April 2008 | Linux Poison

Remote Control your PC with bluetooth cell phone

anyremote is a Console application which allows to control PC with bluetooth cell phone

The overall goal of this project is to provide wireless remote control service on Linux through Bluetooth, InfraRed, Wi-Fi or just TCP/IP connection.

anyRemote supports wide range of modern cell phones line Nokia, SonyEricsson, Motorola and others.

anyRemote was developed as thin "communication" layer between Buetooth (IR, Wi-Fi)-capabled phone
and Linux, and in principle could be configured to manage almost any software.

anyRemote could be used with:
* bluetooth connection with java client if cell phone is JSR82 compatible
* Wi-Fi connection with java client if phone supports Wi-Fi
* IR connection with java client if java realization in phone supports access to IR port
* ordinary TCP/IP connection with java client, if PC is connectable from internet
* bluetooth, infrared or cable connection using AT "modem" commands

* web interface
* it supports some of IR remotes supplied with TV tuner cards (like LIRC)
* it has limited support for Bemused clients

Download : Here

Ubuntu Tips, Tricks and tutorials

[Source: lxpages.com]

Tune/Configure your Ubuntu with Ubuntu Tweak

Ubuntu Tweak is a tool for Ubuntu that makes it easy to configure your system and desktop settings.

It provided many useful desktop and system options that the default desktop environment isn't provided.

Features of Ubuntu Tweak:

* View of Basic System Information(Distribution, Kernel, CPU, Memory, etc.)
* GNOME Session Control
* Auto Start Program Control
* Show/Hide and Change Splash screen
* Show/Hide desktop icons or Mounted Volumes
* Show/Hide/Rename Computer, Home, Trash icon or Network icon
* Tweak Metacity Window Manager’s Style and Behavior
* Compiz Fusion settings, Screen Edge Settings, Window Effects Settings, Menu Effect Settins
* GNOME Panel Settings
* Nautilus Settings
* Advanced Power Management Settings
* System Security Settings

Installation:

Open your terminal, type the command to run gedit(or other editor in your opinion) to modify the sources.list:

sudo gedit /etc/apt/sources.list

And put the two line into it:

deb http://ppa.launchpad.net/tualatrix/ubuntu hardy main deb-src http://ppa.launchpad.net/tualatrix/ubuntu hardy main

Then update the source and install or upgrade Ubuntu Tweak:

sudo apt-get update sudo apt-get install ubuntu-tweak

if you have installed, just type:

sudo apt-get dist-upgrade

Download: Here

Reiser FS is dead (RIP)

Yesterday, the Open Source community took an emotional hit when veteran Linux programmer Hans Reiser was convicted of first degree murder in the suspicious disappearing of his wife, Nina. While I won’t go into the details of the case, as this has been covered extensively in the press, I would like to talk a little bit about how this verdict will impact the technology in play for file system dominance in our favorite Open Source operating system, Linux.

Suse and Debian use ReiserFS version 3, a stable and proven version of the code that has been sitting mostly fallow for some time, and is maintained with bug and security fixes on a best effort basis.

From the SuSE and Debian perspective, this is an obviously unacceptable state of affairs. The OpenSuSE project has already moved its distribution to use the ext3 file system

Reiser found guilty of first degree murder

Monitor Web page changes

Specto is a OpenSource WebPage update/monitoring program - it saves you time and keeps you updated by automatically checking web pages (static or dynamic)to see if they have changed also helps to check it at time when someone is trying to change your page.

You can configure Specto to monitor changes to wiki pages, blog posts, forum threads, your email inbox, and even files and folders on your own system. An unobtrusive pop-up from its system tray icon informs you of all changes, so you don't have to hop around looking for updates.

You can install it from the compressed tarball if you want the most recent release. First explode the tarball with the tar zxvf specto-0.2.2.tar.gz command. Next, browse into the specto-0.2.2/ directory. You don't have to install Specto to begin using it; the command ./launch.sh launches Specto. But Fedora and Ubuntu users can respectively use the su -c "python setup.py install" or sudo python setup.py install command to install Specto.

Open Source collaboration suite - Spicebird

Spicebird is a free and open source collaboration suite. It features include email, calendaring and instant messaging. This post shows how you can install Spicebird on Ubuntu 7.10 Gutsy Gibbon.

To install Spicebird on Ubuntu, you can execute the following steps:

1. Download Spicebird beta 0.4 for Linux from here. Save it to ~/Desktop folder.

2. Open terminal window, go to ~/Desktop folder:

cd ~/Desktop

3. Extract to /opt:

sudo tar jxvf spicebird-beta-0.4.en-US.linux-i686.tar.bz2 -C /opt

4. Create GNOME menu.

sudo gedit /usr/share/applications/spicebird.desktop

Then add:

[Desktop Entry]
Encoding=UTF-8
Name=Spicebird
Comment=Collaboration suite
Exec=/opt/spicebird-beta/spicebird
Icon=/opt/spicebird-beta/icons/mozicon50.xpm
Terminal=false
Type=Application
Categories=Application;Network;
StartupNotify=true

5. Now you can run Spicebird by clicking Applications → Internet → Spicebird.

Take a break - Workaholic

Workaholic is a program which shows a window to remind you to take a break after a period of time by showing a transparent window with a progress bar. You can skip rests, or postpone these for 5 or 10 minutes.

To install Workaholic on Ubuntu, you can execute the following steps:

1. Open your /etc/apt/sources.list file with gedit text editor:
sudo gedit /etc/apt/sources.list

2. Add this line:
deb http://mundogeek.net/repo ubuntu all

3. Update the list of packages:
sudo apt-get update

4. Workaholic requires python-imaging package, you can install it with this command:
sudo apt-get install python-imaging

5. Install Workaholic:
sudo apt-get install workaholic

A powerful, speedy, and sexy remote control for your Desktop - GNOME Do

The typical computer user interacts with a number of different resources and programs on her computer, all of which are accessed by disparate means, including menus, location bars, icons, shortcut keys, etc. We plan to consolidate these interfaces by creating an application that indexes items in the user's desktop environment (documents, contacts, bookmarks, applications, multimedia, etc.) and lets the user search through these items and manipulate these items with commonly performed actions (open, run, email, chat, etc.).

GNOME Do allows you to quickly search for many items present in your GNOME desktop environment (applications, Evolution contacts, Firefox bookmarks, files, artists and albums in Rhythmbox, Pidgin buddies, etc.) and perform commonly used actions on those items (Run, Open, Email, Chat, Play, etc.). GNOME Do is inspired by Quicksilver and GNOME Launch Box.

GNOME Do is not a search tool. If you know what you're looking for and what you want to do with it, Do will help you do it quickly.

GNOME Do is not only for GNOME. Although it was created by a GNOME lover, Do runs on KDE and other common environments.

SystemRescueCD

SystemRescueCd is a Linux system on a bootable CD-ROM for repairing your system and recovering your data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It contains a lot of system utilities (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It is very easy to use: just boot the CDROM. The kernel supports most of the important file systems (ext2/ext3, reiserfs, reiser4, xfs, jfs, vfat, ntfs, iso9660), as well as network filesystems (samba and nfs).

If this is the first time you use SystemRescueCd, please read the Quick start guide (english)

Bluetooth -- Leave it - it's locked, come back - it's back too...

