[126000120010] |Microsoft Windows Vista VS LINUX UBUNTU BERYL [126000120020] |This is my favorite demo of ubuntu in action, feel free to post others in the comments and maybe I'll replace this one :) [126000130010] |AbysS Network Security Tool [126000130020] |I good friend of mine Lavren has been working on a "Killer Network Security Scanner", I personally use it daily, it stands strong against nmap and should be one of the top scanners on insecure.org in the future. [126000130030] |Info from Lavren:Abyss is a diverse network tool designed for unix/linux with both scanning, and passive capabilities. [126000130040] |It performs various types of portscans, with remote OS detection, and uses a multi-threaded model for fast simultaneous networkscansAbyss also has sniffing capabilities based on complex BPF filters that display packet information, decode the payload, and perform passive OS detection. [126000130050] |You can get more updated information from hereIt is still in early development, and all documentation reguarding the Abyssproject will be maintained on this webpage. [126000130060] |Any feedback, and suggestionsare appreciated. [126000130070] |All of the base code is written, so adding on additional featuresis very easy at this point. -lavren [126000130080] |. [126000130090] |-[Information]- [126000130100] |*port scans* [126000130110] |Currently abyss performs different 6 types of portscans. [126000130120] |First there isthe nonblocking socket portscan which is always used when scanning multiple hosts in a multi-threaded fashion, and used by default when scanning a single host. [126000130130] |When scanning single hosts you may also use the SYN stealth scan, the UDP scan, and other stealth scans like XMAS Tree scan, FIN scan, and NULL scan. [126000130140] |NOTE: These last three stealth scans were added on august 20th, and will be present in Abyss version 0.9.5 Beta which will be released positively on august 25th 2007. [126000130150] |Other various bug fixes, and some more subtle features have been added as well! . [126000130160] |AbysS performs portscans based on different services file like those found in/etc/. [126000130170] |Abyss uses /abyss/services/abyss.services which by default is based on the nmap-services file. [126000130180] |There are several other services files which are located in the directory including abyss.services.alt which is the same as the nessus services file. [126000130190] |You may use whichever services file you wish as long as it is in the standard format, and you name it abyss.services. [126000130200] |* OS detection * [126000130210] |Currently AbysS has a limited tcp/ip stack fingerprint database, somewhere around 27 OS fingerprints. [126000130220] |If abyss does not know what operating system a host is running, and you know what the exact OS, and version # is... run abyss with -v./abyss -s -vThat will print the fingerprints in the correct order. [126000130230] |Calculating the initial ttl isnot neccessary with abyss (see test.c). [126000130240] |Append the OS name to the end of fingerprint using the ':' symbol as the delimiter, and add it to the .fingerprint/os.prints file. [126000130250] |Please email any fingerprints to rlavren@gmail.com [126000130260] |The passive OS detection analyzes both the SYN, and the SYN/ACK packetsin my development version, but only the SYN/ACK in the version here for download. [126000130270] |I have not yet gathered enough fingerprints for SYN packets yet. [126000130280] |* Compile * [126000130290] |AbysS Compiles on Linux, and FreeBSD. [126000130300] |It is POSIX compliant, and shouldwork on other unix varients running on x86. [126000130310] |1. Download from the link below2. [126000130320] |Unpack the tar ball - tar zxvf abyss-v9.0-beta.tar.gz3. [126000130330] |Compile - type make [126000130340] |The README-NOW file is very descriptive, and should give full instructionson using AbysS [126000130350] |Examples:(Scan all the live hosts on a class C range: Open ports, remote OS detection)./abyss -p target.net/24 192.168.1.2 -o iplist./abyss -f iplist [126000130360] |(Sniff all data in tcp traffic, with default passive OS detection)./abyss -O eth0 -b tcp -h -o logfile [126000130370] |(Sniff ftp usernames, and passwords)./abyss -O eth0 -b tcp and dst port 21 -h -o logfile [126000130380] |You can grab a copy here [126000140010] |Howto: Clone Ubuntu to different Computer Hardware [126000140020] |Hi! [126000140030] |Welcome to a guide for cloning a Ubuntu software configuration to a computer with a different hardware configuration. [126000140040] |I configured a Ubuntu operating system (Edgy Eft) with multiple testbeds and and a set of development software that worked well together, but to do this required a lot of time and energy. [126000140050] |I needed to reproduce this configuration on a system with more memory and hard disk as time went on, so let me explain how I did it. [126000140060] |In order to clone a system to a different hardware platform, I used the same process, but had to make sure that I did not clone any hardware specific files or the new clone would probably not even boot. [126000140070] |I looked at the Linux filesystem and the directories under / in Ubuntu and decided on the ones that I thought I would need to clone the software configuration and only tarred those. [126000140080] |The directories I chose were: etc, home, opt, tmp, usr, and var. [126000140090] |I also excluded the cloning tar file itself! [126000140100] |Step 1 - Preparing to Clone [126000140110] |Step 1A - Before you can clone your system, you will need to do a basic install of Ubuntu on the target machine. [126000140120] |The version of Ubuntu must match the version of Ubuntu on the source machine that is being cloned. [126000140130] |Make sure that you give this target computer a unique name on the network so samba can recognize it, then give it a unique initial user to prevent confusion. [126000140140] |Command Line Approach [126000140150] |Step 1B - To create shared folders via the Shared Folders menu, you type Code: [126000140160] |shares-admin [126000140170] |into the command line, and the Shared Folders window appears. [126000140180] |Click on Shared Folders, and the Install Sharing Services window will come up. [126000140190] |Press install services, and provide the user password. [126000140200] |You will get a message that the services have been installed properly and you can close the window. [126000140210] |Before you do, you will want to add a share to your home directory. [126000140220] |To do this, chose the '+Add' button on the top right of the form, and you will get a screen with the home directory share filled in for samba (smb) sharing. [126000140230] |Click 'Okay' and the share will be set up. [126000140240] |GUI Approach [126000140250] |Step 1B - Once the system is installed on the hard disk, the CD removed, and the user logged on, then the share services need to be installed. [126000140260] |To do this, go to the System tab at the top left and then the Administration menu, and finally the Shared Folders entry. [126000140270] |Click on Shared Folders, and the Install Sharing Services window will come up. [126000140280] |Press install services, and provide the user password. [126000140290] |You will get a message that the services have been installed properly and you can close the window. [126000140300] |Before you do, you will want to add a share to your home directory. [126000140310] |To do this, chose the '+Add' button on the top right of the form, and you will get a screen with the home directory share filled in for samba (smb) sharing. [126000140320] |Click 'Okay' and the share will be set up. [126000140330] |Step 1C - To prepare the source computer, you will want to remove any unneeded files, especially large ones because they will take longer to tar, transfer and untar and make the tar file that much bigger. [126000140340] |Also, any personal data you don't want cloned to the target computer should be removed as well! [126000140350] |The clone will look exactly like the source computer when we are finished. [126000140360] |Cloning [126000140370] |Now, we are ready to clone the source system and get it running on the target computer. [126000140380] |In order to do this, we will need to make a tar file of certain directories, transfer this tar file to the target machine, and then un-tar it. [126000140390] |Step 2 - Creating the Tar File [126000140400] |Command Line Approach [126000140410] |To create the tar file, you will have to open up a terminal window. [126000140420] |To do this, go to Applications >Accessories >Terminal and click. [126000140430] |The terminal window starts out in your home directory. [126000140440] |Let's assume you are in your home directory (~). [126000140450] |In order to tar the directories we need, you will have to become root. [126000140460] |To do this type in sudo -s. [126000140470] |When prompted, enter your administrator account password, and you will be acting as root. [126000140480] |The tar file will include the /etc, /home, /opt, /tmp, /usr, and /var directories and subdirectories, and the tar file itself needs to be kept from being included. [126000140490] |So the command to tar the directories looks like this: [126000140500] |Code: [126000140510] |tar -cvzf ~/clone.tgz --exclude ~/clone.tgz /etc /home /opt /tmp /usr /var [126000140520] |The parts of the command are: [126000140530] |tar - the command itself [126000140540] |-cvzf - c means create, v means verbose, so the file names will appear on the screen as they are added, z means compress the file with gzip, f means the next argument is the name of the file to put the results in. [126000140550] |~/clone.tgz - this is the name of the file that will contain the tar results. ~/ indicates that the file will be created in the home directory. [126000140560] |--exclude - means that the tar file should not include the next file name [126000140570] |~/clone.tgz - so we are not including the tar file itself in the tar [126000140580] |/etc /home /opt /tmp /usr /var - these are the directories and their subdirectories that will be included in the tar file [126000140590] |The tar file, clone.tgz is now in your home directory, ready to be placed on the target computer. [126000140600] |You can check this by entering [126000140610] |Code: [126000140620] |ls ~/clone.tgz [126000140630] |This will display the tar file name. [126000140640] |GUI Approach [126000140650] |To create the tar file using the GUI desktop, you will have to be logged in as root. [126000140660] |To do this, go to System >Administration >Login Window. [126000140670] |Enter admin password. [126000140680] |Login Window Preferences window will open. [126000140690] |Click on the Security tab. [126000140700] |Check the Allow local system administrator login. [126000140710] |Close the window. [126000140720] |(I would recommend that after you create the tar file that you return to this window and un-check this option.) [126000140730] |Now you must switch to the root account. [126000140740] |Go to System >Quit and chose Switch user in the window that appears. [126000140750] |A login window will appear. [126000140760] |Login in as root using the administrator password. [126000140770] |Next we are going to create the tar file. [126000140780] |To do this, you must go to Applications >Accessories >Archive Manager. [126000140790] |Click on the new icon. [126000140800] |The new window will appear. [126000140810] |Type in clone.tgz in the name field, the save in field will default to your home directory, and display the Archive type list, and select tar compressed with gzip, then click on the new icon. [126000140820] |A archive input window will appear. [126000140830] |We will use this window to enter the directories we want as well as exclude clone.tar.gz itself. [126000140840] |Go to the edit tab, and select Add a folder by clicking on it. [126000140850] |Double-click on File System under Places, and then locate and select 'etc'. [126000140860] |Check the exclude symbolic link button. [126000140870] |Click on the add button. [126000140880] |Repeat for 'opt', 'tmp', 'usr', and 'var' and 'home'. [126000140890] |When you are adding home, also exclude ~/clone.tar.gz before adding. [126000140900] |Once you are done, you can close the archive window. [126000140910] |You have created the tar file clone.tar.gz in your home directory. [126000140920] |You are now ready to place the tar file into the target computer. [126000140930] |Step 3 - Transferring the Tar File to the Target Computer [126000140940] |Command Line Approach [126000140950] |There are a number of ways to