To remove unused packages with apt-get use

sudo apt-get autoremove

With aptitude there is nothing to do as it’s automatic.

Using backports is simple

1. Add this line to your /etc/apt/sources.list

deb http://www.backports.org/debian etch-backports main contrib non-free

2. Run

   apt-get update

   You might get a error message

   Reading package lists... Done
   W: GPG error: http://www.backports.org etch-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EA8E8B2116BA136C
   W: You may want to run apt-get update to correct these problems

   This message comes on Debian Etch because you haven’t imported the backports keyring. It’s easily fixed by running the command

   apt-get install debian-backports-keyring

3. Since all backports are deactivated by default you got to tell the package manager to use the backports repository. To install a newer version of nmap

   apt-get -t etch-backports install nmap

It is important to remember that if you forget to tell apt-get that nmap is installed from backports and run another apt-get install nmap it will remove my backports package.

A simple solution to this is to use pinning
Edit /etc/apt/preferences, the file has to be created if you haven’t used pinning before

Package: nmap
Pin: release a=etch-backports
Pin-Priority: 999

Now the system “remembers” that nmap is installed from the backports repository and you don’t have to worry about it anymore, nice.

Source: http://www.backports.org/

sudo apt-get install totem-xine libxine1-ffmpeg libdvdread3

sudo /usr/share/doc/libdvdread3/install-css.sh

After you have done the above excercise, insert a DVD into your drive. Totem will open and the movie will be played.

When you mount a partition there are many flags that can be used, two interesting ones are:

noexec
nosetuid

(A full list can be read as part of man mount).

The two flags are explained fully in the man page for mount, but briefly:

• noexec
  • Do not allow execution of any binaries on the mounted file system.
• nosuid
  • Do not allow set-user-identifier or set-group-identifier bits to take effect.

Mounting filesystems with these flags set raises the bar a little, but it doesn’t stop files from being executed. The Linux linker and loader will permit binaries to be run:

# Make /tmp non-executable
root@earth:~# mount -o remount,noexec /tmp

# Copy an executable into it
root@earth:~# cp /bin/ls /tmp
root@earth:~# chmod 755 /tmp/ls

# Test it - the execution should fail.
root@earth:~# /tmp/ls
bash: /tmp/ls: Permission denied

# But .. what's this?  It still runs?
root@earth:~# /lib/ld-linux.so.2 /tmp/ls
Mail  public_html  

# cleanup
root@earth:~# rm /tmp/ls
root@earth:~# mount -o remount,exec /tmp

With that in mind you might wonder what the point is? Well it foils any simplistic attack that relies upon putting a script in /tmp and running it. If they’ve got shell access they can probably figure it out, but an automated tool would be foiled – for the moment.

To make your system have a non-executable /tmp partition you must edit the way that it is mounted in the file /etc/fstab. Find the line that contains /tmp and change the defaults to read nosuid,noexec instead.

For example this is my updated /etc/fstab file:

/dev/sda3       /tmp              ext3  noexec,nosuid           0       2

This will take effect the next time you mount the filesystem, you can do this now with:

mount -o remount /tmp

Very if it by running:

root@earth:/tmp# mount |grep /tmp
/dev/sda3 on /tmp type ext3 (rw,noexec,nosuid)

The output line should contain the two words ‘noexec,nosuid’ in it. If this is in place then you’re covered.

The only problem now is that when apt-get upgrades your system it will sometimes place scripts inside the temp directory which will now not be executable.

The fix for this is to temporarily make the temporary directory executable before running apt-get and then remove the execution bits afterwards. This would be a troublesome thing to remember doing ourselves – but thankfully we can set it up to be automatic.

Add the following to the file /etc/apt/apt.conf:

DPkg::Pre-Install-Pkgs {"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};

In Debian Etch (4.0) the file is named /etc/apt/apt.conf.d/70debconf

This contains two lines, one running before any packing installation and one afterwards. They merely execute the commands required to add and remove the execute permissions on the /tmp

Source: http://www.debian-administration.org/articles/57

You need the GeoIP C library (that includes also the free GeoLite Country database). This is fortunately available in the Debian repositories.

apt-get install libgeoip1 libgeoip-dev

To install the GeoIP perl module, we need to download the perl module locally from MaxMind or from CPAN. Uncompress the file and compile.

perl Makefile.PL
make
make test
make install