BlueProximity is software helps you add a little more security to your desktop. It does so by detecting one of your bluetooth devices, most likely your mobile phone, and keeping track of its distance. If you move away from your computer and the distance is above a certain level (no measurement in meters is possible) for a given time, it automatically locks your desktop (or starts any other shell command you want).

Once away your computer awaits its master back - if you are nearer than a given level for a set time your computer unlocks magically without any interaction (or starts any other shell command you want).

A simple KDE network monitor - KNetStats

A simple KDE network monitor that show rx/tx LEDs or numeric information about the transfer rate of any network interface in a system tray icon. KNetStats is now part of kde-extragear package so the source code can be found at the KDE subversion repository. Stable releases packages are avaliable to download also at SourceForge download servers. The current version is v1.6.1.

Features:

* See network activity, transfer rate, speed chart, IP address, MAC address, etc of any network interface (including localloopback).
* Support multiple network interfaces.
* See simple statistics (packets and bytes received and transmitted).
* Configurable Update Interval, View mode, Icon themes, etc.
* GPL'ed, you can use and modify for free (Following GPL conditions)
* Carrier on/off detection.

How To Upgrade Your Desktop From Ubuntu 7.10 (Gutsy Gibbon) To 8.04 LTS (Hardy Heron)

This guide shows how you can upgrade your desktop from Ubuntu 7.10 (Gutsy Gibbon) to Ubuntu 8.04 LTS (Hardy Heron).

Want read full content here the link at HowToForge.com

How to run a crontab entry as "nobody"

Here's a quick example of how to run a program on a Linux system through a crontab entry, with the program being executed as the user nobody.

Just put this entry in a crontab file (by issuing the "crontab -e" command, for example), and the program named myProgram.sh will be run at 1:30 a.m. using the Bourne shell, and will be run as the user nobody.

30 1 * * * su -c '/path/to/program/myProgram.sh' -s /bin/sh nobody

Of course testing is always recommended, but this has worked for me.

How to run a Unix/Linux job in the background when you log off (nohup)

So you want to log off and go home for the night, but you need to run a job that's going to take a couple of hours? Fear not, the nohup command will help you out.

As a simple example, assume that you have a command named RunningJob.sh that you want to run, but you know if will take over three hours to run. Just submit the job using the nohup ("no hang up") command as shown below, and you should be good to go:

nohup myLongRunningJob.sh &

Of course make sure you test your program to know that it is really set up properly, otherwise you'll be in for a disappointment in the morning. Other than that, if your command is set up properly, the nohup command should do the trick for you. You can safely log out, and find your results waiting for you in the morning.

Disable Root SSH Login on Linux

One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.

It's much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.

To fix this problem, we'll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it's usually in /etc/ssh/. Open the file up while logged on as root.

vi /etc/ssh/sshd_config

Find this section in the file, containing the line with "PermitRootLogin" in it.

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

Make the line look like this to disable logging in through ssh as root.

PermitRootLogin no

Now you'll need to restart the sshd service:

/etc/init.d/sshd restart

Now nobody can brute force your root login, at least.

Brute Force Detection

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must have APF Firewall installed first.

How To:
Download BFD: wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
[Check here if you want to know how to install the software from source]
After the installation is complete you will receive a message saying it has been installed.
Next we will have to configure the firewall: vi /usr/local/bfd/conf.bfd
Find the following lines and replace them with your details:
# Enable/disable user alerts [0 = off; 1 = on]
ALERT_USR="1"
#
# User alert email address
EMAIL_USR="your@mail.com"
#
# User alert email; subject
SUBJ_USR="Brute Force Warning for $HOSTNAME"
#
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.
vi /usr/local/bfd/ignore.hosts and put your ip address.
Now we are ready to start the BFD system: /usr/local/sbin/bfd –s
For more configuration options you are suggested to read the README.

How to hide PHP version Information

You should hide php banner information from being displayed so the attackers are not aware of what version of PHP version you are running and thus making it more difficult for them to exploit any system holes and thus making vulnerability scanners work harder and in some cases impossible without knowing banner information.

How To:
Modify php.ini
Change the expose_php line to: expose_php=Off
Notice: You may need to restart Apache.

How To hide Apache version Information

You should hide apache banner information from being displayed so the attackers are not aware of what version of Apache version you are running and thus making it more difficult for them to exploit any system holes and thus making vulnerability scanners work harder and in some cases impossible without knowing banner information.

How To:
Modify /etc/httpd/conf/httpd.conf
Change the ServerSignature line to: ServerSignature Off
Change the ServerTokens line to: ServerTokens Prod
Restart Apache: /sbin/service httpd restart

How To do SHA-1 checksum

SHA-1 is the successor of MD5 ( Read about MD5 here ) is a tool to check the integrity of your downloads.
The SHA-1 algorithm is the brainchild of the US-based National Security Agency (NSA)

Basically it works the same as the MD5, a SHA-1 file is available on the download server where you downloaded your ISOs and when opening it you will see a string of numbers that you compare to the output of the command:

CODE: $ sha1sum /home/Nikesh/downloaded.iso

The string you get from this command typically looks like:

QUOTE
f560f26a32820143e8286afb188f7c36d905a735

You compare it to the string you find in the SHA-1 file on the download server. If both of them are identical you can be sure your downloaded ISO is okay and you can burn it to a CD.

How to change the login banner/message

The login banner is essential to legal actions taken against people who misuse and illegally hack into your box. There have been cases where the hackers got off because the server they hacked into actually “Welcomed” them into the system!

To change the login banner/welcome message, simply edit the /etc/issue file and put whatever you want into this file, best option is to keep it empty.

#vi /etc/issue

sync users' Samba passwords with their system passwords

The pam_smbpass PAM module can be used to sync users' Samba passwords with their system passwords when the passwd command is used. If a user invokes the passwd command, the password the uses to log in to the system as well as the password he must provide to connect to a Samba share are changed.

To enable this feature, add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation:

password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass

Transfer Linux user to Samba users

To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:

1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:

# cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

If the system uses NIS, type the following command:

# ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.

2. Change the permissions of the Samba password file so that only root has read and write permissions:

# chmod 600 /etc/samba/smbpasswd

3. The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):

# smbpasswd username

4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:

encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.

How To add another disk to running Linux system

In this example we will fdisk the disk attached to our 2nd array controller.

1. fdisk the new drive
* fdisk /dev/sda
* Make a new partition using fdisk (/dev/sda1)

2. format the new partition using mkfs
* mkfs -t ext3 /dev/sda1
* Note, if you will be storing lots of small files, you may need to increase the inode count. You do this when you format the drive. The default count of inodes will be good for most people.

3. Make a new directory to mount your new space to
* mkdir /newspace
* Note: If moving a current filesystem over to this new space, you will need to first mount the new space to a temporary mount point, move all the contents to it, then unmount that temporary mount point, and finally add an entry in /etc/fstab so it will mount automatically on bootup.

4. Have the new drive mount automatically
* vi /etc/fstab
* make a copy of an existing line
* change this new line to match your partition number

5. Test that your partition mounts ok according to the changes you made in /etc/fstab
* mount /dev/sda1 /newspace

Underground hacking/cracking Magazine - Phrack

You can read the latest release of the underground magazine Phrack from their website. For those among us who are not very familiar with phrack or underground magazine scene. Phrack has been around since 1985, well over 20 years, and has been the leading underground hacking/cracking ezine out there. Some notable facts about phrack (taken from wikipedia):

The Mentor’s Hacker Manifesto, which has been an inspiration to young hackers since the 1980s, was published in the 7th issue of Phrack.

