KeePassX

The next few posts I'd planned to do are best suited for a hardware install, but my old lappy is off running windows server for a few weeks on a work project. We'll just skip those for now and focus on another gap in functionality we currently have, a password manager.

I'm a firm believer in:
making every username unique
making every password unique and complex
never storing an electronic copy of either unencrypted

So if you have several dozen or a few hundred usernames to keep track of, and lots of crazy passwords keeping an electronic copy is a double edged sword, but for me it's unavoidable. My password manager can generate custom passwords and open encrypted password files. I've run PwManager on linux for years, and keepass on windows, but now in Lenny we have keepassx in the repo! Let's grab it:
debian:/home/thom# aptitude install keepassx

Then add it to your fluxbox menu via geany:
[exec] (KeePassX) {/usr/bin/keepassx} <>

Then we can go ahead and launch it from the menu. (and begin the screenshot slideshow...)

K there is nothing there, we need to create a new password database.

First thing we get asked for a Master Key, whatever you type in here will be the only way into the password file. You'll need to enter it again to confirm it.

OK now we have created a database with a master key, but there is nothing in it. Next I right click in the Groups section and add a new group.

I will create a group for all the logins to different websites, you can break these groups down anyway you like.

I will do one for routers and servers, one for email and im accounts, and one for use inside of web browsers. Next I will highlight a group I want to put an entry in and click the little Add Entry icon my mouse is hovering on here.

Go ahead and fill in all the info you want to store in the database. If I type in a password I can click the eye to see what I typed, or if I want to generate a password I can click Gen.

I love using password generators, they let me pick my mix of characters and I can customize what I generate for any given site by it's minimum password requirements. I will pick my options and click Generate.

Whenever I generate a password I review it and usually change out a few characters before clicking OK. I remove any character that looks too much like another (capital I's and lower case L's can be difficult depending on font) and any special character that isn't easily recognizable.

Now we have our first entry, we must save the update to our database. Do Not make important accounts with impossible passwords then forget to save them!

You can name it something tricky too.

Once it's saved, close out of the program and launch it again. Now all you need to do is enter the master key once and you can see all your other passwords.

Notice we've got our entry and when we open the program it doesn't show us the password. If someone is sitting behind us they can't see the master key or the passwords in the file.

Now lets do something fun. This is the most exciting part for me in being able to switch to keepassx. Let's copy the password database to a windows box. We can install Keepass for windows and it will recognize the file type.

When we double click it we can enter the same master key we used when we first created the database in

Here we can see our entry. Pretty cool huh? Cross platform password manager.

But wait, go to Portable Apps website and you can install Portable Apps and Keepass on a USB thumb drive, then save your password files on the drive and put it in your pocket. This is really helpful when you're a linux guy and you have to work at the console of a bunch of Windows servers with lots of passwords but a no-install policy.

I hope seeing how easy these steps are will encourage anyone using poor security practices to step up their password strength and storage practices.

Conky

I like knowing how much CPU and RAM I have in use as well as some other runtime system info, and I use conky to put that seemlessly into my desktop. First thing we'll need to do is get it:
debian:/home/thom# aptitude install conky

Then we can open up a console and launch it from the command line to see what defaults we have. Let's see what we have here; seperate window, bunch of stuff I don't care about, missing some stuff I want to know... It's something but not what I want. Since this build is all about getting everything exactly the way you want it, lets create a custom configuration file so we can tweak the settings. I just need to create a .conkyrc file in my home directory and paste in something like this:
# my .conkyrc file
own_window yes
own_window_hints undecorated,below,skip_taskbar
background no
double_buffer yes
use_spacer yes
use_xft yes
update_interval 5.0
minimum_size 400 5
draw_shades yes
draw_outline no # amplifies text if yes
draw_borders no
uppercase no # set to yes if you want all text to be in uppercase
stippled_borders 8
border_margin 4
border_width 1
default_color white
default_shade_color black
default_outline_color white
own_window_colour brown
own_window_transparent yes
alignment top_right
gap_x 10
gap_y 30
override_utf8_locale no
xftfont Terminus:size=8
xftalpha 0.8
TEXT
${offset 300}${color }CPU ${color } $cpu%
${offset 300}${color light grey}${cpugraph 13,100}
${offset 300}${color }RAM ${color } $memperc%
${offset 300}${color light grey}${memgraph mem 13,100}
--- EOF

*Important, anything below TEXT will display, even comments starting with a #. Move all your comments or currently unused lines ABOVE the TEXT line! From here on out I'll just be showing from TEXT down, everything above is unchanged but present. The --- EOF is the first line that doesn't exist in my .conkyrc. Let's go ahead and open a console and launch conky again.

