Three.ie and "We don't support Linux" crap rant…

GOD… DO I HATE MICROSOFT WINDOWS…

Seriously. I do with all my little black heart. Here is one of the hundreds of reasons why.

I was upgrading my server running PCLinuxOS today and after reboot it wouldn’t connect to the internet. I didn’t wanted to redo the internet settings until I checked that modem / simcard / Three.ie network status is fine so I decided to plug it to the laptop that is running xp at the moment. Yes yes I know… I was upgrading my Nokia N73 soft so I needed Windows. I plugged the modem in and all was peachy – autorun (great idea btw. Microsoft Dudes…) installed software for modem then I rebooted and it froze on Saving Your Personal Settings… so I cold rebooted it. After reboot all was peachy again. Plugged in modem. Started the Mobile Partner joke of a application. Modem detected but keeps disconnecting (modem – not internet connection…). Rebooted again. Now modem was detected and didn’t dropped out but wouldn’t connect. Changed USB port and rebooted. Froze again… Tried to get it connected for 40 minutes or so and I got so PISSED OFF that I plugged it back to the PCLinuxOS server and I SSH-ed to it. I redid the connection settings which took me 1 minute at the most and rebooted. All was peachy again – it connected at boot time… and is connecting ever since… So modem was fine. Simcard was fine. Network on the three.ie side was fine. Possibly one of the upgrades altered the connection setting file. All I needed to was to remove / recreate it… BUT what happened to Microsoft Windows XP Service Pack 3 with all the patches? Stupid OS works fine when connected to my wifi router which then is connected to my PCLinuxOS server… USB works fine with Pendrive. You know what? I plugged in the USB Modem and rebooted with PCLinuxOS LiveCD in. It booted to PCLinuxOS. I configured the connection and it was all fine and sweet. This means that my USB ports on the laptop were fine as well. I have only one thing to say in this situation. Screw You Microsoft. I will keep using PCLinuxOS – I don’t need / want You.

SO few words to “We dont support Linux…” three.ie folks. You can kiss my backside coz You ain’t supporting Microsoft Windows either… and to be completely honest Microsoft does not gives a rat’s ass about Three.ie either! If I was running Windows on the server I would shoot myself a long time ago or I would change Internet Service Provider ages ago. Honestly. Three.ie service got bit better lately but this anti-Linux policy has to go! Three.ie WAKE THE HECK UP! On the other hand Three.ie got better but only for me – coz I am using Linux… All the Ms loving folks keep suffering. Open Your eyes people!

Why should I feel bad just coz I am using Linux? WHY? Windows can’t handle the bloody connection properly anyway. Linux can. But when I went to Three store and asked them do they have any Linux supported modems (I was going to replace my modem with something newer / faster) they said “No – We don’t support Linux…”. So I asked them would they allow me to check modems that they have for sale with my simcard. “No – You can’t try them and if You buy one of them You can’t return it and tell us its not working with Linux – we don’t support Linux…”. I told them that it stinks and I showed them my laptop running PCLinuxOS – they were shocked how fast and simple the connection configuration was… Linux… Outlawed OS…

You know what? Screw You Three.ie reps – I don’t need Your support. I can handle this stuff myself. I am gonna try out one of my friends modem under PCLinuxOS and then if it works I will buy myself the same modem if I will feel like it. Or I will switch to other ISP. I don’t need You at all!

Here is how I feel. This is my honest opinion.

Andy

Backup Your folders… Re-doing Your settings can be a long and tidious process…

I have heard a good joke today…

– Hey Daddy… What does “Formatting HDD successfully completed” means?…
– It means You’re freakin DEAD

It does not have to be this way…

First of all – in PCLinuxOS You need to know the root password before You can format a drive…

Second thing is – if You set the permissions to Your files properly nobody can touch them if they don’t have Your password.

Last but not least? Backup Your data!

I always run a very nifty command before applying any important change to my system:

cp -Rf ~/.mozilla ~/.mozilla.bkp

It makes my settings save… Copies them into the .mozilla.bkp folder – if something nasty happens to my .mozilla folder I can recover it in a few seconds.