Aleph One’s Smashing The Stack For Fun And Profit, published in issue 49, is the “classic paper” on stack buffer overflows, partly responsible for popularizing the vulnerability.

* Several regular columns are present in most issues of Phrack, such as:
* Prophile - the presentation of a very influential character from the hacking underground.
* Loopback - answers to the most original (or stupid) emails received by the phrack staff.
* Phrack World News - a compilation of reports on the latest counter-culture events.
* International Scene - a compilation of testimonies from hackers all around the world focusing on national and international activities.

You can read more about phrack history here and here.

[Source of this article: Here]

Discovering and Hacking Bluetooth

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

Forward Squid traffic to secure tunnel (SSH)

When Squid is installed and running, it uses port 3128 by default. You should test it manually by setting your HTTP proxy to the server that runs Squid. For instance, in Firefox to go Tools -> Options -> Advanced -> Network -> Settings and enter the IP address or host of the Squid proxy (e.g. 192.168.0.100) and 3128 for the port. Try to load any web page. If you see an access denied error, check out the http_access configuration in the squid configuration file.

Once Squid is all set and ready to go, you need to forward your connection to it over SSH. To set the tunnel up on your Windows laptop, download Plink, a command-line version of Putty SSH client, and run this command:

plink.exe -batch -N -l UserName -pw Password -L 3128:localhost:3128 SSH_Server

On Unix-based systems, simply run this command:

ssh -L 3128:localhost:3128 SSH_Server -f -N

Finally, tell your browser to use the SSH tunnel as a proxy. Basically you need to change the host to localhost and the port number to 3128 (See below).

SQL Injection Tool - sqlninja

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Features:

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:

* Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)

* Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)

* Privilege escalation to sysadmin group if 'sa' password has been found

* Creation of a custom xp_cmdshell if the original one has been removed

* Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)

* TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell

* Direct and reverse bindshell, both TCP and UDP

* DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)

* Evasion techniques to confuse a few IDS/IPS/WAF

Prerequisites

In order to use sqlninja, the following Perl modules need to be present:

* NetPacket

* Net-Pcap

* Net-DNS

* Net-RawIP

* IO-Socket-SSL

download Sqlninja here

Call For Open Source Awards 2008 Nominations

For the 4th year running, Google and O’Reilly will present a set of Open Source Awards at OSCON 2008. The awards recognize individual contributors who have demonstrated exceptional leadership, creativity, and collaboration in the development of Open Source Software. Past recipients for 2005-2007 include Doc Searls, Jeff Waugh, Gerv Markham, Julian Seward, David Heinemeier Hansson, Karl Fogel, David Recordon, and Paul Vixie.

The nomination process is open to the entire open source community, closing May 15th, 2008. Send your nominations to osawards AT oreilly DOT com. Nominations should include the name of the recipient, any associated project/org, suggested title for the award (”Best Hacker”, “Best Community Builder”, etc.), and a description of why you are nominating the individual. Google and O’Reilly employees cannot be nominated.

Antivirus scanning for Nautilus by using Nautilus-clamscan

Nautilus-clamscan adds the ability to Nautilus to scan files for viruses from a right-click.

The progress and results of the antivirus scan are shown in a progress dialog.

Requirements
This application requires GTK+ version 2.10.x. Other dependencies include:
clamav, python, python-clamav, python-gtk2, python-nautilus

Download Nautilus-clamscan - Here

OpenSuse 11.0 Countdown - Get your counter

You can help spread the word for openSUSE 11.0 before it’s released! The openSUSE project now has countdown banners that display the number of days before the next openSUSE release.

You can display the banner on your site, and the rendering is done via the openSUSE server. You can find the code and the right language for your site on http://en.opensuse.org/Countdown. You can link the banner to http://en.opensuse.org/OpenSUSE_11.0 which has information about the 11.0 release and information on testing prior to the final 11.0 release.

The banners were inspired by a post by Pavol Rusnak, and we received fantastic code and graphics contributions from several members of the openSUSE community, including Pascal Bleser, Jakub ‘jimmac’ Steiner, Pavol Rusnak, Marek Stopka, Kevin Dupuy, and Billy Juliani. Thanks to everyone who contributed!

So, grab a banner and show your openSUSE pride.

Tools for network auditing and penetration testing

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

Download dsniff : here

How to prevent too many filesystem checks

If you often switch your Linux computer on and off (for example because it is a laptop), it will check the filesystems at boot more often than necessary. Having to wait at unexpected times is annoying, and when this happens every few days and always just when you needed access to your data quickly, even more so.

Having a fixed time interval between these checks (so you know when they will happen) instead of checks happening when a counter reaches some number is much better. Configuring this is quite easy. First, look in /etc/fstab . In my case, the relevant lines are:

/dev/sda1 /boot ext2 defaults 0 1
/dev/sda3 / ext3 noatime 0 1
/dev/sda4 /home ext3 noatime 0 1

Now we know which device contains which always-mounted filesystem. To set the checks to be monthly, I run these commands:

tune2fs -c 0 -i 1m /dev/sda1
tune2fs -c 0 -i 1m /dev/sda3
tune2fs -c 0 -i 1m /dev/sda4

-c 0 means no mount counter will be used. If you would want a check at every 100th boot, you would use -c 100.

-i 1m means the filesystem will be checked every 1 month. Other examples of what could be used in combination with -i are 2d (2 days) or 3w (3 weeks).

Open Source Census Launches

The Open Source Census, an effort to pin down hard statistics regarding the implementation of open-source software around the world, gets underway on Wednesday.

Companies and individuals can use the tool to scan their computers for open-source software and then anonymously upload the data to the effort's site. The information will be available in two forms. Those who contribute can get reports summarizing their own use, as well as comparative data based on similar companies' results. Aggregated data untraceable to any company will be available publicly on the site.

More Information : Here

Tune SYSLOGD for high Performance

LINUX syslogd uses synchronous writes by default, which is very expensive. For services such as mail it is recommended that you disable synchronous logfile writes by editing /etc/syslog.conf and by prepending a ”-” to the logfile name.

mail.* -/var/log/mail.log

Restart your syslod to make the changes effective

Faster internet access with Firefox

Web designer use Flash animation to attract visitor attention, too much flash animation will make people feel annoying. There is this firefox extension Flashblock which able to block flash animation from loading. I’m using this Flash block to block all flash animation. One hand it help to block all annoying flash animation, at other hand it help to speed up page loading.

Get Flashblock from here

Ever been annoyed by all those ads and banners on the internet that often take longer to download than everything else on the page? Install Adblock Plus now and get rid of them and also help you to access the contents faster.

Get Adblock from here and you also need Adblock Filterset.G Updater, This is a companion extension to Adblock or Adblock Plus and should be used in conjunction with it. This extension automatically downloads the latest version of Filterset.G every 4-7 days. Filterset.G is an excellent set of filters maintained by G for Adblock that blocks most ads on the internet.

Get Adblock Filterset.G Updater from here

Linux related Online Books and Tutorials

Here is a website, Opensourceproject.org.cn, that offers 222 freely available online books and tutorial articles covering open source technologies. Most of these are written in English, some are in Chinese. The numbers below refer to the number of English books. These will help you learn how to program in open source languages and frameworks, such as Eclipse, Perl, Ruby, PHP, and Python. These will also help you gain knowledge and increase your skills with Ubuntu Linux, Red Hat Linux, Fedora, Suse Linux, the Linux Kernel, and Embedded Linux.

