Linux Server Security Secrets and Administration

Linux kernel vulnerabilities closed

2009-12-10T16:24:00.000-03:00

Several Linux distributors are releasing updated kernel packages to close security holes in the kernel. For instance, very large packets can reportedly be used to remotely provoke a flaw in the TCP/IPv4 stack's ip_defrag() (net/ipv4/ip_fragment.c) function. This can potentially cause null-pointer dereferencing and crash a system.

Whether the flaw can also be exploited to execute code at kernel level by users that are logged into a system at restricted privilege level, which was the case with several previous null-pointer dereferencing bugs, is not mentioned in the distributors' and kernel developers' descriptions. The flaw was discovered in Linux kernel 2.6.32-rc8 and has been fixed in the final version.

keep reading...

The commercial Linux systems by Red Hat and Novell, however, still use Ext3 and should be unaffected. Not all the distributors have already released new packages to close the Ext4 hole, but they will probably do so shortly.

keep reading...

Restoring a Broken Linux RAID Array

2009-12-07T13:37:00.002-03:00

About 18 months ago I set up a Linux media server for my home. It was made from an old Dell desktop that my neighbor was (literally) discarding, and a pair of new, identical Seagate hard disks. Since I was going to be spending a lot of time copying my CDs to this server, I configured a RAID-1 array that mirrored the hard disks; that way, there would always be a current backup. The OS was Ubuntu Linux 6.06 Server, and it used software RAID.

keep reading....

Finding the Broken Drive
If you know which drive hdb is, then remove it, but it’s probably best to run a test to be sure it actually has errors. For this, I found a very versatile free tool called Ultimate Boot CD. You download the ISO and burn it onto a CD. You can use the CD to boot your PC. It’s packed with diagnostic tools, such as hard disk testers, memory testers, etc. Run the appropriate one for your brand of hard disk, on each disk in the array. The Seagate tester I used lists the hard disks serial numbers, so there’s no confusion once you open the case to remove the bad drive.

keep reading...

Install a graphical firewall client on Ubuntu 9.10

2009-12-07T13:07:00.000-03:00

Although Ubuntu 9.10 (aka Karmic Koala) ships with a command line firewall script – ufw (Uncomplicated FireWall) – for configuring IPTables (netfilter), the firewall application built into the Linux kernel, it does not come with a graphical firewall client for use by those not comfortable with managing IPTables from the command line. So in order to configure IPTables using a graphical interface, you will have to install one yourself.

Keep reading...

For each program or service, you may choose to Allow, Deny, Reject, or rate Limit it. Denying a connection will silently drop it while rejecting a connection will drop it and send a message back to the source address. For obvious reasons, it is better to Deny rather than Reject (Note: There is more to this than my simple explanation here, but in the spirit of ufw, I have chosen to keep the explanation uncomplicated).

Keep reading...

Managing Disk Storage in Centos

2009-12-06T18:07:00.000-03:00

Standard Partitions using parted
LVM Partition Management

By default, the parted package is included when installing Red Hat Enterprise Linux. To start parted, log in as root and type the command parted /dev/sda at a shell prompt (where /dev/sda is the device name for the drive you want to configure).
A device containing a partition must not be in use if said partition is to be removed or resized. Similarly, when creating a new partition on a device, said device must not be in use.
For a device to not be in use, none of the partitions on the device can be mounted, and any swap space on the device must not be enabled.
As well, the partition table should not be modified while it is in use because the kernel may not properly recognize the changes. If the partition table does not match the actual state of the mounted partitions, information could be written to the wrong partition, resulting in lost and overwritten data.
The easiest way to achieve this it to boot your system in rescue mode. When prompted to mount the file system, select Skip.
Alternately, if the drive does not contain any partitions in use (system processes that use or lock the file system from being unmounted), you can unmount them with the umount command and turn off all the swap space on the hard drive with the swapoff command.
Table 6.1, “parted commands” contains a list of commonly used parted commands. The sections that follow explain some of these commands and arguments in more detail.