transfer the tar file to the target computer. [126000140960] |I am going to use the 'netcat' method identified in BackupYourSystem/TAR. [126000140970] |To use netcat the target computer must be setup to receive the netcat transmission, and then the source computer can be used to send the transmission. [126000140980] |Step 3A - To setup the target computer to receive the transmission use the following command: [126000140990] |Code: [126000141000] |nc -l -p 1024 >~/clone.tgz [126000141010] |The parts of the command are: [126000141020] |nc - the command itself [126000141030] |-l - means listen mode [126000141040] |-p - means the next parameter is the port to listen on 1024 - is the port to listen on [126000141050] |>- means create and direct the output to the file with the name that follows [126000141060] |~/clone.tgz - means copy the tar file into clone.tgz in the target machine's home directory [126000141070] |Step 3B - Next you send the tar file to the target computer from the source computer by using the following command [126000141080] |Code: [126000141090] |cat clone.tgz | nc -q 0 insert receiving host name or IP address 1024 [126000141100] |The parts of the command are: [126000141110] |cat- reads the file (next parameter) and prints it to the standard output [126000141120] |clone.tgz - cat will read our tar file [126000141130] || - pipe directs the output to the netcat command [126000141140] |nc - the command itself [126000141150] |-q - means quit after the EOF [126000141160] |0 - number of seconds of delay [126000141170] |1024 - is the port to listen on receiving host name or IP address - means create and direct the output to the file with the name that follows [126000141180] |~/clone.tgz - means copy the tar file into clone.tgz in the target machine's home directory [126000141190] |When the transfer is done, our file clone.tgz will be in the home directory of the target machine. [126000141200] |Now it is time to un-tar the file. [126000141210] |GUI Approach [126000141220] |An easy approach to moving the files between machines is to setup shares and use samba to move the files. [126000141230] |It is beyond the scope of this discussion to explain how to use samba, but there is good information about that elsewhere on the Internet. [126000141240] |One such reference is http://www.oreilly.com/catalog/samba2/book/toc.html. [126000141250] |Once samba is installed and ready to go (the basic installation of Edgy Eft Ubuntu all ready had samba up and running), go to Places >Connect to Server ... and the Connect to Server window will appear. [126000141260] |Select the Windows share server type and then put in the name of the target computer's name (note it must be sharing out its home directory). [126000141270] |Select 'Connect' and an icon will appear on your desktop for the new share. [126000141280] |Double click on the icon, and you will be prompted for the any connection information required. [126000141290] |Once the 'Places' menu for this icon appears, you can open up a local home directory 'Places' window and just drag and drop the clone.tar.gz file from a Places window that shows the source computer's home directory to the Places window that shows the target computer's shared home directory. [126000141300] |You will be prompted for any other information the share needs to establish the connection (e.g., password). [126000141310] |Once the connection is established, you will see a Places window showing what is in the share on the machine you connected to. [126000141320] |When you connect to the target computer, you will see the home directory. [126000141330] |Open another Places window on the source computer, and drag and drop the tar file from the source to the target computer's Places window. [126000141340] |Depending on how large the files are, the copy could take several minutes. [126000141350] |Step 4 - Installing the Clone Files on the Target Computer [126000141360] |Command Line Approach [126000141370] |Installing the files on the target computer is very similar to creating them, The tar command is used again, only this time it is used to extract the files. [126000141380] |Code: [126000141390] |tar -xvpzf ~/clone.tgz -C / [126000141400] |The changes to the tar command for extracting the data are: [126000141410] |xvpzf - x means extract the files, v means verbose so the file names will appear on the screen as they are extracted, p means keep ownership the same as the original files, z means uncompress the files, and f means the next argument is the name of the file to put the results in. [126000141420] |~/clone.tgz - ~ means the home directory, clone.tgz is the tar file to extract [126000141430] |C - change directory to the one indicated next before extracting the files [126000141440] |/ - the root directory [126000141450] |Running the tar command to extract the files will take a little bit of time depending on how many and how big the files are. [126000141460] |GUI Approach [126000141470] |The same Archive Manager is used to extract the files as was used to create the files. [126000141480] |Go to Applications >Accessories >Archive Manager, then open the clone.tar.gz file we just copied to the target computer's home directory. [126000141490] |Select the Extract icon on the top row of icons. [126000141500] |Extract the files to 'File System' or '/'. [126000141510] |This will put them in their proper place in the file system. [126000141520] |Step 5 - Completing the Install [126000141530] |Once the install is completed, the target computer needs to be restarted for the changes to take effect. [126000141540] |The old user(s) you created when you first installed the basic Ubuntu configuration have been deleted, and the same users as existed on the source computer will now be the new users for the target computer. [126000141550] |You will need to check the users and make sure that you only leave the users that you want to be on the new target machine. [126000141560] |As well, you will need to change the name of the computer, because it will have the same name as the source computer, and if you are using samba or other network software, this will cause confusion. [126000141570] |Command Line Approach (Change host name) [126000141580] |The way to change the host name using the command line is as follows: [126000141590] |Code: [126000141600] |sudo gedit /etc/hostname [126000141610] |Once the file opens in the editor, you can rename the hostname. [126000141620] |Avoid duplicates of host names already on the network. [126000141630] |GUI Approach (Change host name) [126000141640] |To change the host name using the GUI, go to the System menu >Administration >Networking >Network Settings, and on that page select the General tab. [126000141650] |This will provide you with a text field to change the host name. [126000141660] |Some Things to Consider [126000141670] |One thing to consider is files that are not in the included folders (/etc, /home, /opt, /tmp, /usr, /var) or their sub-folders. [126000141680] |For example, perhaps a backup file was added to one of root's folders. [126000141690] |This file will not be cloned over, or any changes that were made to device files. [126000141700] |Media files are not included, so any files that are related to the hardware, will still have to be configured if they weren't during the initial installation of Ubuntu. [126000141710] |Also check for any updates as some of the files that were cloned may not be up to date. [126000141720] |And most of all don't forget to tell your users, so they start using the new computer, and don't just continue to use the one they have gotten used to before. [126000141730] |In Closing [126000141740] |I tried not to repeat most of what was said in BackupYourSystem/TAR, but I did repeat what was needed so someone could clone their system and not have to read the other article to do it, since documents have a way of moving around on the Internet over time, and links become broken. [126000141750] |There are many ways to do this, but this was the method I used, and it worked for me. [126000141760] |It is not elegant, but it is simple and easy. [126000141770] |I hope this detailed explanation does not turn off experienced users, but the newbie is more likely to use this article, and the more detail the better when you are starting out. [126000150010] |Howto: Customize your own Ubuntu Live CD [126000150020] |This will work for Feisty, and for Gutsy too. [126000150030] |This tutorial is actually based on a bash script. [126000150040] |I figured typing commands line by line is far to slow, and mistakes can be made. [126000150050] |A script simplifies the operation, and can be modified to taste. [126000150060] |I will first provide a basic script that everyone should find useful. [126000150070] |The script can be further modified by simply adding lines of code where necessary. [126000150080] |Here's how you do it: [126000150090] |1 - What you need:Create a new folder called: liveDownload the 7.04 (Feisty) desktop iso and place in the live folder. [126000150100] |Download the Flash browser plugin from Adobe: http://fpdownload.macromedia.com/get...9_linux.tar.gzExtract the flashplayer.xpt and the libflashplayer.so files and place in the live folder. [126000150110] |You will also need to install a couple of tools onto your computer to make this whole thing possible: Code: [126000150120] |sudo apt-get install squashfs-tools mkisofs [126000150130] |These only need to be installed the once, and so don't need to be part of the script. [126000150140] |2 - The basic script: [126000150150] |Code: [126000150160] |#!/bin/bashubuntuiso=ubuntu-7.04-desktop-i386.isocustomiso=ubuntu-7.04-H12Y-v1.isokernel=2.6.20-15-genericclearecho Customize Ubuntu LiveCDechoecho Script by: Stephen Clarkecho Based on documentation found at:echo https://help.ubuntu.com/community/LiveCDCustomizationechoecho "For customizing Ubuntu 7.04 (Feisty Fawn)"echoecho Press Ctrl C at any time to quitechoecho -n "Loading squashfs module... "modprobe squashfsecho Doneechoecho -n "Extract iso contents? y/[n] "read uaif [ "$ua" = "y" ]; then if [ -e "edit" ]; then echo -n "Removing existing Desktop System... " rm -r edit echo Done fi mkdir edit if [ -e "extract-cd" ]; then echo -n "Removing existing CD contents... " rm -r extract-cd echo Done fi mkdir extract-cd if ! [ -e "mnt" ]; then mkdir mnt fi if ! [ -e "squashfs" ]; then mkdir squashfs fi echo -n "Extracting CD contents... " mount -o loop $ubuntuiso mnt rsync --exclude=/casper/filesystem.squashfs -a mnt/ extract-cd echo Done echo -n "Extracting Desktop System... " mount -t squashfs -o loop mnt/casper/filesystem.squashfs squashfs cp -a squashfs/* edit/ umount squashfs umount mnt echo Donefiecho# Place custom scripting here# Initialize networking and sourcescp /etc/resolv.conf edit/etccp /etc/hosts edit/etccp /etc/apt/sources.list edit/etc/aptecho -n "Start package removal? y/[n] "read uaif [ "$ua" = "y" ]; then echo # Not all apps can be purged without dependency problems # Accept whatever solution aptitude offers chroot edit apt-get remove --purge ekiga evolution tomboy serpentine f-spot gnome-games bittorrent onboard gnome-pilot gnome-pilot-conduits libpisock9 libpisync0fiechoecho -n "Start package installation? y/[n] "read uaif [ "$ua" = "y" ]; then echo # -q supresses the output to a minimum chroot edit apt-get update -qq # sox, vorbis-tools, & mpg123-alsa are for previewing sound files in nautilus # The gstreamer packages are for codec support then echo -n "Remove unwanted Windows applications from LiveCD? [y]/n " read ua if ! [ "$ua" = "n" ]; then echo -n "Removing Windows applications... " rm -r extract-cd/programs echo Done fi echofiecho -n "Copying wallpaper... "if [ -f "edit/usr/share/backgrounds/*.*" ]; then rm edit/usr/share/backgrounds/*.