overGrive also has some nifty features like multiple account sync, converting Google Docs to Office formats, Convert files from Office to Google Drive, and also offers support.  It works well and costs a measly $4.99.  Not a bad deal if this is what your looking for.

Here is a link to overGrive:

The last option, and my personal favorite, costs a bit more.  Insync offers a long list of features including everything overGrive offers and more.  It also converts openoffice documents, Let's you pick your own folder to sync (IMPORTANT), on-demand shared file syncing, Desktop notifications, A feed of your file changes, and much more.  Now the reason I like this is because I can select my local "Documents" folder (/home/savona/Documents) and have it two way Sync with Google Drive.  I don't need to have a "Google Drive" folder somewhere and add files to it.  So for example if I am working on the road (this is not my day job, or I would be broke) I can save something to Google Drive and when I get home I will have a synced copy in my Documents folder.  If I am working on something on my laptop offline, soon as I connect to the internet it will sync my work with Google Drive.  This is the way I would expect a client to operate.  Although I have never used the Windows Client from Google, I speak to many people who wish this functionality was available to them in the Windows world.  Needless to say, many of them are now using Insync.  At $25 a license per Google Account it is a little more expensive than the other options, but for me it was WELL worth it.  The license also comes with unlimited installs, so you can install it on your Desktop, Work Computer, Laptop, etc.

Here is a link to Insync:

I am a huge fan of Google Drive, and now I have the functionality I needed.  Hope this helps someone out there.


How to Log IPTables - Send messages to rsyslog or journalctl

Question sent in by Khristian from Philadelphia:

Q: I have been trying to log some traffic from iptables and have had little success.  I have found multiple tutorials online explaining how to get traffic from iptables into syslog, but none have worked out for me.  I specifically want to log dropped packets to a separate file.

A: This is fairly straight forward, let's give this a quick look using rsyslog, then we will touch on journald.

First, if you read my basics of iptables article you know there are three basic actions that can be taken on traffic that meet your defined rules (ACCEPT, DROP, REJECT).  There is another built in action called LOG.  This basically tells iptables to send this traffic to rsyslog, which is the default logging daemon in most modern Linux distros.

First, lets APPEND a rule to the INPUT chain. This will have to go before any catch all DROP statement since iptables reads rules in order from top down.

iptables -A INPUT -j LOG --log-level info  --log-prefix "IPTABLES-DROP: "
Now that we have a rule in place to send traffic to rsyslog, we have to tell rsyslog where to send them.  The log prefix (IPTABLES-DROP: ) makes it easy to tell rsyslog which lines we want sent to it's own file.

In the default rsyslog configuration file (/etc/rsyslog.conf) there is a rules section that starts with the following line:

#### RULES ####
We will add our configuration right after that line.  So let's add:

:msg, startwith, "IPTABLES"                                     /var/log/iptables

The first line tells rsyslog to find any messages starting with "IPTABLES" and send them to /var/log/iptables.  The second line "&~" tells rsyslog to discard those messages.  If we do not add the second line, rsyslog will log those messages to both /var/log/iptables as we want, but it will also add them to /var/log/messages.

I hope that helps with rsyslog, but for those using journald, it is even easier since there is no configuration file to edit.  So if you are using journald and would like to log iptables messages, you can use the same rule in iptables:

iptables -A INPUT -j LOG --log-level info  --log-prefix "IPTABLES-DROP: "

The messages will be logged to the journald as kernel messages, so all you have to do is query journald for kernel messages like so:

journalctl -k

Or you can follow (tail) the kernel messages like:

jounralctl -k -f

Good luck!