Open Source Books and Tutorials:

78 Programming Languages Books and Tutorials
- 7 Eclipse Books and Tutorials
- 31 Perl Books and Tutorials
- 6 Ruby Books and Tutorials
- 9 PHP Books and Tutorials
- 23 Python Books and Tutorials

25 Linux Distribution Books and Tutorials
- 5 Ubuntu Linux Books and Tutorials
- 8 RedHat / Fedora Linux Books and Tutorials
- 5 SuSE Linux Books and Tutorials

4 Linux Kernel Books and Artilces

13 Embedded Linux Books and Tutorials

14 Shell Programming Books and Tutorials

23 MySQL Books and Tutorials

5 PostgreSQL Books and Tutorials

11 Apache Books and Tutorials

6 Samba EBooks and Tutorials

15 Email Books and Tutorials

22 Security Books and Tutorials
- Antivirus
- Cryptography
- Firewall
- Internet IDS
- Kerberos
- System Security

6 OpenOffice Books and Tutorials

Open Source eBooks -- Free

Here are 40 eBooks covering Open Source technologies, including Linux, Bash, Apache, MySQL, Sendmail, PHP, and more.

Topics covered by these eBooks:

- Linux
- Linux Commands
- Bash Shell Scripting
- Apache Server
- VPN
- MySQL
- PHP
- Network Administration
- Postfix
- DNS
- BIND
- Sendmail
- Web Database
- LAMP
- SMTP

Free LPI Linux Certification Courses

LPI Exam 101:
These 5 LPI 101 tutorials will assist you in getting ready for taking and passing these topics in the LPI exam 101. Exam 101 is the first of two junior-level system administrator exams. Both exam 101 and exam 102 are required for LPIC-1 certification, which is the junior level.

LPI exam 101 prep, Topic 101: Hardware and architecture
In this tutorial (the first in a series of five tutorials), Ian Shields introduces you to configuring your system hardware with Linux, and in doing so, begins preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 101. In this tutorial, you learn how Linux configures the hardware found on a modern PC and where to look if you have problems.

LPI exam 101 prep, Topic 102: Linux installation and package management
In this tutorial (the second in a series of five tutorials), Ian Shields introduces you to Linux installation and package management, and in doing so, continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 101. In this tutorial, you learn how Linux uses disk partitions, how Linux boots, and how to install and manage software packages.

LPI exam 101 prep, Topic 103: GNU and UNIX commands
In this tutorial (the third in a series of five tutorials), Ian Shields introduces you to the Linux command line and several GNU and UNIX commands, and in doing so, continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 101. This tutorial helps you learn to use commands on a Linux system.

LPI exam 101 prep, Topic 104: Devices, Linux filesystems, and the Filesystem Hierarchy Standard
In this tutorial (the fourth in a series of five tutorials), Ian Shields introduces you to Linux devices, filesystems, and the Filesystem Hierarchy Standard, and in doing so, continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 101. This tutorial shows you how to create and format partitions with different Linux filesystems and how to manage and maintain those systems.

LPI exam 101 prep, Topic 110: The X Window System
In this tutorial (the last in a series of five tutorials), Ian Shields introduces you to the X Window System on Linux, and in doing so, continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 101. In this tutorial, you learn how to install and maintain the X Window System. This tutorial covers both major packages for X on Linux: XFree86 and X.Org.

LPI Exam 102:
These 6 LPI 102 tutorials will assist you in in getting ready to pass these topics in the LPI exam 102. Exam 102 is the second of two LPI junior-level system administrator exams. Both exam 101 and exam 102 are required for LPIC-1 certification, which is the junior level. Three missing topics for this exam will be added in the future.

LPI exam 102 prep, Topic 105: Kernel
By the end of this tutorial, you will know how to build, install, and query a Linux kernel and its kernel modules. The tutorial is organized according to the specific objectives of the LPI exam for this topic. If you're studying for certification -- or simply building a solid foundation in Linux systems administration -- you will be ready to proceed to the next tutorial in the exam 102 series.

LPI exam 102 prep, Topic 106: Boot, initialization, shutdown, and runlevels
In this tutorial, Ian Shields continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 102. In this second in a series of nine tutorials, Ian introduces you to startup and shutdown on Linux. By the end of this tutorial, you will know guide a system through booting, set kernel parameters, and shut down or reboot a system.

LPI exam 102 prep, Topic 107: Printing
In this tutorial, the third of a series of nine tutorials on LPI exam 102 topics, Ian Shields introduces you to printing in Linux. By the end of this tutorial, you will know how to manage printers, print queues, and user print jobs on a Linux system.

LPI exam 102 prep, Topic 108: Linux documentation
In this tutorial, the fourth of a series of nine tutorials on LPI exam 102 topics, Ian Shields introduces you to Linux documentation. By the end of this tutorial, you will know how to use and manage local documentation, find documentation on the Internet, and use automated logon messages to notify users of system events.

LPI exam 102 prep, Topic 109: Shells, scripting, programming, and compiling
In this tutorial, Ian Shields continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 102. In this fifth in a series of nine tutorials, Ian introduces you to the Bash shell, and scripts and programming in the Bash shell. By the end of this tutorial, you will know how to customize your shell environment, use shell programming structures to create functions and scripts, set and unset environment variables, and use the various login scripts.

LPI exam 102 prep, Topic 111: Administrative tasks
In this tutorial, Ian Shields continues preparing you to take the Linux Professional Institute Junior Level Administration (LPIC-1) Exam 102. In this sixth in a series of nine tutorials, Ian introduces you to administrative tasks. By the end of this tutorial, you will know how to manage users and groups, set user profiles and environments, use log files, schedule jobs, back up your data, and maintain the system time.

LPI Exam 201:
These 8 LPI 201 tutorials will assist you in in getting ready to pass the LPI exam 201. Exam 201 is the first of two LPI intermediate-level system administrator exams. Both exam 201 and exam 202 are required for LPIC-2 certification, which is the intermediate level.

LPI exam 201 prep, Topic 201: Linux kernel
In this tutorial, David Mertz begins preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this first of a series of eight tutorials, you will learn to understand, compile, and customize a Linux kernel.

LPI exam 201 prep, Topic 202: System startup
In this tutorial, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this second of a series of eight tutorials, you will learn the steps a Linux system goes through during system initialization, and how to modify and customize those behaviors for your specific needs.

LPI exam 201 prep, Topic 203: Filesystem
In this tutorial, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this third of eight tutorials, you will learn how to control the mounting and unmounting of filesystems, examine existing filesystems, create filesystems, and perform remedial actions on damaged filesystems.

LPI exam 201 prep, Topic 204: Hardware
In this tutorial, David Mertz and Brad Huntting continue preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this fourth of eight tutorials, you learn how to add and configure hardware to a Linux system, including RAID arrays, PCMCIA cards, other storage devices, displays, video controllers, and other components.

LPI exam 201 prep, Topic 209: File and service sharing
In this tutorial, Brad Huntting and David Mertz continue preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this fifth of eight tutorials, you learn how to use a Linux system as a networked file server using any of several protocols supported by Linux.

