Monday, November 09, 2009

Use a Linux LiveCD to Avoid Windows Malware For Netbanking

Internet has revolutionized the way online users can shop and avail banking services like internet Banking from anywhere, anytime without visiting bank. But, how safe is your money with online net-banking which allows to carry out money transfer? Companies and in some case individuals lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. The cyber crooks are targeting innocent MS-Windows user. If you are concerned about how best to protect yourself from this type of fraud, use Linux LiveCD for online banking and avoid Microsoft Windows at all cost.
Publicado por Eng. Walter Lamagna en 8:39 AM 0 comentarios Vínculos a esta entrada

Thursday, November 05, 2009

Creating Virtual IP Addresses on Linux

Virtual IP addresses (or VIPs) allow you to use multiple IPs on a single physical network interface. Creating virtual IP addresses is often done to allow webservers to host multiple SSL encrypted web sites on a single webserver or to allow cluster suites to communicate on a dedicated IP address. This article will cover the two primary means of creating virtual IPs on a Linux host.

ifconfig

The first and most common method employed is to use the Linux command 'ifconfig' to create a VIP in the following manner, assuming that the interface being used is eth1.

# ifconfig eth1:0 192.168.1.28

Keep reading here
Publicado por Eng. Walter Lamagna en 11:26 AM 0 comentarios Vínculos a esta entrada

Wednesday, November 04, 2009

Download TTYSnoop - Install TTYSnoop

Download ttysnoop and then install it

Download for all available architectures
Architecture
 Package Size
 Installed Size
 Files
alpha
 18.1 kB
116 kB
[list of files]
amd64
 16.8 kB
108 kB
[list of files]
armel
 15.1 kB
104 kB
[list of files]
avr32 (unofficial port)
 15.0 kB
104 kB
[list of files]
hppa
 17.2 kB
108 kB
[list of files]
hurd-i386
 15.6 kB
104 kB
[list of files]
i386
 15.5 kB
52 kB
[list of files]
ia64
 21.3 kB
128 kB
[list of files]
kfreebsd-amd64
 17.0 kB
68 kB
[list of files]
kfreebsd-i386
 15.3 kB
62 kB
[list of files]
m68k (unofficial port)
 15.6 kB
104 kB
[list of files]
mips
 17.3 kB
108 kB
[list of files]
mipsel
 17.3 kB
108 kB
[list of files]
powerpc
 16.1 kB
104 kB
[list of files]
s390
 16.8 kB
108 kB
 [list of files]
sparc
 15.4 kB
104 kB
[list of files]
Publicado por Eng. Walter Lamagna en 10:37 AM 0 comentarios Vínculos a esta entrada

Tuesday, November 03, 2009

Yum Force Reinstall

Since Yum does not have a force flag, rpm commands must be used along with Yum to do some heavy lifting. Here are a few ways to force the reinstall of a broken package on a Yum Managed system.

Yum Remove and then Install
The easiest solution is to yum remove the package and then yum install the same package. If there are too many dependencies at stake with the package in question, try another method.
yum remove PACKAGE
yum install PACKAGE

Force Erase and then Yum Install
RPM dependencies sometimes make a simple yum remove impossible and Yum will want to erase your entire OS before moving on. In this case, use rpm to force erase, then yum to install.

Keep reading here

rpm -e --nodeps PACKAGE
yum install PACKAGE

Prune RPM Database and then Yum Install
If your package install is so corrupted that an rpm -e is dangerous or impossible, even with --nodeps, remove the package from the local RPM database to trick yum into reinstalling the package. No files are deleted when using rpm -e with --justdb.
rpm -e --justdb --nodeps PACKAGE
yum install PACKAGE
Publicado por Eng. Walter Lamagna en 7:54 PM 0 comentarios Vínculos a esta entrada

zdump (8) man page - Timezone management

This man page is usefull for this other article i wrote here.



ZDUMP(8)                                                              ZDUMP(8)

NAME
       zdump - time zone dumper

SYNOPSIS
       zdump [ -v ] [ -c cutoffyear ] [ zonename ... ]

DESCRIPTION
    Zdump prints the current time in each zonename
    named on the command line.

