Databases, Systems & Networks

Summary

Worms, worms are everywhere! The recent and prolific spread of Internet worms has yet again demonstrated the vulnerability of network hosts, and it’s clear that new approaches to worm containment need to be investigated. In this article, we’ll discuss a new twist on an under-utilized technology: the tarpit.

The Worms

In a nutshell, worm technology works by infecting a host and then using it to scan for more victims. The damage caused by the recent worm outbreaks isn’t so much to the victim computer as it is to the networks in which they operate. The side-effect of propagation is that massive amounts of bandwidth are consumed as the infected hosts perform their scanning. The speed at which they are able to compromise new hosts grows exponentially, eventually causing a network meltdown.

In the future, worms could carry more damaging payloads, doing things like deleting files, installing network sniffers, or stealing confidential files. However, there is a fine balance between being overly destructive and fast to propagate, because just like in nature, a worm or virus that kills its host too quickly cannot effectively spread.

Solutions?

Preventative measures provide the most effective protection — in this case, patching the vulnerable systems before the worm is released. In the case of the Blaster worm, a patch was available long before the worm happened, and long enough for security experts to place informal « bets » as to when the worm would actually appear. However, in large companies and organizations with traveling users, applying and supporting a patch to systems can become somewhat of a tactical nightmare. So, given that preventative maintenance obviously isn’t working, it may be necessary to begin to examine some of the other possibilities for slowing the spread of worms, once outbreaks occur.

One such solution, and the focus of this article, is the TARPIT — which is available as a relatively new patch to the Netfilter (IPtables) firewall for Linux, in addition to being available for Windows platforms, Solaris, and OpenBSD thanks to the LaBrea tarpit project from Hackbusters (but now hosted on Sorceforge). For simplicity, this article will focus on just the IPtables version. What the tarpit project means to IPtables users is that now, instead of simply logging and dropping packets, they can now be sent to a TARPIT.

The concept behind a tarpit is fairly simple. The connections come in, but they don’t get back out. IPtables handles this by allowing a tarpitted port to accept any incoming TCP connection. When data transfer begins to occur, the TCP window size is set to zero, so no data can be transferred within the session. The connection is then held open, and any requests by the remote side to close the session are ignored. This means that the attacker must wait for the connection to timeout in order to disconnect. This kind of behavior is bad news for automated scanning tools (like worms) because they rely on a quick turnaround from their potential victims.

Lire la suite…

Source: nixCraft

I have a backup sync program on local server. I have an ssh password less login set up, and I can run commands on an external server in bash script doing:

ssh root@server2 "sync; sync; /sbin/shutdown -h now"

How do I run multiple commands in bash on a remote Unix or Linux server? What is the best Way to SSH in and Run various unix commands in bash?

There are various ways to run multiple commands on a remote Unix server. The syntax is as follows:

Simple bash syntax to run multiple commands on remote machine

Simply run command2 if command1 successful on a remote host called foo
$ ssh bar@foo "command1 && command2"
Run date and hostname commands:
$ ssh user@host "date && hostname"
You can run sudo command as follows on a remote box called server1.cyberciti.biz:
$ ssh -t vivek@server1.dbsysnet.com "sudo /sbin/shutdown -h now"
And, finally:
$ ssh root@server1.dbsysnet.com "sync && sync && /sbin/shutdown -h now"

Lire la suite…

Source: nixCraft

What is a « locale » on a Linux operating system? How do I set or get locals (i18n) values on a Linux operating system?

Locales defines language and country specific setting for your programs and shell session. You can use locales to see date, time, number, currency and other values formatted as per your country or language on a Linux or Unix-like system.

To set system’s locale you need use shell variable. For example, LANG variable can be used to set en_US (English US) language.

How do I show current locale settings on a Linux or Unix?

The syntax is:

locale
locale name
locale [options] name

Examples

Simply type the following command:

 $ locale 

Lire la suite…

Source: nixCraft

How do I to disable the mail alert send by crontab? When my job is executed and the jobs cannot run normally it will sent an email to root. Why do I receive e-mails to my root account from cron? How can I prevent this? How can I disable email alert sent by cron jobs on a Linux or Unix-like systems?

The crontab command is used to maintain crontab files for individual users. By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append following strings at the end of crontab entry.

Cron job prevent the sending of errors and output

To prevent the sending of errors and output, add any one of the following at the end of the line for each cron job to redirect output to a.

/dev/null 2>&1.

OR

&> /dev/null

Cron job example

Edit/Open your cron jobs, enter:

$ crontab -e

Append string >/dev/null 2>&1 to stop mail alert:

0 1 5 10 * /path/to/script.sh >/dev/null 2>&1

OR

0 1 5 10 * /path/to/script.sh &> /dev/null

Save and close the file.

Set MAILTO variable

You can set MAILTO="" variable at the start of your crontab file. This will also disable email alert. Edit/Open your cron jobs:

$ crontab -e

At the top of the file, enter:

MAILTO=""

Save and close the file.