Installing Citrix on Linux (Ubuntu)

I've recently installed Citrix v10.0 on my laptop running Ubuntu Feisty 7.4. I've heard this was a very daunting task, I only experienced one issue and this was resolved very quickly after a google search. I'm going to spare the screenshots for security purposes, I think it'd be pretty taboo to post pictures of me logging into a secure site, eh?

1.) Download Citrix v10.0
2.) $sudo apt-get install libxaw6 libmotif3
3.)$sudo tar xvfz en.linuxx86.tar.gz
4.)$sudo ./setupwfc

# Now we're at the Citrix Installation


Citrix Presentation Server Client 10.0 setup.
Select a setup option:

1. Install Citrix Presentation Server Client 10.0
2. Remove Citrix Presentation Server Client 10.0
3. Quit Citrix Presentation Server Client 10.0 setup

Enter option number 1-3 [1]:1

• Enter 1. Install Citrix Presentation Server Client 10.0

Please enter the directory in which Citrix
Presentation Server Client is to be installed.

[default /usr/lib/ICAClient] or type "quit"
to abandon the installation: /usr/lib/ICAClient

• You can choose to enter different folder. I choose: /usr/lib/ICAClient

You have chosen to install Citrix Presentation Server
Client 10.0 in /usr/lib/ICAClient

Proceed with installation? [default n]: y

• Enter: Y to continue

CITRIX(R) LICENSE AGREEMENT

Use of this component is subject to the Citrix license
covering the Citrix product(s) with which you will be
using this component. This component is only
licensed for use with such Citrix product(s).

CTX_code EP_T_A34320

Select an option:

1. I accept
2. I do not accept
Enter option number 1-2 [2]: 1

Installation proceeding...

Checking available disk space ...

Disk space available 588136 K
Disk space required 4964 K


Continuing ...
Creating directory /usr/lib/ICAClient
Core package...
Setting file permissions...
Integrating with browsers...
Browsers found.

Found entries in browser configuration(s) from an earlier
installation. Do you want these entries to point to the
new installation? [default y]: y

• Enter: y to integrate with your Mozilla Firefox browser

Integration complete.

Found KDE or GNOME desktop entries from an earlier
installation. Do you want these entries to point to
the new installation? [default y]: y

• Enter: y to make sure your Citrix Client install in Gnome or KDE
• Enter: 3. Quit Citrix Pesentation Server Client 10.0 setup
• $cd /usr/lib/ICAClient
• $sudo ./wfcmgr

Next you'll see an UGLY font provided by Citrix, if you would like to change this; DL this script

• Run $chmod +x citrix-icaclient-10-ubuntu

•  export ICAROOT=/usr/lib/ICAClient

•  sudo bash citrix-icaclient-10-ubuntu

citrix.sh Version 0.7
Patching Citrix ICAClient 10.0 on Ubuntu 7.04,
continue [y/N] ?: y
Using ICAROOT=/usr/lib/ICAClient
patching file nls/en/UTF-8/Wfcmgr
patching file nls/en/Wfcmgr
DONE

• Close and open your Mozilla Firefox browser to make sure it loads the proper Citrix plugins.
• Connect to your Citrix Server and choose your application.
• Once prompted enter “/usr/lib/wfica” to open your application if required Chose "always use this app for this type of file".

Generally we would be finished by now; but I ran into some issues with the Thawte certificate, so I did this; I found out that Stanford University offers a root cert available for DL, (THANKS STANFORD!) do this if you get this error.

1.) cd /usr/lib/ICAClient/keystore/cacerts
2.) sudo wget www2.slac.stanford.edu/computing/windows/services/citrix/
downloads/ThawteRoot.crt

Peer-to-peer and Bit-Torrent Security concerns.

I was inspired to write this blog when a friend emailed me asking questions about his safety when using Bit-torrent clients. This really depends on what type of security you're asking about, there are several different ways. By the way, this friend is a VERY tech-savy person and a pure genius for that matter, the reason I was compelled to write this is because it's a very common question that most people don't bother researching or take into consideration.

Q: Am I safe from Virus'?
A: BitTorrent is a much safer service than other peer-to-peer networks because of how it functions. While other peer-to-peer services allow a certain degree of access to a shared folder or someone’s hard drive, BitTorrent users cannot share anything outside of the desired file type that is in an open BitTorrent window.

Due to the fact that you are only downloading segments of the file as opposed to the full thing, it also makes it incredibly difficult (if not impossible) to transmit viruses through the BitTorrent system. There are a number of people who are opposed to peer-to-peer technologies because of possible security concerns, however, virtually none of these concerns are found in the BitTorrent service.

Q: Is using Bit-torrent software Illegal?
A: No, you can infact make it illegal by downloading pirated software/movies/music. Many software developers prefer Bit-Torrent because seeders can share it's bandwidth to lessen the load on their servers. Thus increasing download speeds for everyone.