LPI exam 201 prep, Topic 211: System maintenance
In this tutorial, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this sixth of eight tutorials, you learn basic concepts of system logging, software packaging, and backup strategies.

LPI exam 201 prep, Topic 213: System customization and automation
In this tutorial, David Mertz and Brad Huntting continue preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. In this seventh of eight tutorials, you learn basic approaches to scripting and automating system events, including report and status generation, clean up, and general maintenance.

LPI exam 201 prep, Topic 214: Troubleshooting
In this tutorial, Brad Huntting and David Mertz continue preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 201. The last of eight tutorials, this tutorial focuses on what you can do when things go wrong. It builds on material already covered in more detail in earlier tutorials.

LPI Exam 202:
These 7 LPI 202 tutorials will assist you in in getting ready to pass the LPI exam 202. Exam 202 is the second of two LPI intermediate-level system administrator exams. Both exam 201 and exam 202 are required for intermediate-level certification, or LPIC-2.

LPI exam 202 prep, Topic 205: Networking configuration
In this tutorial, David Mertz begins preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 202. In this first of a series of seven tutorials on network administration on Linux, you learn to configure a basic TCP/IP network, from the hardware layer (usually Ethernet, modem, ISDN, or 802.11) through the routing of network addresses.

LPI exam 202 prep, Topic 206: Mail and news
In this tutorial, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 202. In this second of a series of seven tutorials on network administration on Linux, you learn how to use Linux as a mail server and as a news server. This tutorial covers mail transport, local mail filtering, and mailing list maintenance software. It also briefly discusses server software for the NNTP protocol.

LPI exam 202 prep, Topic 207: Domain Name System (DNS)
In this tutorial, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 202. In this third of a series of seven tutorials on network administration on Linux, you get an introduction to DNS and learn how to use Linux as a DNS server, chiefly using BIND 9. You learn how to set up and configure the service, how to create forward and reverse lookup zones, and how to ensure that the server is secure from attacks.

LPI exam 202 prep, Topic 208: Web services
In this tutorial, the fourth in a series of seven tutorials covering intermediate network administration on Linux, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 208. Here, David Mertz discusses how to configure and run the Apache HTTP server and the Squid proxy server.

LPI exam 202 prep, Topic 210: Network client management
In this tutorial, the fifth in a series of seven tutorials covering intermediate network administration on Linux, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 210. Here, David Mertz examine several protocols' centralized configuration of network settings on clients within a network. This tutorial also discusses PAM, which is a flexible, networked, user authentication system.

LPI exam 202 prep, Topic 212: System security
In this tutorial, the sixth of seven tutorials covering intermediate network administration on Linux, David Mertz continues preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 202. By necessity, this tutorial touches briefly on a wide array of Linux-related topics from a security-conscious network server perspective, including general issues of routing, firewalls, and NAT translation and the relevant tools. It addresses setting security policies for FTP and SSH; reviews general access control with tcpd, hosts.allow, and friends; and presents some basic security monitoring tools and shows where to find security resources.

LPI exam 202 prep, Topic 214: Network troubleshooting
In this tutorial, the last of a series of seven tutorials covering intermediate network administration on Linux, David Mertz finishes preparing you to take the Linux Professional Institute Intermediate Level Administration (LPIC-2) Exam 202. This tutorial revisits earlier tutorials in the series, focusing on how to use the basic tools you've already covered to fix networking problems. The tool review is divided into two categories: configuration tools and diagnostic tools.

LPI Exam 301:

LPI exam 301 prep, Topic 302: Installation and development
In this tutorial, Sean Walberg helps you prepare to take the Linux Professional Institute Senior Level Linux Professional (LPIC-3) exam. In this second in a series of six tutorials, Sean walks you through installing and configuring a Lightweight Directory Access Protocol (LDAP) server, and writing some Perl scripts to access the data. By the end of this tutorial, you'll know about LDAP server installation, configuration, and programming.

E-Book Library - Free Downloads

E-Book Library for Download Free is an eBook Library providing links to freely avaiable ebooks, in chm and pdf formats, covering many technical topics, including PHP, MySQL, Oracle, Java, J2me, JSP, ASP.NET, VB.NET, C programming, C++ programming, C# programming, .NET, Ajax, Networking, SQL Server, XML, and Windows.

EBook Categories:
- .Net
- AJAX
- C / C++ /C#
- Cisco
- IPod / IPhone
- Java
- Linux
- MySQL
- Network
- Operating Systems
- Oracle
- PhotoShop
- PHP
- Security
- SQL Server
- WebService
- Web Design
- Windows
- XML

How To Change network card from Half to Full duplex in Linux

Use following method to change a network card from Half to Full duplex.

This is performed with the mii-tool.

# mii-tool --force=100baseTx-HD eth1 (half duplex 100 base T)
# mii-tool --force=100baseTx-FD eth1 (Full duplex 100 base T)
# mii-tool --force=10baseT-FD eth1 (Full duplex 10 base T)
# mii-tool --force=10baseT-HD (Half duplex 10 base T)

I hope it helps :)

How TO install/Configure APF (Advanced Policy Firewall) Firewall

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the 'apf' command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.

Login to your server as root, then:
# Download -- http://www.r-fx.ca/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.sh

Edit conf.apf
# cd /etc/apf
# vi conf.apf

Common ingress (inbound) TCP IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,10000,35000_35999"

Common ingress (inbound) UDP
IG_UDP_CPORTS="20,21,53,1040"

Exit and save and then restart apf:
# service apf start

If APF is functioning fine, edit the conf.apf
# vi conf.apf

Set the DEVM parameter to 0DEVM="0"

Now you can Restart APF, and is done:
# service apf restart

Configure APF to start at boot
# chkconfig --add apf
# chkconfig --level 345 apf on

Summary of features:
- detailed and well commented configuration file
- granular inbound and outbound network filtering
- user id based outbound network filtering
- application based network filtering
- trust based rule files with an optional advanced syntax
- global trust system where rules can be downloaded from a central management server
- reactive address blocking (RAB), next generation in-line intrusion prevention
- debug mode provided for testing new features and configuration setups
- fast load feature that allows for 1000+ rules to load in under 1 second
- inbound and outbound network interfaces can be independently configured
- global tcp/udp port & icmp type filtering with multiple methods of executing filters (drop, reject, prohibit)
- configurable policies for each ip on the system with convenience variables to import settings
- packet flow rate limiting that prevents abuse on the most widely abused protocol, icmp
- prerouting and postrouting rules for optimal network performance
- dshield.org block list support to ban networks exhibiting suspicious activity
- spamhaus Don't Route Or Peer List support to ban known "hijacked zombie" IP blocks
- any number of additional interfaces may be configured as firewalled (untrusted) or trusted (not firewalled)
- additional firewalled interfaces can have there own unique firewall policies applied
- intelligent route verification to prevent embarrassing configuration errors
- advanced packet sanity checks to make sure traffic coming and going meets the strictest of standards
- filter attacks such as fragmented UDP, port zero floods, stuffed routing, arp poisoning and more
- configurable type of service options to dictate the priority of different types of network traffic
- intelligent default settings to meet every day server setups
- dynamic configuration of your servers local DNS revolvers into the firewall
- optional filtering of common p2p applications
- optional filtering of private & reserved IP address space
- optional implicit blocks of the ident service
- configurable connection tracking settings to scale the firewall to the size of your network
- configurable kernel hooks (ties) to harden the system further to syn-flood attacks & routing abuses
- advanced network control such as explicit congestion notification and overflow control
- special chains that are aware of the state of FTP DATA and SSH connections to prevent client side issues
- control over the rate of logged events, want only 30 filter events a minute? 300 a minute? - you are the boss
- logging subsystem that allows for logging data to user space programs or standard syslog files
- logging that details every rule added and a comprehensive set of error checks to prevent config errors
- if you are familiar with netfilter you can create your own rules in any of the policy files
- pluggable and ready advanced use of QoS algorithms provided by the Linux
- 3rd party add-on projects that compliment APF features