*ficp wallpaper/* edit/usr/share/backgrounds/cp ubuntu-wallpapers.xml edit/usr/share/gnome-background-properties/echo Doneechoecho Setting gconf defaults for wallpaper, mouse, theme, nautilus and panel# Wallpaperchroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /desktop/gnome/background/picture_filename "/usr/share/backgrounds/01.jpg"# Mousechroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /desktop/gnome/peripherals/mouse/cursor_theme "ComixCursors-Orange-Large-Slim"# Themechroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /desktop/gnome/interface/gtk_theme "Nuvola"chroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /desktop/gnome/interface/icon_theme "Nuvola"chroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /apps/metacity/general/theme "Nuvola"# Nautiluschroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /apps/nautilus/preferences/click_policy "single"chroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /apps/nautilus/preferences/desktop_font "Sans Bold 10"chroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type bool --set /apps/nautilus/preferences/start_with_sidebar "false"chroot edit gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type bool --set /apps/nautilus/icon_view/default_use_tighter_layout "true"echo# End of custom scripting# Putting the CD togetherecho -n "Recompile iso? [y]/n "read uaif [ "$ua" = "n" ]; then echo echo The End echo exitfiecho Compressing filesystemif [ -e "extract-cd/casper/filesystem.squashfs" ]; then rm extract-cd/casper/filesystem.squashfsfimksquashfs edit extract-cd/casper/filesystem.squashfsechoecho -n "Removing old md5sum.txt and calculating new md5 sums... "rm extract-cd/md5sum.txt(cd extract-cd &&find . -type f -print0 | xargs -0 md5sum >md5sum.txt)echo Doneechoecho Creating isoif [ -f "$customiso" ]; then echo -n "Removing old custom iso... " rm $customiso echo Done echoficd extract-cdmkisofs -r -V "$IMAGE_NAME" -cache-inodes -J -l -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o ../$customiso .echoecho The Endecho [126000150170] |Open Gedit and paste this code in. Save file as: customize-livecd.sh and place in your live folder. [126000150180] |To run the script, open a terminal and type: Code: [126000150190] |sudo sh ./customize-livecd.sh [126000150200] |The first time round, you will answer yes to all questions. [126000150210] |After that, you can respond with no to save time extracting the iso again (unless you want to clean things up). [126000150220] |3 - A brief explanation: [126000150230] |The first thing the script does is to load the squashfs module. [126000150240] |This is necessary for the extraction/compression process to work. [126000150250] |Then it asks whether to extract the iso contents. [126000150260] |If you want to start a fresh customization, answer yes. [126000150270] |Answering no will save time having to extract everything from the iso again. [126000150280] |There are 3 lines that copy your network settings and the sources.list to enable downloading of packages to the extracted iso. [126000150290] |Then follows package removal and installation. [126000150300] |Again, you can answer no to save time if you have already done it. [126000150310] |Adjust the packages to be removed or installed to taste. [126000150320] |Then your Flash plugin for Firefox will be copied over. [126000150330] |There are some Windows application on the LiveCD which don't serve much purpose, so they can be removed too making a bit of room. [126000150340] |The next section is for copying any wallpaper over. [126000150350] |If you don't want this, delete these 7 lines. [126000150360] |If you do, create a folder in the live folder called wallpaper. [126000150370] |Copy any wallpaper you want into this folder. [126000150380] |If you wish to have these show up in the Desktop Background applet, you can customize the ubuntu-wallpapers.xml and add them. [126000150390] |You can find this file in /usr/share/gnome-background-properties/. [126000150400] |Make a copy of the ubuntu-wallpapers.xml file into the live folder and alter this copy instead. [126000150410] |This will have to be modified by hand using Gedit before running the script. [126000150420] |It's quite obvious how to alter the xml file once you've opened it. [126000150430] |The next few lines are for modifying some settings that you can find using the Configuration Editor. [126000150440] |It gives you an idea of how to create your own default settings. [126000150450] |This can be extended to just about everything you find in the Configuration Editor including setting up a complete customized desktop and panel(s). [126000150460] |Now we come to the part where the whole thing will be put back together and create a new iso. [126000150470] |At the very beginning of the script, you will notice 3 variables. ubuntuiso is the name of the Ubuntu iso you downloaded. customiso is the name of the new iso you will create from this script. kernel is the kernel used in the iso you downloaded. [126000150480] |If you're customizing Gutsy, it will be 2.6.22-7-generic. [126000150490] |4 - There are some laptop owners having problems booting the LiveCD due to driver problems. [126000150500] |I personally own a Philips X56 which has this exact problem. [126000150510] |So, for anyone with a Philips freevents X56, Twinhead H12Y, Avaretec 2460, or Everex Stepnote SA2050, this is the fix:Download: http://www.fitzenreiter.de/averatec/...16-generic.tgzExtract the 8139too.ko.2.6.20-16-generic file, copy it to the live folder and rename it to 8139too.ko . [126000150520] |Add these few lines to the script: Code: [126000150530] |# Patch for Twinhead H12Y notebooksecho -n "Install patch for $kernel kernel? y/[n] "read uaif [ "$ua" = "y" ]; then echo 8139too PIO from: http://www.fitzenreiter.de/averatec/index-e.htm echo -n "Removing SDHCI and replacing 8139too MIMO to PIO... " sdhci=edit/lib/modules/$kernel/kernel/drivers/mmc/host/sdhci.ko too=edit/lib/modules/$kernel/kernel/drivers/net/8139too.ko if [ -f "$sdhci" ]; then rm $sdhci fi if [ -f "$too" ]; then rm $too fi cp 8139too.ko $too echo Done echo echo -n "Rebuilding initrd... " chroot edit mkinitramfs -o /initrd.gz $kernel mv edit/initrd.gz extract-cd/casper/ echo Donefiecho [126000150540] |... just before the line that reads: # End of custom scripting. [126000150550] |Bear in mind that any updates to the kernel will also have to be patched. [126000150560] |After installation, any new kernels can be patched using the patch you just download and extracted. [126000150570] |Follow the instructions within. [126000150580] |That's about it. [126000160010] |Howto: Get DIVX Working through Swiftfox and VLC Player [126000160020] |This howto assumes that you have Swiftfox already installed. [126000160030] |If you don't, what's keeping you? ;) [126000160040] |Step 1 - Install VLC [126000160050] |Follow the instructions for your particular version of Ubuntu according to the VLC Media Player's website. [126000160060] |The problem is, if you do: Code: [126000160070] |about:plugins [126000160080] |... in Swiftfox's address bar, nothing even remotely VLC-ish pops up. [126000160090] |Let's fix that now. [126000160100] |Step 2 - Hunt down the mozilla plug-in files [126000160110] |This is the most important part of this howto. [126000160120] |For some reason, the mozilla-plugin-vlc package does not install the plugin where Swiftfox can access them. [126000160130] |We need to find the .so and .xpt files and soft link them to our Swiftfox plugins directory. [126000160140] |First let's drill-down to the Swiftfox plugins directory. [126000160150] |Code: [126000160160] |cd ~/.mozilla/plugins [126000160170] |Next, we create the links to the plugin... [126000160180] |Code: [126000160190] |ln -s /usr/lib/mozilla-firefox/components/vlcintf.xpt vlcintf.xpt [126000160200] |Code: [126000160210] |ln -s /usr/lib/mozilla-firefox/plugins/libvlcplugin.so libvlcplugin.so [126000160220] |Restarting Swiftfox and typing "about plugins" in the address bar will now display a long list of VLC goodies, but we aren't done yet. [126000160230] |Step 3 - Install and configure the Media Connectivity Add-On [126000160240] |You can scoop this up here. [126000160250] |Restart Swiftfox and let the installation wizard run as it searches for your media players (you only really need VLC for everything). [126000160260] |Once it's done, you'll be presented with a list of media formats and which application the Add-On should launch. [126000160270] |Scroll down and look for the entry marked "DivX". [126000160280] |Make sure the checkbox is ticked and enter this line as the default player: /usr/bin/X11/vlc [126000160290] |Done! [126000160300] |This howto won't help if you absolutely want to watch stuff off of stage6's website, but it works fabulously at tv-links.co.uk, even though a lot of their material is hosted at stage6.com. [126000160310] |Simply click on the video to start. [126000170010] |Howto: Install FuseSMB - Access Samba shares from ALL programs. Automatic access to Windows Shares. [126000170020] |Tested for Ubuntu x86 6.06 and 7.04 (Gnome) [126000170030] |Purpose:To easily access Samba and Windows shares from all X-programs. [126000170040] |(Especially mediaplayers.) [126000170050] |1: Install samba and fusesmb from repositories:Open Synaptic Package ManagerInstall libsmbclient, samba-common, smbclient and fusesmb [126000170060] |2: Give root and user access to fusesmb:Select from menu: "System->Administration->users and groups". [126000170070] |Now select "root" then click "properties" and tag "allow use of fusesmb"Do the same for your user account. [126000170080] |3: Create a mountpoint:In terminal write: sudo nautilusnavigate to the /media foldercreate a new folder and rename it to "network" (you can call it something else if you like)Right click the folder, and select "properties" then select "permissions", for section "group" select the group "users", for section "folder acces" select "read and write". [126000170090] |4: Make fusesmb start at boot. [126000170100] |Select from menu: "system->preferences->sessions"Select newName: fusesmbnet (can be whatever)command: fusesmb /media/network [126000170110] |5: Try it out. [126000170120] |Reboot to make changes take effect... [126000170130] |Now you (should) have automatic access to windows networks from all programs. [126000170140] |Much better than Gnome way of doing it IMO. [126000170150] |Rollback:If you don't want it anyway, its easily reversible just following the guide again, but replace install/new/create/make with delete/remove/uninstall. [126000170160] |Except you may want to keep the samba stuff. [126000190010] |Howto: Local Password Encryption for Gaim and Pidgin [126000190020] |Pidgin stores you passwords in plain text in ~/.purple/accounts.xml. [126000190030] |At home, I am fine with this, but on a computer that is not mine (like at work), I am less comfortable with this. [126000190040] |Someone can easily boot into recovery mode while I am away and find my passwords in plain text. [126000190050] |There is a patch for Gaim at http://dooglus.rincevent.net/gaim/ . [126000190060] |Attached is a patch for Pidgin. [126000190070] |In order to use the patch, you will need a couple libraries and development headers. [126000190080] |Code: [126000190090] |sudo apt-get install libnspr4-0d libnss3-0dsudo apt-get install libnss-dev libnspr-dev [126000190100] |Download the source from http://pidgin.im/pidgin/download/source/ if you haven't already, and unzip it. [126000190110] |Download the patch into the same directory and do the following Code: [126000190120] |tar xf master-password.patch.tarpatch -p 1 <> You should be ready to configure, make, and install as normal. Code: ./configuremake &&sudo make install [126000190130] |When you launch pidgin, you will see a new tab in the preferences called "security". [126000190140] |You can set a master password there. [126000190150] |The link above has screenshots. [126000190160] |After configuring, you should notice that the accounts.xml file now has gibberish where there once were passwords. [126000190170] |This has been tested on Kubuntu 7.04 [126000190180] |To remove pidgin, run the following from the directory in which you built pidgin: Code: [126000190190] |make uninstall [126000190200] |grab pidgin patch here [126000200010] |Howto: Setup Guest Login on Ubuntu with no password [126000200020] |Yes, I realize such a HowTo already exists (HowTo: enable passwordless logins via GDM), but this method is entirely different and, I think, less complicated. [126000200030] |Warning: Even though this method is simple (few steps), it is extremely dangerous if you don't know what you're doing. [126000200040] |Do not attempt this if you are worried that you might mess up the /etc/shadow file, thus screwing up your Ubuntu system, possibly irreparably! [126000200050] |This is an oft-requested task, mainly for people who don't want to require less tech-savvy family members to have to remember passwords. [126000200060] |It is a security risk, but I think people should at least know how to put their computers at risk if they want to. [126000200070] |Don't blame me if anything bad happens. [126000200080] |Step 1Make sure you have created a user. [126000200090] |For the sake of this example, let's say you called the account username guest. [126000200100] |You can give it any temporary password you want. [126000200110] |We're going to change that password shortly anyway. [126000200120] |I'm assuming you know how to do this