Command	Description
`check minor-num`	Perform a simple check of the file system
`cp from to`	Copy file system from one partition to another; `from` and `to` are the minor numbers of the partitions
`help`	Display list of available commands
`mktable label`	Create a disk label for the partition table
`mkfs minor-num file-system-type`	Create a file system of type `file-system-type`
`mkpart part-type fs-type start-mb end-mb`	Make a partition without creating a new file system
`mkpartfs part-type fs-type start-mb end-mb`	Make a partition and create the specified file system
`move minor-num start-mb end-mb`	Move the partition
`name minor-num name`	Name the partition for Mac and PC98 disklabels only
`print`	Display the partition table
`quit`	Quit `parted`
`rescue` `start-mb` `end-mb`	Rescue a lost partition from `start-mb` to `end-mb`
`resize minor-num start-mb end-mb`	Resize the partition from `start-mb` to `end-mb`
`rm minor-num`	Remove the partition
`select device`	Select a different device to configure
`set minor-num flag state`	Set the flag on a partition; `state` is either on or off
`toggle [NUMBER [FLAG]`	Toggle the state of `FLAG` on partition `NUMBER`
`unit UNIT`	Set the default unit to `UNIT`

Viewing the Partition Table

After starting parted, use the command print to view the partition table. A table similar to the following appears:

Model: ATA ST3160812AS (scsi)
Disk /dev/sda: 160GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start   End    Size    Type      File system  Flags
 1      32.3kB  107MB  107MB   primary   ext3         boot
 2      107MB   105GB  105GB   primary   ext3
 3      105GB   107GB  2147MB  primary   linux-swap
 4      107GB   160GB  52.9GB  extended        root
 5      107GB   133GB  26.2GB  logical   ext3
 6      133GB   133GB  107MB   logical   ext3
 7      133GB   160GB  26.6GB  logical                lvm

The first line contains the disk type, manufacturer, model number and interface, and the second line displays the disk label type. The remaining output below the fourth line shows the partition table.
In the partition table, the Minor number is the partition number. For example, the partition with minor number 1 corresponds to /dev/sda1. The Start and End values are in megabytes. Valid Type are metadata, free, primary, extended, or logical. The Filesystem is the file system type, which can be any of the following:

ext2
ext3
fat16
fat32
hfs
jfs
linux-swap
ntfs
reiserfs
hp-ufs
sun-ufs
xfs

If a Filesystem of a device shows no value, this means that its file system type is unknown.
The Flags column lists the flags set for the partition. Available flags are boot, root, swap, hidden, raid, lvm, or lba.

Ubuntu 9.10 text-installer review

2009-12-06T07:51:00.000-03:00

Ubuntu 9.10, also known as Karmic koala, is the latest version of the popular Linux distribution published by Canonical Ltd. Aside from Ubuntu Netbook Remix, the netbook edition, Canonical also publishes the Live CD edition, and the alternate or text-installer edition. The Live CD edition is the edition that most users are familiar with. Though it offers a simple, six-step installation routine, the Live CD edition lacks some features supported by the alternate installer edition. Some people consider these features advanced, but I choose to view them as standard features of the Linux kernel.

When configuring LVM, Ubuntu 9.10 allows for the encryption of physical volumes. But that’s not all. At some point during the installation process, you are presented with the option to encrypt your home directory.

Keep reading...

Stumbling and Sniffing Wireless Networks in Linux, Part 3

2009-12-06T00:16:00.000-03:00

Wiresharking and RogueScannering

Last month, we started this series to help you survey and analyze the airwaves with Linux tools. In the first part, we looked at SWScanner after reviewing some basic stumbling and sniffing information. Then in the second part, we discovered KwiFiManager and tcpdump.

Visually sniffing with Wireshark

If you don't particularly enjoy the command-line or are a Linux newbie, you might want to stick with using a GUI-based sniffer. Additionally, using a visual application can provide a faster and more in-depth inspection of your network traffic. We're going to look at Wireshark, a popular cross-platform network analyzer, formally named Ethereal.

Keep reading...

