linux poison RSS
linux poison Email
0

Commands related to Process control

Here "PID" is refer to the process ID, that you can get from command "ps -aux"


fg PID
Bring a background or stopped process to the foreground.

bg PID
Send the process to the background. Opposite to fg. The same can be accomplished with z. If you have stopped jobs, you have to type exit twice in row to log out.

any_command&
Run any command in the background (the symbol "&" means "run the proceeding command in the background").

batch any_command
Run any command (usually one that is going to take more time) when the system load is low. I can logout, and the process will keep running.

at 17:00
Execute a command at a specified time. You will be prompted for the command(s) to run, until you press d.

kill PID
Force a process shutdown. First determine the PID of the process to kill using ps.

killall program_name
Kill program(s) by name.

lpc
(as root) Check and control the printer(s). Type "?" to see the list of available commands.

lpq
Show the content of the printer queue. Under KDE (X-Windows), you may use GUI-based "Printer Queue" available from "K"menu-Utilities.

lprm job_number
Remove a printing job "job_number" from the queue.

nice program_name
Run program_name adjusting its priority. Since the priority is not specified in this example, it will be adjusted by 10 (the process will run slower), from the default value (usually 0). The lower the number (of "niceness" to other users on the system), the higher the priority. The priority value may be in the range -20 to 19. Only root may specify negative values. Use "top" to display the priorities of the running processes.

renice -1 PID
(as root) Change the priority of a running process to -1. Normal users can only adjust processes they own, and only up from the current value (make them run slower).

c, z, s, and q also belong to this chapter but they were described previously. In short they mean: stop the current command, send the current command to the background, stop the data transfer, resume the data transfer.
Read more
0

GUI for creating Firewall rules - Firestarter

Firestarter is an open source firewall for Linux with an easy-to-use graphical user interface. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.

It also enables Internet sharing and allows you to define both inbound and outbound access policy with the option to whitelist or blacklist traffic. You can easily watch the active internet connections including the traffic routed through the firewall.

Firestarter features
    * Open Source software, available free of charge
    * User friendly, easy to use, graphical interface
    * A wizard walks you through setting up your firewall on your first time
    * Suitable for use on desktops, servers and gateways
    * Real-time firewall event monitor shows intrusion attempts as they happen
    * Enables Internet connection sharing, optionally with DHCP service for the clients
    * Allows you to define both inbound and outbound access policy
    * Open or stealth ports, shaping your firewalling with just a few mouse clicks
    * Enable port forwarding for your local network in just seconds
    * Option to whitelist or blacklist traffic
    * Real time firewall events view
    * View active network connections, including any traffic routed through the firewall
    * Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
    * Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
    * Support for tuning ToS parameters to improve services for connected client computers
    * Ability to hook up user defined scripts or rulesets before or after firewall activation
    * Supports Linux Kernels 2.4 and 2.6
    * Translations available for many languages (38 languages as of November 2004)

Installation on Fedora Core, Red Hat Linux, SuSE or Mandrake
Firestarter is conveniently available in RPM package format for RPM enabled Linux distributions like, Fedora Core, SuSE and Mandrake.

Once you have downloaded the Firestarter RPM specific to your distribution, open a terminal and change to the directory where you downloaded the RPM to. Type the following commands as shown in bold to install the package:

# rpm -Uvh firestarter*rpm

Installation on Ubuntu
Installing is very easy. Simply open your Terminal window, and type:

sudo apt-get install firestarter

Compiling and installing from source
Start by downloading the tar.gz version of Firestarter. Unpack the tarball and move into the newly created directory:

# tar -zxvf firestarter*tar.gz
# cd firestarter
# ./configure --sysconfdir=/etc
# make
# make install
Read more
0

Themes for Ubuntu Linux

Murrina Triomphe

Ubuntu Theme Murrina Triomphe
Download

Hardy Theme 2.0

Ubuntu Theme Hardy
Download

Bamboo Zen

Ubuntu Theme Bamboo Zen
Download

Lux Theme

Ubuntu Theme Lux
Download

Burnt Orange Ice

Ubuntu Theme Burnt Orange Ice
Download

Creamy

Ubuntu Theme Creamy
Download

Glow

Ubuntu Theme Glow
Download

The rest of the list: SizzledCore 
Read more
16

Useful Commands in Ubuntu

A comprehensive list of commands needed when using Ubuntu:

Command privileges.

    sudo command - run command as root
    sudo su – root shell open
    sudo su user – open shell as a user
    sudo -k – forget your password sudo
    gksudo command – sudo visual dialog (GNOME)
    kdesudo command – sudo visual dialog (KDE)
    sudo visudo – edit / etc / sudoers
    gksudo nautilus – root file manager (GNOME)
    kdesudo konqueror – root file manager (KDE)
    passwd – change your password

Command Network


    ifconfig – displays information network
    iwconfig – displays information from wireless
    sudo iwlist scan – scan wireless networks
    sudo /etc/init.d/networking restart – reset the network
    (file) /etc/network/interfaces – manual configuration
    ifup interface – bring online interface
    ifdown interface – disable interface

Commands Display

    sudo /etc/init.d/gdm restart – reset X (Gnome)
    sudo /etc/init.d/kdm restart – reset X (KDE)
    (file) /etc/X11/xorg.conf – show Configuration
    sudo dpkg-reconfigure - reconfigure xserver-xorg-phigh - reset configuration X
    Ctrl+Alt+Bksp – X display reset if frozen
    Ctrl+Alt+FN – switch to tty N
    Ctrl+Alt+F7 – switch back to X display

Commands Service System.

    start service – service to start work (Upstart)
    stop service – service to stop working (Upstart)
    status service – check if service is running (Upstart)
    /etc/init.d/service start – start service (SysV)
    /etc/init.d/service stop – stop service (SysV)
    /etc/init.d/service status – check service (SysV)
    /etc/init.d/service restart – reset service (SysV)
    runlevel – get current runlevel

Commands for Firewall.

