linux poison RSS
linux poison Email

HowTo Use/Install F-PROT Antivirus On Ubuntu

Open the terminal, go to your home directory and become root:

cd ~ sudo su

Then download the DEB package (the one whose link you've just copied to the clipboard) like this (using the link from your clipboard):


Install the package like this:

dpkg -i fp-linux-ws.deb

F-PROT is a command line application, Fortunately, provides a GUI for F-PROT (called XFPROT) that we can install as follows:

dpkg -i

Now we need to create menu entry for F-PROT

gedit /usr/share/applications/fprot.desktop

[Desktop Entry]
Comment=Anti-Virus Application

Save the file. You should now find F-PROT under Applications > System Tools > F-Prot:

After you've started F-PROT/XFPROT for the first time, you will be asked to accept the XFPROT license (GPL). Check I agree, don't show this again and click on Ok:

Read more

Monitor Proftpd Server by Using phpftpwho

Install phpftpwho

Note :- phpftpwho must be installed on the same machine that is running Proftpd server.

Download phpftpwho from here using the following command in apache web server root document folder (/var/www)


Now you have tar.gz file you need to extract using the following command

# tar xzvf phpftpwho-1_05.tar.gz

Now you should be having phpftpwho folder in your apache root document folder(/var/www)

If you want to access your phpftpwho program you need to go to http://yourserverip/phpftpwho

Now you need to login into the ftp server and refresh your phpftpwho page you should see similar to the following screen

Read more

Matrix Agent Smith Meet KDE

No Linux desktop list is complete without a Matrix desktop! This cool wallpaper is by *timshinn73 from Deviantart. Icons are the the default KDE icon set and the widgets are obviously SuperKaramba. While the gauges are gkrellm .
Read more

MythBusters - Switch to a Linux-based OS such as Ubuntu.

Computer operating systems loaded with stuff I don't want and will never use.

In the tech world this phenomenon is known as “software bloat” or “feature bloat.” It's a well-documented problem and a frequent complaint about Windows OSs—Vista in particular. In addition to being buggy, the extra features tend to bog down your system by demanding more processing power and memory. Computer-makers: Don't load up operating systems with features and then make us sweat to figure out how to get rid of the fat.

Most features can be set up as options. Why not start with a computer loaded with basic stuff that works 100 percent of the time? Then, give us the option of adding the bells and whistles. There's another solution available to consumers: Switch to a Linux-based OS such as Ubuntu. Since most Linux OSs are free, there's no business reason to bloat up the system with feature frills.

Read more

Allow AOL Instant Messenger through Squid

To proxy AOL Instant Messenger traffic via https with Squid, change the following line in the Squid configuration file (example using Red Hat Linux):

1. vi /etc/squid/squid.conf

2. Change:
acl SSL_ports port 443 563

acl SSL_ports port 443 563 5190

3. Send the Squid process a SIGHUP or use the service command.
/sbin/service squid reload
Read more

HowTo set the Hardware Clock

To set the hardware clock, first set the system clock to the correct time then issue this command:

NOTE: you must be root to set the clock. To login as root use the su

/sbin/hwclock --systohc

(NOTE: '--' is two '-')
Read more

HowTo Manage your iPod in Linux?

YamiPod is a freeware application to efficiently manage your iPod. It can be run directly from your iPod and needs no installation.

The cool thing is that it also has extra features such as rss news and podcast support, remove duplicates, easy notes editor (with multipage support), songs synchronization, playlists export and much more. It has also been translated in 12 languages.

So what's stopping you to be struck with iTunes(except if you always use the Online Store)

Read more

How to Backup your Blogger Blog Online for Free?

Yes, you can now Backup your Blog hosted on Blogger for free.

BlogBackupr is an online application that only needs a URL to create the full backing of any blog using feeds. It does not require a lengthy registration but needs your e-mail address so that you have access to a panel where you can see your backups. You can download back the backups in three formats (xml, txt and html), and even restore your blog if you have any problems.

The restoration feature works fine for Wordpress blogs and surprisingly also for blogs on Blogger. Well, I guess the restoration for Blogger is a novelty and is also a unique feature, that I know of that lets you do it automatically.

It's a great tool for blogs that do not provide a system backup / restore themselves.

Read more

HowTo Add Primary and Secondary DNS server

1) Open file /etc/resolve.conf using any editor
2) Add your Primary and Secondary DNS ip at the end of the file and it should look like this:- (this is just an example, add the ip address provide by your ISP or your Administrator)

search localhost.localdomain

3) Save the file and exit

you are done
Read more

Block Instant messengers (yahoo, AIM, MSN, etc ..) on your network

Jammer is an instant messenger jammer. Instant messengers are a nuisance in some LAN environments ( a.k.a College Networks ). IJammer is a network daemon that runs on One workstation of a LAN and prevents any IM traffic on that lan.