While you're sniffing the airwaves or snooping in on the traffic, you might want to take a look at what devices are on the network too. You might find a wireless AP that an employee has plugged in or someone using the network with unauthorized device. There are full-fledged intrusion detection systems (IDS), but sometimes you just want a quick look.
RogueScanner provides a quick and simple list of all IP devices on the network. It will display the MAC addresses and vendor/model information in addition to the IP addresses. Plus the tool factors the variables and outputs a risk score to help you identify possible rouges.
Unfortunately, RogueScanner doesn't provide any alerting features. However, you might want to check into Paglo's full-fleged network management solution--free for use with up to 20 devices. The network discovery tool, Paglo Crawler, is also open source, available for both Windows and Linux.

Keep reading...

Stumbling and Sniffing Wireless Networks in Linux, Part 2

2009-12-06T00:14:00.000-03:00

Stumbling (and Managing) with KwiFiManager
Now we'll continue stumbling with KwiFiManager; which can also serve as your wireless connection manger. Then we'll start sniffing with tcpdump, a command-line utility.

Once you install and run KwiFiManager, its icon showing the signal bars and value for the current connection appears in the system tray. To open the application, click the icon. The details for the current connection is shown on the main screen, as you see in Figure 2. This includes the channel, data rate, MAC address of the AP, and your assigned IP address.

Keep reading...

When you want to do some stumbling, click the Scan for Networks button. This pops up a window that shows the network names, modes, signal quality values, and encryption statuses for each AP picked up. If you want to actually connect to a network, select it from the list and click the Switch to Network button.

Keep reading...

Stumbling and Sniffing Wireless Networks in Linux, Part 1

2009-12-06T00:12:00.000-03:00

To Stumble or to Sniff, That is the Question
Do you need to stumble or sniff networks? Do you need to do a Wi-Fi site survey, troubleshoot network annoyances, or make sure your employees (or children) aren't misusing the Internet? Sure you can spend hundreds or thousands of dollars on commercial network analyzers--usually for Windows--but Linux and the open source community offer some great tools.

When you want to dive much deeper into networks, you use sniffers. Instead of stumbling upon details derived from only network beacons, sniffers take a big whiff of the actual raw network traffic. You see each individual packet. Additionally, sniffers can do some analyzing. They can also serve as an intrusion detection system. Some keep track of legitimate and rogue APs, so you don't have to do it manually, stumbling and lurching around the office. They could also report on the network's performance, and in strange cases sniffers may even detect foul odors.

keep reading

In monitor mode, you can capture packets from the wireless channels without being connected to a particular network. In promiscuous mode, you can still see the entire wireless network's traffic, but must be associated with it. If you are working with your network, promiscuous mode should be fine. However, not all wireless cards even support this mode.

keep reading

Version 4.2 of vulnerability scanner Nessus released

2009-12-04T17:50:00.000-03:00

The biggest change in the new version of Nessus, the popular vulnerability scanner, is that vendor Tenable has completely revamped the aging user interface. And that's not all – the Nessus client is now obsolete, with the Nessus server now offering a web based user interface which uses Flash, meaning that a browser can now be used as a client. Results from vulnerability scans will, in future, be stored on the server.

Keep reading...

Nessus 4.2 now officially runs on Fedora 12, SUSE 10 Enterprise, Ubuntu 9.10 and FreeBSD 7 as well as all version of Windows, Mac OS X and various older Linux distributions. The downloadable installer weighs in at between 7 and 17 MB, depending on the platform. Use is free for private purposes, though a valid e-mail address is required for activation. Professional users will need to acquire a licence, which costs $1,200 for one year.

Keep reading...

Once a hacker, always a hacker

2009-12-04T17:20:00.000-03:00

Hackers are unfit to serve as security experts

Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated.

