Blocking port 113 in shorewall – PCLinuxOS default firewall.

Hi all.

I was using GRC.com Shields Up – Internet Vulnerability Profiling tool to verify are all of my ports in stealth mode and I have failed with port 113. When setting up my firewall I chose all the ports to be closed and they were indeed however Shields Up was showing this port as closed and yet responding to the “knocking”. I blocked PING / ICMP requests and still – same story.

I found a solution.

Open console and log in as root using su command. Then using Your favorite file editor (vi, mcedit, joe etc…) edit the file /etc/shorewall/rules and add this line:

DROP net fw tcp 113

so it looks like this:

#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
INCLUDE rules.drakx
DROP net fw tcp 113
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Save the file and run this command:

service shorewall restart

and re-test Your firewall with Shields Up again. If You are lucky You should see something like this:

Stealth mode.

Btw. Thanks to Mr. Steve Gibson for such a powerful tool!

Andy

Mencoder… Shalalala – I am loving it ;)!

Hi all.

Mencoder? What is mencoder…

Command:

man mencoder

says it all…

Mencoder (MPlayer’s Movie Encoder) is a simple movie encoder, designed to encode MPlayer-playable movies (see above) to other MPlayer-playable formats (see below). It encodes to MPEG-4 (DivX/Xvid), one of the libavcodec codecs and PCM/MP3/VBRMP3 audio in 1, 2 or 3 passes. Furthermore it has stream copying abilities, a powerful filter system (crop, expand, flip, postprocess, rotate, scale, noise, RGB/YUV conversion) and more.

The truth is that mencoder tool is so POWERFUL that its man page is a size of a book… The truth is – I don’t really know mencoder – I am using only a fraction of its possibilities. I am going to share here what I have learned over the last two years. It’s not much – but the knowledge has served me well.

From any format to PSP mp4 format:

mencoder /path/to/input.file -oac lavc -ovc lavc -of lavf -lavcopts aglobal=1:vglobal=1:vcodec=mpeg4:vbitrate=384:acodec=libfaac -af lavcresample=24000 -vf scale=368:208,harddup -lavfopts format=psp -ofps 15 -o /path/to/file.mp4

Add music to the video file:

mencoder -ovc copy -audiofile /path/to/file.mp3 -oac copy /path/to/nosound.avi -o /path/to/filewithmusic.avi

Resize to the 320 x 240 resolution:

mencoder /path/to/input.avi -ovc lavc -lavcopts vcodec=mpeg4:mbd=2:trell -oac copy -vf scale=320:240 -o /path/to/output.avi

Join 2 files into 1:

mencoder -forceidx -ovc copy -oac copy -o /path/to/joined.avi /path/to/part_1.avi /path/to/part_2.avi

AVI to FLV (Flash Video):

mencoder -forceidx -of lavf -oac mp3lame -lameopts abr:br=56 -srate 22050 -ovc lavc -lavcopts vcodec=flv:vbitrate=250:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -vf scale=360:240 -o /path/to/output.flv /path/to/source.avi

Any video to AVI:

mencoder /path/to/input.file -o /path/to/file.avi -ovc lavc -oac pcm

Extract soundtrack from the video file:

mplayer -dumpaudio /path/to/video.file -dumpfile /where/to/save/file.mp3

Remove the current audio track (creates silent video):

mencoder -ovc copy -nosound /path/to/withsound.avi -o /path/to/withoutsound.avi

Speed up video x times:

mencoder -o /path/to/faster.avi -speed 4 -ofps 25 -vf framestep=2 -ovc lavc -lavcopts vcodec=mpeg4 /path/to/normal/pace.avi

Change the value of -speed to 2 if the output is to fast. Change the value of framestep= to drop more or less frames in the process.

Rotate video X degrees:

mencoder -vf rotate=1 -o /path/to/rotated/output.avi -oac copy -ovc lavc /path/to/input.avi

In this case the video is rotated 90 clockwise. Change the value of rotate= to achieve different values.

Hope someone finds it useful someday.

Andy

KDE4 Resizing Pidgin Conversation Window

Hi all.

Something quick and yet pretty cool. Resizing the Pidgin conversation window.

A) Right click on the top window bar, the one with Close, Minimize, Maximize buttons.
B) From the menu choose Advanced > Special Window Settings.
C) Now in there go to the Size on the Geometry tab.
D) Check the box next to the Size entry and choose Force from drop-down menu.
E) Now change the first entry from 475 to lets say 375 or 275 – whatever floats Your boat – and ok the window.

KDE4 HOWTO Resizing Pidgin Conversation Window Video.

This is one of the reasons why I love KDE4…

Videos were uploaded thanks to Cyryl. Thanks again Dude.

