Friday, March 26, 2010

Linux kernel Versions:

 

Linux_kernel_diagram

Linux kernels are numbered using an even/odd system. An even-numbered

kernel—for example, Linux 2.2—is called a called stable kernel.

Changes are generally made to a stable kernel only to fix bugs and problems.

An odd-numbered kernel—for example, Linux 2.3—is called a development

kernel. Development kernels are works-in-progress and sometimes contain

bugs, some of which are serious. Most Linux users work with stable kernels,

reserving spare computers for testing development kernels.

At the time I’m writing this post , Linux 2.6.33.1 is the latest stable kernel.

You can download it from HERE .

How to set multiple IP addresses using Linux command line ?

 

Go to /etc/sysconfig/network-scripts

Make multiple copies of ifcfg-eth0 and name them as ifcfg-eth0:0, ifcfg-eth0:1 etc.

Open each of them and at least change the IPADDR to your chosen IP address and the NETMASK to the subnet mask for that IP address.

A sample entry would look like this:

DEVICE=eth0:0

BOOTPROTO=static

IPADDR=34.123.111.21

NETMASK=255.255.255.0

ONBOOT=yes

Restart the network:

/sbin/service network restart

You are done!

Wednesday, March 24, 2010

SSH Without Password Authentication

 

Often you need to remotely run utilities on other machines through unattended batch process or cron job. ssh allows you to execute code on remote machine. However in normal usage it prompts you for password which makes it hard to use in unattended processes. Here is a simple way to eliminate the need for specifying password every time when connecting through ssh.

Let's assume your want to connect to remote machine named remote as user named user.

You need to first, and only once, generate a private-public keypair using ssh-keygen as follows:

ssh-keygen -t dsa

This will create a private and public keypair which is stored in ~/.ssh directory.

Next run the following command once for every machine you want to remotely login without specifying password:

scp ~/.ssh/id_dsa.pub user@remote:~user/.ssh/authorized_keys

Now you can login to the machine using ssh without requiring to specify any password. Your public key, which you copied to the remote machine, is checked (not directly) against your private key to verify your authenticity.

Sunday, March 21, 2010

One Linux Formatting Tip I Bet You Didn’t Know:

 

You probably know how you can format a Linux partition:

mkfs.ext3 /dev/hda

This formats the partition with ext3 file system. However did you know how to extract maximum space out of this partition, especially if it a large partition?

How to maximize available space in a partition?

Enter the magical -m option. If the file system becomes filled and there is no more space to write, it is basically unusable because the operating system is constantly writing to disk. By default, five percent of the partition is reserved for use by the root user. This allows root to conduct administrative activities on the partition and perhaps move some data off. Firstly, this is most critical when the partition contains / or home directories. For pure data partitions, this is just lost space. Five percent of a 250Gb partition is 12.5 Gb. Especially in the case of large partitions, it is safe to set the reserved space to the minimum, which is one percent.

mkfs.ext3 -m 1 /dev/hdb1

creates a file system with only 1% of its space reserved for the root user.

Note: You can use tune2fs -m later to adjust the reserved blocks after data is loaded on the partition.

Bonus tip: How to label a partition

Use -L with mkfs.ext3 to add a label to the partition. You can later refer to this label instead of the device name when mounting. This provides the same functionality as e2label which can be used to label a partition later.

Saturday, March 20, 2010

Tracing system cals in linux

 

There are certain programs in Linux for which the source is not readily available. There is an useful diagnostic, instructional, and debugging tool for Linux to solve it. The system intercepts and records the system calls that are called by process and the signals which are received by a process. It also gives students and hackers a great chance to learn about system and system calls by tracing even ordinary programs. Let's a pick at the useful tool.

Here's the simple tool to trace calls and signals

strace

This will output a great amount of data on to the screen. If it is hard to keep track of the scrolling mass of data, then there is an option to write the output of strace to a file instead which is done using the -o option.

Friday, March 19, 2010

Block IP Addresses On Linux Server

 

I hope by now all of you have heard about firewalls. In linux we generally use IPtables for controlling the traffic as per our requirement.

From Wikipedia: IPtables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall

(implemented as different Netfilter modules) and the chains and rules it stores.

Iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function.

Now let us go to our scenario:

Take a look at your log file (/var/log/secure for REDHAT/Fedora ) and you will discover numerous automated ssh hacking attempts using dictionary attack. So now you have identified the offending addresses. How do you stop them?

