Monday, April 20, 2009

FBI brand spyware

Just found this article.
It's basically saying that the F.B.I is using spyware against people to capture terrorists and hackers.

Seems as though the old saying is still true.
Our government does things we would think only other governments do.

Sunday, April 19, 2009

Using the watch command in linux

A small tutorial for using watch to monitor things in Linux.
First and foremost get a shell
root@dorkbox:~#watch --help
gives us some basic help on using watch of course there is also the man page
root@dorkbox:~#man watch
OK so for now lets not worry about any usage flags but instead focus on the using the command. We can use the command for many things but let's look at using it with monitoring or memory usage. To find out about memory usage you can use the following command.
root@dorkbox:~# cat /proc/meminfo

This will return something like the following.
MemTotal: 623008 kB
MemFree: 35336 kB
Buffers: 85560 kB
Cached: 137220 kB
SwapCached: 24480 kB

Notice that this is the truncated output.

So now lets command the two commands and combine them to continuously show our memory usage.

root@dorkbox:~# watch cat /proc/meminfo

Which will give us the following:
Every 2.0s: cat /proc/meminfo Sun Apr 19 01:20:01 2009

MemTotal: 623008 kB
MemFree: 46396 kB
Buffers: 82636 kB
Cached: 131044 kB
SwapCached: 24480 kB

Again the output is truncated.


As you see the output will be updated every 2.0 seconds.

We will look at more later on.
Enjoy

SMART disk monitoring How-To

A small tutorial for getting S.M.A.R.T. disk monitoring.
You can monitor the health and temperature of your hard disks
Note this will only work if your disks support the S.M.A.R.T. feature.
Code:

root@dorkbox:~#apt-get install smartmontools
root@dorkbox:~#apt-get install hddtemp

When hddtemp runs it will pop up a window about running the deamon at startup it recommends not to do so, you can choose either way.
If you want to reconfigure this just run dpkg-reconfigure hddtemp to do so.

Code:

root@dorkbox:~#apt-get install sensors-applet

You can add a panel applet with this.

There is a front end of for smartmontools, to install GSmartControl using the package available here:

Then use
Code:

root@dorkbox:~#dpkg -i gsmartcontrol_0.8.4+nmu1_i386.deb

to install it.
There is also an AMD64 package if needed.
once it finishes running dpkg will complain about needing some missing libraries, just
Code:

root@dorkbox:~#run apt-get -f install

and the gsmartcontrol will install them as well.

To run the app
go to: K menu> System> GSMartControl

There may an easier way to do this, it was just the easiest that I found at the moment. Hit back if you need some help or have problems.
Thank you

Monday, April 6, 2009

UFW Howto in BT4

This is a small howto for UFW the uncomplicated firewall for BT4
The majority of this info comes from the man page.
There are other tutorials on the net for using this.
There is also a gui we will talk about it a bit latter.

First and foremost if you have something to add please do so.
ufw is a front end for iptables.
So in order for us to start ufw go to the command line
Code:
root@bt:~# ufw

Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy to ALLOW or DENY
logging ARG set logging to ON or OFF
allow|deny RULE allow or deny RULE
delete allow|deny RULE delete the allow/deny RULE
status show firewall status
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set profile policy to ALLOW, DENY or SKIP

root@bt:~#

So lets look at some of the usage flags.
enable/disable are self explanatory.
Code:
# ufw enable

we get back
Code:
root@bt:~# ufw enable
Firewall started and enabled on system startup
root@bt:~#

Of course we would then have to reboot. When you do it will show up as enabled in the boot sequence. If it checks out you get the [OK].
Now lets look at default and ALLOW DENY
allow will as it states allow all defaults to take place which right now means that our
firewall really does nothing. deny will stop all incoming and forwarded packets but
it will not stop outgoing packets. So at the minimum this is better than nothing.
Here is what it looks like
Code:
root@bt:~# ufw default deny
Default policy changed to ‘deny’
(be sure to update your rules accordingly)
root@bt:~#

The same reminder is given every time. We will look at rules in a bit, first lets look at logging you can either turn it on or off.
Code:
#ufw logging on
logging enabled

The logs are stored at /var/log/messages or/kern.log and /syslog there is not a seperate log for ufw as of yet.
You can gather information from them by using grep
Code:
#grep ufw /var/log/syslog

Now let’s look at the rules. There are again two options allow/deny rule.
So here is where it can get a bit more complicated, complex. This is how we add certain ports and protocols.
Code:
# ufw allow 80
rule updated

So now port 80 http is open. Close it again with
Code:
# ufw deny 80

Now with just the port it will allow or deny traffic from both tcp and udp.

Now we can specify with the protocol like the following 80/tcp
We can also delete a rule and it will revert to whatever the default policy had at the beginning.
More complicated rules can be made as well. For instance we want to blacklist certain IP address we can by supplying the
address to the rule set.
Code:
# ufw allow from 192.168.1.100

You can also specify certain protocols with certain IP’s like so:
Code:
#ufw allow from 192.168.1.1 to any port 22

This will allow 192.168.1.1 to access port 22 on both tcp and udp.
If you want to allow only tcp append it to the end of the port 22/tcp
You can also use a netmask. Next let’s look at services. You can set services that can be found in
Code:
#cat /etc/services

For instance we want to allow telnet then we simply give
Code:
# ufw allow telnet

That simple.
Probably the best usage flag in ufw is the –dry-run which will not make any real changes but only show what would occur with the new rule in place.

We can also delete a rule and it will revert to whatever the default policy had at the beginning. More complicated rules can be made as well. For instance we want to blacklist certain IP address we can by supplying the
address to the rule set.
Code:
# ufw allow from 192.168.1.100

You can also specify certain protocols with certain IP’s like so:
Code:
#ufw allow from 192.168.1.1 to any port 22

This will allow 192.168.1.1 to access port 22 on both tcp and udp.
If you want to allow only tcp append it to the end of the port 22/tcp
You can also use a netmask. Next let’s look at services. You can set services that can be found in
Code:
#cat /etc/services

For instance we want to allow telnet then we simply give
Code:
# ufw allow telnet

That simple.
One caveat though is that the service must be installed on the host.
Probably the best usage flag in ufw is the –dry-run which will not make any real changes but only show what would occur with the new rule in place.
So for example
Code:
#ufw --dry-run deny ssh

If the rule will not work or the syntax is wrong it will spit back an error.
Also when adding rules the first match wins according to the man page.
So make your specific rules first then the general ones.

There are more to the rules as well as support for applications themselves.

Next thing we can look at is adding the gui interface, if needed.
The link is here, this download is a ".deb" package, you can install it using
Code:
#dpkg -i gufw_0.0.7c-all.deb

There are more things that can be done and if anyone needs help with it make a post here about it.