Andy

Misiasty The Hamster Video Compilations…

Hi all ;).

Today something from a different barrel as we say it in Poland :). No Linux. No software. Just fun.

Altho I could mention that I used mencoder / avidemux-qt to edit those videos under PCLinuxOS…

First video was made over a year ago when I was still big fan of google and youtube…

Misiasty The Hamster Video Compilation 1.avi

Second video was made yesterday. Its 00:49 so yes its Wednesday already. No sound or any mad intros. Just vid.

Misiasty The Hamster Video Compilation 2.avi

Videos were uploaded thanks to Cyryl. Thanks again Dude.

Enjoy.

Andy

Sending logs from the server to Your e-mail account using local mail server.

Hi all.

It was 5 am when I woke up and could not sleep anymore. I went to bed around 2 am… 3 hours of sleep and boom…

Sleep is for the weak!! This is SPARTA!!

Awesome…

So I decided to do something with this time… Instead of laying in the bed and trying to fall asleep again I have decided to work on a little project. I was thinking about it for a while. I have a sendmail – mail server – running for local network. I don’t like my own way of reading the system logs. I log into the server via ssh and I su myself to root and I am using mc to read the logs and they are always big and horrible… Loving the mc I have to say I am missing the scroll bar on the side… Pg UP / Pg DN are awesome but I would just love to click in the middle of the scroll bar and read this exact moment of the log. Or just drag it up or down…

Would it be easier to read those logs from the level of lets say… Thunderbird from the LAN client? It sure would be easier / nicer / cleaner and lets say it more efficient… Ok so… Let’s learn something new and go back to bed…

GOAL of this project is:

I want to send e-mail to myself containing info from the server log and then read the message using some nice GUI mail client like Thunderbird for example. All this was done before… beside sending the logs. I will not be explaining here how to configure the sendmail server. Not today anyway. I configured it in the past after a lot of reading and messing around. I can check my system mail from the LAN client via secure (SSL) pop3s socket. Now all I need to figure out is how to send the logs to myself. HMMMM…

Bit of searching online and I had first idea:

/bin/mail mylogin@myserver.net < /var/log/httpd/access_log

HA! Now ain’t that sweet? This will throw the entire content of the access_log to the e-mail message and then sent it to the chosen e-mail.

Yes it is sweet…

BUT there are always BUTS…

If I keep sending this file to myself over and over and over again the message is going to get big. After a while of adding data to the log file its gonna get really BIG and its gonna be hard to read and its gonna take long time to send it. Its gonna mess up my network traffic badly too. I was going to make things easier for myself – not harder. How about cleaning the log file after I send it to myself so the next time I am getting this email I will get it with the NEW info only? No repetitive content. If I wan’t to browse previous entries – I will browse older mail. If I wan’t extra backups – I will set thunderbird filters to forward all the log-mail to my other e-mail accounts. Sounds awesome.

Bit of searching online and I was nowhere… I must have used wrong search terms… Or the internet is full of junk. Pick one.

So it was time for plan B. Think! You do not want to let me sleep so be useful! And few minutes later I had another idea…

echo "" > /var/log/httpd/access_log

After running this command the access_log got only one line in it. Lovely.

So all I need is to combine those 2 commands and I am good.

/bin/mail mylogin@myserver.net /var/log/httpd/access_log

Magic of && :D! After successfully running one command – run another command.

W00t! I got the log file to be cleared after it was sent to me.

BUT there are always BUTS…

Log-mail came with empty subject line. Wouldn’t it be nice to have the file name in the subject line? It would!

Go my search engine. Bring me solutions!

Few minutes later the command was looking like this:

/bin/mail -s /var/log/httpd/access_log mylogin@myserver.net /var/log/httpd/access_log

Heck yeah! Now those e-mails are looking much better!

BUT there are always BUTS!

Wouldn’t it be nice to have a Date and Time on the beginning of these emails and a nice empty line after to make them look better? I know I could look at the time stamp of the e-mail itself… I know logs have date and time in them… but I want to make it look nicer…

/bin/mail -s /var/log/httpd/access_log mylogin@myserver.net /var/log/httpd/access_log && echo "" >> /var/log/httpd/access_log

This was my final product… and I was happy with it and almost ready to go back to bed. Almost…

BUT there are always BUTS…

Am I going to send those e-mails to myself? There are several log files in the /var/log/ folder. Dmesg / Auth and so on and so forth… Making things easier seems complicated sometimes ;).

Ok so I can create scripts! Ok I can. Lets do that…

touch /root/accesshttpmail.sh && chmod 700 /root/accesshttpmail.sh && echo "/bin/mail -s /var/log/httpd/access_log mylogin@myserver.net /var/log/httpd/access_log && echo "" >> /var/log/httpd/access_log" > /root/accesshttpmail.sh

And so I ran similar commands for all the files I wanted to have sent to me.