already. [126000200130] |If you don't, I can assure you that this HowTo is not one you should be following, and you would be very likely to screw up the next step. [126000200140] |Step 2Next, go to the terminal and paste in this command: Code: [126000200150] |sudo nano /etc/shadow [126000200160] |This will open the /etc/shadow file (the one that contains all the passwords) in a text editor called Nano. [126000200170] |Once you have it open, find the appropriate line for the account in question. [126000200180] |It'll look something like this: Code: [126000200190] |guest:$1$2TUdk8Z0$tb2Fn6Idgo8dq9EgYv4xZ0:13721:0:99999:7::: [126000200200] |Change the second part (in bold here) to match this second part (also in bold): Code: [126000200210] |guest:U6aMy0wojraho:13721:0:99999:7::: [126000200220] |Then save the file (Control-X, Y, Enter). [126000200230] |Now you should be able to log into the guest (or whatever you called it) account without entering a password. [126000210010] |Howto: Sniff Gmail and Windows Passwords with ettercap on Ubuntu Linux [126000210020] |What You Will Need [126000210030] |*A Ubuntu machine to perform the ettercap hackery *A Windows machine to act as a file server (your virtual Windows XP machine will work) *Another Windows machine to be a client (your host Windows XP machine will work) [126000210040] |Start Your Ubuntu Virtual Machine [126000210050] |1. Start your Ubuntu machine and log in as usual. [126000210060] |Installing ettercap [126000210070] |2. From the menu bar in the upper left corner of the Ubuntu desktop, click Applications, Add/Remove. [126000210080] |3. In the Add/Remove Applications box, in the Search field, enter ettercap and press the Enter key. [126000210090] |4. When the ettercap application appears, as shown below on this page, check the check box in the Application pane. [126000210100] |In the “Apply the following changes?” box, click Apply. [126000210110] |Enter your password when you are prompted to. [126000210120] |Wait while software downloads and installs. [126000210130] |5. When you see a Changes applied box saying that the changes were successful, click Close. [126000210140] |Starting ettercap [126000210150] |6. From the Ubuntu menu bar, click Applications, Accessories, Terminal. [126000210160] |7. In the terminal window, enter this command, then press the Enter key: [126000210170] |ettercap --help [126000210180] |8. In the terminal window, enter this command, then press the Enter key: [126000210190] |sudo ettercap –i eth1 –Tq -d [126000210200] |Enter your password when you are prompted to. [126000210210] |This command starts ettercap in text mode, with DNS resolution of IP addresses. [126000210220] |There are several lines of introductory information, as shown to the right on this page, followed by the message “Text only Interface activated…”. [126000210230] |This window is now sniffing all network traffic to find passwords. [126000210240] |Logging in to mail.google.com with Firefox from Ubuntu [126000210250] |9. Leave the Terminal window open. [126000210260] |10. From the menu bar in the upper left corner of the Ubuntu desktop, click Applications, Internet, Firefox Web Browser. [126000210270] |11. Type in the address mail.google.com and press the Enter key. [126000210280] |Enter your name into the Username field. [126000210290] |Put in a password of FromUbuntu and press the Enter key. [126000210300] |12. When a box pops up asking whether you want Firefox to remember this password, click “Not now”. [126000210310] |After a few seconds, you will see a message saying Username/Password Failure. [126000210320] |13. Close or minimize the Firefox window. [126000210330] |The ettercap window should now show the name and password you typed in. [126000210340] |Logging in to mail.google.com with Firefox from Windows [126000210350] |14. Leave the Terminal window open. [126000210360] |15. Go to a Windows machine. [126000210370] |You could use your host system, or any computer in the room. [126000210380] |16. On the Windows machine, open a Web browser and go to mail.google.com17. [126000210390] |Enter your name into the Username field. [126000210400] |Put in a password of FromWindows and press the Enter key. [126000210410] |18. When a box pops up asking whether you want the browser to remember this password, click “Not now”. [126000210420] |After a few seconds, you will see a message saying Username/Password Failure. [126000210430] |19. Look at your Ubuntu machine now. [126000210440] |The ettercap window should now show both names and passwords. [126000210450] |Setting up a File Share on a Windows Machine [126000210460] |1. Start a Windows XP virtual machine. [126000210470] |You can use the same host machine you are running Ubuntu on, or any other host computer on the LAN. [126000210480] |Log in as usual. [126000210490] |2. Click Start, My Computer. [126000210500] |In the My Computer window, click Tools, Folder Options. [126000210510] |In the Folder Options box, click the View tab. [126000210520] |Scroll to the bottom of the list and make sure the Use simple file sharing (recommended) box is checked, as shown to the right on this page. [126000210530] |Click the OK button. [126000210540] |3. Right-click the desktop and select New, Folder. [126000210550] |Name the new folder YourNameShare. [126000210560] |Don’t use the literal text “YourName”—instead use your own name. [126000210570] |4. Right-click the YourNameShare folder and click Sharing and Security. [126000210580] |5. If you see a window with text saying “If you understand the security risks, but want to share files without running the wizard, click here.” [126000210590] |If you don’t see that box, that’s OK, just proceed to the next step. [126000210600] |6. In the YourNameShare Properties box, click the Share this folder button, as shown to the right on this page. [126000210610] |Accept the default selections for the other options and click the OK button. [126000210620] |This machine is now a File Server. [126000210630] |7. On your File Server Windows machine, click Start, Run, enter CMD, and press the Enter key. [126000210640] |Find the IP address of your Windows machine and write it down. [126000210650] |Connecting to the File Share From a Different Windows Machine [126000210660] |8. Go to a different Windows machine, such as the host Windows XP system. [126000210670] |Click Start, Run. [126000210680] |In the Run box, enter two backslashes and the IP address you wrote in the box above, as shown to the right on this page. [126000210690] |Use the IP address of your own Windows XP file server. [126000210700] |Press the Enter key. [126000210710] |9. If a Connect to box appears, requesting a User name and Password, just click Cancel. [126000210720] |10. Look at your Ubuntu machine now. [126000210730] |The ettercap window should one or more password hashes, as shown below on this page. [126000210740] |It’s possible to crack these hashes, but it can be difficult. [126000210750] |You need to use a tool like John the Ripper. [126000210760] |11. If you don’t see any hashes, try opening any local network share from any computer. [126000210770] |The simplest way to do it is to go to any host Windows XP machine, click Start, Run and enter \\192.168.1.3 [126000220010] |HOWTO: Tunnel Gnome, KDE, and X11 applications through SSH [126000220020] |Besides offering the user a remote shell, SSH can also run X11 applications on a remote computer. [126000220030] |This extends even to desktop environments such as GNOME and KDE, as they consist of a collection of separate applications. [126000220040] |I have used this method with two computers running Kubuntu 7.04. [126000220050] |However, the computers do not necessarily need to run the same environment or even the same distribution. [126000220060] |1. On the server, install a desktop environment and OpenSSH server, if they are not already present. [126000220070] |An X server is not required. [126000220080] |Code: [126000220090] |sudo aptitude install openssh-server [126000220100] |2. On the client, install an X server, the xterm terminal emulator, and the OpenSSH client. [126000220110] |These should already be present on most distributions. [126000220120] |3. On the client, press Ctrl+Alt+F1 to show a terminal. [126000220130] |Log in and type Code: [126000220140] |xinit /usr/bin/xterm -- :1 [126000220150] |to open a new X session (on “display 1”) with only a terminal on the screen. [126000220160] |Note: In distributions besides Ubuntu and Debian, the xterm executable may be in a different place. [126000220170] |Use the command Code: [126000220180] |whereis xterm [126000220190] |to find it. [126000220200] |4. In the new terminal, open an SSH connection to the server. [126000220210] |Type: Code: [126000220220] |ssh -Y username@hostname [126000220230] |replacing “username” with your login name on the server and “hostname” with the server's host name (or IP address.)5. [126000220240] |The SSH client will ask you for your server password. [126000220250] |Enter it. :)6. [126000220260] |Now that you have a shell prompt, all you need to do is launch the desktop enviroment. [126000220270] |For GNOME: Code: [126000220280] |gnome-session [126000220290] |For KDE: Code: [126000220300] |startkde [126000220310] |For XFCE: Code: [126000220320] |startxfce4 [126000220330] |7. Now enjoy! [126000220340] |Don't close the xterm window until you are done, and if the server doesn't close after you log out of GNOME/KDE, press Ctrl+Alt+Backspace to kill it. [126000230010] |Howto: Setup Ubuntu and XBOX Live to allow Xbox Live to pass through [126000230020] |I have borrowed this technique from this post, but made it shorter. [126000230030] |First, go into terminal and type this: [126000230040] |Code: [126000230050] |sudo gedit /etc/rc.local [126000230060] |Insert this at the end of the script, before the exit 0: [126000230070] |Code: [126000230080] |ifconfig eth0 upifconfig eth0 192.168.2.1echo "1" >/proc/sys/net/ipv4/ip_forwardiptables -t nat -A POSTROUTING -o ethX -s 192.168.2.1/24 -j MASQUERADE [126000230090] |Where ethX is your wireless card. [126000230100] |Reboot. [126000230110] |Hookup your Xbox360 and your computer via Ethernet and boot up the Xbox360 without a game in it. [126000230120] |Go to Network Settings and Edit Settings. [126000230130] |Now change these things: [126000230140] |IP Address: 192.168.2.2Subnet mask: 255.255.255.0Gateway: 192.168.2.1 [126000230150] |It will ask you to test these settings. [126000230160] |Test Xbox Live. [126000230170] |You should get an IP, but no DNS. [126000230180] |Go to Edit settings once it's finished. [126000230190] |Your DNS should be the router's IP Address. [126000230200] |To check it, return to your computer, right-click the wireless bars/two computers in the taskbar. [126000230210] |Click 'Connection Information'. [126000230220] |The Default route should be the router's IP address. [126000240010] |Assessing Your Vulnerability [126000240020] |It is a common mistake for people to assume that switching on a firewall makes them safe. [126000240030] |This is not the case and, in fact, has never been the case. [126000240040] |Each system has distinct security needs, and taking the time to customize its security layout will give you maximum security and the best performance. [126000240050] |The following list summarizes the most common mistakes: [126000240060] |
  • Installing every package Do you plan to use the machine as a DNS server? [126000240070] |If not, why have BIND installed? [126000240080] |Go through Synaptic and ensure that you have only the software you need.
  • [126000240090] |
  • Enabling unused services Do you want to administer the machine remotely? [126000240100] |Do you want people to
  • [126000240110] |
  • upload files? [126000240120] |If not, turn off SSH and FTP because they just add needless attack vectors. [126000240130] |This goes for many other services.
  • [126000240140] |
  • Disabling the local firewall on the grounds that you already have a firewall at the perimeter In security, depth is crucial: The more layers someone has to hack through, the higher the likelihood she will give up or get caught.
  • [126000240150] |
  • Letting your machine give out more information than it needs to Many machines are configured to give out software names and version numbers by default, which is just giving hackers a helping hand.
  • [126000240160] |
  • Placing your server in an unlocked room If so, you might as well just turn it off now and save the worry. [126000240170] |The exception to this is if all the employees at your company are happy and trustworthy. [126000240180] |But why take the risk?
