blueproximity : Lock/unlock Desktop using Bluetooth.

This software helps you add a little more security to your desktop by detecting one of your bluetooth devices, most likely your mobile phone and locks the desktop if the mobile is not in the vicinity. If you move away from your computer and the distance is above a certain level for a given time, it automatically locks your desktop or starts any other shell command that you want.
Once away your computer awaits till you are back with your mobile. If you are nearer than a given level for a set time your computer unlocks magically without any interaction (or starts any other shell command you want).

Understanding VIM : Beginner's Tutorial-3

In the previous tut.,  we have learned copying/pasting/searching within the file. Now, we are going to take a step further in the direction of Vim editor mastery.
While editing a file, we may need to number the lines with in the file, most probably in case of a program, may be a C program. We can achieve this by this command. (Note that we are in last line mode.)

:set number 

or its abbreviation:

:set nu 

Understanding VIM : Beginner's Tutorial-2

Cont. from previous post.
Here we are going to know about copying/pasting & searching in vim editor. Let's open a file, created previously.
Now, we want to search 'gofer'. If you are not inside command mode, type [esc]. Now, type /gofer & enter. If you want to highlight next appearance of gofer, hit n. If you want to highlight previous appearance of gofer, hit N.

Understanding VIM : Beginner's Tutorial-1

Vim editor takes some time to settle within the working arena  of professionals. It's a cake walk when people use it for atleast a week.
There are three modes in vim - insert mode, command mode, and last-line mode.
Insert mode is meant for inserting text, press i for start mode. Command mode is used for executing formating texts. Last-line mode is used for executing extended commands for text formating.
Start Vim by typing vim /vi .

Prioritize processes using Taskset

Almost every system has multiprocessors nowadays. You may require to run a process using 1 CPU or multiple CPUs. This functionality can be used by installing taskset.
Let's say you want to run firefox using one CPU. You'd run something like this:

taskset 0x00000001 firefox

For allowing firefox to use 2 CPUs replace 0x00000001 with 0x00000003

For allowing firefox to use all CPUs replace 0x00000001 with 0xFFFFFFFF

Enhance Linuxbox Security : Know all services listening on some ports.

There is a inbuilt tool used in Linux that can be used to list the services listening on some ports of your system. This is important because of the following reasons:

• Any malware or spyware compromising your security can be noticed & traced. 
• Check on the (unencrypted) packets which can be easily sniffed in open (wifi) network.

 Netstat is the tool. Execute the command to list the services which are listening to some ports.

$netstat -nap

Encrypt files using EncFS

Creating an encrypted folder using EncFS is a easy job. It's a simple utility to encrypt your files. At first you have to login as a root.
Execute >su & enter root password.

Install encfs & fuse.

$apt-get install encfs fuse-utils

Load the use module in the kernel as root

$modprobe fuse

Antivirus Solutions for linux-3

Continued... from the previous post.

5. Kaspersky Anti-Virus for Linux Workstation is a two-part solution designed to protect workstations. The first module, the on access protection, is integrated with the operating system and checks file modified files (either new or amended files), thereby ensuring real-time protection of the system without significantly increasing server load. The second module, the on demand scanner, scans the file system, removable media devices and individual files either on schedule or on demand.

Antivirus Solutions for linux-2

Continued.... from previous post.

3. F-Prot Antivirus for Linux Workstations is meant for home users using the Linux open-source operating system . F-PROT Antivirus for Linux Workstations utilizes the renowned F-PROT Antivirus scanning engine for primary scan but has in addition to that a system of internal heuristics devised to search for unknown viruses.
F-PROT Antivirus for Linux was especially developed to effectively eradicate viruses threatening workstations running Linux. It provides full protection against macro viruses and other forms of malicious software - including Trojans.                     
F-PROT for Linux Workstations features:

Antivirus Solutions for linux

It's naive to say that Linux systems are immune to viruses. Linux systems are seldom attacked by viruses because very few viruses are developed targeting Linux systems. Officially Linux desktops are now more than 1% in desktop markets shares. It's the time when people should start thinking about Linux anti-viruses. There are some free/non free solutions: 
1. Avast Linux Home Edition
Avast is famous anti-virus for providing free anti-virus for windows, now they are providing free anti-virus for increasing Linux systems.

Advanced Intrusion Detection Environment (AIDE) -host based IDS for Linux

Advanced Intrusion Detection Environment or AIDE is a host-based IDS & free substitute for Tripwire.
It scans the filesystem and logs the attributes of important files, directories, and devices. Each time it runs, it compares its scanned attributes against the previous, "known good" data, and alerts you if something has changes.
AIDE works by reading in the configuration file /etc/aide/aide.conf that contains
1. the attributes of each entry to log. There are currently thirteen attributes that AIDE can log — including permissions, owner, group, size, all three timestamps (atime, ctime, and mtime), plus lower-level stuff like inode, block count, number of links, and so on.
You will find these codes in the conf file.