Here comes the magic mantra which uses iptables (packet) firewall:

iptables -A INPUT -s a.b.c.d -j DROP

Replace a.b.c.d with the offending IP address. Repeat this for each of the offending IP addresses.

Thursday, March 18, 2010

Install of Apache, SSL, PHP, MySQL in linux

 

The following steps will show you how to install the Apache web server on GNU/Linux. This install also includes installing mod_ssl, MySQL and PHP4.You may encounter problems compiling any one of these tarballs. It is up to you to fix the problems. This install assumes that you have everything you need to do all of the compiles. The x's in each file name stands for what ever the version number is at the time you download it.

Download and extract all the source tarballs.

The following are links to the sites you will need to download the source files. Go to each sites download section and download the latest version of each piece of software. After you have downloaded them all to the same directory we are going to unzip and untar them.

Apache http://www.apache.org/dyn/closer.cgi

Openssl http://openssl.org/

ModSSL http://www.modssl.org/

Php.net

MySQL.com (Download the Linux binary version)

tar -xvzf apache_1.3.xx.tar.gz

tar -xvzf openssl-0.9.Xx

tar -xvzf mod_ssl-2.X.xx-1.3.xx

tar -xvzf php-4.X.x.tar.gz

Install MySQL (binary version)

groupadd mysql

useradd -g mysql mysql

cd /usr/local

gunzip < /path/to/mysql-VERSION-OS.tar.gz | tar xvf -

ln -s full-path-to-mysql-VERSION-OS mysql

cd mysql

scripts/mysql_install_db

chown -R root .

chown -R mysql data

chgrp -R mysql .

bin/safe_mysqld --user=mysql &

or

bin/mysqld_safe --user=mysql &

## if you are running MySQL 4.x

Build OpenSSL

cd openssl-0.9.Xx

./config

make

make test

make install

cd ..

Patch Apache with mod_ssl

cd mod_ssl-2.X.xx-1.3.xx

./configure --with-apache=../apache_1.3.xx

cd ..

Preconfigure Apache for PHP

cd apache_1.3.xx

./configure --prefix=/usr/local/apache

cd ..

Configure PHP and compile it for Apache

cd php-4.x.x

CFLAGS='-O2 -I../openssl-0.9.Xx'

./configure --with-apache=../apache_1.3.xx --with-mysql

make

make install

cd ..

or

You can configure and compile a ton of other things into PHP.Make sure if you compile these other things in that you scan back thru the configure output to make sure all of the things you tried to compile in were found. If you install the libjpeg,freetype,libpng,and zlib on RedHat you just need to put /usr in for the directory. Other paths refer to the areas the library's were installed and compiled. Type: ./configure --help to see all of the things you can configure PHP with. My config line looks like this:

./configure \

--with-gd=/usr \

--with-mysql \

--with-png-dir=/usr \

--with-zlib-dir=/usr \

--with-ttf=/tmp/freetype-2.0.5/ \

--with-freetype-dir=/tmp/freetype-2.0.x \

--with-jpeg-dir=/usr \

--with-mcrypt=/tmp/libmcrypt \

--with-apache=../apache_1.3.xx

make

make install

cd ..

Build Apache with mod_ssl and PHP

cd apache_1.3.xx

SSL_BASE=../openssl-0.9.Xx \

./configure \

--prefix=/usr/local/apache \

--enable-module=ssl \

--activate-module=src/modules/php4/libphp4.a \

--enable-module=php4

make

make certificate <--Optional step.

make install

cd ..

Configure Apache's Preferences File

vi /usr/local/apache/conf/httpd.conf

See the Apache documentation on how to configure your Apache httpd.conf.

Start your Apache server

Service httpd start

That's it, enjoy!

Monday, March 15, 2010

Difference between Hardlink and Soft link…

 

A hard link cannot span file systems.

A soft link can point to files anywhere on the network.

All hard links share the same inode number.

Each soft link has a unique inode number.

If you delete the source hard link file you can still access the other one. However, with a soft link, if you delete the source link, you cannot access the other one.

With a soft link, you can create a symbolic link to a file that does not exist yet. You cannot create a hard link unless the source file already exists.

Sunday, March 14, 2010

What’s new in GRUB2 ?