Consider the message you would be giving some thirteen year old proto-hacker. These kids, like most kids, are tremendously susceptible to peer pressure. They already find criminal hacking attractive because it's viewed as today's counter-culture — something fairly harmless (compared with, say, dealing drugs) but exciting because it's illegal.

keep reading

The children and emotionally-arrested adolescents involved in criminal hacking already have a love/hate attitude towards The Man. Many of them claim that they'd like to work for security firms when (if) they grow up. This myth that criminal hacking is a reasonable basis for work in security would become even more pernicious if it were known that more hackers had in fact been solicited and used by government or corporate organisations. Using such people would reinforce the attractiveness of criminality.

keep reading

Why hackers must not be rewarded

2009-12-04T17:18:00.000-03:00

Thinking of hiring an ex-hacker?

In 1995, I participated in a debate with distinguished security expert Robert D. Steele, a vigorous proponent of open source intelligence. We discussed the advisability of hiring criminal hackers. Perhaps readers will find the polemic I published back then of interest today. I’m sure it will provoke vitriolic comments from the criminal hacker community.

Keep reading

If you needed to evaluate the security of your home, which would you hire: a burglar who claimed to be an ex-burglar or a bonded security specialist with no criminal tendencies.

Keep reading

What's new in Linux 2.6.32

2009-12-04T00:11:00.002-03:00

Nearly three months after the release of Linux kernel 2.6.31, Linus Torvalds has now put the lid on Linux 2.6.32 development. Like its predecessors in the main development tree, the new version includes a plethora of new features. The close collaboration between AMD's graphics chip department and the open source community has borne further fruit, with Linux 2.6.32 now enabling 3D support and kernel-based mode setting (KMS) on the widely-used Radeon 2000, 3000 and 4000 series graphics cards.

Read the full article here...

Free database firewall protects PostgreSQL and MySQL

2009-12-04T00:10:00.000-03:00

GreenSQL is run as a proxy between applications and database servers. It actively analyses the incoming SQL commands and can then act on the results according to the selected mode. Simulation mode blocks nothing but records the analysis in GreenSQL's own database and notifies the administrator of suspicious queries. Blocking mode on the other hand uses the database and it's heuristic engine to find and block suspicious queries.

Read full article here...

GreenSQL is available as binaries to download for CentOS 5.4, Debian 5.0, Fedora 12, Ubuntu 8.10 and 9.04, and as GPL2 licensed source code.

What is /dev/shm and its practical usage

2009-12-03T16:42:00.000-03:00

/dev/shm is nothing but implementation of traditional shared memory concept. It is an efficient means of passing data between programs. One program will create a memory portion, which other processes (if permitted) can access. This will result into speeding up things on Linux.

With df -h /dev/shm you can know how much shared memory you have, for SAP for example it is recommended 75% of RAM.

Warning: tmpfs at /dev/shm is configured quite small with 1024 MB!
Minimum value is 2048 MB.
Recommended size is 75 % of RAM + swap.

Read more..

Howto install chromium using simple Script

2009-12-03T07:15:00.000-03:00

We have already discussed how to install chromium in ubuntu .One of reader Jeff Rader used our instruction to create a simple script so that it will be usefull for users

First you need to open a new file chromium.sh

gksudo gedit chromium.sh

add the following script.... Keep reading here...

Add,Modify and Delete Users and Groups in Ubuntu (Using GUI)

2009-12-03T07:13:00.001-03:00

This tutorial will explain how to Add,Modify and Delete Users,Groups in Ubuntu.Linux users can login to the system and use with the provided previliges. Linux groups are a mechanism to manage a collection of computer system users. All Linux users have a user ID and a group ID and a unique numerical identification number called a userid (UID) and a groupid (GID) respectively.

Keep reading...

Some Reasonable Defaults for MySQL Settings

2009-12-03T07:10:00.003-03:00

A few weeks ago we ran into another set of a problems that pointed at suboptimal default settings in MySQL. Frustrated, I realized that I had a good collection of these problems and decided to rant about them on my blog. Having had a bit of time to think about what I said and talk to some other folks about it, I feel like it’s worth expanding what I wrote and sharing it with a wider audience.

Keep reading...

Metasploit Gets New Vulnerabilty Scanning Features

2009-12-03T07:08:00.000-03:00

A new version Metasploit released today includes integrated vulnerability scanning for the popular open source penetration testing tool.