I ended up having several executable scripts in my /root/ folder. Root owned with access, write and execution permissions for root only. Awesome! Now I don’t have to remember all those commands! I can just run those scripts right?

BUT there are always BUTS!

Why would I do it manually when PCLinuxOS can do it for me? Automation with cron is a blessing!

So I run

crontab -e

and using vi I have edited the crontab entries so that my scripts are executed every 4 hours…

Example of crontab entry.

All came out fantastic. I am really happy that I have spent an hour trying to figure it out…

Triple W00t

And about going back to bed? There is no point. Its 9 am and I just made myself another mug of coffee… I spent lion part of the last 4 hours writing this…

It was worth it doh. Sleep is overrated. Sleep is for the weak! In the future if I suffer a brain damage and I forget everything I can always come back here and read it. LOL!

Enjoy!

Andy

EDIT: Brain is needed when following this howto. All the commands in this howto have to be run as root so be careful and do not mess up. I am not taking any responsibility for Your mistakes.

Copying files securely between local machine and shell account.

Hi all…

Lets say that I have created a VERY important file… Its a file called example txt and it’s placed in my home (~) folder…

touch ~/example.txt

I want to copy this file to my remotemachine.net to mylogin’s home folder… but I don’t want anyone to be able to sniff the files content… Remote machine has SSH server running. Scp is perfect for this task. Its using ssh and its encryption so if You have setup the private and public key You can send the files securely without giving a password…

How to use it?

Syntax:

scp /path/to/secret/file.ext who@host:/where/to/save/

Example:

scp ~/example.txt mylogin@remotemachine.net:~

Result:

example.txt 100% 0 0.0KB/s 00:00

Check procedure:

Log into the remote machine:

ssh -l mylogin remotemachine.net

List the file:

ls ~/example.txt

Tadaaaa:

/home/mylogin/example.txt

SCP in action

Hope this helps somebody someday.

Andy

Passwordless SSH authentication. Using authentication keys.

Hi all.

It would drive me bananas if I would have to remember password for each and every of my shell accounts… leaving the account with no password is unacceptable however from the security point of view. Solution? Use authentication keys – public and private.

How to get them? Its very easy.

Open terminal on Your local machine.

Use command:

ssh-keygen -t rsa

When asked for:

Enter file in which to save the key (/home/mylogin/.ssh/id_rsa):

Press [ENTER].

Enter passphrase (empty for no passphrase)

Press [ENTER].

Enter same passphrase again:

Press [ENTER].

Passwordless SSH - work in progress...

[mylogin@myhostname ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mylogin/.ssh/id_rsa):
Created directory '/home/mylogin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mylogin/.ssh/id_rsa.
Your public key has been saved in /home/mylogin/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:7b mylogin@myhostname.local
The key's randomart image is:
+--[ RSA 2048]----+

RANDOM ART

BLAH

BLAH

+-----------------+
[mylogin@myhostname ~]$

SO what You did so far? You have generated a pair of authenticating keys. Private – which is for Your eyes only and public which can be shown to anyone.

Keys are placed in those two files:

Your identification has been saved in /home/mylogin/.ssh/id_rsa. <<< PRIVATE KEY

Your public key has been saved in /home/mylogin/.ssh/id_rsa.pub. <<< PUBLIC KEY

Run this command:

cat /home/mylogin/.ssh/id_rsa.pub

Lets say it spits out this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwMplVCQ+Y33n4kTVAy0nQReGD1GXmM28/D4STzNwdEthSY9UGIBduS1dGIVLWZYnphZglNFHE0Z0eIqgo0o0GDdtxqqsV20Zq/KV2nN+E8axlin4mRNuc/HgczxXkOtqkS9/yENOq8XN7XPD57kC+v+017GGNh139WiHbw+Myn9/mamjhmjywcnReiIbrYZnlgWJjpCXJCEoQZczypUyzB6x7aUMlenGdZwtfXCEPP709VSP9lUzanosY6bq1XoF6ravL2fulAvuNQVyxL7nfqJsio0JCI400WEJYm1et8Eg2vVEtIgIEKS7DZou/DR++/QgXpQas6yxaaHQ6Q0wt mylogin@myhostname.local

Now copy this ^^^ ENTIRE line.

Now that You have generated authentication keys and copied the public one – You have to place the public key in a file on the remote machine. Not just any file. Its a specific file in a specific folder both with a specific permissions.

Passwordless SSH... Almost there but not quite yet...