Read more

HowTo create and use RAM disks

The following example will create a RAM Disk 1M in size:

# dd if=/dev/zero of=/dev/ram bs=1k count=1000
# mke2fs -m0 /dev/ram 1000
# mkdir /mnt/ram
# mount /dev/ram /mnt/ram
Read more

htaccess Editor: create .htaccess online

.htaccess Editor is a free Web 2.0-like tool that lets you quickly generate .htaccess files for your hosted website. To use, simply select a category on the left, and edit the parameters to your liking on the right. Then observe as .htaccess Editor sticks the proper code in the textbox at the bottom.

When you've set all of your parameters, simply copy/paste the generated text into a file that you call .htaccess and put it in the root folder of your website's files (something like "public_html" if you're using a hosting company) or a subdirectory of that folder. The tool lets you set things like basic authentication, redirects, default pages, error pages (like 404), and access restrictions.

Read more

After 50,000 visitors, here are some of the statistics – Firefox wins

After getting 50,000 plus visitors to my blog, here are some of the interesting statistics from Google Analytics.

Top 10 Browsers

Top 10 OperatingSystems

Top 10 OS/Browser Combinations

Top 10 Country

Top 10 SearchEngine

Top 10 Content/Post
Read more

"init: Id "x" respawning too fast: disabled for 5 minutes."

In most distributions this means that the system is booting by default into runlevel 5, which is supposed to respawn (re-start again after it’s been exited) a graphical login via xdm, kdm, gdm, or whatever, and the system can’t locate the program.

However, “Id” can also indicate the absence or misconfiguration of another program, like mingetty, if init tries to respawn itself more than 10 times in 2 minutes.

Id “x” is the number in the leftmost column of the /etc/inittab file:

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

Commenting the offending line out and then fixing the errant program and testing on the command line will allow you to see any error messages that go to standard error output (console) if the errors are not going to the system log file. Uncomment the line and restart init
with “kill -SIGHUP 1″ or “telinit q” to cause init to reinitialize and reread the /etc/inittab file.

Some systems, however, rewrite /etc/inittab when booting. In that case, refer to the init man page, and/or the settings in /etc/sysconfig/init.

Refer to the init and /etc/inittab man pages for detailed information.
Read more

Linux Runlevels explained

Mode Directory Description
0 /etc/rc.d/rc0.d Halt
1 /etc/rc.d/rc1.d Single-user mode
2 /etc/rc.d/rc2.d Not used (user-definable)
3 /etc/rc.d/rc3.d Full multi-user mode (no GUI interface)
4 /etc/rc.d/rc4.d Not used (user-definable)
5 /etc/rc.d/rc5.d Full multiuser mode (with GUI interface)
6 /etc/rc.d/rc6.d Reboot
Read more

Enable Root logins to Telnet and FTP Services

Configure Telnet for root logins

Simply edit the file /etc/securetty and add the following to the end of the file:


This will allow up to 10 telnet sessions to the server as root.

Configure FTP for root logins

Edit the files /etc/vsftpd.ftpusers and /etc/vsftpd.user_list and remove the ‘root‘ line from each file.

Make sure that you NEVER configure your production servers for this type of login.
Read more

Uninstalling the Linux Boot Loader - OpenSuse

YaST can be used to uninstall the Linux boot loader and restore the MBR to the state it had prior to the installation of Linux. During the installation, YaST automatically creates a backup copy of the original MBR and restores it on request.

To uninstall GRUB, start the YaST boot loader module (System+Boot Loader Configuration). In the first dialog, select Reset+Restore MBR of Hard Disk and exit the dialog with Finish.

Reboot the system and you will get your old bootloader.

Read more

HowTo work with cpio files

To extract a cpio file:
cpio -iv <>

To list the contents of a cpio file:
cpio -itv <>

To create a .cpio file with all files in the current directory:
ls | cpio -o > cpio_file
Read more

Run Adobe Photoshop and Dragon Naturally Speaking on Linux by using Wine

Google software engineer Dan Kegel posted a message to the Wine mailing list last week describing some of the improvements to Wine that Google has sponsored in the past year. These improvements, says Kegel, have substantially improved the Linux compatibility of several popular commercial software applications, including Adobe Photoshop and Dragon Naturally Speaking.

Wine is an open-source Windows binary runtime compatibility layer that enables users to run some native Windows applications on Linux and other operating systems with varying degrees of success. Running applications through Wine generally provides a suboptimal experience compared to running the same applications on Windows, but it often works well enough to make it a viable solution for many users.

Read more

Simple C program that will crash any server

This is very simple C program, if executed, will defenately crash the server

Open Vi editor and type/copy the following lines


Save the file with any name, something like ... crash.c
Compile it: gcc crash.c
run it: ./a.out

And see how your server is getting crash.
Note: In future post I will explain how to protect your server from such program.