    These options are available:

    -v     For  each  zonename  on  the  command line,
          print the time at the lowest possible time
              value, the time one day after the lowest
          possible time value, the times both one  sec-
              ond  before  and exactly at each detected
          time discontinuity, the time at one day less
              than the highest possible time value, and
          the time at the highest possible time value.
              Each  line ends with isdst=1 if the given
          time is Daylight Saving Time or isdst=0 oth-
              erwise.

    -c cutoffyear
              Cut off the verbose output near the start of
          the given year.

SEE ALSO
       tzfile(5), zic(8)

                                   ZDUMP(8)
Publicado por Eng. Walter Lamagna en 7:56 AM 0 comentarios Vínculos a esta entrada

Monday, November 02, 2009

linux ftp transfer and resume

Here is a list of FTP Client and Servers for Linux:

wput Uploads files or directories to a ftpserver with support of resuming

wput is a tiny program that looks like wget and does as the name suggests exactly the opposite: it uploads files or recursivly whole directories to a ftp-server and supports resuming.

vsftpd A FTP daemon that aims to be "very secure"
A FTP daemon that aims to be "very secure" From the README file: Author: Chris Evans Contact: chris@scary.beasts.org vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously this is not a guarantee, but a reflection that I have written the entire codebase with security in mind, and carefully designed the program to be resilient to attack.


py-pyftpdlib Python FTP server library
Python FTP server library provides an high-level portable interface to easily write asynchronous FTP servers with Python. Based on asyncore / asynchat frameworks pyftpdlib is actually the most complete RFC959 FTP server implementation available for Python language. 


proma Administrate a ProFTPd server storing users in a MySQL database
ProMA is a PHP4 based system for administrating a ProFTPd server storing users in a MySQL database.
Net_FTP allows you to communicate with FTP servers in a more comfortable way than the native FTP functions of PHP do. The class implements everything nativly supported by PHP and additionally features like recursive up- and downloading, dircreation and chmodding. It although implements an observer pattern to allow for example the view of a progress bar.

pear-Net_FTP PEAR OO interface to the PHP FTP functions plus some additions
Net_FTP allows you to communicate with FTP servers in a more comfortable way than the native FTP functions of PHP do. The class implements everything nativly supported by PHP and additionally features like recursive up- and downloading, dircreation and chmodding. It although implements an observer pattern to allow for example the view of a progress bar.


p5-POE-Component-Client-FTP Implements an FTP client POE Component
POE::Component::Client::FTP is a POE component for interacting with a FTP server.

p5-Net-FTP-Recursive Perl module to provide recursive FTP client class
This module augments the list of Net::FTP methods with several methods that automatically descend directory structures for you. The methods are: rget - Retrieve an entire directory tree. rput - Send an entire directory tree. rdir - Receive an entire directory tree listing. rls - Receive an entire directory tree listing, filenames only. rdelete - Remove an entire directory tree.

p5-File-Fetch A generic file fetching mechanism
File::Fetch is a generic file fetching mechanism. It allows you to fetch any file pointed to by a ftp, http, file, or rsync uri by a number of different means.

lftp Shell-like command line ftp client
LFTP is a shell-like command line ftp client. It is reliable: can retry operations and does reget automatically. It can do several transfers simultaneously in background. You can start a transfer in background and continue browsing the ftp site or another one. This all is done in one process. Background jobs will be completed in nohup mode if you exit or close modem connection. Lftp has reput, mirror, reverse mirror among its features.

bftpd Very configurable FTP server that can do chroot easily
The Bftpd file server is designed to be as small and easy to manage as possible, while providing most of the features you would expect from a file server. On most home systems, bftpd is ready to work out-of-the-box without requiring any extra configuration. Production systems can be set up by editing a few lines in an easy-to-read config file. Features of bftpd include: * Easy configuration * Speed * Support for most RFC FTP commands * tar.gz on-the-fly compression/archiving * Security with chroot without special setup * No need for files (sh, ls...) in a chroot environment * Logging to wtmp and to a config file * PAM support * Support for site chown/chmod

Publicado por Eng. Walter Lamagna en 1:24 PM 0 comentarios Vínculos a esta entrada

Saturday, October 31, 2009

TCP Wrappers and xinetd

Controlling access to network services is one of the most important security tasks facing a server administrator. Fortunately, under Red Hat Linux there are a number of tools which do just that. For instance, an iptables-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, TCP wrappers add an additional layer of protection by defining which hosts are allowed or not allowed to connect to "wrapped" network services. One such wrapped network service is the xinetd super server. This service is called a super server because it controls connections to a subset of network services and further refines access control.