 

GRUB2 has recently released its version 1.98 with many added functionalities. The last version of GRUB, GRUB 1.97 which was later renamed to GRUB2 brought major changes to GRUB. This made common software based on the initial version of GRUB, namely SUM, useless. It also caused a reduced functionality. Putting windows as the preferred OS also required more than just moving the codes up and down. It required us to read the script and understand how it works before attempting any hack and mod.

Following the success of the modular GRUB2, there has been an update in GRUB2. The latest version comes with many changes like,

* Support for multiple terminals.

* New GRUB reboot.

* Storing passwords in an encrypted format.

* Unit testing framework.

* Support for GNU/HURD.

These are only some changes made over the new features of GRUB2. The features of GRUB2 include,

* Cygwin compatibility.

* Password protection.

* EXT4 File system support.

* Ability to load new kernels.

This makes GRUB2 an instant hit with many security features. The only thing that I miss with GRUB2, is the level of customization. It would really help if a fully functional version of SUM is ported over to run with GRUB2.

Saturday, March 13, 2010

How to Hack Windows Administrator Password Through Linux

 

With all the good intentions you can think of, name it a tutorial purpose or something to learn purely for the fun and never to harm anyone, I will now show you a simple way to hack a Windows administrator password using Linux. You will only need a Live CD, and for this example, we will utilize Ubuntu.

Boot into the system Which you want to reset by using the LIVE CD:

1. Install a program called chntpw

$ sudo apt-get install chntpw

2. After successfully installing chntpw, you have to access the Windows NTFS partition by mounting it and allowing read/write support. A good tutorial on how to do this can be found here.

3. After that, use your command line skills by navigating to WINDOWS/system32/config

4. Once inside the config directory, issue this command:

$ sudo chntpw SAM

5. A long display of information will follow. Just ignore them.

6. Once you are prompted to reset the password, it is recommended to leave the password blank with an asterisk (*).

7. Reboot, and you can now login to Windows with full administrative access.

Friday, March 12, 2010

How to Hack Windows Administrator Password Through Linux

 

With all the good intentions you can think of, name it a tutorial purpose or something to learn purely for the fun and never to harm anyone, I will now show you a simple way to hack a Windows administrator password using Linux. You will only need a Live CD, and for this example, we will utilize Ubuntu.

Boot into the system Which you want to reset by using the LIVE CD:

1. Install a program called chntpw

$ sudo apt-get install chntpw

2. After successfully installing chntpw, you have to access the Windows NTFS partition by mounting it and allowing read/write support. A good tutorial on how to do this can be found here.

3. After that, use your command line skills by navigating to WINDOWS/system32/config

4. Once inside the config directory, issue this command:

$ sudo chntpw SAM

5. A long display of information will follow. Just ignore them.

6. Once you are prompted to reset the password, it is recommended to leave the password blank with an asterisk (*).

7. Reboot, and you can now login to Windows with full administrative access.

Thursday, March 11, 2010

Accessing NTFS partitions in Linux

 

Mount NTFS file system with read only access

NTFS kernel support

Majority of current Linux distributions supports NTFS file system out of the box. To be more specific, support for NTFS file system is more feature of Linux kernel modules rather than Linux distributions. First verify if we have NTFS modules installed on our system.

ls /lib/modules/2.6.30/kernel/fs/ | grep ntfs

Check for NTFS kernel support, if NTFS module is present. Let's identify NTFS partition.

Identifying partition with NTFS file system

One simple way to identify NTFS partition is:

fdisk -l | grep NTFS

For our example lets assume that a partition named /dev/sdb1 is the NTFS partition.

First create a mount point:

mkdir /mnt/ntfs

Then simply use mount command to mount it:

mount -t ntfs /dev/sdb1 /mnt/ntfs

Now we can access NTFS partition and its files with read write access.

Sunday, March 7, 2010

Spy on your users through SSH:

 

You just connected through SSH and are wondering what your users are doing. Do a

cat /dev/vcs1

and this will show you what happens on the first console. If someone is typing, you’ll be able to get an output of his keystrokes. Substitute cat /dev/vcs1 with cat /dev/vcs2 or cat /dev/vcs3 and so on for other consoles.

Saturday, March 6, 2010

Change your MAC address in Linux

 

In a local area network (LAN) or other network, the MAC (Media Access Control) address is your computer's unique hardware number. (On an Ethernet LAN, it's the same as your Ethernet address.) When you're connected to the Internet from your computer (or host as the Internet protocol thinks of it), a correspondence table relates your IP address to your computer's physical (MAC) address on the LAN.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:

MM:MM:MM:SS:SS:SS

MM-MM-MM-SS-SS-SS

The first half of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body (see sidebar). The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer.