    ufw enable – turn on the firewall
    ufw disable – turn off the firewall
    ufw default allow – allow all connections by default
    ufw default deny – drop all connections by default
    ufw status – current rules and
    ufw allow port – to allow traffic on port
    ufw deny port – port block
    ufw deny from ip – ip block

Command System.


    lsb_release -a – get the version of Ubuntu
    uname -r – get kernel version
    uname -a – get all the information kernel

Commands for Package Manager.


    apt-get update – refresh updates available
    apt-get upgrade – update all packages
    apt-get dist-upgrade – version update
    apt-get install pkg – installing pkg
    apt-get remove pkg – uninstall pkg
    apt-get autoremove – removing packages obsotletos
    apt-get -f install – try to fix packages
    dpkg –configure -a – try to fix a broken package
    dpkg -i pkg.deb – install file pkg.deb
    (file) /etc/apt/sources.list – list of repositories APT

Special Packages For commands.

    ubuntu-desktop – Setting the standard Ubuntu
    kubuntu-desktop – KDE Desktop
    xubuntu-desktop – desktop XFCE
    ubuntu-minimal – core earnings Ubuntu
    ubuntu-standard – the standard utilities Ubuntu
    ubuntu-restricted-extras – not free, but useful
    kubuntu-restricted-extras – ditto KDE
    xubuntu-restricted-extras – ditto XFCE
    build-essential – packages used to compile
    linux-image-generic – latest generic kernel image
    linux-headers-generic – latest headlines

Applications commands.

    nautilus – File Manager (GNOME)
    dolphin – File Manager (KDE)
    konqueror – Web browser (KDE)
    kate – text editor (KDE)
    gedit – text editor (GNOME)
Read more
0

Quick Guide to compress / decompress files

tar (tar)
tar Packaging
tar cvf archive.tar / archive / May / *
Unpack
tar xvf archive.tar
See the content (not extract)
tar tvf archive.tar
tar.gz -. tar.Z -. tgz (tar with gzip)
Pack and compress
tar czvf archive.tar.gz tar / archive / May / *
Unpack and decompress
tar xzvf archive.tar.gz
See the content (not extract)
tar tzvf archive.tar.gz
gz (gzip)
Compress
gzip file-q
(The file compresses it and rename it as "archive.gz")
Unzip
gzip-d archive.gz
 (The file unzip it and leave it as a "file")
Note: gzip only compresses files, not directories
bz2 (bzip2)
Compress
bzip2 file
bunzip2 file
(The file compresses it and rename it as "archive.bz2")
Unzip
bzip2-d archive.bz2
bunzip2 archive.bz2
(The file unzip it and leave it as a "file")
Note: only bzip2 compressed files, not directories
tar.bz2 (tar with bzip2)
Compress
tar-c files | bzip2> archive.tar.bz2
Unzip
bzip2-dc archive.tar.bz2 | tar-xv
tar jvxf archive.tar.bz2 (recent versions of tar)
View content
bzip2-dc archive.tar.bz2 | tar-tv
zip (zip)
Compress
zip archive.zip / May / files
Unzip
unzip archive.zip
View content
unzip-v archive.zip 
rar (rar)
Compress
rar-a archive.rar / May / files
Unzip
rar-x archive.rar
View content
rar-v archive.rar
rar-l archive.rar
Read more
1

LXDE, A stable and lightweight desktop environment.

LXDE is the abbreviation for Lightweight X11 Desktop Environment. LX also stands for LinuX. You will find it different from other desktop environments, due to its discrete components, which can be used independently and with few dependencies.


The LXDE project aims to provide a desktop environment which is intuitive, lightweight and useful, while also keeping system resource demands low. Development focuses on a balance of usability, speed, and memory usage.

LXDE has number of advantages and excellent features:
    * Lightweight, runs with reasonable memory usage (After X11 and LXDE are started, the total memory usage is about 45 MB on i386 machines.)
    * Fast, runs well even on older machines produced in 1999 (The hardware requirements of LXDE is similiar to Windows 98)
    * Good-looking, gtk+ 2 internationalized user interface
    * Easy-to-use, the user interface is simple, intuitive and functional.
    * Desktop independent (Yes! Every component can be used without LXDE)
    * Standards compliant, follows the specs on freedesktop.org
    * Suitable for old machines ( Though LXDE itself has low hardware requirements, other X applications have higher resource demands. For example, Firefox and OpenOffice.org 2 are quite memory-hungry. It is therefore recommended that you have more than 128 MB RAM.)

Components:
    * PCManFM: File manager, provides desktop icon
    * LXPanel: Feature-rich desktop panel
    * LXSession: Standard-compliant X11 session manager with shutdown/reboot/suspend supports via HAL and gdm
    * LXAppearance: LXAppearance is a new feature-rich GTK+ theme switcher able to change GTK+ themes, icon themes, and fonts used by applications
    * Openbox: Lightweight, standard-compliant, and highly-configurable window manager (This is not developed by LXDE Project, but it's used as default window manager). This can be replaced by any other window manager like icewm, fluxbox, metacity, ...etc.
    * GPicView: A very simple, fast, and lightweight image viewer featuring immediate startup.
    * Leafpad: Lightweight and simple text editor(This is not developed by us, but we suggest using this as default text editor).
    * XArchiver: Lightweight, fast, and desktop-independent gtk+-based file archiver (This is not developed by LXDE Project, but you are suggested to use this as default archiver).
    * LXNM (still under development): Lightweight network manager for LXDE supporting wireless connections (Linux-only)

Installation:
OpenSuSe 11.1
Use "1 click" installer to install LXDE: here

OpenSuSe 11.0
Swyear from Taiwan provides a SuSE repository with LXDE packages in it.

    * http://download.opensuse.org/repositories/home:/swyear/

Installation via zypper is available for Open SuSE 11.0.