I have a .bkp copy of most of my ~ folders. If I loose my .mozilla settings or they are messed up I use:

rm -Rf ~/.mozilla&&cp -Rf ~/.mozilla.bkp ~/.mozilla

It removes the .mozilla folder from my ~ folder and replaces it with new .mozilla folder copied from my .mozilla.bkp folder.

Of coz You need to replace .mozilla with the name of the folder You want to backup.

Mind Your fingers coz rm -Rf command IS dangerous if misused. It will delete everything in path given without asking and it will delete it recursively…

You could use it to backup and recover any folder to and from any place just mind the syntax of the command.

Andy

KDE4 All Permissions Greyed Out.

Hi.

This is something I do when all my permissions are greyed out in KDE.

A) Open Dolphin file manager.
B) Right click on the ~/.firefox folder.
C) Choose Properties.
D) Go to the Permissions tab.
E) Click Advanced Permissions.
F) Make sure that all Special ticks (UID, GID, Sticky) are unticked.
G) Click Ok.
H) Are Your permissions still not available? They should be now.
I) Set them up

a) Owner: Can view and modify content
b) Group: Forbidden
c) Others: Forbidden.

J) Mark the box "Only owner can rename and delete folder content"..
K) Make sure that Your login. is present in Owner and Group dropdown menu.
L) Mark the box "Apply changes to all subfolders and their content".
M) Click OK.

This should finish with no errors.

You should be good to go.

Andy

Fmpmmmpmfpmp pmfmffpmpmpp Pmpmppppppppffm mpfpffppfppm Fmmppffmffmpmfppfmmmmpffpmp!

Fmppffmmmpppfmmpmfmmmfmpmppfmm ppfpffmpmmffpppmmmpffffm fmpmppfpffmp mffpppfmpppf fppmfpmmmfmp Pmpmppppppppffm mpfpffppfppm Fmmppffmffmpmfp Pfmmmmpffpmp fppppffmfpmfmpm fmmmmmffm mmmpppmpm mmpmmmmmfpmp mmmmfmmmmmffppp.

Mff mpmmffmpm fmmppfppmmppfmpmfpmffpppmfm mmfppfppmpfmpmfmppfmpmpppmfffm ppmmmmmpm Mff mfpmmmfpmmpp fmmfmpmmmpfffmpmppmpm mmm Pmpmppppppppffm mpmmmmffm ppfppp fmpmfpmpp mpfppfpfffmfppm… Mfffmp’fmm mffpppfmmmmmpppmpp. Mpffmfppppppffm fmpmfpmffpppmfm mfffmm? Pppppf ppfpppmpp fmfpppmpmmpppfffmmfmpmmmpppmpmfmm ppmmpp… Mffmpf fmpmfpmppffm pmppppmppfpp mmmmmpppffmffmp fmpmfpmfffmm fmmmfffmpmpp fmpmfpmppffm mmfppffmfpmfmpm fmppffmmmpppfmmpmfmmmfmpmpp mmmpmfpmf ppmffm Pmpmppppppppffm fmmpfmmppmppmmfmfp fmpppf pppppfpffppmmmmpmf fmmpfmmppmppmmfmfp… mmpfmffmp Mff mmmmffppp’fmp mfmppfppppppmmm fmpmpppmfpmf fmpmfpmppppm… :Mpm.

Kenny rox!

Mmmpppmpmffm

Pfm.Fmm. PpfPpmMfm! Fmpmppfpffmmfmpmmmpff pmpmffpmfpmfmppmpm Pmpmppppppppffm! PmfPpfPmf! Pppmmmmfp Mfpmpp mfffmm mpfmffpppmpp… mfpmpp fmpppfppfpmp mfpmffppm mpfppfpff Mmfmfpmffpppmppfmmmpp fmmpfmmmmppmppmmpppff! PmfPpfPmfPpfPmfPpfPmf!

How to record (capture) with rtmpdump by pstranger

This is one of the “Tips and Tricks” written by pstranger. I found it very interesting and decided to re-post it here.

Original post can be found here.

How to record (capture) with rtmpdump.

For example I want to record (capture) live broadcast of tv:

http://rt.com/on-air/

I run:

tcpdump -ieth0 -nn -A | grep -e"rtmp" -e"connect" -e"play" > rt.txt

Sometime it’s useful to add -e"app" option in grep in spite of it can capture a lot of garbage.

