Databases, Systems & Networks

Source: Vincent Liu

It’s amazing to see how big botnets can grow up till these days, and they really have plenty of computing power to spare. So what do botnet owners do with these unused free computing power after looting all valuable information from the poor victim? They waste it on scanning on any potential possibilities no matter how minute a chance of finding an opening is.

In the days when computer resources are scarce, computer bots don’t bother port scanning addresses when ping requests doesn’t provide a response. But not anymore. They know that there are people out there who are slightly more tech-savvy and do not want to be annoyed – so today’s bots have no qualms in trying to scan every single port on a network address, even if ping does not respond.

Well, my computer security philosophy is simple: scanning the ports on my computer constitutes as aggression – if you engage in such activity, then it means I am free to retaliate in response to it.

Even so, I do not mean launching an attack on the infected computer; but I’ll make your bots waste it’s resources by making connections that leads to a dead end. On the flip side, in the process of doing that, this scheme will not waste my own resources by doing it. Typically, an activity like this is termed as ‘tarpitting’. So let’s see how we can set up a tarpit to fight these bots.

Patching the Kernel

In order to perform tarpitting, we need to rely on Linux’s firewall, iptables and the ‘tarpit’ module. But since the ‘tarpit’ module on iptables isn’t supported on default on Debian/Ubuntu anymore, the only way to enable it is to patch the kernel and recompile it. This may sound daunting to a novice user, but there really isn’t a need to; all you need is just some basic knowledge and patience to set things up.

Firstly, a patch to the kernel becomes necessary. It’s currently unofficially maintained at http://enterprise.bih.harvard.edu/pub/tarpit-updates/, and marked as being ‘unsupported’ or ‘obsolete’ by netfilter team themselves, which essentially means use at your own risk! I’m usually a risk-taker (only when it comes to computer software 😉 so it’s not a big issue. You should work out if this is right for you.

You’ll first need to download the kernel sources, and set up the corresponding environment for recompiling your kernel. A detailed step-by-step procedure is provided in the Ubuntu Wiki. I’m just going to skim through the details from the wiki, and show you the commands that is relevant for version Ubuntu Intrepid:

% apt-get install linux-kernel-devel fakeroot build-essential makedumpfile
% apt-get install build-dep linux
% apt-get source linux-source

Now you need to find out what version of the kernel you’re running before you can download and apply the corresponding patch. The version is shown as the directory name of the source you’ve downloaded, eg:

% ls -l /usr/src/
linux-source-2.6.27

What we are interested is the number indicated in bold. In my case, it’s 2.6.27. We need to do a few things here: firstly we want to inherit all the old configuration that came with your currently working kernel, so that the newly compiled kernel will be the same as the original. Then we can download the patch and apply it to the linux source, so that only change is the addition of the tarpit feature:

% cd /usr/src/linux-source-2.6.27
% make oldconfig
% wget http://enterprise.bih.harvard.edu/pub/tarpit-updates/tarpit-2.6.27.patch
% patch -p1 < tarpit-2.6.27.patch

The patch should apply cleanly, which means now you have the tarpit feature in the kernel. But that’s not enough, you need to make sure tarpit is compiled, as a module generally. To do this run:

% make menuconfig

And select 'M' from the menu options Networking Support -> Network packet filtering framework (Netfilter) ->Core Netfilter Configuration -> "TARPIT" target support.

Lire la suite…

In this tutorial, I’ll show you the steps to create a simple failover cluster on Ubuntu using CARP. To make the things meaningful,we’ll create the cluster for Apache service but you can use it for any other service, which relay on IP.

Scenario:

Here is my Setup:

PrimarySrv: This is the main server, where I configured the apache and which act as Master (IP: 192.168.1.202)
SecondarySrv: 2nd Apache Server where I configured the apache exactly like on PrimarySrv (IP : 192.168.1.203)
192.168.1.250 : Virtual IP address,created using Ucarp.

Ucarp is really simple, it works like this,when the PrimarySrv is up,it will assign the virtual IP 192.168.1.250 to it, in case that PrimarySrv is down then it will assign virtual IP to the SeconadrySrv and when the PrimarySrv will come online, it will assign the virtual IP once again to it.

Lire la suite…

En cas de perte de la barre de menu et de la barre d’icônes, le seul moyen de les récupérer est de relancer gnome-panel.

A condition d’avoir un terminal ouvert (sinon on est un peu coincé puisqu’on ne peut plus le lancer avec Alt-F2), il suffit de lancer la commande:

killall gnome-panel

Cette commande va killer le process existant (s’il existe encore) et relancer cette partie de l’interface graphique de Ubuntu.

Plus d’infos sur Howto Restart Gnome Panel

Source: My Linux Notebook

It doesn’t happen a lot but it does sometimes when the Gnome Panel freeze. If you are a former windows user you might be used to restart the computer when something in you desktop stuck. This is not the way with Linux. We can fix the problem by restarting the desktop session (restarting the X server) pressing the Ctrl+Alt+BackSpace but this will destroy everything we worked on so far. A more elegant way will be to restart only the Gnome Panel.

Getting access to the Linux command line shell

In order to restart the Gnome Panel we will need to execute the Linux kill command. Once the Gnome Panel process is killed Gnome will restart it automatically so the only thing left for us is to kill the Gnome Panel process. In order to execute the Linux kill command we will need to get access to the Linux shell. This can be done by one of the following:

1. Pressing Alt+F2
2. Using an opened console window using the Alt+Tab buttons to navigate to it.
3. Using a console session by pressing Ctrl+Alt+F1

Killing the Gnome Panel

In each of these options we will need to execute the Linux kill command in order to kill the Gnome Panel process. There are two ways to use the kill command:

1. Using the application name will kill all the applications with the same name
2. Using the process id (pid) will kill only the process with the specified id.

Back to our case with the Gnome Panel, we can use both of the options.

Lire la suite…

Source: nixCraft

I am a new Debian Linux v.7.x / Ubuntu Linux LTS user. How do I reinstall a package using apt-get command line?

The Advanced Packaging Tool (APT) works on both Debian / Ubuntu and it can handle the installation and removal of software. You need use apt-get command as follows to forcefully reinstall package. The syntax is:

apt-get --reinstall install PackageNameHere

OR

apt-get --reinstall install Package1 Package2

The --reinstall option re-install packages that are already installed and at the newest version.

Pro tip: Backup configuration files before you reinstall packages. For example, if you are reinstalling nginx web server package, backup /etc/nginx/ with cp command i.e. mkdir /root/nginx.mmddyyyy/; cp -avr /etc/nginx/* /root/nginx.mmddyyy/

Examples

The following command will reinstall rsync package. Open a terminal and then type:
$ sudo apt-get --reinstall install rsync
OR
# apt-get --reinstall install rsync
Sample outputs:

If above method failed for you, try the following syntax. Make sure you backup config file before typing the following commands. Please note that the --purge option is identical to remove except that packages are removed and purged including any configuration files are deleted too.

 
sudo apt-get --purge remove package1
sudo apt-get install package1