# zypper ar http://download.opensuse.org/repositories/home:/swyear/openSUSE_11.0/ swyear
# zypper in lxde-desktop


Fedora 9
Install LXDE with

# yum install lxde-common

This will install the LXDE core components: lxde-common, lxpanel, lxsession, pcmanfm and openbox. You might also want to install additional applications:

# yum install gpicview leafpad lxappearance lxtask lxterminal xarchiver
Read more
0

Convert Gmail account into Web based file server

PhpGmailDrive (PGD) turns your Gmail account into a Web based file server. You may add more than one Gmail account, arrange attachments in multiple folders, and apply themes to the interface. It can be embedded into any HTML page.

PhpGmailDrive is a new type of file sharing utility. Unlike typical file servers (say xDrive) it uses Gmail as backend file server. You can enjoy it simply by hosting a small PHP script in your web site without any database.
Gmail file space is more than 2GB, so you can imagine you already have such a big space on internet. However, you will require a Gmail account (If you don't have any Gmail address, go GmailSwap or ask your friends.).

PGD automatically connects Gmail server and fetches list of all attached files and generate downloadable links in a tree like view. If you are looking for a file server to upload your music or notes without any hassle, PGD is ideal for you. Technically speaking PGD is wrapper of Gmailer .
Thought there is no need to know hecks of PHP or Gmailer. Just you have to check that your PHP hosting service provider has curl extension of PHP to handle HTTP/HTTPS traffic.

Here are some key features of "Php Gmail Drive":
* Successfully connects to Gmail and only grabs list of Attachments in Gmail messages.
* List of attachments are displayed with inbuilt Javascript engine. You can customize output to any other formats.
* 100% compliant to GMAILFS. So you can upload with Windows Gmail Shell extension or Linux GmailFS utilities..
* Supports Multiple Gmail accounts in the same script .
* Supports all browsers.
* Total size is less than 100 KB.

Requirements:
* GMailer should works well with PHP >= 4.
* Also it requires the curl extension.
* Because GMailer ALWAYS connects to GMail via SSL, you may need OpenSSL for curl to talk SSL.
Read more
6

Tools for creating TCP/IP packets

hping (http://www.hping.org/)

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features

Features include:
    * Firewall testing
    * Advanced port scanning
    * Network testing, using different protocols, TOS, fragmentation
    * Manual path MTU discovery
    * Advanced traceroute, under all the supported protocols
    * Remote OS fingerprinting
    * Remote uptime guessing
    * TCP/IP stacks auditing
    * hping can also be useful to students that are learning TCP/IP

Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.

Nemesis (http://nemesis.sourceforge.net/)

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Features include:
    * ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP protocol support
    * Layer 2 or Layer 3 injection
    * Packet payload from file
    * IP and TCP options from file

Scapy (http://www.secdev.org/projects/scapy/)

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.

It can handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Features include:
    * Port Scanning
          o SYN Scan
          o Other TCP Scans
          o UDP Scans
          o IP Scan
    * Host Discovery
          o ARP Ping
          o ICMP Ping
          o TCP Ping
          o UDP Ping
    * OS Fingerprinting
          o ISN
          o nmap_fp
          o p0f
          o queso
    * Sniffer - includes powerful facilities for traffic capture and analysis
    * Wireless - can not only sniff and decode packets but also inject arbitrary packets
    * Traceroute - standard ICMP Traceroute can be emulated
    * Firewall/IDS Testing
          o TCP Timestamp Filtering
          o NAT Detection
          o Firewalking

Yersinia (http://www.yersinia.net)

Yersinia is a framework for performing layer 2 attacks.

It is designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Features include:
    * Attacks for the following network protocols are supported
          o  Spanning Tree Protocol (STP)
          o Cisco Discovery Protocol (CDP)
          o Dynamic Trunking Protocol (DTP)
          o Dynamic Host Configuration Protocol (DHCP)
          o Hot Standby Router Protocol (HSRP)
          o 802.1q
          o 802.1x
          o Inter-Switch Link Protocol (ISL)
          o VLAN Trunking Protocol (VTP)

SendIP (http://www.earth.li/projectpurple/progs/sendip.html)

SendIP is a command-line tool to send arbitrary IP packets. It has a large number of options to specify the content of every header of a RIP, RIPng, BGP, TCP, UDP, ICMP, or raw IPv4/IPv6 packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.

packETH (http://packeth.sourceforge.net/)

packETH is a Linux GUI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet.

Features:
 * you can create and send any ethernet packet. Supported protocols:
      o ethernet II, ethernet 802.3, 802.1q, QinQ
      o ARP, IPv4, user defined network layer payload
      o UDP, TCP, ICMP, IGMP, user defined transport layer payload
      o RTP (payload with options to send sin wave of any frequency for G.711)
 * sending sequence of packets
      o delay between packets, number of packets to send
      o sending with max speed, approaching the teoretical boundary
      o change parameters while sending (change IP & mac address, UDP payload, 2 user defined bytes, etc.)
  * saving configuration to a file and load from it - pcap format supported

Mausezahn (http://www.perihel.at/sec/mz/)

Mausezahn is a fast traffic generator which allows you to send nearly every possible and impossible packet. Mausezahn can be used, for example, as a traffic generator to stress multicast networks, for penetration testing of firewalls and IDS, for simulating DoS attacks on networks, to find bugs in network software or appliances, for reconnaissance attacks using ping sweeps and port scans, or to test network behavior under strange circumstances. Mausezahn gives you full control over the network interface card and allows you to send any byte stream you want (even violating Ethernet rules).

Mausezahn can be used for example:
    * As traffic generator (e. g. to stress multicast networks)
    * To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
    * As didactical tool during a datacom lecture or for lab exercises
    * For penetration testing of firewalls and IDS
    * For DoS attacks on networks (for audit purposes of course)
    * To find bugs in network software or appliances
    * For reconnaissance attacks using ping sweeps and port scans
    * To test network behaviour under strange circumstances (stress test, malformed packets, ...)