In the example,

00:A0:C9:14:C8:29

The prefix : 00A0C9

indicates the manufacturer is Intel Corporation.

If you wish to change your MAC address in Linux, all you have to do is bring the interface down then use the hw ether switch:

ifconfig eth0 down

ifconfig eth0 hw ether 02:01:02:03:04:08

ifconfig eth0 up

nice but if you want your pc to change its MAC address on boot add that to a script in /etc/init.d/ folder, and also add symbolic link(ln) to /etc/rc2.d, /etc/rc3.d, /etc/rc4.d, /etc/rc5.d which refers to the script in /init.d/

script:

#!/bin/bash

ifconfig eth0 down

ifconfig eth0 hw ether 02:01:02:03:04:08

ifconfig eth0 up

/etc/init.d/networking restart

Friday, March 5, 2010

Configuring NIC interface :

 

When you find that you are not connected to the network, then follow these steps to troubleshoot the problem :

Go to terminal and type :

$ /sbin/ifconfig

You should see this:

etho Link encap:Ethernet HWaddr 00:50:56:85:00:23

inet addr:192.168.0.135 Bcast:192.168.0.255 Mask:255.255.255.0

UP LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1

RX packets:50 error:0 dropped:0 overruns:0 frame:0

TX packets:0 error:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

Interrupt:9 Base address:0x1000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:6 error:0 dropped:0 overruns:0 frame:0

TX packets:6 error:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

If you don't see the eth0 line, then Linux did not recognize your NIC, or it is not enabled. Check if the NIC is enabled by entering this command:

$ ifconfig eth0 -- (you can also try: $ ifconfig eth0 up) -- where eth0 is the name of your NIC.

You should see something similar to this outputted:

eth0 Link encap:Ethernet HWaddr 00:A0:CC:24:BA:02

inet addr:192.168.203.2 Bcast:192.168.203.255

Mask:255.255.255.0

UP BROADCAST RUNNING MT:1500 Metric:1 .....

If you don't see the "inet addr..." and "Bcast:..." IP numbers then you need to install a NIC that is supported by your version of Linux (the easiest route for newbies...but costs a few dollars if you don't have one), or go to your NIC's manufacturer's website (or other driver sites) and see if they have a driver for your NIC and version of Linux.

In most of the linux distributions the compiled drivers modules are found in: /lib/modules/kernel-version/ directory .

The modules related to the NIC are present in the location :

/lib/modules/kernel-version/kernel/drivers/net/

(In My case the drivers are located here, it may slightly vary for your distribution)

When you do a `ls` in the above mentioned directory you will see something like this :

Dejavu : /lib/modules/kernel-version/net/# ls

3c501.ko  ewrk3.ko ne.ko 3c503.ko fealnx.ko ni5010.ko 3c505.ko hp100.ko ni52.ko 3c507.ko hp.ko ni65.ko 3c509.ko hp-plus.ko pcnet32.ko 3c515.ko ip_conntrack_amanda.ko ppp_async.ko 8139cp.ko ip_conntrack_ftp.ko ppp_generic.ko 8139too.ko ip_conntrack_h323.ko pppoe.ko 82596.ko ip_conntrack_irc.ko pppox.ko 8390.ko ac3200.ko ip_conntrack_quake3.ko sch_htb.ko amd8111e.ko ip_conntrack_rtsp.ko sch_ingress.ko at1700.ko ip_conntrack_talk.ko sch_sfq.ko b44.ko ip_conntrack_tftp.ko sis900.ko bsd_comp.ko ip_nat_amanda.ko slhc.ko cls_fw.ko ip_nat_cuseeme.ko smc9194.ko ip_conntrack_mms.ko ppp_synctty.ko cls_u32.ko ip_nat_ftp.ko smc-ultra.ko cs89x0.ko ip_nat_h323.ko softdog.ko de4x5.ko ip_nat_irc.ko starfire.ko depca.ko ip_nat_mms.ko sundance.ko 3c59x.ko ip_conntrack_egg.ko ppp_deflate.ko dgrs.ko ip_nat_quake3.ko tlan.ko dmfe.ko ip_nat_rtsp.ko tulip.ko e100.ko ip_nat_talk.ko typhoon.ko e2100.ko ip_nat_tftp.ko via-rhine.ko eepro100.ko lance.ko wd.ko eepro.ko lp486e.ko winbond-840.ko eexpress.ko mii.ko zlib_deflate.ko epic100.ko natsemi.ko zlib_inflate.ko eth16i.ko ne2k-pci.ko

These are the modules for different types of interfaces. For our experiment I'm considering the module of RealTek 8139 chipset based NIC i.e., 8139too.ko

So here I'll be installing driver for RealTek 8139 chipset based NIC.