Here is the solution to prevent such attack - here 
Read more

Protection from Viruses and Spoofed IP Addresses

There are some trojans that scan networks for services on ports from 31337 to 31340 (called the elite ports in cracking terminology). Since there are no legitimate services that communicate via these non-standard ports, blocking it can effectively diminish the chances that potentially infected nodes on your network independently communicate with their remote master servers.

iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP

You can also block outside connections that attempt to spoof private IP address ranges to infiltrate your LAN. For example, if your LAN uses the range, a rule can set the Internet facing network device (for example, eth0) to drop any packets to that device with an address in your LAN IP range. Because it is recommended to reject forwarded packets as a default policy, any other spoofed IP address to the external-facing device (eth0) is rejected automatically.

iptables -A FORWARD -s -i eth0 -j DROP
Read more

Make USB pen drive as a bootable device (RedHat)

If you cannot boot from the DVD/CD-ROM drive, but you can boot using a USB device, such as a USB pen drive, the following alternative boot method is available:

To boot using a USB pen drive, use the dd command to copy the diskboot.img image file from the /images/ directory on the DVD or CD-ROM. For example:

dd if=diskboot.img of=/dev/sda

Your BIOS must support booting from a USB device in order for this boot method to work.
Read more

Configuring a DHCP Client

The /etc/sysconfig/network file should contain the following line:


The NETWORKING variable must be set to yes if you want networking to start at boot time.
The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines:


A configuration file is needed for each device to be configured to use DHCP.
Read more

HowTo use Crontab (Basic commands)

open the crontab editor:
# crontab -e

you can use this variables:

1 = Minute after the hour
2 = the hour you want it done
3 = Day of the Month
4 = Month of the Year
5 = Day of the week
6 = 'command you want to execute'
* = ALL

30 0 * * * /usr/local/aplication
It will run the application every day at 12:30 AM.
* * * - means all day of the month, all month of the year, all day of the week

Other crontab commands:
crontab -e opens the editor
crontab -l lists the contents of the crontab
crontab -r removes the crontab
Read more

Online Security testing your mail server (SMTP)

Is your SMTP server reliable and fully secured ? Is it used for spamming ?

Check here

Read more

HowTo check the DNS server entries?

You can simply use that commands to find your DNS servers on a Linux/Unix/BSD based OS by usign:

# cat /etc/resolv.conf
or using:
# less /etc/resolv.conf
Read more

Tool for Incident Response and Forensics

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques.

Get Helix Here

Read more

Linux-based Security Tool (Very Good)

STD is a Security Tool. Actually it is a collection of hundreds if not thousands of open source security tools. It's a Live Linux Distro (i.e. it runs from a bootable CD in memory without changing the native operating system of your PC). It's sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.
Get Knoppix-STD Here

Read more

Russix - LiveCD Linux Distro for Wireless monitoring & Cracking

Russix is a Slax based Wireless Live Linux.
It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing.
It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an "Evil Tiny Twin" attack in less than 5, it will not let you become the latest version of Barclays Bank.

Read more

My Desktop - OpenSuse 10.3

Read more

How To disable SELinux security policy in Redhat and Fedora

Login as root then:
Edit SELinux config file:
# vi /etc/selinux/config

Then set SELINUX= to disabled.

Replace the current line which most of the time will be set to enforcing. This disabled SELinux on boot, however it is still enabled to disable it without having to reboot execute:

setenforce 0

Take a look on setsebool command, if you want to enable specific applications without disabling SELinux look at the . The most common problem is SELinux blocking mySQL. You can fix it:

# setsebool -P mysqld_disable_trans=1
Read more

Parallel Windows Password Brute Forcing Tool

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Bruter is a tool for the Win32 platform only.

It currently supports the following services:
  • FTP
  • HTTP (Basic)
  • HTTP (Form)
  • IMAP
  • MySQL
  • POP3
  • SMB-NT
  • SMTP
  • SNMP
  • SSH2
  • Telnet
You can download Bruter here

Read more

HowTo Hack/Sniff/Monitor Wireless Networks

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
  • Ethereal/Tcpdump compatible data logging
  • Airsnort compatible weak-iv packet logging
  • Network IP range detection
  • Built-in channel hopping and multicard split channel hopping
  • Hidden network SSID decloaking
  • Graphical mapping of networks
  • Client/Server architecture allows multiple clients to view a single
  • Kismet server simultaneously
  • Manufacturer and model identification of access points and clients
  • Detection of known default access point configurations
  • Runtime decoding of WEP packets for known networks
  • Named pipe output for integration with other tools, such as a layer3 IDS like Snort
  • Multiplexing of multiple simultaneous capture sources on a single Kismet instance
  • Distributed remote drone sniffing
  • XML output
  • Over 20 supported card types
Download - Here

Read more

How to block Brute Force Attacks (Password Hacking)