I open this page, waiting broadcasting and 3-4 times reload page again to fill buffer of output file (rt.txt in this case).

I always capture packets in file (sometimes output on console may be wrong or not full).

Next I open rt.txt and looking for piece of text like this:

connect.?..........app...live..flashVer...LNX 10,1,82,76..swfUrl..'http://rt.com/s/swf/player5.4.
viral.swf..tcUrl...rtmp://fm.s5.visionip.tv/live..fpad....capabilities.@m........audioCodecs.@.........videoCodecs.@o.......
videoFunction.?.........pageUrl....http://rt.com/on-air/..objectEncoding...........
.....T93.../...........play.............RT_3

and build command in accordance with this manual:

http://rtmpdump.mplayerhq.hu/rtmpdump.1.html

You should be careful with dots in options (turn on your brain and use cut and try method) like in this example:
rtmp://fm.s5.visionip.tv should be rtmp://fms5.visionip.tv

Here is example of 60 sec record:

rtmpdump -r rtmp://fms5.visionip.tv/live
-a live
-y RT_3
-W http://rt.com/s/swf/player5.4.viral.swf
-p http://rt.com/on-air/
-f "LNX 10,1,82,76"
-o ~/russia_tooday.flv
-B 60

The simple command:

rtmpdump -r rtmp://fms5.visionip.tv/live
-y RT_3
-o ~/russia_tooday.flv
-B 60

also works but they recommend to use full syntax.

Blumberg TV

http://www.bloomberg.com/tv/

connect.?..........app...live..flashVer...LNX 10,1,82,76..swfUrl..Jhttp://cdn.
gotraffic.net/v/20110210_153738//flash/Bloomber.gMediaPlayer.swf..tcUrl..*rtmpt://cp87869.live.edgefcs.net:1935/live..fpad....capabilities.@m......
..audioCodecs.@.........video.Codecs.@o.......
videoFunction.?.........pageUrl...http://www.bloomberg.com/tv/..objectEncoding.@.........

play………….us_300@21006

rtmpdump -r rtmpt://cp87869.live.edgefcs.net:1935/live
-a live
-y us_300@21006
-W http://cdn.gotraffic.net/v/20110210_153738//flash/BloombergMediaPlayer.swf
-p http://www.bloomberg.com/tv/
-f "LNX 10,1,82,76"
-o ~/bloomberg.flv
-B 60
--live

Video on demand:

Deutsche Welle

http://www.dw-world.de/dw/0,,4756,00.html

Program Euromaxx (with Roxette):

connect.?..........app..
a4337/dwwod1/..flashVer...LNX 10,1,82,76..swfUrl..;http://mediacenter.dw-world.de/player/flash/media.player.swf..tcUrl..*rtmpt://tvone.fcod.llnwd.net/a433
7/dwwod1/..fpad....capabilities.@m........audioCodecs.@.........videoCodecs..@o.......
videoFunction.?.........pageUrl..Khttp://mediacenter.dw-world.de/english/video/#!/72620/euromaxx/Program=7555..object.Encoding.@.........
................closeStream.....................H.....P.....play............;mp4:dwtv_video/flv/eme/emagen090211-euromaxx01ep_sd_avc.mp4

rtmpdump -r rtmpt://tvone.fcod.llnwd.net/a4337/dwwod1/
-a a4337/dwwod1/
-y mp4:dwtv_video/flv/eme/emagen090211-euromaxx01ep_sd_avc.mp4
-W http://mediacenter.dw-world.de/player/flash/media.player.swf
-p rtmpt://tvone.fcod.llnwd.net/a4337/dwwod1/
-f "LNX 10,1,82,76"
-o ~/euromaxx.flv

P.S. Some servers do not talk on this language and it’s hard to get options for rtmpdump in such a way.

Thanks pstranger.

Let me just add that tcpdump and rtmpdump are not in the system by default and can be installed using

apt-get install --yes tcpdump rtmpdump

command as root. I will add here as well that tcpdump commands must be issued as root as well. Don’t forget to pass the correct interface to tcpdump.

Andy

Wait… What was in updated in that upgrade I just did?

Hi all.

Sometimes I am upgrading my system and rebooting without looking at what it does in the background.

