Tag Archives: Linux

How to use the UFW (Uncomplicated Firewall) in linux

Firewall configuration isn’t always a very easy thing in linux.  I know that I have felt a bit intimidated, in the past.  UFW (uncomplicated firewall) is meant to make it much easier.  UFW is a configuration tool that runs on top of iptables.  In this post, I am hoping to go over how to use it. Continue reading How to use the UFW (Uncomplicated Firewall) in linux

How to use Nmap to identify what a server is running

Whether you are attacking a computer or protecting it, proper intelligence about a computer is important.  A very powerful option for learning about a given system is Nmap.  According to Nmap’s website:

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

I would like to take a look at a few of the things you can do with Nmap.  For these examples, my target is going to be jastreich.com (a server run by a friend and former coworker) .  This is definitely not a comprehensive guide but it will cover some high points.

 

Determine what domain names use that server (without pinging anything)

This scan does not ping the server in any way.  It simply does a reverse-DNS lookup.  The nmap website says that this scan is a “good sanity check” since it lets you verify the identity of your target.  I would have to agree.

nmap -sL [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 03:55 UTC

Nmap scan report for jastreich.com (192.81.210.134)

rDNS record for 192.81.210.134: piggyandmoo.com

Nmap done: 1 IP address (0 hosts up) scanned in 0.05 seconds

 

Trace path to the server (traceroute)

This sends packets to the server with decrementing TTL, in an attempt to elicit ICMP time-exceeded messages.  The goal is to identify every computer between you and your target.  This could help to identify alternate attack vectors.  Beware: traceroute requires root on your local machine.

nmap –traceroute [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 04:37 UTC

Nmap scan report for jastreich.com (192.81.210.134)

Host is up (0.00092s latency).

rDNS record for 192.81.210.134: piggyandmoo.com

Not shown: 998 closed ports

PORT   STATE SERVICE

25/tcp open  smtp

80/tcp open  http

TRACEROUTE (using port 554/tcp)

HOP RTT      ADDRESS

1   11.49 ms 192.81.212.1

2   0.95 ms  piggyandmoo.com (192.81.210.134)

Nmap done: 1 IP address (1 host up) scanned in 2.60 seconds

 

Application Version Detection

So, you know where your target is.  Next, you probably want to know what services your target is running.  This will tell you exactly what it is running (to the best of it’s ability).  Once you know what daemons are running and what versions are running, you can start looking for exploits that can be leveraged.

nmap -A [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 04:43 UTC

Nmap scan report for jastreich.com (192.81.210.134)

Host is up (0.00061s latency).

rDNS record for 192.81.210.133: piggyandmoo.com

Not shown: 998 closed ports

PORT   STATE SERVICE VERSION

25/tcp open  smtp    Postfix smtpd

|_smtp-commands: localhost, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,

| ssl-cert: Subject: commonName=stkfactory

| Not valid before: 2012-10-17 21:47:37

|_Not valid after:  2022-10-15 21:47:37

80/tcp open  http    Apache httpd 2.2.22 ((Ubuntu))

|_http-title: J. A. Streich Home Page

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=6.00%E=4%D=12/14%OT=25%CT=1%CU=44180%PV=N%DS=2%DC=T%G=Y%TM=52ABE1

OS:FA%P=i686-pc-linux-gnu)SEQ(SP=FE%GCD=1%ISR=104%TI=Z%CI=Z%II=I%TS=8)OPS(O

OS:1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O5=M5B4ST11N

OS:W6%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R

OS:=Y%DF=Y%T=41%W=3908%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41%S=O%A=S+%F=AS%

OS:RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y

OS:%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R

OS:%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=

OS:41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=41%CD=S

OS:)

Network Distance: 2 hops

Service Info: Host:  localhost

TRACEROUTE (using port 80/tcp)

HOP RTT     ADDRESS

1   0.82 ms 192.81.212.1

2   1.01 ms piggyandmoo.com (192.81.210.134)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 20.82 seconds

 

TCP SYN Scan

This is a good first scan when analyzing a server.  It is fast and stealthy because it never completes a TCP connection.  It uses something called a half-open scan.

nmap -sS [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 04:57 UTC

Nmap scan report for jastreich.com (192.81.210.134)

Host is up (0.00031s latency).

rDNS record for 192.81.210.134: piggyandmoo.com

Not shown: 998 closed ports

PORT   STATE SERVICE

25/tcp open  smtp

80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

 

 

How do I protect my Linux web server from viruses?