From the category of log based tools fail2ban is considered to be the best available log based brute force blocker. Basically, as any other log based brute force blockers, fail2ban will monitor the system log files and when certain configured events occur they will trigger fail2ban to block the offending host.
Here are the main features of fail2ban:
  • running as daemon (no delay to take actions as in cron based tools).
  • can use various methods to block the attack:
    • iptables (this is the default, and will most certainly be the best choice for most users)
    • TCP Wrappers (/etc/hosts.deny): this might be particular useful if you are running a VPS that has no access to iptables rules.
    • any other method you might need to implement in your firewall setup (you will have to define the rules yourself in this case).
  • can handle more than one service: sshd (default), apache, vsftpd/proftpd, etc.
  • can send e-mail notifications.
  • can ban IPs for a limited amount of time and since 0.6.1 can also permanently ban hosts.
The installation is not at all complicated as the author provides packages for major linux distributions.

Read more

Use SaneSecurity Clamav signatures to Filter out Scam and Phishing emails

Clamav is probably the most popular open source antivirus software for Linux. At this time it contains 153727 signatures that will detect most viruses and the signatures are updated regularly to allow many mail servers to filter out the viruses before even reaching the users mailboxes.

This post will show how easy it is to install and use SaneSecurity 3rd party Clamav signatures to extend the antivirus protection built-in clamav with Scam and Phishing filtering. This can be very useful as these types of emails can be hard to detect by common antispam rules (spamassassin for ex.) - like the latest pdf spams, or phishing mails that are not always easy to detect. These will be filtered out directly by Clamav that is normally running prior to antispam measures.

These rules are provided and maintained by SaneSecurity and they are used by more and more peoples (including specialized companies like Barracuda Networks appear to be using SaneSecurity’s signature databases in their Barracuda Spam Firewall).

The installation and usage is very simple:
  1. we can manually download the SaneSecurity Phishing Signatures and SaneSecurity Scam Signatures from their download page. We can drop them in the clamav signatures folder (normally /var/lib/clamav , but check your clamd.conf for your DatabaseDirectory location) and they will be used right away (if you are using clamd it will need a reload to be notified of db changes or wait for the SelfCheck timer to expire and it will do that automatically).
  2. we can use one of the several scripts from their usage page to download initially the signatures and then to keep them updated regularly using cron.
Normally we would like to use the second option as we will always have the latest SaneSecurity rules updated. Check out the usage page and choose the script you think is best for you.

Read more

Linux virus (Linux/Rst-B) can make intruders to gain access to systems

A six-year old Linux virus is still in circulation, and Sophos suspects the high uptime exhibited by servers (compared with the typical home or office Windows PC that spends much of the day switched off or asleep) makes them valuable to bot-herders as central control points.

Sophos has created a detection tool specifically for this virus, and encourages administrators to use it and then forward any infected files to SophosLabs for analysis.

"If you don't find Linux/Rst-B on your system, it's good news but obviously doesn't mean that you are not infected with something else, said Billy McCourt, SophosLabs UK.

"I'd encourage you to at least do regular on-demand scans on your Linux box but ideally run an on-access scanner."

A previous analysis by McCourt suggested that Rst-B infections are not being used by intruders to gain access to systems, rather they occur as a side-effect of already-infected hacking tools being downloaded onto servers once a foothold has been gained.

"The number of malware in existence is around 350,000, and while only a teeny number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos.

Sophos sells an on-access scanner for Linux. Alternatives include the AVG and Avast products for Linux, as well as software that works with the popular ClamAV to provide on-access scanning.

Read more

How-To ping IPV6 ip address

Regular ping command only works with IPv4 address. Use ping6 command to send ICMP ECHO_REQUEST to network hosts from a host or gateway.

Type the command as follows:
$ ping6 localhost
$ ping6
$ ping6 IPv6-address
$ ping6 2001:db8::1428:57ab

Read ping6 man page for more information:
$ man ping6
Read more

Good place to have Linux Tattoo

Read more

Run parallel OS by using VitrualBox on OpenSuse

1) Make sure kernel-source and kernel-syms packages are installed (if not, install it from your OpenSuse installation CD), you can check using following command

poison:~ # rpm -qa | grep kernel

2) Download and Install following rpm –> (OpneSuse) get it from here
poison:~ # rpm -ivh Xalan-c-1.10-10.i586.rpm
poison:~ # rpm -ivh Xerces-c-2.7.0-11.i586.rpm

3) Now download and install VirtualBox rpm –> here
poison:~ # rpm -ivh VirtualBox-1.3.8_openSUSE102-2.i586.rpm

4) Now add users to group vboxusers who are going to use the virtualbox using yast tool.