OK when we realize that it's not what we want, we'll need to Ctrl+z in our console to kill conky when it's running in the desktop instead of a window, then type exit a few times to close out the terminal. What I currently see in my screen is my stats overlapping on my screen and the bottom bar is cutoff. Next I'll try a little spacing to the file, remember whatever is below TEXT goes on the screen:
${offset 300}${color }CPU ${color } $cpu%
${offset 300}${color light grey}${cpugraph 13,100}

${offset 300}${color }RAM ${color } $memperc%
${offset 300}${color light grey}${memgraph mem 13,100}


---EOF

OK that's much better, but just a fraction of what I normally display on my desktop. What you can do with conky will blow your mind, the best way to tweak it out is to search for conky screenshots you like, then look at the config files. An invaluable resource is the conky variables webpage, notice the new link at the top of the blog. Let me kick this up one more notch with my actual config file:
TEXT
${offset 300}${time %l:%M %p} ${alignr}${time %A - %b %e, %Y}
${offset 300}${hr}

${offset 300}CPU @ ${freq}Mhz ${alignr}$cpu%
${offset 300}${cpugraph 20,200}

${offset 300}RAM @ ${memmax} ${alignr}$memperc%
${offset 300}${memgraph 20,200}

${offset 300}${alignc}Eth0 Up ${alignr}Down
${offset 300}${upspeedgraph eth0 20,95} ${alignr}${downspeedgraph eth0 20,95}

${offset 300}${alignc}Eth2 Up ${alignr}Down
${offset 300}${upspeedgraph eth2 20,95} ${alignr}${downspeedgraph eth2 20,95}

${offset 300}${hr}
${offset 300}TOP CPU ${alignr}PID CPU %
${offset 300}${top name 1} ${alignr}${top pid 1} ${top cpu 1}
${offset 300}${top name 2} ${alignr}${top pid 2} ${top cpu 2}
${offset 300}${top name 3} ${alignr}${top pid 3} ${top cpu 3}
${offset 300}${top name 4} ${alignr}${top pid 4} ${top cpu 4}
${offset 300}${top name 5} ${alignr}${top pid 5} ${top cpu 5}

${offset 300}${hr}
${offset 300}TOP MEM ${alignr}PID MEM %
${offset 300}${top_mem name 1} ${alignr}${top_mem pid 1} ${top_mem mem 1}
${offset 300}${top_mem name 2} ${alignr}${top_mem pid 2} ${top_mem mem 2}
${offset 300}${top_mem name 3} ${alignr}${top_mem pid 3} ${top_mem mem 3}
${offset 300}${top_mem name 4} ${alignr}${top_mem pid 4} ${top_mem mem 4}
${offset 300}${top_mem name 5} ${alignr}${top_mem pid 5} ${top_mem mem 5}

${offset 300}${hr}
${offset 300}Eth0 IP Add ${alignr}${addr eth0}
${offset 300}Eth2 IP Add ${alignr}${addr eth2}
${offset 300}Kernel Ver${alignr}${kernel}
${offset 300}AC State ${alignr}${acpiacadapter}
${offset 300}Battery ${alignr}${battery_percent BAT0}%
${offset 300}Temp ${alignr}${acpitemp}


---EOF

Now relaunch conky. Yeah, that's what I like to see! Now I'll tweak the width of my toolbar to fit how I like and remove the clock from the bar and just run it on conky. Open up .fluxbox/init and look for the line "session.screen0.toolbar.tools:" and see what it says. I'll copy that line and paste one line below, then remark out the original with a #. Now I'm going to make my new one look like this:
session.screen0.toolbar.tools: workspacename, prevworkspace, nextworkspace, iconbar

Because that's all I need. Keep whatever you like, add some more, take other stuff off, do what you like. OK, wouldn't it be neat if we could get this to start everytime we go into fluxbox? Here's the answer for that, open up that startup file inside .fluxbox and add a conky kicker above your exec fluxbox line like this:
exec conky &
exec /usr/bin/fluxbox

Once you've got that saved exit fluxbox and logout, then log back in. When fluxbox restarts you should have conky up and running in the corner!