Go to the directory of the driver:

# cd /lib/modules/kernel-version/kernel/drivers/net/

Then we will install the driver:

CODE

# install -m 644 8139too.ko

Load the driver:

CODE

# /sbin/insmod 8139too.ko ( You can also use modprobe in place of insmod which is a better option).

# depmod -a

CODE

# cd

( come back to the home directory )

CODE

# netconfig

( to configure your networkcard )

CODE

# ifconfig eth0 up

( will put your connection up ) ( ifconfig eth0 down to kill it )

If all went well:

CODE

# netstat -i

( Will show you the ¨eth0¨ and ¨lo¨ )

Now try to ping a welknown host like your ISP or www.google.com

CODE

# ping www.google.com

You should be able to see traffic there and your connection is O.K.

If not, a reboot, after editing your modules.conf ( see next part ) sometimes helps.

Now you still have to edit your modules.conf for the modules to be loaded at boot:

CODE

$ su

< password >

# vim /etc/modules.conf

Goto insert mode by typing 'i' without quotes and insert the below mentioned line.

NOTE: There will already be a few lines in modules.conf, do not change those ! Only add the line:

QUOTE

alias eth0 8139too

and save the file and quit by typing wq

That´s all there is to it folks !

Tuesday, March 2, 2010

All things you wanted to know about GRUB :

 

GRUB ( The Grub boot loader )

To restore Grub to the MBR:

CODE

$ su

< password >

# grub-install /dev/hda

To setup Grub or add new entries:

Note:

QUOTE (Info @ Grub)

Grub uses its own naming structure for drives and partitions, in the form of (hdn,m), where n is the hard drive number, and m the partition number, both starting from zero. This means, for instance, that partition hda1 is (hd0,0) to Grub, and hdb2 is (hd1,1). Grub doesn't consider CD-ROM drives to be hard drives, so if you have a CD on hdb, for example, and a second hard drive on hdc, that second hard drive would still be (hd1).

Also:

QUOTE (Info @ Grub)

Note that GRUB does _not_ distinguish IDE from SCSI - it simply counts the drive numbers from zero, regardless of their type. Normally, any IDE drive number is less than any SCSI drive number, although that is not true if you change the boot sequence by swapping IDE and SCSI drives in your BIOS.

Setup Grub:

CODE

# grub

First, tell Grub where to find the 'stage files' -- you can use Tab to show the alternatives: ( in this example hda4 )

CODE

root (hd0,3)

Now tell Grub to install into the MBR of hda:

CODE

setup (hd0)

And close with:

CODE

quit

Make or adapt the menu.lst: ( And new entries )

CODE

# vi /boot/grub/menu.lst

QUOTE (Text @ Screen)

# Begin /boot/grub/menu.lst

# By default boot the first menu entry.

default 0

# Allow 30 seconds before booting the default.

timeout 30

# Use prettier colors.

color green/black light-green/black

# The first entry is for Linux.

title Linux

root (hd0,3)

kernel /boot/vmlinuz root=/dev/hda4 ro

# If you want, a second entry for RedHat

title RedHat

root (hd0,2)

kernel /boot/kernel-2.4.20 root=/dev/hda3 ro

initrd /boot/initrd-2.4.20

# You wish to include Windows ?

title Windows

rootnoverify (hd0,0)

chainloader +1

Emergency

If things go really wrong and you get only a grub prompt you can still boot . . . .

For Windows:

CODE

grub> rootnoverify (hd0,0)

grub> chainloader +1

grub> boot

For Linux ( on hda4 like in example above ):

CODE

grub> root (hd0,3)

grub> kernel /boot/vmlinuz root=/dev/hda4 ro

grub> boot

Well, this was more or less all I can tell you on Grub. More info: http://www.gnu.org/software/grub

 
Things You Should Know About Linux !!!