...and more. Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. 
Read more
0

LDAP Client Authentication

  1. This file "/etc/ldap.conf" is the 1st file that has to be modified as this is the file that tells the system which ldap server to authenticate too.

    host yourdomain.com
    base dc=yourdomain,dc=com
    uri ldap://yourdomain.com/
    ldap_version 3
    rootbinddn cn=Manager,dc=yourdomain,dc=com
    scope sub
    timelimit 5
    bind_timelimit 5
    nss_reconnect_tries 2
    pam_login_attribute uid
    pam_member_attribute gid
    pam_password md5
    pam_password exop
    nss_base_passwd  ou=People,dc=yourdomain,dc=com
    nss_base_shadow  ou=People,dc=yourdomain,dc=com
    
    
    
  2. Now we have to add the passwd in this file "/etc/ldap.secret" so that we can authenticate to the ldap server

    password
  3. Now we have to modify this file "/etc/nsswitch.conf"

    passwd:         files ldap
    group:          files ldap
    hosts:          dns ldap
    services:   ldap [NOTFOUND=return] files
    networks:   ldap [NOTFOUND=return] files
    protocols:  ldap [NOTFOUND=return] files
    rpc:        ldap [NOTFOUND=return] files
    ethers:     ldap [NOTFOUND=return] files
    netmasks:   files
    bootparams: files
    publickey:  files
    automount:  files
    sendmailvars:   files
    netgroup:   ldap [NOTFOUND=return] files
    
    
    
  4. Now it is time to modify the files in /etc/pam.d/ directory.
    First file to be modified is "/etc/pam.d/login"


    auth
    sufficient pam_ldap.so
    account sufficient pam_ldap.so
    password sufficient pam_ldap.so
    session sufficient pam_ldap.so
    auth            requisite       pam_securetty.so
    auth            requisite       pam_nologin.so
    auth            sufficient      pam_ldap.so
    auth            required        pam_unix.so use_first_pass
    auth            required        pam_tally.so onerr=succeed file=/var/log/faillog
    account         required        pam_access.so
    account         required        pam_time.so
    account         required        pam_unix.so
    account         sufficient      pam_ldap.so
    password        sufficient      pam_ldap.so
    session         required        pam_mkhomedir.so skel=/etc/skel/ umask=0022
    session         required        pam_unix.so
    session         required        pam_env.so
    session         required        pam_motd.so
    session         required        pam_limits.so
    session         optional        pam_mail.so dir=/var/spool/mail standard
    session         sufficient      pam_ldap.so
    session         optional        pam_lastlog.so
    
    
    
  5. Now we modify "/etc/pam.d/shadow"

    auth sufficient pam_ldap.so
    account sufficient pam_ldap.so
    password sufficient pam_ldap.so
    session sufficient pam_ldap.so
    auth            sufficient      pam_rootok.so
    auth            required        pam_unix.so
    auth            sufficient      pam_ldap.so use_first_pass
    account         required        pam_unix.so
    account         sufficient      pam_ldap.so
    session         required        pam_unix.so
    session         sufficient      pam_ldap.so
    password        sufficient      pam_ldap.so
    password        required        pam_permit.so
    


  6. Now we modify "/etc/pam.d/passwd"

    password sufficient pam_ldap.so
    password        sufficient      pam_ldap.so
    password        required        pam_unix.so shadow nullok
    


  7. Now we modify "/etc/pam.d/su"

    auth sufficient pam_ldap.so
    account sufficient pam_ldap.so
    session sufficient pam_ldap.so
    auth            sufficient      pam_ldap.so
    auth            sufficient      pam_rootok.so
    auth            required        pam_unix.so use_first_pass
    account         sufficient      pam_ldap.so
    account         required        pam_unix.so
    session         sufficient      pam_ldap.so
    session         required        pam_unix.so
    


  8. Now we modify "/etc/pam.d/sudo"

    auth sufficient pam_ldap.so
    auth            sufficient      pam_ldap.so
    auth            required        pam_unix.so use_first_pass
    auth            required        pam_nologin.so
    
    
    
  9. In this file "/etc/pam.d/sshd" you have to add 3 entries, one for auth, one for account, and one for session.
    auth sufficient pam_ldap.so
    account sufficient pam_ldap.so
    password required pam_ldap.so


    auth            required        pam_nologin.so
    auth            sufficient      pam_ldap.so
    auth            required        pam_env.so
    auth            required        pam_unix.so use_first_pass
    account         sufficient      pam_ldap.so
    account         required        pam_unix.so
    account         required        pam_time.so
    password        required        pam_ldap.so
    password        required        pam_unix.so
    session         required        pam_mkhomedir.so skel=/etc/skel/ umask=0022
    session         required        pam_unix_session.so
    session         sufficient      pam_ldap.so
    session         required        pam_limits.so
    
Read more
0

How to use cron scheduler

Every user as well as administrator of the linux system very often needs to execute some programs on regular basis. For example administrator needs to monitor a disk usage of a system. In this case cron scheduler is very handy tool to achieve this. For example if root needs to execute /usr/local/sbin/backup.sh script every Sunday at 2:36AM he would edit his crontab file as shown on the figure below:

# crontab -e

Source: http://www.linuxconfig.org/Main_Page
Read more
3

Monitor Network data transfer using Vnstat

If you want to monitor and manage your Internet bandwidth, perhaps to make sure your ISP is not overbilling you, try vnStat, an open source, Linux-based application that gives you a clear picture of your bandwidth usage. This utility got the command-line options and also got the UI part which give the output in form of a graph and is simple to install and easy to use.

vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s). vnStat isn’t a packet sniffer. The traffic information is analyzed from the /proc filesystem. That way vnStat can be used even without root permissions

Installation/Configuration

1) Download the source - here
2) Untar - # tar -zxvf vnstat-1.6.tar.gz
3) Compile/Install the source

    # ./configure
    # make
    # make install

4) To create a database for vnstat type in vnstat -u -i interface (ie, eth1), after the database is created, which is the first thing to do after a fresh install of vnstat, allow some time for the database to populate with information. After some time just type in vnstat to get a summary of your daily traffic. The database is stored in a file in the /var/lib/vnstat/ directory in a small binary file, you can sets up a cron job that refreshes the bandwidth consumption data on the eth0 port every five minutes

# vnstat


If you're not satisfied with the appearance of vnStat's command-line interface, you can install  PHP-based Web front end for vnStat, which takes the data collected by the command-line vnStat and displays it in tables and graphically in your browser. The front end requires a Web server configured with PHP.