OSSIM: the Open Source Security Information Management System

A Security Information Management system (SIM), is a toolset that fills in that gap by collecting eventlogs into a central repository for trend analysis from different tools. It centralizes log information, correlates logs to establish cause-effect relationship between events, prevents possible damage/flaws on the company’s resources etc.  

OSSIM is a fully featured SIM solution that offers all the necessary functionality, ranging from the detection at low-level to high-level reporting. 

Based on GNU/Linux Debian, kernel 2.6, OSSIM integrates a handy suite of security open source tools

Enhance Linux Box Security: Iptables made easy - tutorial part 4

This time we are concern with mangle rules of iptables.
Mangling of packets is done only with NAT and is a part of the NAT process. In NAT, we can "mangle" a packet as modifying the Source IP address and Destination IP address fields of the IP header.
Format of IP PACKET

Enhance Linux Box Security: Iptables made easy - tutorial part 3.2

We were left with Destination Network Address Translation part of the NAT rules of the iptables.

DNAT Destination NAT, deals with Prerouting & used to rewrite the Destination IP address of a packet. It's used for appending the destination IP for the packets meant for our internal LAN machines. When the packet reaches our external public IP, its destination address is DNATed & the packet is transferred to the local internal LAN machine. DNAT can only be used with prerouting & output chain. It is meant for all input packets/interface therefore '-i'. Destination NAT is specified using `-j DNAT', and the `--to-destination' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).

Enhance Linux Box Security: Iptables made easy - tutorial part 3.1

This time, we will deal with NAT rules of iptables. NAT means Network Address Translation.
It is of 2 types - SNAT & DNAT
SNAT means Source NAT, deals with Postrouting/Masquerading. The SNAT target means that this target will rewrite the Source IP address in the IP header of the packet. It's used for hiding the private IPs from the internet. Packets leaving from an internal LAN when reaches the public IP or the firewall (visible to internet) is SNATed & then transferred to the destination. It appears to the external internet as if our external public IP is the originator of the packet. Postrouting is used in case of static IPs whereas Masquerading is used in case of dynamic IPs

The `-o' option is used as it is an outgoing interface. `-j SNAT' specifies Source NAT and the `--to-source' option specifies an IP address, a range of IP addresses, and
an optional port or range of ports (for UDP and TCP protocols only).

Enhance Linux Box Security: Iptables made easy - tutorial part 2

This time, we will deal with filter rules of iptables. While using filter rules, we don't need to write filter as it default option in iptables.
We have three chains here input, output & forward.
Input chain checks those packets which are originate outside & meant for machine
Output chain checks those packets which originate from the machine & meant for outer systems
Forward chain checks those packets which are being routed from our machine.
The best way of implementing the iptables is to create a shell script & execute it.

Enhance Linux Box Security: Iptables made easy - tutorial part 1

We can enhance the security & lock down our system by implementing packet filtering using iptables.
packet filtering is defined as as the process of controlling network packets as they enter, move through & exit the network stack within the kernel.
In pre-2.4 Linux kernels, ipchains are used, in 2.4 & beyond, iptables are used which improved the scope & control network packet filtering. We can implement kernel level internet firewall on stateless & stateful packet filtering using iptables. It can be implemented in both IPv4 & IPv6. Its also used in NAT & masquerading for subneting purposes.

OS-Fingerprinting.

No firewalls can block icmp packets since its the basic way of communication & talking with the alive hosts. Many tools in linux use this protocol for OS fingerprinting such as sing & hping2. First we need to know the alive hosts in a subnet.
>for i in {1..254}; do ping -c1 192.168.0.$i; done |grep "ttl"
This command will print all reply summary from alive hosts
In this command, I'm using shell programming to ping all hosts in my subnet 192.168.0.0/24 .
We can also use another application called fping.
install fping by executing command
>sudo apt-get install fping
    To query the network for alive hosts in the subnet 192.168.1.0/24 give the command.
>fping -g 192.168.1.0/24 | grep "alive"
            or
>fping -g 192.168.1.0 192.168.1.255 | grep "alive"  


Now as we have found the alive ips we can continue to OS fingerprinting
Install sing by command > sudo apt-get install sing
For OS fingerprinting type sing -O ip_address 


There is another well known tool called NMAP, its glamourised in movies like MATRIX & Swordfish. It has varied options for playing around with the packets being send.
>nmap -v -sP 172.17.191.0/24 |grep "up"  // scanning a subnet for alive ips
>nmap -v -v -A 172.17.191.203            // scanning a pc
If this command don't works try "nmap -v -v -A -PN 172.17.191.203" forcing icmp packets.
Zenmap is another tool, which is GUI version of nmap. GFI languard is another famous tool. 
Watch this video on OS fingerprinting using Zenmap



Further reading .
http://nmap.org/book/osdetect.html
http://nostromo.joeh.org/osf.pdf