How To disable telnet service

Login as root to your server:

Edit /etc/xinetd.d/telnet
# vi /etc/xinetd.d/telnet

Search for: "disable = no"
Change it to: disable = yes

Save and Exit

Restart xinted
# /etc/rc.d/init.d/xinetd restart

How To convert flv to avi Using FFmpeg

Move to the path where you have your video files:
cd /path/where/is/the/video

Run ffmpeg command with -i for input and output.avi is the output file in avi or mpg:
# ffmpeg -i input.flv output.avi

What is FFmpeg?
"FFmpeg is a collection of software libraries that can record, convert and stream digital audio and video in numerous formats. It includes libavcodec, an audio/video codec library used by several other projects, and libavformat, an audio/video container mux and demux library."

HowTo to get the lists of installed package/software on Fedora/RedHat/CentoOS/OpenSuse

You can list the packages that are installed on a RedHat or CentOS or Fedora or OpenSuse system, running this commands:

# rpm -qa

You can also redirect the list of packages to a file by using this command

# rpm -qa > /root/list.txt

You should remove packages you dont use for security reasons.

Configure Apache with with mod_deflate

mod_deflate is included in the Apache 2.0.x source package, and compiling it in is a simple matter of adding it to the configure command.

./configure --enable-modules=all --enable-mods-shared=all --enable-deflate

When the server is made and installed, the GZIP-encoding of documents can be enabled in one of two ways: explicit exclusion of files by extension; or by explicit inclusion of files by MIME type. These methods are specified in the httpd.conf file.

Explicit Exclusion

SetOutputFilter DEFLATE
DeflateFilterNote ratio
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary

Explicit Inclusion

DeflateFilterNote ratio
AddOutputFilterByType DEFLATE text/*
AddOutputFilterByType DEFLATE application/ms*
application/vnd* application/postscript

Both methods enable the automatic GZIP-encoding of all MIME-types, except image and PDF files. Image files and PDF files are excluded as they are already in a highly compressed format. In fact, PDFs become unreadable by Adobe's Acrobat Reader if they are further compressed by mod_deflate or mod_gzip.

Starting Qmail through Xinetd

Here is the entry info for starting Qmail through Xinetd

service smtp
{
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = qmaild
server = /usr/sbin/tcpd
server_args = /var/qmail/bin/tcp-env -R /var/qmail/bin/qmail-smtpd
}

HowTo Forward the mail to many addresses using procmail

We just need to add more addresses to the action line:

:0
* ^Subject: This is urgent$ ! first@one.com second@two.net third@three.org

If you have a large list of recipients, you might prefer to store the addresses in an external file you can edit without mucking with your Procmail filters:

:0
* ^Subject: This is urgent$
! `cat addresses.txt`

Great Comment on Linux Vs Windows

Some days back I was reading an article on OpenSuse 10.2 review (Linux Vs Windows) and fortunately I came across a great comments on that article …..

read below …..

Shaking my head at you guys (gals?)! 8^)

I’ve been using linux on my main computer for 5+ years, and on my webservers for over 10. Actually started with SUSE desktop (well tried Caldera 2.1 waaay back when UGH!), then went to Fedora to get the “latest & greatest.” (They usually had bleeding edge software before other distros… Mozilla, etc.). I’ve had to purchase Windows due to my job. Picked up Vista, couldn’t upgrade from ME, so got the XP upgrade instead.

Tried Ubuntu on a friends puter, liked it so tried it on mine. All good except could not make on the motherboard nVidia Ge6100 work. Had read some reviews about SUSE, so d/led it. Setting up dual boot. Windows & Linux can read FAT32, so decided to set up my box like this. The 1st 200Gb drive as NTFS XP, 200Gb #2 as linux, 400Gb as FAT32 shared between the 2 for docs, pics, music and such.

Has anyone installed Windoze lately or just purchased pre-installed?
It took about 1 1/2 hours just to format 200Gb!!! So don’t get picky about 30 or 40 minutes to install a linux distro!
And it only formatted 128Gb, so had to use System Commander to stretch it out to the full 200Gb!

Rebooted into my newly installed XP.
NO SOUND
NO INTERNET
NO PRINTER
Call ISP. duh! I needed to install the drivers off the CD that came with my motherboard. I’ve been installing Linux for so long, I forgot about that crap.
Everything just works from linux install. (Except nVidia problem mentioned earlier).
Rounded up my driver CDs and got all that working.
Can anyone explain to me why after paying $100USD for Windoze upgrade it could not do something my FREE linux programs do like install drivers for motherboards and printers???

So now I have a great OS system installed on my box… NOT!
NO SOFTWARE!!!
Installed Office 2003, an old copy of CorelDraw I had, and some other webmaster programs, like ftp, ssh, 1stPage, etc. (You know, programs you get installed for free when using linux…)
Shelled out $40USD for Windows Live virus etc protector.
If I wasn’t dual booting, I’d still be looking around for buggy shareware to do simple things us Linux geeks just take for granted… (burn CDs, play games, make to do lists, bitTorrent, IM, etc.)

In all, it took me about 8 hours to get xp up and running close to the way I wanted.

Installed SUSE, complete with HUGE software stash, did complete update, changed a few things around like I wanted, and it only took me about 1 1/2 hours. That included formatting 3 times as much hard drive.

Oh yeah, I won’t go into trying to get FAT32 working on the large hard drive too much. Checked MS knowledge base. An older one said to go into device manager to format large hard drives. A newer article says, xp can’t do it, use your 95, 98 or ME install disk. HUH? Xp won’t see FAT32 formatted by System Commander, Linux, or DOS command line format. My conspiracy theory is that they knew Linux can read & write to it so they took it out of their OS. Shaking my head at Billie…

Get Hostname from IP address

To get the hostname from the IP address.
The simplest way is to use the “host” utility provided by Gnu/Linux. Just run…

poison:~ # host 64.233.187.99
99.187.233.64.in-addr.arpa domain name pointer jc-in-f99.google.com.
poison:~ #

This will query the name server and provide you with the hostname of the IP address.By default it will query the nameserver listed in the /etc/resolv.conf file.

Working with Archives

Working with tar Archives

To create an archive of a directory tree with tar, you can do something like this:

nikesh@poison:~/temp> tar -cf directory.tar directory/
nikesh@poison:~/temp> ls
directory directory.tar

The preceding command creates (c), verbosely (v), the file (f) directory.tar, which is a tar archive, by running tar on directory.

If you want to list the files in the archive:

nikesh@poison:~/temp> tar -tf directory.tar
directory/
directory/afile
directory/bfile

Here the option lists the contents of the file (f) directory.tar.