Download the tarball, extract the files into a subdirectory of your Web server's document root directory -- most likely /var/www/ or /var/www/html -- and give it the right permissions so the Web server can write to it:

# mkdir /var/www/vnstat
# tar -zxvf vnstat_php_frontend-1.4.tar.gz -C /var/www/vnstat/
# chown -R www-data.www-data /var/www/vnstat

Launch your browser and visit the vnStat page at http://localhost/vnstat to see something like ...

Read more
1

How to mount Linux filesystem under FreeBSD

Do the following steps to enable ext2fs support in the FreeBSD kernel:

# cd /usr/src/sys/modules/ext2fs
# make
# make install

You can use ‘kldload‘ to load the ext2fs module in to the kernel.

# kldload ext2fs
Then you will be able to mount your linux partitions by giving a command like:

# mount -t ext2fs /dev/ad1s1 /mnt

to unload module use

# kldunload ext2fs

To load the module automatically on system startup

add the following line in to /boot/loader.conf

ext2fs_load=”YES”

Read more
2

Information about the Hard drive and list all PCI devices

$ hdparm /dev/hda

                  /dev/hda:
                   multcount    = 16 (on)
                   IO_support   =  0 (default 16-bit)
                   unmaskirq    =  0 (off)
                   using_dma    =  1 (on)
                   keepsettings =  0 (off)
                   readonly     =  0 (off)
                   readahead    = 256 (on)
                   geometry     = 16383/255/63, sectors = 234375000, start = 0

or for SCSI - $ hdparm -i /dev/sda

/dev/sda:

 Model=ST3802110A , FwRev=3.AAJ, SerialNo=9LR2AE39
 Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs RotSpdTol>.5% }
 RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=4
 BuffType=unknown, BuffSize=2048kB, MaxMultSect=16, MultSect=?1?
 CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=156301488
 IORDY=on/off, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120}
 PIO modes:  pio0 pio1 pio2 pio3 pio4
 DMA modes:  mdma0 mdma1 mdma2
 UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
 AdvancedPM=no WriteCache=enabled
 Drive conforms to: Unspecified:  ATA/ATAPI-1,2,3,4,5,6,7

 * signifies the current active mode
               
How fast is your drive? - $ hdparm -tT /dev/hda

                /dev/hda:
                Timing buffer-cache reads:   128 MB in  0.41 seconds =315.32 MB/sec
                Timing buffered disk reads:  64 MB in  1.19 seconds = 53.65 MB/sec

Need to find your device?

$ mount
or
$ cat /proc/partitions
or
$ dmesg | egrep '^(s|h)d'

                      hda: IC35L120AVV207-1, ATA DISK drive
                      hdc: Lite-On LTN486S 48x Max, ATAPI CD/DVD-ROM drive
                      hda: max request size: 1024KiB
                      hda: 234375000 sectors (120000 MB) w/7965KiB Cache, CHS=16383/255/63, UDMA(100)

If you want to turn on dma - $ hdparm -d1 /dev/hda

                   setting using_dma to 1 (on)
                   using_dma    =  1 (on)

List all PCI devices - $ lspci -v

         00:00.0 Host bridge: ATI Technologies Inc Radeon Xpress 200 Host Bridge (rev 01)
        Subsystem: Intel Corporation Device d600
        Flags: bus master, 66MHz, medium devsel, latency 64
        Memory at (64-bit, non-prefetchable)
        Kernel modules: ati-agp 


              ... lots more ...

           Note, there is also lspci -vv for even more information.
Read more
0

Squid proxy Cache Result Codes

TCP_HIT
A valid copy of the requested object was in the cache.

TCP_MEM_HIT
A valid copy of the requested object was in the cache, AND it was in memory so it did not have to be read from disk.

TCP_NEGATIVE_HIT
The request was for a negatively-cached object. Negative-caching refers to caching certain types of errors, such as "404 Not Found." The amount of time these errors are cached is controlled with the negative_ttl configuration parameter.

TCP_MISS
The requested object was not in the cache.

TCP_REFRESH_HIT
The object was in the cache, but STALE. An If-Modified-Since request was made and a "304 Not Modified" reply was received.

TCP_REF_FAIL_HIT
The object was in the cache, but STALE. The request to validate the object failed, so the old (stale) object was returned.

TCP_REFRESH_MISS
The object was in the cache, but STALE. An If-Modified-Since request was made and the reply contained new content.

TCP_CLIENT_REFRESH
The client issued a request with the "no-cache" pragma.

TCP_IMS_HIT
The client issued an If-Modified-Since request and the object was in the cache and still fresh.

TCP_IMS_MISS
The client issued an If-Modified-Since request for a stale object.

TCP_SWAPFAIL
The object was believed to be in the cache, but could not be accessed.

TCP_DENIED
Access was denied for this request

UDP_ codes

"UDP_" refers to requests on the ICP port (3130)

UDP_HIT
A valid copy of the requested object was in the cache.

UDP_HIT_OBJ
Same as UDP_HIT, but the object data was small enough to be sent in the UDP reply packet. Saves the following TCP request.

UDP_MISS
The requested object was not in the cache.

UDP_DENIED
Access was denied for this request.

UDP_INVALID
An invalid request was received.

UDP_RELOADING
The ICP request was "refused" because the cache is busy reloading its metadata.

ERR_ codes

"ERR_" refers to various types of errors for HTTP requests. For example:

ERR_CLIENT_ABORT
The client aborted its request.

ERR_NO_CLIENTS
There are no clients requesting this URL any more.

ERR_READ_ERROR
There was a read(2) error while retrieving this object.