TCP Wrappers

The TCP wrappers package (tcp_wrappers) is installed by default under Red Hat Linux and provides host-based access control to network services. The most important component within the package is the /usr/lib/libwrap.a library. In general terms, a TCP wrapped service is one that has been compiled against the libwrap.a library.

When a connection attempt is made to a TCP wrapped service, the service first references the hosts access files (/etc/hosts.allow and /etc/hosts.deny) to determine whether or not the client host is allowed to connect. It then uses the syslog daemon (syslogd) to write the name of the requesting host and the requested service to /var/log/secure or /var/log/messages.

If a client host is allowed to connect, TCP wrappers release control of the connection to the requested service and do not interfere further with communication between the client host and the server.

In addition to access control and logging, TCP wrappers can activate commands to interact with the client before denying or releasing control of the connection to the requested network service.


Because TCP wrappers are a valuable addition to any server administrator's arsenal of security tools, most network services within Red Hat Linux are linked against the libwrap.a library. Some such applications include /usr/sbin/sshd, /usr/sbin/sendmail, and /usr/sbin/xinetd
To determine if a network service binary is linked against libwrap.a, type the following command as the root user:





 strings -f | grep hosts_access

 More about TCP Wrappers:

here, here and here

Publicado por Eng. Walter Lamagna en 11:21 AM 0 comentarios Vínculos a esta entrada

Friday, October 30, 2009

TCP Wrapper - An introduction


TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

The original code was written by Wietse Venema in 1990 to monitor a cracker's activities on the Unix workstations at the Dept. of Math and Computer Science, Eindhoven University of Technology, the Netherlands[1] maintained it until 1995, and on June 1, 2001, released it under its own BSD-style license.

The tarball includes a library named libwrap that implements the actual functionality. Initially, only services that were spawned for each connection from a super-server (such as inetd) got wrapped, utilizing the tcpd program. However most common network service daemons today can be linked against libwrap directly. This is used by daemons that operate without being spawned from a super-server, or when a single process handles multiple connections. Otherwise, only the first connection attempt would get checked against its ACLs.
Publicado por Eng. Walter Lamagna en 8:05 PM 0 comentarios Vínculos a esta entrada

Using TCP Wrappers to secure Linux



TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .

Let us consider this scenario: A remote machine remote_mc trying to connect to your local machine local_mc using ssh.
+ reading
Publicado por Eng. Walter Lamagna en 6:58 PM 0 comentarios Vínculos a esta entrada

20 Linux Server Hardening Security Tips

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

#1: Encrypt Data Communication
#2: Minimize Software to Minimize Vulnerability
#3: One Network Service Per System or VM Instance
#4: Keep Linux Kernel and Software Up to Date
#5: Use Linux Security Extensions
#6: User Accounts and Strong Password Policy
#7: Disable root Login
#8: Physical Server Security
#9: Disable Unwanted Services
#10: Delete X Windows
#11: Configure Iptables and TCPWrappers
#12: Linux Kernel /etc/sysctl.conf Hardening
#13: Separate Disk Partitions
#14: Turn Off IPv6
#15: Disable Unwanted SUID and SGID Binaries
#16: Use A Centralized Authentication Service
#17: Logging and Auditing
#18: Secure OpenSSH Server
#19: Install And Use Intrusion Detection System
#20: Protecting Files, Directories and Email

+ here


Publicado por Eng. Walter Lamagna en 6:54 PM 0 comentarios Vínculos a esta entrada

Updating from Factory to openSUSE 11.2


As Stephan Kulow announced recently openSUSE 11.2 is now build in a separate project and openSUSE Factory contains changes that will not go into openSUSE 11.2. Therefore if you followed so far openSUSE Factory via e.g. “zypper dup” and want to switch to 11.2, you have to change the repositories that you are using. If you installed openSUSE 11.2 RC1, you have already the right repositories for 11.2 setup.
Publicado por Eng. Walter Lamagna en 2:29 PM 0 comentarios Vínculos a esta entrada
Subscribe to: Posts (Atom)