5) Setup the Networking via Host Bridging
Download :
# tar xvf uml_utilities_20040406.tar.bz2
# cd tools/
# make
# make install

Do the following setup
# tunctl -t tap0 -u tux
# ifconfig tap0 up
# brctl addbr br0
# brctl addif br0 eth0 tap0
# dhcpcd br0
# ifconfig br0 up
# ifconfig eth0

6) Start the virtualbox GUI, Applications -> System -> VirtualBox

Here you can see my OpenSuse 10.2 box is running Ubuntu in virtual Box
Read more

Postfix + ClamAV + MailScanner in OpenSuse

1) Install the anti virus software (Clamav) –> (here)
rpm -ivh clamav-db-0.88.2-1.i386.rpm
rpm -ivh clamav-devel-0.88.2-1.i386.rpm
rpm -ivh clamav-server-0.88.2-1.i386.rpmrpm -ivh clamav-0.88.2-1.i386.rpm
/etc/init.d/clamd start
2. Once the anti-virus is install then we need to install the MailScanner software the RPM along with the source files can be found at
Now get ready to install the mailscanner, this is going to take a long time.
gzip -d MailScanner-4.46.2-2.rpm.tar.gz
tar -xvf MailScanner-4.46.2-2.rpm.tar
cd MailScanner-4.46.2-2
3. In your MailScanner.conf file in /etc/MailScanner, there are 5 settings you need to change. The settings are:
Run As User = postfixRun As Group = postfixIncoming Queue Dir = /var/spool/postfix/holdOutgoing Queue Dir = /var/spool/postfix/incomingMTA = postfix
4. You will need to ensure that the user “postfix” can write to
/var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine
chown postfix:postfix /var/spool/MailScanner/incoming
chown postfix:postfix /var/spool/MailScanner/quarantine
5. Edit file MailScanner.conf
Virus Scanners = clamav

6. Edit virus.scanners.conf
clamav /usr/lib/MailScanner/clamav-wrapper /var/lib/clamav

7. Now we need to edit the postfix file, go all the way to the bottom of the file and add the following
header_checks = regexp:/etc/postfix/header_checks

8. In the file /etc/postfix/header_checks add this line:
/^Received:/ HOLD

9. Set the servers to run on startup and then start them
chkconfig MailScanner on
chkconfig postfix on
chkconfig clamd on
/etc/init.d/Mailscanner start
/etc/init.d/postfix start
/etc/init.d/clamd start

Read more

How-to compile Linux Kernel in OpenSuse 10.x

1) Make sure you have all the required lib for kernel compilation

2) Download the latest kernel from

3) Untar the kernel source

4) Fire Following commands

# make oldconfig
# make rpm

5) This is will take some time, after compilation

Now go to — /usr/src/packages/RPMS/i386 directory and install the kernel

# rpm -ivh kernel-
# mkinitrd --> This will create /boot/initrd- file which is required durning booting on new kernel.

6) Go to and edit the following file to add the new kernel to boot menu

# vi /boot/grub/menu.lst and add the following lines to it

title openSUSE 10.2 -
root (hd0,5)
kernel /boot/vmlinuz- root=/dev/hda6 vga=0×317 resume=/dev/hda7 splash=silent showopts
initrd /boot/initrd-

You can also install new kernel using Yast tool.

7) Now install the grub using following command

# grub-install /dev/hda

Read more

kernel parameters for ACPI-related

There are various other ACPI-related kernel parameters that can be entered at the boot prompt prior to booting for installation:

This parameter disables the complete ACPI subsystem on your computer. This may be useful if your computer cannot handle ACPI at all or if you think ACPI in your computer causes trouble.

Always enable ACPI even if your computer has an old BIOS dated before the year 2000. This parameter also enables ACPI if it is set in addition to acpi=off.

Do not use ACPI for IRQ routing.

Run only enough ACPI to enable hyper-threading.

Be less tolerant of platforms that are not strictly ACPI specification compliant.

Disable PCI IRQ routing of the new ACPI system.
Read more

Spam Do's and Dont's

* The primary rule: Never make lists of e-mail addresses, and if you do, do not e-mail the list. This is a common practice, especially among the relatively inexperienced.

It happens like this -- Joe Beginner receives an interesting article and he immediately wants to mail it to all his friends -- but he does it by including all the addresses in a single posting. The problem? Each recipient gets a copy of all the addresses. Then one of Joe's friends forwards it to all his friends the same way. The address list becomes very large, and finally it falls into the hands of someone in the spam trade.

Instead, Joe Beginner should mail a separate copy to each of his friends. The point is there should never be more than one address on an e-mail.

* Never respond to a spam e-mail. For a spammer, one "hit" among thousands of mailings is enough to justify the practice. Instead, if you want a product that is advertised in a spam e-mail, go to a Web site that also carries the product, inquire there, and tell them you do not approve of spam methods and will not patronize a company that uses spammers.

* Never respond to the spam e-mail's instructions to reply with the word "remove." This is just a trick to get you to react to the e-mail -- it alerts the sender that a human is at your address, which greatly increases its value. If you reply, your address is placed on more lists and you receive more spam.