ERR_CONNECT_FAIL
Squid failed to connect to the server for this request.
Read more
0

dotnet on Linux

Mono  provides the necessary software to develop and run .NET client and server applications on Linux, Solaris, Mac OS X, Windows, and Unix. Sponsored by Novell (http://www.novell.com ), the Mono open source project has an active and enthusiastic contributing community and is positioned to become the leading choice for development of Linux applications.

Frequently Asked Questions
Contacting the Mono Team
Bug reporting
Articles and Tutorials on Mono.


Mono is a cross platform, open source .NET development framework.



Mono allows your existing binaries to run on Linux with copy-deployment.

Features
Multi-platform.
Based on the ECMA/ISO standards .
Runs ASP.NET and Winforms applications.
Can run .NET, Java, Python and more .
Open Source, Free Software.
Commercially supported.
Comprehensive  technology coverage
Read more
1

Encrypt CD/DVDs

This guide can be adapted to any distro, its not Ubuntu specific.

Installing necessary tools
sudo apt-get install aespipe mkisofs loop-aes-utils

Chose a password
You need to chose a 20+ character password and DO NOT FORGET IT, you will NEVER get your data back if you forget the password.

Creating the CD/DVD image
Make a directory called backup then copy the files you want to burn into the backup directory.
We are using AES encryption, you can chose from 128 or 256 bit key lengths, I recommend 256.

mkisofs -r backup | aespipe -e aes256 > backup.iso

or for 128 bit key length
mkisofs -r backup | aespipe -e aes128 > backup.iso

Mounting the image
First we need to load some modules

sudo modprobe aes
sudo modprobe cryptoloop

For 128 bit key lengths:
sudo mount -t iso9660 backup.iso /mnt/iso -o loop=/dev/loop0,encryption=aes128

For 256 bit key lengths:
sudo mount -t iso9660 backup.iso /mnt/iso -o loop=/dev/loop0,encryption=aes256

This will mount the image in /mnt/iso (make sure you have the directory before you try to mount)

Burning
You can burn the image with your favorite program (gnomebaker, k3b), you might get some warnings about the image but you can ignore them.

Mounting the new CD/DVD
First make sure you loaded the aes and cryptoloop modules (see above)
sudo mount -t iso9660 /dev/cdrom /mnt/iso -o loop=/dev/loop0,encryption=aes256


Reference: Here 
Read more
0

Kernel parameters for enhance security

The following list shows tunable kernel parameters you can use to secure your Linux server against attacks.

For each tunable kernel parameters you need to be add it to the /etc/sysctl.conf configuration file to make the change permanent after reboots. To activate the configured kernel parameters immediately at runtime, use:
# sysctl -p

Enable TCP SYN Cookie Protection

A "SYN Attack" is a denial of service attack that consumes all the resources on a machine. Any server that is connected to a network is potentially subject to this attack.

To enable TCP SYN Cookie Protection, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.tcp_syncookies = 1

Disable IP Source Routing

Source Routing is used to specify a path or route through the network from source to destination. This feature can be used by network people for diagnosing problems. However, if an intruder was able to send a source routed packet into the network, then he could intercept the replies and your server might not know that it's not communicating with a trusted server.

To enable Source Route Verification, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.conf.all.accept_source_route = 0

Disable ICMP Redirect Acceptance

ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server. However, an intruder could potentially use ICMP redirect packets to alter the hosts's routing table by causing traffic to use a path you didn't intend.

To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.conf.all.accept_redirects = 0

Enable IP Spoofing Protection

IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks. For more information on IP Spoofing, I recommend the article IP Spoofing: Understanding the basics.

To enable IP Spoofing Protection, turn on Source Address Verification. Edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.conf.all.rp_filter = 1

Enable Ignoring to ICMP Requests

If you want or need Linux to ignore ping requests, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.icmp_echo_ignore_all = 1
This cannot be done in many environments. 

Enable Ignoring Broadcasts Request

If you want or need Linux to ignore broadcast requests, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.icmp_echo_ignore_broadcasts = 1

Enable Bad Error Message Protection

To alert you about bad error messages in the network, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.icmp_ignore_bogus_error_responses = 1

Enable Logging of Spoofed Packets, Source Routed Packets, Redirect Packets

To turn on logging for Spoofed Packets, Source Routed Packets, and Redirect Packets, edit the /etc/sysctl.conf file and add the following line:
  net.ipv4.conf.all.log_martians = 1

References: Network Security with /proc/sys/net/ipv4 
Read more
0

How to install an RPM Package on Ubuntu Linux

Installing software on Ubuntu usually entails using Synaptic or by using an apt-get command from the terminal. Unfortunately, there are still a number of packages out there that are only distributed in RPM format.

There's a utility called Alien that converts packages from one format to the other. This doesn't always mean that an rpm will work on your system, though. You will need to install some prerequisite software packages in order to install alien, however. These packages include gcc and make.

Run this command to install alien and other necessary packages:

sudo apt-get install alien dpkg-dev debhelper build-essential

To convert a package from rpm to debian format, use this command syntax. The sudo may not be necessary, but we'll include it just in case.

sudo alien packagename.rpm

To install the package, you'll use the dpkg utility, which is the internal package management tool behind debian and Ubuntu.

sudo dpkg -i packagename.deb

The package should now be installed, providing it's compatible with your system.
Read more
0

How to change GRUB Menu Timeout on Ubuntu

When Ubuntu boots, grub gets loaded and will display the OS for only 3 sec, now suppose you want to increase this amount… or you may even want to decrease it.

Open up the /boot/grub/menu.lst file in your favorite text editor. you can use gedit:

sudo gedit /boot/grub/menu.lst

Now find the section that looks like this:

## timeout sec
# Set a timeout, in SEC seconds, before automatically booting the default entry
# (normally the first entry defined).
timeout 3

The timeout value is in seconds, specify the time you required. Save the file, and when you reboot you will have that many seconds to choose the menu item you want.