Q: How do I protect myself from the MPAA/RIAA?
A: This is a very interested question, for one the best way is NOT TO DOWNLOAD ILLEGAL FILES. But of course there are some ways of protecting yourself. The main thing I recommend is the installation/use of Peer Guardian, this application is only available for Windows' Platform ATM. If you're a *NIX user I recommend checking out MoBlock.

Link to PeerGuardian
Link to MoBlock

Please note that MoBlock actually ties in/initiates new IPTABLES rules, so make sure you have access to your terminal (especially if you want to put this on your Linux router the new rules could flush your existing NAT rules).

There are ways to keep yourself safe, support the cause and never violate your own morals, * I DO NOT CONDONE ILLEGAL ACTIVITIES*

Beryl - More than just eye candy!

I officially installed Beryl on my Ubuntu machine, I must say I'm pretty surprised by the sheer beauty of this window manager! It's much smoother than Vista's 'Aero' window manager, while moving things around, flipping 'cube' around rapidly and the wobbly screens I notice no lag at all. While on Vista I felt a lot of jerkiness and overall poor performance. Pretty sad IMHO
My machine is as follows (posted in another forum);

AMD FX-55 OC'd 2.9ghz
ASUS A8N-SLI Deluxe
Zalman 110mm Heatsink
2gb Corsair XMS TWINX DDR 400
74gb Seagate Barracuda 15kRPM U320 SCSI
eVA 7900 GTO -OC'd clock and RAM 700/800
20.1" Samsung widescreen LCD 205BW
Razer Copperhead 2k DPI gaming mouse
Razer Tarantula Gaming Keyboard
ThermalTake TSUNAMI DreamTower
ThermalTake 480w Purepower Silent PSU
Xfi 7.1 sound
Klipsh 5.1 pro-media speakers

18582 3dmarks with 3dmark05
Still need to OC my RAM, I will post the new 05 '06 scores.

CPU Idles at 35*C max load so far has reached 44*C
GPU idles at 38*C max 50*C

My machine is pretty beefy; but this isn't the reason the performance is so well, I had vista on this machine for a short time to give it a run. I had tremendous issues with drivers and overall system performance, shame on you Microsoft, XP is better than Vista ATM!

I upgraded to Ubuntu Feisty Fawn, after the first initial reboot GDM wouldn't start I checked dmesg and noticed that Feisty Fawn is shipped with older nvidia drivers, so I pointed to my previously installed (newer) drivers and BAM GDM is up again! Now for the install/configuration of Beryl.

Install Beryl in Ubuntu Feisty

sudo apt-get install beryl emerald-themes

Pressed ALT+F2 and typed beryl-manager

Now it's up and running wo0t, added to the start menu and I'm good to go. One thing, You can't game while running the Beryl window manager, there is an option to switch back to your default window manager (I do this while gaming) then I switch back, it's pretty seamless and very rapid while changing.

Here are some screenshots of Beryl in action!

Putting Linux on my Linksys WRT54G V5 router.

I've been pondering about doing this for some time; putting Linux on my Linksys router. Some people may say I'm crazy with my recent all-out switch to Linux. I can't stress how much this means to me, just to get away from the proprietary chains, Microsoft products are crap; it takes years to get a platform that's decent, by the time it's actually stable and usable there is another platform that's being launched. Nothing like Vista, I don't think I've ever saw Microsoft this aggressive.

I don't know about you but I don't want to be a forced Beta Tester, especially when I'm not being paid. I recently got a laptop for free from a friend of mine, he purchased this laptop used about a year ago, since then it's been giving him nothing but trouble. I have tried several times to diagnose the issues, once I even formatted it, with no luck. Needless to say he bought a new Laptop with x64 XP, it's very nice.

I took this laptop home and attempted to install Gentoo, after 2 days of compiling I gained a lot of interest in Kubuntu. I currently have a Ubunutu gaming-box which serves as my main machine. Well I needed wireless, I have a few Linksys routers/ap's lying around the house these days so I whipped one out and attempted to install it on my domain. To my dismay Linksys doesn't make it so easy, the router isn't compatible with other routers, not even using uplink and disabling DHCP.

So what else to do, > INSTALL DD-WRT!! The v5 access points are not as friendly; the community refers to these as 'neutered' because they have half of the cache and RAM as their big brothers v4, 3, 2 and 1. I started to gather some information about which packages I need etc to get this working.

First I reset the routers' factory settings, then I joined the Administration tab > Firmware Upgrade. Proceeded with the upgrade, screen went white and I hard-rebooted the router. Now I connect to the routers' IP VIA HTTP once again and now I see I'm in management mode, I proceed with the install of the Linux Prep package.

Now the fun begins, after one more reboot the router is basically in a limbo mode; generally if I were using a Windows box I would just download the TFTP client that Linksys has available for download that would have saved a few quick steps, here is what I had to do;

# cd /home/misconfig/
tftp 192.168.1.1
tftp>binary
tftp>trace
tftp>rexmt 1
tftp>put dd-wrt.v23_micro_generic.bin

From this point on I saw the writing of these raw binary files VIA the shell so, I started to get pretty excited. After about 10 seconds nothing was moving so I hard-rebooted once more. Now I was able to connect to the web-interface and setup my new Access Point! LINUX FTW!! Now I'm not limited to any default settings, I now have full access to customize whatever I feel.