  • [126000240190] |
  • Plugging your machine into a wireless network Unless you need wireless, avoid it, particularly if your machine is a server. [126000240200] |Never plug a server into a wireless network because it is just too fraught with security problems.
  • [126000250010] |Howto: Setup Belkin Wireless G F5D7050 USB Network Adapter on Ubuntu [126000250020] |Basically the Belkin USB adapter aka "rt73" driver was a big pain in the ass when I first installed ubuntu, the thing is, it really isnt hard at all. [126000250030] |Here is what I do, everytime I install ubuntu or compile another kernel. [126000250040] |Things you need1. [126000250050] |Ubuntu installed with usb adapter unplugged, yes unplugged! [126000250060] |2. Linux kernel headers from synaptic it looks like /linux-headers-*kernel version*3. [126000250070] |Build-essential packages from synaptic or apt-get build-essential4. [126000250080] |Rt73 Serialmonkey Drivers. [126000250090] |5. I dont like network-manager-gnome, it doesnt work properly with our card so I removed it, it may conflict with your setup. [126000250100] |I use Rutilt and I supplied the latest Rutilt v0.15 in .deb made with check install later in this post. [126000250110] |This is all you do [126000250120] |wget http://rt2x00.serialmonkey.com/rt73-cvs-daily.tar.gz [126000250130] |tar zxvf rt73-cvs-daily.tar.gz [126000250140] |cd rt73* <-- extracted dir cd M* <-- Modules dir make strip -S rt73.ko make install echo rt73 >>/etc/modules [126000250150] |Now Plug in your Belkin USB dongle. [126000250160] |modprobe rt73 [126000250170] |Then type iwconfig and it will be listed as wlan0 or wlan* [126000250180] |If you do not know how to setup your /etc/network/interfaces file you can use a utility called Rutilt which I use to replace gnome-network-manager [126000250190] |How to install Rutilt [126000250200] |wget http://io.storm.googlepages.com/rutiltv0.15_20070805-1_i386.deb [126000250210] |dpkg -i rutiltv0.15_20070805-1_i386.deb [126000250220] |Press Alt F2 after install and type in rutilt to run this, u can add this to gnome-session-properties for autostart [126000250230] |If for some reason this .deb doesnt work for you grab rutilt src from http://cbbk.free.fr/bonrom/ [126000250240] |Examples How to properly setup /etc/network/interfaces for WPA with your Belink USB: [126000250250] |# WORKING STATIC AES/WPA CONFIG auto wlan0iface wlan0 inet staticaddress 192.168.2.3netmask 255.255.255.0gateway 192.168.2.1pre-up ifconfig wlan0 downpre-up macchanger -A wlan0 # this changes my mac every time I connect to sp00f wifi networkspre-up ifconfig wlan0 uppre-up iwconfig wlan0 essid MYROUTERNAMEHEREpre-up iwconfig wlan0 mode managedpre-up iwpriv wlan0 set Channel=11 #channel where Access point is set, can be set to "auto"pre-up iwpriv wlan0 set AuthMode=WPAPSKpre-up iwpriv wlan0 set EncrypType=AESpre-up iwpriv wlan0 set WPAPSK="wpa password from wpa_passphrase"pre-up iwpriv wlan0 set TxRate=0mtu 1454 [126000250260] |# WORKING DYNAMIC AES/WPA CONFIGauto wlan0iface wlan0 inet dhcppre-up ifconfig wlan0 uppre-up iwconfig wlan0 essid MYROUTERNAMEHEREpre-up iwconfig wlan0 mode managedpre-up iwpriv wlan0 set Channel=11 #channel where Access point is set, can be set to "auto"pre-up iwpriv wlan0 set AuthMode=WPAPSKpre-up iwpriv wlan0 set EncrypType=AESpre-up iwpriv wlan0 set WPAPSK=Password_from_wpa_passphrase_via_cmd_linepre-up iwpriv wlan0 set TxRate=0mtu 1454 [126000250270] |# static configuration for static belkins wepauto wlan0iface wlan0 inet staticaddress 192.168.2.3netmask 255.255.255.0gateway 192.168.2.1wireless-essid ROUTERER ESSIDwireless-key yourhexkeyhere [126000250280] |# dynamic working config for dynamic belkins wepauto wlan0iface wlan0 inet dhcpwireless-essid ESSIDwireless-key hexkeyhere [126000260010] |Howto: Protect Your Ubuntu Machine by Setting up tripwire [126000260020] |After you have disabled all the unneeded services on your system, what remains is a core set of connections and programs that you want to keep. [126000260030] |However, you are not finished yet: You need to clamp down your wireless network, lock your server physically, and put scanning procedures in place (such as Tripwire and promiscuous mode network monitors). [126000260040] |Securing a Wireless Network [126000260050] |Because wireless networking has some unique security issues, those issues deserve a separate discussion here. [126000260060] |Wireless networking, although convenient, can be very insecure by its very nature because transmitted data (even encrypted data) can be received by remote devices. [126000260070] |Those devices could be in the same room; in the house, apartment, or building next door; or even several blocks away. [126000260080] |Extra care must be used to protect the actual frequency used by your network. [126000260090] |Great progress has been made in the past couple of years, but the possibility of a security breech is increased when the attacker is in the area and knows the frequency on which to listen. [126000260100] |It should also be noted that the encryption method used by more wireless NICs is weaker than other forms of encryption (such as SSH) and should not be considered as part of your security plan. [126000260110] |Tip [126000260120] |Always use OpenSSH-related tools, such as ssh or sftp, to conduct business on your wireless LAN. [126000260130] |Passwords are not transmitted as plain text, and your sessions are encrypted. [126000260140] |The better the physical security is around your network, the more secure it will be (this applies to wired networks as well). [126000260150] |Keep wireless transmitters (routers, switches, and so on) as close to the center of your building as possible. [126000260160] |Note or monitor the range of transmitted signals to determine whether your network is open to mobile network sniffingnow a geek sport known as war driving. [126000260170] |(Linux software is available at http://sourceforge.net/project/showfiles.php?group_id=57253.) [126000260180] |An occasional walk around your building not only gives you a break from work, but can also give you a chance to notice any people or equipment that should not be in the area. [126000260190] |Keep in mind that it takes only a single rogue wireless access point hooked up to a legitimate network hub to open access to your entire system. [126000260200] |These access points can be smaller than a pack of cigarettes, so the only way to spot them is to scan for them with another wireless device. [126000260210] |Passwords and Physical Security [126000260220] |The next step toward better security is to use secure passwords on your network and ensure that users use them as well. [126000260230] |For somewhat more physical security, you can force the use of a password with the LILO or GRUB bootloaders, remove bootable devices such as floppy and CD-ROM drives, or configure a network-booting server for Ubuntu. [126000260240] |This approach is not well supported or documented at the time of this writing, but you can read about one way to do this in Brieuc Jeunhomme's Network Boot and Exotic Root HOWTO, available at http://www.tldp.org/HOWTO/Network-boot-HOWTO/ [126000260250] |Also, keep in mind that some studies show that as much as 90% of network break-ins are by current or former employees. [126000260260] |If a person no longer requires access to your network, lock out access or, even better, remove the account immediately. [126000260270] |A good security policy also dictates that any data associated with the account first be backed up and retained for a set period of time to ensure against loss of important data. [126000260280] |If you are able, remove the terminated employee from the system before he leaves the building. [126000260290] |Finally, be aware of physical security. [126000260300] |If a potential attacker can get physical access to your system, getting full access becomes trivial. [126000260310] |Keep all servers in a locked room, and ensure that only authorized personnel are given access to clients. [126000260320] |Configuring and Using Tripwire [126000260330] |Tripwire is a security tool that checks the integrity of normal system binaries and reports any changes to syslog or by email. [126000260340] |Tripwire is a good tool for ensuring that your binaries have not been replaced by Trojan horse programs. [126000260350] |Trojan horses are malicious programs inadvertently installed because of identical filenames to distributed (expected) programs, and they can wreak havoc on a breached system. [126000260360] |Ubuntu does not include the free version of Tripwire, but it can be used to monitor your system. [126000260370] |To set up Tripwire for the first time, go to http://www.tripwire.org, and then download and install an open-source version of the software. [126000260380] |After installation, run the twinstall.sh script (found under /etc/tripwire) as root like so: [126000260390] |$ sudo /etc/tripwire/twinstall.sh [126000260400] |---------------------------------------------- [126000260410] |The Tripwire site and local passphrases are used to [126000260420] |sign a variety of files, such as the configuration, [126000260430] |policy, and database files. [126000260440] |Passphrases should be at least 8 characters in length [126000260450] |and contain both letters and numbers. [126000260460] |See the Tripwire manual for more information. [126000260470] |---------------------------------------------- [126000260480] |Creating key files... [126000260490] |(When selecting a passphrase, keep in mind that good passphrases typically [126000260500] |have upper and lower case letters, digits and punctuation marks, and are [126000260510] |at least 8 characters in length.) [126000260520] |Enter the site keyfile passphrase: [126000260530] |You then need to enter a password of at least eight characters (perhaps best is a string of random madness, such as 5fXkc4ln) at least twice. [126000260540] |The script generates keys for your site (host) and then asks you to enter a password (twice) for local use. [126000260550] |You are then asked to enter the new site password. [126000260560] |After following the prompts, the (rather extensive) default configuration and policy files (tw.cfg and tw.pol) are encrypted. [126000260570] |You should then back up and delete the original plain-text files installed by Ubuntu. [126000260580] |To then initialize Tripwire, use its --init option like so: [126000260590] |$ sudo tripwire --init [126000260600] |Please enter your local passphrase: [126000260610] |Parsing policy file: /etc/tripwire/tw.pol [126000260620] |Generating the database... [126000260630] |*** Processing Unix File System *** [126000260640] |.... [126000260650] |Wrote database file: /var/lib/tripwire/shuttle2.twd [126000260660] |The database was successfully generated. [126000260670] |Note that not all the output is shown here. [126000260680] |After Tripwire has created its database (which is a snapshot of your file system), it uses this baseline along with the encrypted configuration and policy settings under the /etc/tripwire directory to monitor the status of your system. [126000260690] |You should then start Tripwire in its integrity checking mode, using a desired option. [126000260700] |(See the TRipwire manual page for details.) [126000260710] |For example, you can have Tripwire check your system and then generate a report at the command line, like so: [126000260720] |# tripwire -m c [126000260730] |No output is shown here, but a report is displayed in this example. [126000260740] |The output could be redirected to a file, but a report is saved as /var/lib/tripwire/report/hostname-YYYYMMDD-HHMMSS.twr (in other words, using your host's name, the year, the month, the day, the hour, the minute, and the seconds). [126000260750] |This report can be read using the twprint utility, like so: [126000260760] |# twprint --print-report -r \ [126000260770] |/var/lib/tripwire/report/shuttle2-20020919-181049.twr | less [126000260780] |Other options, such as emailing the report, are supported by Tripwire, which should be run as a scheduled task by your system's scheduling table, /etc/crontab, on off-hours. [126000260790] |(It can be resource intensive