Using gzip Compression with tar

If you want to create a gzipped tar archive (the -z option implies compression, while the c means create):

nikesh@poison:~/temp> tar -zcf directory.tgz directory/
nikesh@poison:~/temp> ls
directory directory.tgz

The original is still there, unlike when we compressed a single file with gzip. (Note that .tgz and .tar.gz are used interchangeably for filenames of gzipped tar archives.)

To list the files in this case, use the following:

nikesh@poison:~/temp> tar -tzf directory.tgz
directory/
directory/afile
directory/bfile

Using bzip2 Compression with tar

If you want to use compression with bzip2 instead of gzip, the required option is -j rather than -z:

nikesh@poison:~/temp> tar -jcf directory.tar.bz2 directory/
nikesh@poison:~/temp> ls
directory directory.tar.bz2

nikesh@poison:~/temp> tar -jtf directory.tar.bz2
directory/
directory/afile
directory/bfile

Unpacking tar Archives

To unpack a tar archive, you need to use the -x option (for extract):

nikesh@poison:~/temp> tar -xvf directory.tar
or
nikesh@poison:~/temp> tar -zxvf directory.tgz
or
nikesh@poison:~/temp> tar -jxvf directory.tar.bz2

Here the options have the following meanings:
The -x option to tar means extract.
The z option implies that you are uncompressing a tar archive where gzip compression has been used.
The joption is needed if you are extracting an archive where bzip2 compression has been used.

Working with zip Archives

The common zip archive format (associated with the DOS and Windows programs PKZIP and WinZip among others) is supported on Linux. To unzip a zip archive, simply do the following:

nikesh@poison:~/temp> unzip zipfile.zip

To create a zip archive of the current directory:

nikesh@poison:~/temp> zip -r ~/newzip.zip .

This will recursively zip up the current directory and create the zip file newzip.zip in you’re your home directory (~).
The program zipinfo will give a listing and information about compression ratios:

nikesh@poison:~/temp> zipinfo zipfile.zip

How to find - Size of a directory & Free disk space

‘du’ - Finding the size of a directory

$ du
Typing the above at the prompt gives you a list of directories that exist in the current directory along with their sizes. The last line of the output gives you the total size of the current directory including its subdirectories. The size given includes the sizes of the files and the directories that exist in the current directory as well as all of its subdirectories. Note that by default the sizes given are in kilobytes.

$ du /home/nikesh
The above command would give you the directory size of the directory /home/nikesh

$ du -h
This command gives you a better output than the default one. The option ‘-h’ stands for human readable format. So the sizes of the files / directories are this time suffixed with a ‘k’ if its kilobytes and ‘M’ if its Megabytes and ‘G’ if its Gigabytes.

$ du -ah
This command would display in its output, not only the directories but also all the files that are present in the current directory. Note that ‘du’ always counts all files and directories while giving the final size in the last line. But the ‘-a’ displays the filenames along with the directory names in the output. ‘-h’ is once again human readable format.

$ du -c
This gives you a grand total as the last line of the output. So if your directory occupies 30MB the last 2 lines of the output would be

30M .
30M total

The first line would be the default last line of the ‘du’ output indicating the total size of the directory and another line displaying the same size, followed by the string ‘total‘. This is helpful in case you this command along with the grep command to only display the final total size of a directory as shown below.

$ du -ch | grep total
This would have only one line in its output that displays the total size of the current directory including all the subdirectories.

$ du -s
This displays a summary of the directory size. It is the simplest way to know the total size of the current directory.

$ du -S
This would display the size of the current directory excluding the size of the subdirectories that exist within that directory. So it basically shows you the total size of all the files that exist in the current directory.

$ du –exculde=mp3
The above command would display the size of the current directory along with all its subdirectories, but it would exclude all the files having the given pattern present in their filenames. Thus in the above case if there happens to be any mp3 files within the current directory or any of its subdirectories, their size would not be included while calculating the total directory size.

-
‘df’ - finding the disk free space / disk usage

$ df
Typing the above, outputs a table consisting of 6 columns. All the columns are very easy to understand. Remember that the ‘Size’, ‘Used’ and ‘Avail’ columns use kilobytes as the unit. The ‘Use%’ column shows the usage as a percentage which is also very useful.

$ df -h
Displays the same output as the previous command but the ‘-h’ indicates human readable format. Hence instead of kilobytes as the unit the output would have ‘M’ for Megabytes and ‘G’ for Gigabytes.

HowTo Allow windows updates through squid

Add the following to your squid.conf, It 'MUST' be added near the top before any ACL that require authentication.

acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com

http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet

The above config is also useful for other automatic update sites such as Anti-Virus vendors, just add their domains to the acl.

How To Disable a User Account in Linux

Linux systems use /etc/shadow to store the encrypted user passwords. The quickest way to disable a user is to alter is password stored in /etc/shadow. Normally an active user account will have one line in /etc/shadow that will look like:

user:$1$eFd7EIOg$EeCk6XgKktWSUgi2pGUpk.:13852:0:99999:7:::

where the second field is the encrypted password.

If we replace the password with “*” or “!” this will make the account unusable, and it will mean that no login is permitted for the user: user:*:13852:0:99999:7:::

This method has the disadvantage that the user password will be lost (unless saved somewhere, etc.) in the case we will want to re-enable it again later. From this point of view a much better method is to use the passwd command to lock the account: passwd -l

and the output of the successful change will be “Password changed.”. This actually just changes the shadow file and adds “!” in front of the user password:

user:!$1$eFd7EIOg$EeCk6XgKktWSUgi2pGUpk.:13852:0:99999:7:::

Of course we could do this manually ourselves also if we want ;-).

If you will ever need to re-enable the account just unlock it: passwd -u
or just remove manually the “!” character from the user’s password line in /etc/shadow.

Database explorer and query tool

CrunchyFrog is a database explorer and query tool for GNOME.

Currently PostgreSQL, MySQL, Oracle, SQLite3 databases and LDAP servers are supported for browsing and querying. More databases can be added using the plugin system.

This application requires GTK+ version 2.12.x. Other dependencies include:
For a (almost) complete list of dependencies see http://code.google.com/p/crunchyfrog/wiki/Requirements

Download : here

How To increase the MAX file upload size in PHP

There is a variable in your php.ini file (Location of this file may differ for different distribution but is mainly located in /etc directory or in /etc/php directory, try to find this file)

Open this php.ini file in any text editor and locate the section "File Uploads", now in this section, first, you need to enable the upload of file by modifying the variable "file_uploads = On" and next you can increase the upload limit to any value that you may required by modifying the value of "upload_max_filesize = 20M".

As you can see here in my case I have made the limit to 20MB, you can put your any required value here and restart the apache server to take the effect.

HTML to PS/PDF converter

htmldoc is a powerful simple-to-use tool which converts HTML to Postscript, PDF, or indexed HTML output. It provides a graphical user interface for manual document conversion -- useful for tasks such producing printed manuals from web pages -- but it can also be used as a filter.

Installing from the command line (Fedora): yum install htmldoc
Installing using the graphical installer: Applications > Office/Productivity > htmldoc
Menu location after installation: Office > HTMLDOC
Command: /usr/bin/htmldoc
website: http://www.htmldoc.org/

Using GPG

1. Key Generation

gpg # Initialize GPG for this user (e.g. create ~/.gnupg). Only have to run once.
gpg --gen-key # Start key generation process. Follow prompts.