So, you want to run a web server and you are not the only person who will have the ability to upload files to it?  You might want to think about installing an antivirus scanner.  If you are running Linux (like I am), Clam AntiVirus is a good option.

So, how do you install it?

sudo apt-get install clamav

How do you update the virus definitions?

sudo freshclam

How do you scan the whole server for viruses?

clamscan -r /

If you want to scan the whole server for viruses and move any infected files, how do you do that?

clamscan -r –move=/home/administrator/quarantine /

So, the next step would be to set this task up in crontab, so it happens automatically, on a regular basis.

What is a Chromebook like to own?

tl;dr: It’s better than I thought it would be. You need just need to learn the tricks. Install crouton and Chrome Remote Desktop.

 

Over the past few months, I’ve been watching the ultrabook market for something that would have sufficient power, a day-long battery, and enough portability to allow me to carry it around comfortably.  I found ordered one (a Dell XPS 13) but after an issue with Dell mysteriously canceling my order and not being willing to tell me why, I was left without a viable option.

I started to reanalyze the options, ~1 month ago and started to wonder if I really needed to carry around something as powerful as a XPS 13.  I need a more powerful computer at home and at work but if I’m sitting at a coffeeshop, writing code, why would a i7 CPU and 8gb of RAM really be needed?  That’s when I started looking at a Samsung Chromebook.  I bought mine from best buy for under $220 (refurbished).  It came with 2gb of RAM, a 16gb SSD, and an ARM processor.  I specifically went for the ARM Chromebook because of it’s great battery (~8-9hrs).

I can hear you saying, “but Joe, Chrome OS is just a web browser!” You are only partially correct.  Chrome OS itself is basically just a web browser.  There are ways to deal with that, though.  Googler David Schneider created the ChRomium Os UbunTu chrOot enviroNment (aka Crouton).  It installs on-top of Chrome OS and allows you to run whatever linux apps you want (as long as you can find a compatible binary for the app).  It allows me to run Xfce without a problem.

Successes:

Despite what you might think, I actually spend most of my time within Chrome OS (vs Xfce).  Chrome OS really does handle most of what I do.  Previously, I have used Hamachi and RDP to connect from my laptop to my various PCs.  Hamachi is not an option on Chrome OS but Chrome Remote Desktop does NAT traversal.

I was able to get pidgin and Hotot working within Xfce.  It wasn’t too hard.  I don’t think LibreOffice would be hard to install but I haven’t had a need for it yet.

Issues:

I kinda wish Sublime Text 2 and Flash were available as ARM binaries.  Flash works in Chrome OS but not in Xfce.  It means that if you want to listen to Pandora, you need to be within Chrome OS.  As for Sublime Text 2, there is always Nano as an alternative.  I’m debating installing Sublime Text in a VPS and just remoting into it for dev work.  I’m not sure yet, though.

Earlier versions of Chrome OS did not support ad-hoc networking.  As a result, out of the box, I couldn’t tether my Galaxy Nexus to my Chromebook.  I even ended up returning my first Chromebook, out of frustration.  It turns out that a firmware update on the Chromebook fixes the issue.

Right click on the track-pad doesn’t work (apparently by design).  If you need to right click, you hold down alt and then left click.

There is no home button or end button but ctrl+alt+up and ctrl+alt+down work as adequate replacements.

Final Thoughts:

This will never be my only PC but it is quickly becoming my primary PC.  The 8+ hour battery is awesome.  I’m never going to be able to run apps like TurboTax on it but that is what my windows PC is for.  I am afraid to say it but I am starting to understand why someone might buy a Pixel.

How to add a new user in Ubuntu Linux

So, you have installed a fresh copy of Ubuntu and you need to start setting things up.  What is the first priority? You need to create new user accounts.  To add a new account, you can use useradd.

sudo useradd -d [user’s home folder] -m [username]

The above command creates the user’s account and their home folder but you still need to create their password.  For that, you want to use passwd.

sudo passwd [username]

So, now that we have created the account, how do you delete it?  For removal of user accounts, there is deluser.

deluser [username]

Now, let us check out a real-world example.

It’s as easy as that.  Just remember that deluser won’t remove the user’s home folder.  You will need to do that yourself.