on less powerful computers.) [126000260800] |The Tripwire software package also includes a twadmin utility you can use to fine-tune or change settings or policies or to perform other administrative duties. [126000260810] |Devices [126000260820] |Do not ever advertise that you have set a NIC to promiscuous mode. [126000260830] |Promiscuous mode (which can be set on an interface by using ifconfig's promisc option) is good for monitoring traffic across the network and can often allow you to monitor the actions of someone who might have broken into your network. [126000260840] |The tcpdump command also sets a designated interface to promiscuous mode while the program runs; unfortunately, the ifconfig command does not report this fact while tcpdump is running! [126000260850] |Do not forget to use the right tool for the right job. [126000260860] |Although a network bridge can be used to connect your network to the Internet, it would not be a good option. [126000260870] |Bridges have almost become obsolete because they forward any packet that comes their way, which is not good when a bridge is connected to the Internet. [126000260880] |A router enables you to filter which packets are relayed. [126000280010] |Howto: Less typing in the command line [126000280020] |If your like me, a command line junky and you are tired of typing so much here is a simple quick and effective tip. [126000280030] |The BASH shell has several environment variables that can be manipulated. [126000280040] |The PATH variable is well known. [126000280050] |Another useful variable is CDPATH. [126000280060] |As PATH is a list of search paths for commands, so is CDPATH a list of directories used as search path for the "cd" command. [126000280070] |Example: At one ftp server we serve a lot of software, including several of the most popular Linux distributions. [126000280080] |The local path to these distributions involves a lot of typing: [126000280090] |defcon@ion:~$ cd /usit/ion/ftp/linux/ defcon@ion:/usit/ion/ftp/linux$ [126000280100] |From here, I can jump into "slackware/", "centos/", "debian/" and so on. [126000280110] |But it's simpler when using CDPATH: [126000280120] |defcon@ion:~$ export CDPATH="/usit/ion/ftp/linux"defcon@ion:~$ cd slackware /usit/ion/ftp/linux/slackwaredefcon@ion:/usit/ion/ftp/linux/slackware$ [126000280130] |Nice huh? [126000280140] |An even lazier method (involving less typing) is to use alias: [126000280150] |defcon@ion:~$ alias s="cd /usit/ion/ftp/linux/slackware"defcon@ion:~$ sdefcon@ion:/usit/ion/ftp/linux/slackware$ [126000280160] |But then I have to create one alias for each directory. [126000280170] |Oh the choices! [126000310010] |Howto: Free Encrypted Online Storage for Ubuntu [126000310020] |For quite a while now I was looking for a solution, to store a backup of my boot partition (ubuntu server) online, since it took me about half a year to get the system configured the way I wanted it. [126000310030] |Loosing it would definitely cause an attempted genocide. [126000310040] |But I had two major concerns:1: The costs. [126000310050] |Why would I have to pay for something, that is already available in different forms. [126000310060] |Yeah, services like S3 from amazon are affordable, but, why pay when you don't have to, right? [126000310070] |2: Security. [126000310080] |I'm aware of the fact that there is no such thing as total security when you're somehow connected to the interwebs, but I don't wanna trust some firm, where I can't hunt down the sysadmin with a baseball bat, because he got into my backup files. [126000310090] |I think you get the point. [126000310100] |So here is what I did. [126000310110] |Create a backup with tar, split it into 94MB files, encrypt them with my gpg key and upload them to rapidshare. [126000310120] |Rapidshare will delete the files after 3 month, if you haven't accessed them, which sould be quite enough. [126000310130] |Let's have a look at the full backup script: [126000310140] |Code: [126000310150] |#!/bin/bash#create directory for this month full back in /home/saylar/backup/mkdir /home/saylar/backup/`date '+%Y-%m'`mkdir /home/saylar/backup/`date '+%Y-%m'`/full_backup/#create a full backup for this month and split it into 94MB Filestar cvj --listed-incremental /home/saylar/backup/`date '+%Y-%m'`/fullbackup.snar --exclude=/proc --exclude=/lost+found --exclude=/mnt --exclude=/sys --exclude=/home/saylar/backup / | split -d -b 90m - /home/saylar/backup/`date '+%Y-%m'`/full_backup/full_backup.tar.bz2.split#encrypt the files with gpggpg --encrypt-files --batch --no-tty -r dummy@email.address /home/saylar/backup/`date '+%Y-%m'`/full_backup/*split*#upload the files via rsupload scriptfor gpg in /home/saylar/backup/`date '+%Y-%m'`/full_backup/*gpg; do /home/saylar/backup/rsupload.pl "$gpg";done#now move the file with Rapidsharelinks into corresponding directorymv /home/saylar/backup/rsulres.txt /home/saylar/backup/`date '+%Y-%m'`/full_backup/#delete gpg files after they were succesfully uploadedrm -r /home/saylar/backup/`date '+%Y-%m'`/full_backup/*gpg [126000310160] |As you can see, it first creates a directory in /home/saylar/backup for this month and a full_backup directory. [126000310170] |Then we tar the whole filesystem and pipe that into the split command which will split the files into 94MB files. [126000310180] |Then we encrypt the split files with gpg. [126000310190] |Note the --batch --tty option. [126000310200] |This is neccessary because the script is started by cron, otherwise it won't run. [126000310210] |Then we take upload script provided by rapidshare(Look for the news from 22. Dec. 2006) and upload the gpg files. [126000310220] |Since the script does a MD5 check, there is no need to worry about corrupted files. [126000310230] |Now we just have to move the file with the download links into the corresponding backup directory and remove the gpg files again. [126000310240] |The scripts are running at 6am each day and at 11:30 pm each day we'll move the logfiles of what was done into the corresponding directory. [126000310250] |Just to be sure, that the fullbackup is really finished. [126000310260] |So, if you wanna do that, you have to do the following things: Code: [126000310270] |mkdir ~/backup [126000310280] |Code: [126000310290] |mkdir ~/backup/log [126000310300] |Put the attached files into the backup directory and replace saylar in every script with you username, replace dummy@email.address with the email address you create the gpg keys for and make them executable with: Code: [126000310310] |chmod a+x scriptname [126000310320] |Also look into rsupload.pl, there is one entry at the end of the file. [126000310330] |Afterwards edit the crontab for root Code: [126000310340] |sudo crontab -e [126000310350] |and put the following there: Code: [126000310360] |0 6 1 * * /home/saylar/backup/backup_full >>/home/saylar/backup/log/backup_full.log 2>&10 6 8,15,23,30 * * /home/saylar/backup/backup_incr_weekly >> /home/saylar/backup/log/backup_incr_weekly.log 2>&10 6 2,3,4,5,6,7,9,10,11,12,13,14,16,17,18,19,20,21,22,24,25,26,27,28,29,31 * * /home/saylar/backup/backup_incr_daily >>/home/saylar/backup/log/backup_incr_daily.log 2>&130 23 * * * /home/saylar/backup/mvlog >/dev/null [126000310370] |Again, make sure you change the username and you are set for a secure backup stored online. [126000310380] |PS: I'm no programmer at all, so I know that some things could be done much nicer, but it works very well for me. [126000310390] |If you have any suggestions, let me you know and I'll be happy to change it. [126000310400] |Sources:Howto: Backup and restore your system! [126000310410] |Rapidshare Upload ScriptGPG Tutorial [126000310420] |Download Backup script Here [126000320010] |Howto: Install Samba quickly and Easily Via Custom Scripts on Ubuntu [126000320020] |I found these scripts based off of a web tutorial on how to install and configure a file server via samba that i found here. [126000320030] |I don't take credit for the tutorial just for the scripts. [126000320040] |Feel free to edit these scripts and make them better. [126000320050] |Just be sure to post the new ones. [126000320060] |Installation:1. extract the samba scripts. [126000320070] |2. run installsamba.sh3. run addusers.sh for each user you want to add4. run addshares.sh for each folder you want to add5. enjoy your new file server [126000320080] |Also I would like to make more scripts for other common tasks in Ubuntu that other people seem too lazy to make scripts for. [126000320090] |I don't mean to sound like I don't appreciate his or her work, I would just like to see more scripts for installing things like the alsa driver. [126000320100] |Let me know if there are any that are desperately needed and I would do my best. [126000320110] |Download scripts here [126000330010] |Howto: Install Ubuntu on Windows 2000,XP,Vista [126000330020] |Wow, I just was searching google for ubuntu vs windows and ran across this application that installs Ubuntu right on top of windows, yea I think its pretty lame to install a Powerful operating system such as Ubuntu on top of windows which is slow/bloated as hell but it is possible. [126000330030] |From the site [126000330040] |Wubi is an unofficial Ubuntu installer for Windows users that will bring you into the Linux world with a single click. [126000330050] |Wubi allows you to install and uninstall Ubuntu as any other application. [126000330060] |If you heard about Linux and Ubuntu, if you wanted to try them but you were afraid, this is for you. [126000330070] |Wubi is Safe [126000330080] |It does not require you to modify the partitions of your PC, or to use a different bootloader. [126000330090] |Wubi is Simple [126000330100] |Just run the installer, no need to burn a CD. [126000330110] |Wubi is Discrete [126000330120] |Wubi keeps most of the files in one folder, and If you do not like, you can simply uninstall it. [126000330130] |Wubi is Free [126000330140] |Wubi (like Ubuntu) is free as in beer and as in freedom. [126000330150] |You will get this part later on, the important thing now is that it cost absolutely nothing, it is our gift to you... [126000330160] |How does Wubi work? [126000330170] |Wubi adds an entry to the Windows boot menu which allows you to run Linux. [126000330180] |Ubuntu is installed within a file in the windows file system (c:\wubi\disks\system.virtual.disk), this file is seen by Linux as a real hard disk. [126000330190] |Is this running Ubuntu within a virtual environment or something similar? [126000330200] |No. [126000330210] |This is a real installation, the only difference is that Ubuntu is installed within a file as opposed to being installed within its own partition. [126000330220] |Thus we spare you the trouble to create a free partition for Ubuntu. [126000330230] |And we spare you the trouble to have to burn a CD-Rom. [126000330240] |This istaller installs Ubuntu on a loopback file system located on your Windows partition, while making it bootable just like a real-deal Ubuntu install. [126000330250] |In fact, it _is_ a real-deal Ubuntu install, albeit in a slightly unconventional manner. [126000330260] |If you go glassy eyed at the word "loopback", don't worry.. it's just a fancy way of saying that your whole Ubuntu install is self-contained and stored in a single large file on your Windows drive. [126000330270] |Grab a copy of Wubi Here [126000340010] |Howto: Securely Delete Files In Ext3 Via Nautilus Menu [126000340020] |This adds a menu which securely deletes files by overwriting them 25 times [126000340030] |install nautilus-actions via synaptic package manager [126000340040] |launch nautilus actions configuration-->system--->preferences--->nautilus actions configuration [126000340050] |Add [126000340060] |Label = Shred [126000340070] |Path = shred [126000340080] |Parameters = -fuz %M [126000340090] |Click ok and exit [126000340100] |in terminal type killall nautilus [126000340110] |Viola! [126000340120] |A note for ext3 users from the shred manual:CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. [126000340130] |This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. [126000340140] |The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file sys tem modes: [126000340150] |In the case of ext3 file systems, the above disclaimer applies only in data=journal mode, which journals file data in addition to just metadata. [126000340160] |In both the data=ordered (default) and data=writeback modes, shred works as usual. [126000350010] |New torbutton Featured at Blackhat [126000350020] |I was just searching google for some BlackHat pdf's and ran accross a great firefox extention that works with tor. [126000350030] |Here are some of the features.. [126000350040] |This is a c/p right from the developers site:Download/install here [126000350050] |