* Never sign up with sites that promise to remove your name from spam lists. These sites are of two kinds: (1) sincere, and (2) spam address collectors. The first kind of site is ignored (or exploited) by the spammers, the second is owned by them -- in both cases your address is recorded and valued more highly because you have just identified it as read by a human.

* Never mail-bomb spam sites or engage in hacking to stop spammers. This only increases the amount of wasted Internet traffic, creates sympathy for spammers, and makes the Internet even less reliable than it already is.

* Take meaningful action to stop spammers. Filter their messages or their sites using the methods described below, write their host sites (without revealing your real e-mail address!) and any sites that are used as relays, write your congressional representatives.
Read more

HowTo save power in Linux by using powertop

With the Intel processor, and linux kernel 2.6.21 or newer, you may want to try out the CLI app written by Intel developers. To run powertop, simply type:
HowTo install?

1) Download the latest version of powertop from here
2) tar -zxf powertop-1.9.tar.gz
3) cd powertop-1.9
4) make
5) make install
6) sudo powertop

Powertop will tells you which module on your system uses most electrical power, and it will display some suggestions on how you can reduce the power consumption and you are provided a key to hit on your keyboard to execute the commands. Check out the image below, powertop suggested me to Enable the CONFIG_USB_SUSPEND kernel configuration option

Firefox uses most power consumption, I didn’t try on other internet browser because I rely on Firefox to do my daily updates on the web. The more plugins you install to Firefox the more power you spend, install them by care. Gnome power manager seems to spend more resources while managing your power resource. They suggest you to remove it completely. There are more to try out, at the end of the day, will you get more than 40% of power saving?

Read more

Create perl binaries from perl scripts

You can have list of examples by just

man perlcc

First let us generate a perl script, create a file call hello

print "hello world. ";

Convert it into executable,

chmod +x hello

Try to run it, that is our normal perl script. To make it as a binary with ELF header, do this

perlcc -o hello-bin hello

So what is the different? Check with file command,

file hello*


hello:     perl script text executable
hello-bin: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), not stripped

File shows that “hello” is perl script, where “hello-bin” is a ELF executable binary file.

Read more

HowTo install software from Source Code

We usually download linux programs through package handling tools such as yum and apt-get. Download programs through package handling tools is easy, but not all programs is available in your Linux distribution repository. Sometimes, we need to download the source code, compile and install manually.

Usually, source code are compress in the archive format, its either tar.gz (.tgz) or bz2. The command uses to extract these archive is tar. Let say your archive is xyz2.29.tar.gz, then you can decompress it and extract to your folder like this

tar -xzvf xyz2.29.tar.gz -C /usr/src

-C is to indicate tar where to store the extracted files, you can extract the source code any place you like, such as home directory.

Before you start configure and install, please always read the readme files tag alone with tarball, it will sometimes brief you the specific steps to install the programs and also the requirements to fulfill before compile the source code.

Common open source programs source code comes with configure files and makefiles. Because those programs usually are cross platform compatible. That means it can be compile in different platform such as Unix, Linux, BSD etc, given the required library installed and the dependencies solved. Therefore, before start to compile and install, you usually need to configure.


Configure scripts will check whether all the libraries and dependency files are there or not. If it is not there it will pause and indicate you what is missing. At this moment, you need to search for the lib and install that before you can continue to configure.

Sometimes, the libraries are install, just the lib location are not the same as specified in config file, a good configure script, will have allow you to set some option, such as alternatives lib path, prefix of where you want to install the programs to. Display the options, you do this.

./configure --help

When it is done, now you can compile your source code. To compile all the source code and produce the binaries, you do this


Some packages contain more than one programs, do

make all

To compile all and turn all into binaries.
The last steps, is to install, usually you need root privilege to install packages.

sudo make install

Some of the makefiles have other options such as uninstall, clean etc. So to uninstall, you can do this:

sudo make uninstall

What make install do is just copy the binaries created to specified path, and uninstall is just remove them from the specified directories. Makefiles and configure scripts sometimes might be vary, sometimes the tarball will tag alone with friendly script with names “”. You just need to run the run me script, It will configure, make and install for you.
Read more

First step in hacking - know your neighboring machines

The simplest way I can do is use ping, I can send a broadcast packet to everyone in a subnet, so that they can response back. Let say I am in subnet of 192.168.0.x and the broadcast IP is, I can do this:

ping -b

How I know the broadcast IP is I can check with ifconfig.

ifconfig eth0 | grep Bcast

Some routers are configured to filter broadcast and multicast packets to prevent broadcast storm, if so, broadcast is useless.

So what are the alternatives way?