There are many other options avaliable in Grub -- check here
Read more
0

How to create command aliases

Aliases in the Unix/Linux operating system provide shortcuts that can save you typing, let you build your own powerful commands, and make your command line life easier.

Background
I've found it very helpful to create aliases to make my command line Unix/Linux life easier. For instance, instead of always typing

ls -al

to get a directory listing, I've created an alias so I only have to type this: "l" (That's the lower case letter "L".)

Using aliases like this you can create anything from simple shortcuts like this to powerful custom commands.
How to create aliases

Creating aliases is very easy. You can either enter them at the command line as you're working, or more likely, you'll put them in one of your startup files, like your .bashrc file, so they will be available every time you log in.

I created the l alias above by entering the following command into my .bashrc file:

alias l="ls -al"

As you can see, the syntax is very easy:

   1. Start with the alias command
   2. Then type the name of the alias you want to create
   3. Then an = sign, with no spaces on either side of the =
   4. Then type the command (or commands) you want your alias to execute when it is run. This can be a simple command, or can be a powerful combination of commands.

Sample aliases
To get you going, here is a list of sample aliases I use all the time. I've pretty much just copied them here from my .bashrc file:

alias l="ls -al"
alias lm="ls -al|more"
alias html="cd /web/apache/htdocs/devdaily/html"
alias logs="cd /web/apache/htdocs/devdaily/logs"
alias qp="ps auxwww|more"
alias nu="who|wc -l"
alias aug="ls -al|grep Aug|grep -v 2002"

As you can see, you can get as creative as you want, and pipe commands together to do just about anything. In the last alias shown I've actually combined three Unix commands in a row into one alias to get the output I want.

Because the Unix shell is very programmable and because the output of commands is very consistent and reliable, you can create your own aliases (or macros if you prefer) to do just about anything.

Read more
0

Top OpenSorce Groupware

eGroupWare (www.egroupware.org)


 eGroupWare is many things. It is a very flexible pluggable framework capable of hosting applications like a group calendar, AddressBook, Email, accounting ledger, inventory, and whatever else your can think of. These applications can share a common user store, and a flexible Access Control List (ACL) system to control access and information sharing. At it's core there is the phpgwapi, an API written for php, that provides some very useful functions and tools for developers, including the user store, which has several back ends, database abstraction, and a flexible templating system. Applications are then written using the phpgwapi and phpgw framework to provide web based tools to users.

phpGroupWare (http://www.phpgroupware.org/)


phpGroupWare - formerly known as webdistro - is a multi-user groupware suite written in PHP.

It provides about 50 web-based applications, as there are the Calendar, Addressbook, an advanced Projects manager, Todo List, Notes, Email, Newsgroup- and Headlines Reader, a Filemanager and many more Applications. The calendar supports repeating events and includes alarm functions. The email system supports inline graphics and file attachments.

The system as a whole supports user preferences, themes, user permissions, multi-language support and unser groups. It includes modules to setup and administrate the working environment. The groupware suite is based on an advanced Application Programming Interface (API).

PHProjekt (http://www.phprojekt.com/)


PHProjekt is a modular application for the coordination of group activities and to share informations and document via the web. Components of PHProjekt: Group calendar, project management, time card system, file management, contact manager, mail client and many other modules.

Group-Office (www.sourceforge.net/projects/group-office)


It offers a very wide variety of features that matter. Features you don't need won't be installed. Group-Office stands out when it comes to user friendliness combined with powerfully features. It was developed with the following goals in mind:

Speed
The World Wide Wait bugs us all every day and the critical business applications that Group-Office provides can't be hindered by being slow. Group-Office is specifically designed to perform tasks as quickly as possible.

Simplicity
The Graphical User Interface is designed in a way that everybody intuitively finds the functions they are looking for. Group-Office strives to be as simple as possible without losing functionality.

Modularity
As an ever-changing software product, upgrades should be as painless as possible. This means that good code design is critical. Group-Office is designed in a modular way that makes upgrades easy and painless.

Scalability
Group-Office is designed to be usable for 1 to thousands of users.

WebCollab (http://webcollab.sourceforge.net/)


A collaborative web-based system for projects and project management; WebCollab is easy to use, and encourages users to work together. The software is functionally elegant and secure without being cumbersome for users, or graphically intensive.

The software is ideally suited to tracking multiple projects and innumerable small tasks across an organisation of any size. If you have reminder notes stuck all over your desk, then you need WebCollab!   


    *  Easy to read and intuitive screen layouts. Most users can use WebCollab without training.
    * Individual users are assigned rights and permissions. Users can also be put into groups with controlled rights and permissions.
    * Projects and tasks progress and approaching deadlines are graphically highlighted.
    * Changes are personally highlighted for other users to see.
    * Changes and new items can be emailed to affected users.

And the software is based on mature code base:

    * WebCollab is fast and stable
    * Secure - particular attention has been paid to security. No security scares to date.
    * Robust and scalable. Several years of daily production use.

OBM (http://www.obm.org/)

 
OBM is a groupware, email, LDAP, Windows PDC, CRM, and project management application. It is mainly used as an Exchange or Notes/Domino groupware and mail server replacement, as an LDAP directory, as a Windows PDC, as a contact and customer database, as a project management tool, or as any combination of these functions. It provides groupware (calendars, contacts, and tasks) connectors for Outlook, Thunderbird/Lightning, and PDAs. It supports internationalization and themes. It is highly scalable, and is used by sites from five to many thousands of users.

Teamwork (http://www.twproject.com)


Teamwork is a Web-based groupware for project management. It supplies groupware, issue tracking, cost control, and document and project management features with fine-grained security in a friendly interface. Agile methodologies such SCRUM are supported. Teamwork is easy to integrate with your IT infrastructure. Supports multiple databases (via hibernate), browsers, and languages.