    About

    [126000350060] |Torbutton is a 1-click way for Firefox users to enable or disable the browser's use of Tor. [126000350070] |It adds a panel to the statusbar that says "Tor Enabled" (in green) or "Tor Disabled" (in red). [126000350080] |The user may click on the panel to toggle the status. [126000350090] |If the user (or some other extension) changes the proxy settings, the change is automatically reflected in the statusbar. [126000350100] |Some users may prefer a toolbar button instead of a statusbar panel. [126000350110] |Such a button is included, and one adds it to the toolbar by right-clicking on the desired toolbar, selecting "Customize...", and then dragging the Torbutton icon onto the toolbar. [126000350120] |There is an option in the preferences to hide the statusbar panel (Tools->Extensions, select Torbutton, and click on Preferences). [126000350130] |Newer Firefoxes have the ability to send DNS resolves through the socks proxy, and Torbutton will make use of this feature if it is available in your version of Firefox. [126000350140] |

    Description of Options

    [126000350150] |The development branch of Torbutton adds several new security features to protect your anonymity from all the major threats the author is aware of. [126000350160] |The defaults should be fine for most people, but in case you are the tweaker type, or if you prefer to try to outsource some options to more flexible extensions, here is the complete list. [126000350170] |(In an ideal world, these descriptions should all be tooltips in the extension itself, but Firefox bugs 45375 and 218223 currently prevent this). [126000350180] |
  • Disable plugins on Tor Usage (crucial)
  • [126000350190] |This option is key to Tor security. [126000350200] |Plugins perform their own networking independent of the browser, and many plugins only partially obey even their own proxy settings. [126000350210] |
  • Isolate Dynamic Content to Tor State (crucial)
  • [126000350220] |Another crucial option, this setting causes the plugin to disable Javascript on tabs that are loaded during a Tor state different than the current one, to prevent delayed fetches of injected URLs that contain unique identifiers, and to kill meta-refresh tags. [126000350230] |It also enables an nsIContentPolicy that prevents all fetches from tabs loaded with an opposite Tor state. [126000350240] |This Content Policy serves to block non-Javascript dynamic content such as CSS popups. [126000350250] |
  • Hook Dangerous Javascript (crucial)
  • [126000350260] |This setting enables the Javascript hooking code. [126000350270] |Javascript is injected into the DOM (and then removed immediately after executing) to hook the Date object to mask timezone, and to hook the navigator object to mask OS and user agent properties not handled by the standard Firefox user agent override settings. [126000350280] |
  • Disable Updates During Tor (recommended)
  • [126000350290] |Many extension authors do not update their extensions from SSL-enabled websites. [126000350300] |It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to existing extensions. [126000350310] |
  • Disable Search Suggestions during Tor (optional)
  • [126000350320] |This optional setting governs if you get Google search suggestions during Tor usage. [126000350330] |Since no cookie is transmitted during search suggestions, this is a relatively benign behavior. [126000350340] |
  • Block History Reads during Tor (crucial)
  • [126000350350] |Based on code contributed by Collin Jackson, when enabled and Tor is enabled, this setting prevents the rendering engine from knowing if certain links were visited. [126000350360] |This mechanism defeats all document-based history disclosure attacks, including CSS-only attacks. [126000350370] |
  • Block History Reads during Non-Tor (recommended)
  • [126000350380] |This setting accomplishes the same but for your Non-Tor activity. [126000350390] |
  • Block History Writes during Tor (recommended)
  • [126000350400] |This setting prevents the rendering engine from recording visited URLs, and also disables download manager history, form field history, and disables remembering login information. [126000350410] |Note that if you allow writing of Tor history, it is recommended that you disable non-Tor history reads, since malicious websites you visit without Tor can query your history for .onion sites and other history recorded during Tor usage (such as Google queries). [126000350420] |
  • Block History Writes during Non-Tor (optional)
  • [126000350430] |This setting also disables recording any history information during Non-Tor usage. [126000350440] |
  • Clear History During Tor Toggle (optional)
  • [126000350450] |This is an alternate setting to use instead of (or in addition to) blocking history reads or writes. [126000350460] |
  • Block Tor disk cache and clear all cache on Tor Toggle
  • [126000350470] |Since the browser cache can be leveraged to store unique identifiers, cache must not persist across Tor sessions. [126000350480] |This option keeps the memory cache active during Tor usage for performance, but blocks disk access for caching. [126000350490] |
  • Block disk and memory cache during Tor
  • [126000350500] |This setting entirely blocks the cache during Tor, but preserves it for Non-Tor usage. [126000350510] |
  • Clear Cookies on Tor Toggle
  • [126000350520] |Fully clears all cookies on Tor toggle. [126000350530] |
  • Store Non-Tor cookies in a protected jar
  • [126000350540] |This option stores your persistent Non-Tor cookies in a special cookie jar file, in case you wish to preserve some cookies. [126000350550] |Contributed by Collin Jackson. [126000350560] |It is compatible with third party extensions that you use to manage your Non-Tor cookies. [126000350570] |Your Tor cookies will be cleared on toggle, of course. [126000350580] |
  • Manage My Own Cookies (dangerous)
  • [126000350590] |This setting allows you to manage your own cookies with an alternate extension, such as CookieCuller. [126000350600] |Note that this is particularly dangerous, since malicious exit nodes can spoof document elements that appear to be from sites you have preserved cookies for (and can then do things like fetch your entire gmail inbox, even if you were not using gmail or visiting any google pages at the time!). [126000350610] |
  • Disable DOM Storage during Tor usage (crucial)
  • [126000350620] |Firefox has recently added the ability to store additional state in persistant hash tables, called DOM Storage. [126000350630] |Obviously this can compromise your anonymity if stored content can be fetched across Tor-state. [126000350640] |
  • Clear cookies on Tor/Non-Tor shutdown
  • [126000350650] |This setting uses the Firefox Private Data settings to clear cookies on Tor and/or Non-Tor browser shutdown. [126000350660] |
  • Disable Session Saving (recommended)
  • [126000350670] |This option disables the session store, which stores your session in the event of browser upgrades and crashes. [126000350680] |Since the session store can be written at random times and a browser crash or upgrade can cause you to refetch many Tor urls outside of Tor, currently this is an all-or-nothing setting for both Tor and Non-Tor. [126000350690] |
  • Set user agent during Tor usage (crucial)
  • [126000350700] |User agent masking is done with the idea of making all Tor users appear uniform. [126000350710] |A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this string and supporting navigator.* properties, and this version will remain the same for all TorButton versions until such time as specific incompatibility issues are demonstrated. [126000350720] |Uniformity of this value is obviously very important to anonymity. [126000350730] |Note that for this option to have full effectiveness, the user must also allow Hook Dangerous Javascript ensure that the navigator.* properties are reset correctly. [126000350740] |The browser does not set some of them via the exposed user agent override preferences. [126000350750] |
  • Spoof US English Browser
  • [126000350760] |This option causes Firefox to send http headers as if it were an English browser. [126000350770] |Useful for internationalized users. [126000350780] |
  • Don't send referer during Tor Usage
  • [126000350790] |This option disables the referer header, preventing sites from determining where you came from to visit them. [126000350800] |This can break some sites, however. [126000350810] |Digg in particular seemed to be broken by this. [126000350820] |A more streamlined, less instrusive version of this option should be available eventually. [126000350830] |In the meantime, RefControl can provide this functionality via a default option of Forge. [126000350840] |

    FAQ

    [126000350850] |When I use Tor, Firefox is no longer filling in logins/search boxes for me. [126000350860] |Why? [126000350870] |Currently, this is tied to the "Block history writes during Tor" setting. [126000350880] |If you have enabled that setting, all formfill functionality (both saving and reading) is disabled. [126000350890] |If this bothers you, you can uncheck that option, but both history and forms will be saved. [126000350900] |To prevent history disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor history reads if you allow history writing during Tor. [126000350910] |Which Firefox extensions should I avoid using? [126000350920] |This is a tough one. [126000350930] |There are thousands of Firefox extensions: making a complete list of ones that are bad for anonymity is near impossible. [126000350940] |However, here are a few examples that should get you started as to what sorts of behavior are dangerous. [126000350950] |
  • StumbleUpon, et al
  • [126000350960] |This extension will send all sorts of information about the websites you visit to the stumbleupon servers, and correlate this information with a unique identifier. [126000350970] |This is obviously terrible for your anonymity. [126000350980] |More generally, any sort of extension that requires registration, or even extensions that provide information about websites you visit should be suspect. [126000350990] |
  • NoScript
  • [126000351000] |Torbutton currently mitigates all known anonymity issues with Javascript. [126000351010] |While it may be tempting to get better security by disabling Javascript for certain sites, you are far better off with an all-or-nothing approach. [126000351020] |NoScript is exceedingly complicated, and has many subleties that can surprise even advanced users. [126000351030] |For example, addons.mozilla.org verifies extension integrity via Javascript over https, but downloads them in the clear. [126000351040] |Not adding it to your whitelist effectively means you are pulling down unverified extensions. [126000351050] |Worse still, using NoScript can actually disable protections that Torbutton itself provides via Javascript, yet still allow malicious exit nodes to compromise your anonymity via the default whitelist (which they can spoof). [126000351060] |
  • FoxyProxy
  • [126000351070] |FoxyProxy faces similar problems as NoScript. [126000351080] |Since it only loads some content elements through a proxy, it is possible for exit nodes or malicious websites to insert links to sites that are allowed to bypass your proxy rules, and unmask you that way. [126000351090] |The FoxyProxy author has been informed of this issue (and other security issues) relating to his extension. [126000351100] |The solution they must implement is similar to Torbutton's "isolate dynamic content" mechanism: an entire tab must be bound to a single proxy setting for the duration of its document's existence. [126000351110] |So far the author has expressed no interest in implementing this ability. [126000351120] |Avoid this extension. [126000351130] |