I can ping the IP one by one with a line of bash script.

for ((i=1;i<255;i++));>

The result will look like this:

--- ping statistics ---
--- ping statistics ---
--- ping statistics ---
--- ping statistics ---
64 bytes from icmp_seq=1 ttl=249 time=11.0 ms
--- ping statistics ---
64 bytes from icmp_seq=1 ttl=248 time=12.3 ms
--- ping statistics ---
--- ping statistics ---
--- ping statistics ---
--- ping statistics ---
--- ping statistics ---
--- ping statistics ---

Let me explain the ping options I use, -c (count) indicates how many attempt of ping for a single IP, -W specified the timeout in second, ping will waits until timeout to declare the attempt is fail.

From the sample results, I discovered and

Due to the limitation of ping, I can’t specified the timeout less than 1 seconds, to scan a class C LAN, it may takes up 255 seconds, which is extremely slow.

Read more

HowTo hide information in a image or sound file

OutGuess is console-based universal steganographic tool that can hide information inside picture objects. It supports inserting objects into PPM, PNM, and JPEG image formats. OutGuess can be used on Linux, *BSD, Solaris, AIX, HP-UX, Mac OS X, and Windows.

Suppose I want to securely send a root password for a production server. I can start by putting the password in a pass.txt file, then encrypt it with a secret key and mix the encrypted version with an image called grill.jpg. OutGuess can do that with one command:
~$ outguess -k key -d pass.txt grill.jpg summer-grill.jpg
You don't need to use the -k option to encrypt the sensitive data with a secret key. If you leave it off, however, anyone who knows there's a file buried in the image can extract the output file.

Now I have an image named summer-grill.jpg that holds my production server's root password, and I can mail it to my coworker. Anyone who sees the picture won't notice anything strange, since the data in the image object is not visible to the human eye.

When my coworker receives the picture, he needs to extract the information from the file. As long as he knows the secret key I used for the encryption, he can run the command:
~$ outguess -k key -r summer-grill.jpg pass.txt
If you don't specify the -k option and provide the key, OutGuess will extract the pass.txt file, but it won't be readable.

Steghide is another program you can use to hide sensitive data inside image and audio files. The latest version of Steghide supports hiding sensitive information inside BMP and JPEG image formats as well as in AU and WAV audio formats. The default encryption algorithm is Rijndael with a key size of 128 bits, which is basically AES (Advanced Encryption Standard), but you can choose from many other encryption algorithms as well. Steghide runs under both Linux and Windows.

Let's use the same scenario from our previous example. The equivalent Steghide command is:
~$ steghide embed -cf grill.jpg -sf summer-grill.jpg -ef pass.txt -p summer
To extract the pass.txt file from the summer-grill.jpg picture, use this Steghide command:
~$ steghide extract -sf summer-grill.jpg
You'll be asked for a password, and the utility will extract the pass.txt only if your password (secret key) is correct. Note that when extracting we didn't specify any output file. That's because Steghide automatically knows what the file name was that was inserted and extracts the file with the same name.

Stegtools is a pair of command-line tools for reading and writing hidden information. The latest version of stegtools supports 24bpp bitmap images, and runs on Linux and FreeBSD operating systems.

Using the same example again:
cat pass.txt | /usr/local/stegotools-0.4b/stegwrite grill.jpg summer-grill.jpg 1
Here I redirect the standard input (the output of cat command) into the stegwrite tool and specify an existing and desired output picture object. I used the full path to my stegwrite tools, since they're not in my $PATH. The number at the end of the command represents the number of last bits of the grill.jpg image that will be used to hide my data. The value may be 1, 2, or 4. More in-depth explanation can be found in the software's README file.

Stegread reads the hidden information from a picture object and writes it to the standard output. If I want to extract the password from summer-grill.jpg image, I can use this command:
~$ /usr/local/stegotools-0.4b/stegread summer-grill.jpg 1 > pass.txt
You need to have the right number of last bits in order to successfully extract the password from the object file. If you don't know the right number, the utility leaves you with an empty pass.txt file.

SteGUI, a Steghide GUI
SteGUI is a Linux-based graphical front end to Steghide. Before you install SteGUI you need the stegtools, FLTK toolkit, PStreams, ALSA, and Libjpeg libraries installed.

The menus in SteGUI allow you to open objects (picture or sound) and extract or embed information by selecting and clicking on the screen. Here you can see that I've opened my grill.jpg picture and am preparing to embed the pass.txt file. You can also see how many cryptographic algorithms are available for the job. Although it's a nice interface, SteGUI is useful only with objects made with the Steghide program.

Read more

Service redirection on other machine

xinetd can be used as a transparent proxy, It allows to send a service request towards an other machine to the desired port.

service telnet
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from =
redirect = 23

Let's watch what's going on now:

>>telnet server
Connected to server.
Escape character is '^]'.

Welcome to openSUSE 10.3 (i586)
Poison login:

At first, the connection seems to be established on server but the following shows that poison took over. This mecanism can be both useful and dangerous. When setting it up, logging must be done on both ends of the connection.
Read more

HowTo make two instance of postfix running on same machine

What's involved?