2. Viewing Keys

gpg --list-keys # View public keys
gpg --list-secret-keys # View private keys

3. Exporting Public Keys

gpg --export # Exports key in binary format
gpg --export --armor # Export in a usable, ASCII format

4. Importing Public Keys

gpg --import /path/to/public/key/file

5. Encrypting a Message

gpg --encrypt --armor --recipient message_file

6. Decrypting a Message

gpg encrypted_message_file

You will be prompted for the filename to use for the output of the decryption process.

7. Encrypting with a Symmetric Key

gpg --symmetric --armor message_file

8. Signing and Encrypting a Message

gpg --sign --encrypt --armor --recipient message_file

9. Creating a Detached Signature

gpg --detach-sign --armor message_file # Sender
gpg --verify message_file.asc message_file # Recipient

10. Signing Another's Public Key

Alice is going to sign Bob's key.

# First, user A must do:
gpg --sign-key user_B
gpg --export --armor user_B > B.key

# Then, user_b must do:
gpg --import B.key

Execute more than one commands

Executing the second command only if the first is successful

To do this you would type: command1 && command2

command2 will be executed if command1 successfully completes (if command1 fails command2 won't be run). This is called a logical AND.

Executing the second command only if the first fails

To do this you would type: command1 || command2

command2 will be executed if command1 does not successfully completes (if command1 is successful command2 won't be run). This is called a logical OR.

Executing commands sequentially

To execute command sequentially regardless of the success/failure of the previous you simply type: command1; command2

command2 will execute once command1 has completed.

Linux Runlevel Descriptions

Runlevel	Runlevel Description
Runlevel 0	The halt runlevel - this is the runlevel at which the system shuts down. For obvious reasons it is unlikely you would want this as your default runlevel.
Runlevel 1	Single runlevel. This causes the system to start up in a single user mode under which only the root user can log in. In this mode the system does not start any networking or X windowing, X or multi-user services. This run level is ideal for system admins to perform system maintenance or repair activities.
Runlevel 2	Boots the system into a multi-user mode with text based console login capability. This runlevel does not, however, start the network.
Runlevel 3	Similar to runlevel 2 except that networking services are started. This is the most common runlevel for server based systems that do not require any kind of graphical desktop environment.
Runlevel 4	Undefined runlevel. This runlevel can be configured to provide a custom boot state.
Runlevel 5	Boots the system into a networked, multi-user state with X Window System capability. By default the graphical desktop environment will start at the end of the boot process. This is the most common run level for desktops or workstation use.
Runlevel 6	Reboots the system. Another runlevel that you are unlikely to want as your default.

Working with Linux Services

There are number of ways to control what services get started using both command line and graphical tools without having to going into the depths of your Linux system.

The command line tool chkconfig (usually located in /sbin) can be used to list and configure which services get started at boot time. To list all service settings run the following command:

/sbin/chkconfig --list

This will display a long list of services showing whether or not they are started up at various runlevels. You may want to narrow the search down using Linux grep command. For example to list the entry for the HTTP daemon you would do the following:

/sbin/chkconfig --list | grep httpd

which should result in something like:

httpd 0:off 1:off 2:off 3:on 4:off 5:off 6:off

Alternatively you may just be interested to know what gets started for runlevel 3:

/sbin/chkconfig --list | grep '3:on'

chkconfig can also be used to change the settings. If we wanted the HTTP service to start up when we at runlevel 5 we would issue the following command:

/sbin/chkconfig --level 5 httpd on

A number of graphical tools are also available for administering services. On RedHat you can run the following command:

redhat-config-services

The equivalent command on Fedora Core is:

system-config-services

The above graphical tools allow you to view which services will start for each runlevel, add or remove services for each runlevel and also manually start or stop services.

Comparing Three Files by using diff3

The diff3 command compares three files and outputs descriptions of their differences. Its arguments are as follows:

diff3 options... mine older yours

The files to compare are mine, older, and yours. At most one of these three file names may be -, which tells diff3 to read the standard input for that file.

An exit status of 0 means diff3 was successful, 1 means some conflicts were found, and 2 means trouble.

read the man pages for detail options

How To Find Mac Address In Linux

You can think of a Mac address as a serial number for your network card. It is a unique six two-digits hexadecimal numbers separated by colons. It is used for routing traffic on a network.

In this example I will show you how to find your mac address in Ubuntu. This command should work any any terminal. Some distributions of linux you may need to be logged in as SU to see this information.

Open a terminal window and execute the command : ifconfig

Automate Wallpapers directly from Flickr and Webshots to your Linux desktop

Webilder delivers stunning wallpapers to your Linux desktop, directly from Flickr and Webshots. You choose what keywords (tags) to watch for, and photos are automatically downloaded to your computer. Webilder can also change the wallpaper every few minutes.

It also include:

A simple photo collection browser, that will let you view the images in fullscreen, or set them as a wallpaper. Browser integration for webshots - downloaded images are automatically added to your collection. Command-line photo downloader.

Download Webilder: here

CrossFTP - synchronization tool and FTP/FXP/FTPS/SFTP/WebDav(s) client

CrossFTP is an excellent FTP client. CrossFTP Pro is a synchronization tool and FTP/FXP/FTPS/SFTP/WebDav(s) client.

CrossFTP is an excellent FTP client for reliable transfers. CrossFTP uses a familiar, Explorer-like interface that even the most novice user can master in minutes. It offers features such as Web starting, international encoding support, archive browsing, site password encryption, drag-and-drop, filtering, Web searching, image quick viewer, auto-reconnecting and anti-idle, and sound triggers, etc.

CrossFTP Pro is a turbo synchronization tool and FTP/FXP/FTPS/SFTP/WebDav(s) client. It provides value-added features like secure and multi-thread transports, remote file editing, speed limitation, synchronization, etc.

This application requires GTK+ version 1.2.x. and Sun Java 1.4+

Download CrossFTP : Here

Edit grub.conf file with QGRUBEditor

Anyone who runs more than one operating system has had to deal with GNU GRUB (the GRand Unified Bootloader). Grub is the tool that allows you to pick which operating system to book when you turn your computer on. But you can do a ton more than that by configuring it and derailing from the standard configuration. Unfortunately, until recently users were forced to open up cryptic config files in text editors and try and figure out what to do based on the comments (or, more diligently, by reading man pages). Now, users can use QGRUBEditor.

How security Certificates works?

Certificate security provides a mechanism for achieving encrypted communications over unsecured networks and is built upon the Public Key Infrastructure (PKI). Certificates use asymmetrical cryptography whereby different keys are used for the encryption and decryption process.

Under public key encryption two keys are required, a public key and a private key. A client contacts a Certificate Authority (CA) to obtain both of these keys. The public key is then provided to anyone who needs to send encrypted data to the client. The sender uses the this public key to encrypt the data and send it to the original client. On receipt, the client decrypts the message using the private key (which is the only key which can be used to decrypt the message since this is asymmetrical encryption.

So far we have looked at certificates in terms of encrypting data between parties where the public key is used to encrypt a message to a client and the client's private key is used to decrypt the message. When using certificates as a means of authentication this process is reversed. In such a situation the client encrypts its signature using its private key and sends it to the receiving system. If the sending client is who it claims to be the receiving system should be able to decrypt the signature using the client's public key. If the decryption using the public key fails, the sender is not who they claim to be and the authentication has failed.

Blog Archive