  • SwitchProxy, et al
  • [126000351140] |In theory, Torbutton should tolerate third-party proxy switchers that behave sanely (ie in an all-or-nothing fashion). [126000351150] |In practice, there are likely bugs relating to this. [126000351160] |Please be vigilant if you are going to attempt combining Torbutton with another proxy siwtcher. [126000351170] |There may be cases where Torbutton gets confused as to which state it currently is in, leaving you vulnerable to all sorts of unmasking attacks. [126000360010] |The Ultimate Burning Application for Ubuntu Linux [126000360020] |Nero Linux 3 is the ultimate burning application for Linux. [126000360030] |Built on the award winning Nero Burning ROM 7 platform, Nero Linux 3 is not only the most powerful and versatile burning application available for Linux, but now the only application to offer Blu-ray Disc and HD DVD data burning support. [126000360040] |I'll supply you with the full version... [126000360050] |Why pay for this? [126000360060] |Get it Here [126000360070] |Experience the most comprehensive burning application for the Linux OS [126000360080] |
  • Enjoy the same functionality that is available in Nero Burning ROM 7 for Windows™
  • [126000360090] |
  • Burn data using any optical disc format, including CD, DVD, Blu-ray Disc and HD DVD
  • [126000360100] |
  • Ensure quick and easy setup using SmartDetect automatic drive support
  • [126000360110] |
  • Take control of your music collection with integrated audio capabilities including high speed digital audio extraction and FreeDB to automatically obtain disc information over the internet
  • [126000360120] |System Requirements: [126000360130] |
  • Linux Kernel 2.4 or newer (2.6 recommended) with X-Window
  • [126000360140] |
  • Glibc 2.3.2 and libstdc++6 3.4
  • [126000360150] |
  • GTK+ 2.4.10 (or newer)
  • [126000360160] |
  • 800 MHz Intel® Pentium® III processor, AMD Sempron™ 2200+ processors or equivalent, 128 MB RAM
  • [126000360170] |
  • Hard drive space: 50 MB for program installation
  • [126000360180] |
  • CD, DVD, Blu-ray, or HD DVD recordable or rewritable drive for burning
  • [126000360190] |Howto Install: [126000360200] |1) open a terminal2) chmod +x keymaker3) ./keymaker4) cd / 5) tar xvzf /path/to/nerolinux-3.0.1.3-x86.tar.gz 6) start nerolinux and enter a serial [126000370010] |25 useful commands in Linux/UNIX for Beginners [126000370020] |I just ran accross a nice site www.go2linux.org the admin left a nice comment about my layout and content, thankyou.. while browsing his site I found some great content on 25 usefull linux commands I definately use daily, the author added 7 of his favoritesCheck it out hereId like to add a few commands I use as well. [126000370030] |htop: nice looking top for process and memory stats.id: to check which user groups you belong towhoami: check which user you are in a multi-user environmentecho;example: echo * in your current directory to show you files if somehow you deleted ls - lolexample: echo whatever >>/etc/network/interfacescat: I like cat because I paste scripts and code right into the terminal like this:cat >>filetype stuff/paste stuff herecat file root@ion:~# cat filetype stuff/paste stuff hereroot@ion:~# [126000370040] |Resources:linuxcommand.org [126000370050] |btw, feel free to share your advanced bash hacks/commands here [126000380010] |Convert and Burn DIVX to DVD Easily with Wine & Ubuntu using ConvertXtoDVD [126000380020] |I used to run this application all the time in windows.. [126000380030] |Guess what? [126000380040] |You can run it on Ubuntu with wine. [126000380050] |There is allot of Converting,Encoding,Burning software for Linux but I love this little application, check it out, let me know what you think. btw the errors in the screenshot do not effect burning/reencoding at all, only the video preview function that sucks anyways :) [126000380060] |I'll hook you up with the full version hereHowto Install:apt-get install winethen download and unzip the package and run like windows :)Here is some info from the ConvertXtoDVD site: [126000380070] |ConvertXtoDVD is a video converter software to convert and burn your videos to DVD. [126000380080] |With ConvertXtoDVD and a few clicks you can backup your movies to DVD playable on any home DVD player. [126000380090] |ConvertXtoDVD supports most popular formats such as AVI to DVD; Mpeg, Mpeg, Mpeg4, MP4, VOB, WMV, DV and stream formats to DVD. [126000380100] |It converts your files into a compliant DVD Video set of files and burns it on a DVD media. [126000380110] |The ConvertXtoDvd does not need an external AVI codec download. [126000380120] |It uses its own AVI codecs. [126000380130] |Looking for free video converter software? [126000380140] |ConvertXtoDVD is free video converter evaluation software - a small payment and you no longer have the VSO watermark on the video output. [126000380150] |The aspect ratio can be automatically selected or forced to a specific format. [126000380160] |The program works for NTSC and PAL video formats and creates chapters automatically. [126000380170] |Multiple audio tracks are supported. [126000380180] |Version 2 uses a completely rewritten interface with subtitles support and a lot of new settings. [126000380190] |VSO ConvertXtoDVD is neither affiliated with, nor using technology from Divx Networks! [126000380200] |Key Features: [126000380210] |
  • Supported video formats: Convert AVI, Mpeg, Mpeg4, DivX, Xvid, MOV, WMV, WMV HD, DV, MKV, DVD to DVD and more...
  • [126000380220] |
  • Supported sources: existing files from digital camcorders, TV/Sat, capture cards
  • [126000380230] |
  • Can merge up to 4 hours of material from several movies or episodes
  • [126000380240] |
  • Supported audio formats: AC3, DTS, PCM, OGG, MP3, and more...
  • [126000380250] |
  • Handles subtitles files (.SRT .SUB/IDX .SSA) with color and font selection, and supports tags (italic, bold)
  • [126000380260] |
  • Video format choice: NTSC, PAL, or automatic and PULL-DOWN
  • [126000380270] |
  • Picture output: Widescreen, Fullscreen, or automatic
  • [126000380280] |
  • Create Automatic chapters or edit your own
  • [126000380290] |
  • Fast preview mode to check if the source is loaded correctly
  • [126000380300] |
  • Save the DVD structure on hard drive or burn it to a blank DVD
  • [126000380310] |
  • Reliable burn engine integrated (supports all DVD formats)
  • [126000380320] |
  • Fast and quality encoder (typically less than 1 hour for converting 1 movie)
  • [126000380330] |
  • Variable options and settings for advanced users
  • [126000380340] |
  • Control of the conversion speed vs quality
  • [126000380350] |
  • DVD Menu control (auto-start, loop etc)
  • [126000380360] |
  • DVD Menu edition (background, font, color)
  • [126000380370] |
  • Customizable interface (themes, dockable windows)
  • [126000380380] |
  • Multilingual support (available languages...)
  • [126000380390] |
  • Optimized for Windows 2000 / XP / Vista
  • [126000390010] |Drastically Improve Ubuntu Feisty 7.04 Performance with the performance patchset by Con Kolivas [126000390020] |My Ubuntu Box was running slower than I thought I could tweak it, so what I did was look for some good patchsets and I seen some conflicting results with cfs and ck and decided to test a few benchmarks and the ck patchset is a little more responsive than cfs on my system. [126000390030] |I have supplied a link @ the end of this post with statistics and discussions about cK vs cfs. [126000390040] |Here is a guide for you to walk you through the patching/compiling process, I hope you like it! [126000390050] |*Warning*If you have truecrypt installed or any kernel modules like the rt73 usb wifi driver, it must be recomiled/installed for the new kernel, the performance is worth the time and effort. [126000390060] |Make sure you download anything you need to recompile driver wise before you reboot to the new kernel. [126000390070] |*The drivers must be recompiled while using the new kernel! [126000390080] |This How-To will guide you through the compilation/installation of the 2.6.22 (more recent than the one distribuited with Ubuntu Feisty 7.04) with the performance patchset by Con Kolivas. [126000390090] |1-Download what is needed [126000390100] |Type in the command line: [126000390110] |Quote: Then download the following files to your Home directory:http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.tar.bz2Desktop Patch:http://www.kernel.org/pub/linux/kernel/people/ck/patches/2.6/2.6.22/2.6.22-ck1/patch-2.6.22-ck1.bz2Server Patch:http://www.kernel.org/pub/linux/kernel/people/ck/patches/2.6/2.6.22/2.6.22-ck1/patch-2.6.22-cks1.bz2 [126000390120] |2-Now, lets unpack the kernel source to /usr/src: [126000390130] |*Copy the source to /usr/src: [126000390140] |Code:sudo cp linux-2.6.22.tar.bz2 /usr/src *Change to /usr/src: [126000390150] |Code:cd /usr/src *Unpack it: [126000390160] |Code:sudo tar -xvjf linux-2.6.22.tar.bz2 *Now lets change the created directory name: [126000390170] |Code:sudo mv linux-2.6.22/ linux-2.6.22cK1 *Remove the symlink if there is one directory called linux: [126000390180] |Code:sudo rm -rf linux *Make the new symlink pointing for our 2.6.22 kernel source: [126000390190] |Code:sudo ln -s /usr/src/linux-2.6.22cK1 linux 3-Now it's time to patch the kernel: [126000390200] |*Change to /usr/src/linux: [126000390210] |Code:cd /usr/src/linux *Switch to root user: [126000390220] |Code:sudo -s -HPassword: *Apply the patch: [126000390230] |Code:sudo bzcat /home/username/patch-2.6.22-ck1.bz2| patch -p1 4-Kernel configuration: [126000390240] |*Import the configuration of the running kernel: [126000390250] |Code:uname -r To see what kernel are you running (in my case it is 2.6.20-16-generic). [126000390260] |Code:sudo cp /boot/config-2.6.20-16-generic .config To copy the config file and use it as base for the new kernel configuration (Don't forget to choose the correct config file). [126000390270] |*Configure the kernel: [126000390280] |Code:sudo make xconfig *While you may tweak your kernel configuration to your needs I will sugest you some tweaks: [126000390290] |In "General Setup" activate: [126000390300] |-Support for paging of anonymous memory (swap)--Support for prefetching swapped memory [126000390310] |In "Processor type and features": [126000390320] |-Processor family Choose the model of your processor. [126000390330] |Activate: [126000390340] |-Preemption Model--Voluntary Kernel Preemption (Desktop) [126000390350] |-High Memory Support--off -if you have less than 1 GB of RAM--1GB Low Memory Support -if you have 1GB of RAM--4GB -if you have more than 1GB of RAM [126000390360] |-Timer frequency--1000 Hz [126000390370] |In "Device drivers" go to "Block devices" and in "IO Schedulers" leave only the "CFQ I/O scheduler" activated, which provides the best performance. [126000390380] |In "Kernel hacking" uncheck "Kernel debugging". [126000390390] |Ctrl+S to save the kernel configuration and then close the window. [126000390400] |5-Let's build the kernel: [126000390410] |*In a terminal make sure you are in /usr/src/linux with full root access. [126000390420] |We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg. [126000390430] |*In a terminal type: [126000390440] |Code:make-kpkg cleanmake-kpkg -initrd --revision=ck1 kernel_image If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src. *To install it: [126000390450] |Code:sudo dpkg -i kernel-image-2.6.22*.deb 6-Reboot and everything should be running ok! *Try: [126000390460] |Code:uname -r to see that you are running the new kernel. [126000390470] |7-Nvidia graphic cards users: [126000390480] |To install Nvidia driver follow the guide (no need to install linux-headers as we have the source in /usr/src/linux: [126000390490] |http://www.ubuntuforums.org/showthre...ghlight=nvidia [126000390500] |Resources:The Kernel patch homepage of Con ColivasDiscussions on CK vs CFS