Creating a second instance of Postfix from an existing one involves the following steps:

1. Add an IP address to the server
2. Copy the /etc/postfix directory and all files
3. Create an additional spool directory
4. Edit the config files
5. Create startup and administration scripts

Step one: Add an IP address

The second instance of Postfix will be used for all outbound e-mail. Users will configure their e-mail clients to connect to that IP as their "SMTP server".

Follow the procedure appropriate to your server's version of Linux to add a second IP. The new IP can exist on the same network card as the first (eg. as device eth0:1 on Linux) or can be tied to a second NIC, whichever best suits your requirements.

The new IP address must resolve to a name. Either add a name for it in your DNS, or add an entry in the server's /etc/hosts file. Postfix will not work unless the IP address resolves to a name on the server Postfix is installed on.

As an alternative, the new instance can share the same IP but receive mail on a port other than port 25. We won't show that here, but it's an alternative to be aware of.

Step two: copy /etc/postfix

Copy your existing /etc/postfix directory to /etc/postfix-out:

cp -rp /etc/postfix /etc/postfix-out

The new directory should have all the files with the same ownership and permissions as the original.

To make the next step easier, edit file /etc/postfix-out/ Change the following setting or add it if it does not exist:

queue_directory = /var/spool/postfix-out

Save the changes to the file before proceeding to the next step.

Step three: create an additional spool directory

Each instance of Postfix must have it's own mail spool directory. To avoid file conflicts, the default directory /var/spool/postfix must not be shared among instances.

Create a directory named /var/spool/postfix-out and let Postfix create the appropriate subdirectories and permissions:

mkdir /var/spool/postfix-out
postfix -c /etc/postfix-out check

The result should be directory /var/spool/postfix-out containing something similar to the following:

drwxr-xr-x 14 root root 336 Jan 30 10:20 .
drwxr-xr-x 15 root root 384 Jan 30 10:20 ..
drwx------ 2 postfix root 48 Jan 30 10:20 active
drwx------ 2 postfix root 48 Jan 30 10:20 bounce
drwx------ 2 postfix root 48 Jan 30 10:20 corrupt
drwx------ 2 postfix root 48 Jan 30 10:20 defer
drwx------ 2 postfix root 48 Jan 30 10:20 deferred
drwx------ 2 postfix root 48 Jan 30 10:20 flush
drwx------ 2 postfix root 48 Jan 30 10:20 incoming
drwx-wx--- 2 postfix postdrop 48 Jan 30 10:20 maildrop
drwxr-xr-x 2 root root 48 Jan 30 10:20 pid
drwx------ 2 postfix root 48 Jan 30 10:20 private
drwx--x--- 2 postfix postdrop 48 Jan 30 10:20 public
drwx------ 2 postfix root 48 Jan 30 10:20 saved

If directory /var/spool/postfix contains directories named etc, usr and lib, your first Postfix instance was probably installed chrooted: if those directories exist, manually copy them to /var/spool/postfix-out:

cp -rp /var/spool/postfix/etc /var/spool/postfix-out
cp -rp /var/spool/postfix/usr /var/spool/postfix-out
cp -rp /var/spool/postfix/lib /var/spool/postfix-out

Step four: edit the config files

Edit the file /etc/postfix/ and add the following near the bottom of the file:

alternate_config_directories = /etc/postfix-out

The above setting is required to inform the Postfix daemons about the second instance.

Next, edit the file /etc/postfix-out/ and change the following setting:

inet_interfaces = second-IP-address-NAME

Note: in the above you must specify the DNS name of the second IP address, not the IP address. If the IP address does not have a DNS name, add an entry for it to /etc/hosts so it can be resolved locally on the server.

You should also remove settings such as reject_maps_rbl and content filtering that only need to be applied to inbound e-mail, and change syslog_facility so logging of outbound mail sent to a different file than inbound.

You might also want to change the setting myhostname so the second instance uses a name difference than the first (eg. "mx1-out"). This is required if the two instances will exchange mail with each other, otherwise Postfix will complain mail "loops back to myself".

Lastly, you can force mail being sent from the outbound instance to send using the same IP address as the inbound instance. This is useful when the mail server is behind a firewall and you want only one IP address to communicate with the Internet. To send mail on a different IP, add the setting smtp_bind_address to similar to the following:

smtp_bind_address =

(Of course, replace the IP address above with your own server's inbound SMTP IP address)

Step five: Create startup and administration scripts
Startup script
The second instance can be started using the normal postfix start command, except you must point to the other configuration directory. For example:

postfix -c /etc/postfix-out start

To create a startup script for the second instance, either edit your existing Postfix startup script and add the above command after the existing postfix start command, or copy the existing startup script to a new name and change the copy. If you copy the start script, be sure to also follow your operating system's instructions for installing a new init script (for example, chkconfig on Redhat Linux, update-rc.d on Debian Linux).
Read more
Related Posts with Thumbnails