TWiki (http://TWiki.org/)

TWiki is a flexible, powerful, and simple Web based collaboration platform. It is suitable for dynamic intranets and knowledge bases, and for sharing and managing documents and collaborative projects. It resembles a normal Web site, but every page can be changed from a browser. It features automatic link generation, full text search, group authorization, Web forms, reporting, change notification, file attachments, revision control of pages and attachments, a modular templating system with skins, hierarchical navigation based on the topic parenting feature, and more. Plugins can be used to enhance the program and build groupware applications.

Horde Groupware (http://www.horde.org/groupware/)


Horde Groupware is an enterprise ready browser-based collaboration suite. Users can manage and share calendars, contacts, tasks, and notes with the standards compliant components from the Horde Project. Horde Groupware bundles the separately available applications Kronolith, Turba, Nag, and Mnemo. It can be extended with any of the released Horde applications or the Horde modules that are still in development, like a file manager, a bookmark manager, a forum, or a wiki.
Read more
0

Top Download Manager

d4x (Here)

Downloader for X is a powerful graphical download manager. It supports both HTTP(S) and FTP protocols and has nice graphical user interface, though some actions can also be performed using the command line.

Among others, its key features include proxy and SOCKS5 support, recursive downloading, wildcard matching, download scheduler, multiple download queues and more...

Using the D4X is very simple, copy the url to the file to be downloaded, Click the + icon in the software and paste the URL and click OK. Quite interesting features in D4X are sound effets on completion, ftp access, simple usage, logs, setting limits on download size etc… Use D4X for your downloads and Enjoy…

KGet (http://kget.sourceforge.net/)

KGet is a download manager similar to GetRight or Go!zilla.

It keeps all your downloads in one dialog and you can add and remove transfers. Transfers can be paused, resumed, queued or scheduled. Dialogs display information about the status of transfers - progress, size, speed and remaining time.

The program supports drag & drop from KDE applications and Mozilla Firefox.
KGet is an advanced download manager with support for Metalink and Bittorrent. Downloads are added to the list, where they can be paused, queued, or scheduled for later.


Features include:
    * Downloading files from FTP and HTTP(S) sources
    * Pausing and resuming of downloading files, as well as the ability to restart a download
    * Provides lots of information about current and pending downloads.
    * Embedding into system tray
    * Integration with the Konqueror web browser
    * Metalink support which contain multiple URLs for downloads, along with checksums and other information

doKa (http://doka.sourceforge.net/)

doKa is a download accelerator/manager for KDE, with the beauty of KDE. It supports various connections that divides the file. It'll have the feature of add new connections on the "fly".

It's made with Kdevelop, C++ and Qt, it uses multiples connections to download a file. This way you can speed up your download. The goal of this project is to make a downloader with the beauty of Kde and with more features than the main downloaders for Linux has.

KMAGO (http://kmago.sourceforge.net/)

KMAGO (MAnager of Get Operations) is a KDE-based download manager. It features drag and drop operations, group management of transfers, control of multiple downloads with priority and selectable priority policy, resume capability check, full configurability, and the ability to choose different programs for use as a downloading backend.


Features:
 * drag and drop operations with applications (konqueror, Netscape, ...) and between KMago widgets
 * drop target and system tray icon with d'n'd capabilities
 * transfers grouping
 * multiple downloads control with priority and selectable priority policy
 * resume capability check
 * full configurable
 * enabled to manage many retriever commands
 * cookie and http related management offered by KDE I/O library

Gwget (http://www.gnome.org/projects/gwget/)

 

Gwget it's a download manager for the Gnome Desktop. The main features are:

    * Resume: By default, gwget tries to continue any download.
    * Notification: Gwget tries to use the Gnome notification area suppo dxrt, if available. You can close the main window and gwget runs in the background.
    * Recursivity: Gwget detects when you put a html, php, asp or a web page dir in the url to download, and ask you to only download certain files (multimedia, only the index, and so on).
    * Drag & Drop: You can d&d a url to the main gwget window or the notification area icon to add a new download.
    * Firefox Extension: Fireget 

QuickDownloader  (http://qdown.sourceforge.net/)


QuickDownloader is a download manager that accelerates downloads by between 200 and 300%. It provides a resume capability for resuming broken downloads. It supports both HTTP and FTP downloads.

features:

features of QuickDownloader
 * Support for multiple Downloads
 * Capability to carry out both downloads and Resume simultaneously
 * Better Handling of errors
 * Handling of 100 % of all possible errors that can be thrown
 * A Desktop button which can set the location to the users desktop
 * Resuming of All Downloads
 * Information on each Download that can be resumed
 * Buffer Resizing for optimum use
 * Proxy Configuration for systems behind firewalls
 * The viewing of System Resources and the resources in use by QD
 * Log and error handling support
 * Accelerates Downloads by upto 300%
 * Support for all types of Network connections such as Dial Up, Broadband T1 etc.
 * Ability to download from both http and ftp sites
 * 100 % Resume support on all downloads even if the server doesn't support it.
 * Downloads can be zipped up upon download to minimise the amount of space it takes
 * OS Independent
 * Uses Java JRE which runs on any machine such as Windows 2000, 98, Linux etc.
 * Integrity checker for all gui based components

octod (http://diozaka.org/octod/)


Octod is a "download manager daemon" -- a daemon that listens at the network interface for incoming download jobs and performs them (simultaneously) in the background. It is intended to run on desktop systems as a reliable and fast download manager without the overhead of a graphical user interface, but it can also be used as a centralized download station running in network environments with multiple users.

To control the daemon, an easy and self-explanatory network protocol has been defined, so cross-platform, cross-language graphical clients (based on ncurses, Qt, Gtk, or even HTML/PHP) can be implemented.

The libraries used for the daemon (libcURL and libboost) are highly portable, so there should not be any problem in compiling it within any POSIX-compliant operating system and even Microsoft Windows (with some adaption of the network functions), but this has not been tested yet. At the moment, it is running fine on Linux systems.

Claros Downloader (http://www.claros.org/old/products/downloader/download.html)


Claros Downloader is a highly customizable, multi-threaded, Web-based downloader manager. Users can download files to their desktop or corporate server, from wherever they are.
Read more
Related Posts with Thumbnails