I'm officially volunteering for children!

I've recently signed up to volunteer for a church that helps unprivileged children I had to fill out a waiver to prove I'm not a weirdo. I should be getting a call anytime soon to setup a time that I can come in on a weekly basis and do some computer tech stuff for the children. The Church offers a computer lab complete with a t1 connection, Microsoft Office and a crew of adults willing to help them research/do their homework.

I'm pretty excited to do this; not only will I be able to teach children and really show my passion for computers, I will be the designated 'web Nazi'. From what I know so far I'm going to administer the network, this includes building, installing and keeping the domain machines up but also keep the network secure. I have to filter the websites with poor content to keep the children safe, not only do I know copious amounts of websites that should be blocked but I'm great at researching it.

I have so many project idea's I can do to benefit the organization as a whole with little to no budget at all. I've been building a few machines I've had lying around for a bit, I plan on making them all dedicated servers i.e print, fax, firewall, router and A good ol' squid web-proxy! My God I'm so excited, it feels good to help people out; everyone should try it!

New server!

Well, the domains are in the process of migrating to a new home; this machine is substantially beefier than the current (old server). So far http://theindy.net is already migrated, DNS info changed and up and running on the new box! So I still have 5 domains to switch over; thank God for CPanel this is the most innovative thing for any admin to use.

I just manage the security of the box so far I need to setup my new IPTABLES rules, so I wrote a new NAT script and I'm going to put it in effect after the migration is complete. The only ports that will be open are the ones vital to running the domains, just like the old box. I keep a constant eye on the box with a IDS/brute-force script.

My next project will involve writing a Perl script and using CRON to execute the script; what I'm going to do is make a 'dictionary file' and fill it with some of my favorite quotes/messages. This script will be executed VIA CRON every 24 hours to change the servers MOTD, something simple and not really needed but it'll be a fun little project.

I started really getting into PERL about a week ago, so far I'm really catching on I'm actually starting to understand the scripting language and it's getting easier for me to accomplish things. My goal is to become very fluent with PERL for the simple fact that it makes a well-rounded *NIX admin. It definitly helps with the job, keeps things automated so you have less to worry about! I'll post the migration; we have to work around the domain's so we don't interrupt their process, I'm assuming these domains will be migrated sometime around 2-3 am Friday or Saturday.

Various Linux projects.

Today I decided to login to the webserver to add my user ID to the group 'wheel'. As always I started to check the system logs; there is always copious amounts of brute-force attempts being processed by bots/script kiddies. Fortunately I know better than to use ssh v1 and to allow root logins VIA SSH, (thanks sudo and su).

I installed a brute-force application, this automatically creates a cron job to scan /var/log/secure every 8 minutes and detect brute-force attacks, once a threat is detected it automatically bans the IP and sends me an email. I need to get around to making keys for SSH accounts, instead of using the passwd method, I'm also going to change the SSH broadcast port but I need to contact my Developer and Content Manager before I go drastically changing stuff.

I found out that CPANEL rewrites my iptable rules every day; I don't know why they do this but it's definitly a pain. So I ended up writing a shell script to execute iptables-save < /etc/rc.d/iptables.save and I assigned it to crontab to execute every hour. So now my iptables will always be refreshed without me having to worry about CPANEL messing things up.

The servers / partition is getting quite full, this isn't really a bad thing; let's us know that we're really expanding!

root@trx [/etc/rc.d]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 72G 62G 6.2G 91% /
/dev/sda1 99M 17M 78M 18% /boot
/dev/shm 474M 0 474M 0% /dev/shm
/usr/tmpDSK 485M 11M 449M 3% /tmp
/tmp 485M 11M 449M 3% /var/tmp
/tmp 485M 11M 449M 3% /tmp
/var/tmp 485M 11M 449M 3% /var/tmp

This may mean more servers pretty soon; or least an update to the front-end server, I need to get a RAID array going soon but this is going to have to wait a few months until revenue picks up. I also installed all of the security updates from the YUM repository today as well, so the server is up-to-par for a week or so :).

I got a new laptop yesterday (well new to me) it had all kinds of .DLL errors with XP and the screen would flicker when you would try to adjust it. So I took the bezel off and found the wire that was getting pinched, solved that problem. Now Gentoo is compiling on the machine, hopefully by the time I get home the kernel is ready to go; it's a slower machine I've seen Gentoo take 3 days to compile! So far I have, Ubuntu 6.10 (edgy), Slackware 10.1, Gentoo 2006.1 and Fedora-4 boxes to manage.

I love it, completely rid of M$ except for work, I recently got Citrix working on my Desktop at home I can stream Outlook on my linux box, so fun! Now I just have to work on my smb mount from the RAID box and setup a FreeSWAN VPN server.