I am just using a command:

apt-get update&&apt-get --yes dist-upgrade&&apt-get clean&&ldconfig&&updatedb&&/usr/sbin/prelink -avmR&&rkhunter --propupd&&reboot

and sometimes something changes in the system. Not necessarily in negative way but I can see a change. I want to find out what was upgraded lately to track the change down.

To do so I am using command:

rpm -qa --last | less

Working just fine... ;)

To close less just press Q. To go to next page just press [SPACE]. To scroll one line at the time just press [ENTER].

Andy

Tightening security for SSH Server…

Hi all.

When I was setting up my server while back I have noticed 100’s of entries in my:

/var/log/auth.log

about failed log in attempts from various IP’s with various logins. I wondered what it was until I saw this:

Cracking SSH Logins Video

Conclusions? There is at least one (wishful thinking…) bot out there which will scan the entire range of IP’s for opened port 22 and will use some brute-force tool trying to crack it. Now that’s not a very positive conclusion for all the SSH users…

What can be done about this? There are 3 thing You can do.

A) Forbid the root’s log in – that’s a default option in PCLinuxOS.
B) Install fail2ban via synaptic
C) Change the SSH port from 22 to something above the 10100

I use all of them.

Forbidding the root’s log in is a must. Root is the only 100% sure login on every Linux based system. Attacker don’t have to guess it. It’s there for sure. Now all he has to do is to guess the password. Blocking root’s log in will make him to guess Your user login and password. This is more difficult for them and that’s the whole point.

PCLinuxOS uses interesting settings in its config files. If You look at the file:

/etc/ssh/denyusers

You will see that it contains a word root.

This setting is blocking all the attempts of root log in to Your SSH server and yet allows You to use su command for Your convenience. Why? Even if attacker knows root password he will not be able to log in. However user who is logged into the system via SSH can raise its privileges using su command. This is secured and comfortable in the same time. Sometimes root’s privileges are necessary so PCLinuxOS does allows You to gain root and yet You have to log in as user and know the root’s password to gain full control over the machine.

Another method – Fail2ban – (You will find it in our repositories) will add a firewall rule to block all the attempts of connecting to the SSH port for a machine that unsuccessfully tried to log in X amount of times in Y time period. Example – xxx.yyy.zzz.uuu machine tried to log in with logins jack, ann, mark 3 times in 20 minutes period so it got banned for an hour.

You can set X and Y in the fail2ban config file:

/etc/fail2ban/jail.conf

and if You have local e-mail server configured – fail2ban will send You a message with notifications about new events.

Fail2ban will protect not only SSH but also FTP, SFTP, and other protocols that are using authentication. Very cool tool.

Another thing that You can do is to change the port of the SSH server. Here is how its done.

Changing Port For SSH Server Video

Why changing the port and why above 10100? Default port for SSH is 22. All the script kiddies aka skiddies will use that port in their bots. Even if script kiddie is smart and will scan Your IP with port scanner like nmap – by default he will scan first 10000 ports only. Setting up SSH above that will cause the port scanner to find ZIP, ZERO, NADA, BIG BOBKAS. Even if skiddy is smarter then that and he will scan all the 65k ports the open port will be shown as unknown service. He would have to add few more switches to the nmap to find out that its a SSH server. Skiddies are mostly lazy and they are going after the easy prey. Making it just that little bit more difficult can be a blessing for Your security.

So far those three steps are what I have learned about securing SSH server. Maybe in the future if I will learn something new I will add it in a new post.

Remember that even the weakest protection is better then no protection at all.

Regards.

Andy

Hey! I have port XXX opened! What is using it?

Hi all.

I was messing around on my server sometime ago and I have nmap-ed myself and noticed port XXX opened. I knew I have something running on the server from the lan side and I couldn’t remember what it was!

So I googled a bit and came up with this command:

netstat -tlnp | grep XXX

It must be run as root. If You run it as user the process is root owned – You wont be given the access to the information about the process.

Lets say the open port is 22… I know its SSH but lets say I “forgot”.

Example.

As You can see user failed, but root got detailed information process and its id number.

Sometimes You need to skip some of the switches in the command like t for example coz process is not using TCP but UDP.

Thats all – simple as that…

Andy