Rapid7, which recently purchased Metasploit, today announced both the new version of Metasploit, 3.3.1, as well as a new free version of Rapid7's NeXpose vulnerability scanner. The NeXpose Community Edition is basically a slimmed-down version of the company's enterprise-class scanner that's limited in the number of IP's it can scan.

Keep reading...

Creating an Ad-Hoc Network Between Two Open-Suse Installed Computers

2009-12-02T12:35:00.000-03:00

Lately my wireless router broke down and i sent it to be repaired. But the problems started to arise because without a wireless router i wasn’t able to share my Internet connection.

Keep reading

[How to] boot from Linux ISO FILE using Grub 2

2009-12-02T12:33:00.003-03:00

Edit /etc/grub.d/40_custom and add the below entry

menuentry "Karmic Live CD (sdaX)" {

loopback loop (hd0,X)/my-ISO/ubuntu-9.10-desktop-i386.iso

linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=/my-ISO/ubuntu-9.10-desktop-i386.iso

initrd (loop)/casper/initrd.lz

}

Keep reading

How to fix “No root file system defined” Error in Linux?

2009-12-02T12:32:00.003-03:00

In Linux operating system, root file system is a file system, which is contained on the hard drive volume on which root directory is located. Linux kernel require the root file system to be mounted on startup. All other Linux file system are mounted on root file system. In some situations, this file system gets damaged due to virus infection and improper system shutdown like situations. At this point, your system can not boot up and all your valuable data become inaccessible and you come across data loss situations. In order to get your valuable data back, Linux Data Recovery is required.

Keep reading

Systems Administration Toolkit: Network scanning

2009-12-02T12:18:00.000-03:00

The typical UNIX® administrator has a key range of utilities, tricks, and systems he or she uses regularly to aid in the process of administration. There are key utilities, command-line chains, and scripts that are used to simplify different processes. Some of these tools come with the operating system, but a majority of the tricks come through years of experience and a desire to ease the system administrator's life. The focus of this series is on getting the most from the available tools across a range of different UNIX environments, including methods of simplifying administration in a heterogeneous environment.

Types of network scanning

Stumbling and Sniffing Wireless Networks in Linux

2009-12-01T18:42:00.000-03:00

Do you need to stumble or sniff networks? Do you need to do a Wi-Fi site survey, troubleshoot network annoyances, or make sure your employees (or children) aren't misusing the Internet? Sure you can spend hundreds or thousands of dollars on commercial network analyzers--usually for Windows--but Linux and the open source community offer some great tools.

In this article, we'll discover and tour a few different stumblers and sniffers that run on Linux. We'll also touch on some general stumbling and sniffing information. You're on your way to a free and open site survey, war-drive, or network troubleshooting experience. Now let's get started!

Stumbling and Sniffing Wireless Networks in Linux, Part 1

Stumbling and Sniffing Wireless Networks in Linux, Part2

Stumbling and Sniffing Wireless Networks in Linux, Part3

How to solve problems in Linux - a novice's guide

2009-12-01T01:28:00.000-03:00

A large part of every Linux forum's work is dealing with enquiries by Linux novices. While it can be very enjoyable to help others, it can also be rather tiresome to try to help people who have shown no inclination towards helping themselves. However I believe that in many cases, this is not due to inherent laziness on the questioner's part. It is simply that novices have not been shown the first steps in Linux problem solving and do not realise how much they can do for themselves. It is hoped that this guide will be of use to anyone who is taking first steps in Linux.

Keep reading here

Linux How To: How To SSH Without Password Authentication

2009-11-26T18:15:00.002-03:00

Often you need to remotely run utilities on other machines through unattended batch process or cron job. ssh allows you to execute code on remote machine. However in normal usage it prompts you for password which makes it hard to use in unattended processes. Here is a simple way to eliminate the need for specifying password every time when connecting through ssh.

Let's assume your want to connect to remote machine named remote as user named user.

Keep reading here.