Open new terminal. Ssh Yourself to the remotemachine.net

ssh -l mylogin remotemachine.net

Create directory in .ssh in Your home folder

mkdir ~/.ssh

Give it correct permissions:

chmod 700 ~/.ssh

Create file authorized_keys in the newly created directory

touch ~/.ssh/authorized_keys

Give it correct permissions:

chmod 600 ~/.ssh/authorized_keys

Paste the content previously copied from the cat /home/mylogin/.ssh/id_rsa.pub command combined with

echo "PASTE" > ~/.ssh/authorized_keys

Example:

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwMplVCQ+Y33n4kTVAy0nQReGD1GXmM28/D4STzNwdEthSY9UGIBduS1dGIVLWZYnphZglNFHE0Z0eIqgo0o0GDdtxqqsV20Zq/KV2nN+E8axlin4mRNuc/HgczxXkOtqkS9/yENOq8XN7XPD57kC+v+017GGNh139WiHbw+Myn9/mamjhmjywcnReiIbrYZnlgWJjpCXJCEoQZczypUyzB6x7aUMlenGdZwtfXCEPP709VSP9lUzanosY6bq1XoF6ravL2fulAvuNQVyxL7nfqJsio0JCI400WEJYm1et8Eg2vVEtIgIEKS7DZou/DR++/QgXpQas6yxaaHQ6Q0wt mylogin@myhostname.local" > ~/.ssh/authorized_keys

Logout from the remote machine:

exit

Log back in.

ssh -l mylogin remotemachine.net

Tadaaaaaaaaaaaaaaaaa...

Remote ssh server shouldn’t ask for a password. If it does – You messed up and You are reading it all tagged as FAIL! 😉

You can use 1 private key to connect to multiple servers. Just copy the public key to all of them like I explained above. Permissions are crucial. 700 for the .ssh folder and 600 for the authorized_keys file. 99% of errors are connected to the wrong permissions of the folder / file or due to the wrong file name.

Regards.

Andy

"You have malware" Phone Call Scam – First hand account – and a 'heads up' by Hootiegibbon

New scam on old streets…

This was reported by a good friend of mine on a PCLinuxOS forum. Here is the link to the entire thread

Peoples of the wonderful PCLinuxOS forum,

I had heard of this scam although I had not previously been a target, I live in the UK but understand this is becoming a problem the world over.

This evening I received a call from a lady – the call originated from what sounded like a call center.

The lady asked for me by name.

She went on to explain that my computer was sending out Malware, she gave a fairly comprehensive explanation of malware and that it had been spotted by there R&D department who monitor ‘these things’ for 7 countries.

I started to ask some questions , who they were, this changed slightly during the conversation with webtec design web tech and I think Web sec (the caller ‘fluffs’ over this information and tries to redirect your attention back to the mater t hand, your infected PC.

I managed to get her to confirm that her call was connected via a VOIP system and that they are based in India.

The conversation became some what disjointed – as she became suspicious of my probing, i then turned to speak about the ‘infected computer’ she explained taht there was a lot of malware being sent from my windows computer and this in turn was infecting other computers…

at this point I said (and I would have stayed with the call further to attempt to obtain further detail about this scam unfortunately to really could not spare the time ) my windows computer? she said yes, it is unfortunately infected, I stated to her that I am really interested now, she said we can help, – I stated no, not interested in what you are proposing but interested as I DO NOT USE WINDOWS PC!

The line went dead, who’d a thunk it eh?

So I post this as a warning and heads up, please tell your friends that are still using windows I was unable to get to the route of the scam, but yu can bet it involes eithetr a credit card , advisng what iP address you are at for remote help, or bank details to pass verbally.

Please link to this if you like from other sites or quote me, this kind of blatant exploitation of those less aware should be stamped out, the only way this can be done is by raising the awareness of it

Jase

Thanks for the heads up Jase.

Andy

Lets see what this causes…

Hi all.

After several hours of work here it is… First post on my own WordPress Blog… Why did it took me so long? I ran into difficulties… No not on the software side. It was my fault completely.

First problem was:

Due to the lack of knowledge I had major problems with adding database and user to the MySQL. WordPress needs that… It also needs the created user to be “linked” with the created database.

Cyryl saved the day. Again…

Adding database and user to the MySQL and linking them togeother...

5 commands as user in the konsole:

mysql
Opens mysql command line interface

CREATE DATABASE somedatabase;
Creates database named somedatabase.

CREATE USER 'username'@'localhost' IDENTIFIED BY 'MegaStrongPassword';
Creates user named username with a MegaStrongPassword as a password on a localhost.

GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost';
Grants the username user access to databases on the localhost machine.

grant all privileges on somedatabase.* to username@localhost ;
Links username user with a somedatabase database on a localhost machine.

After this it was fairly easy… till I tried to choose the theme for my blog…

That was my second and last problem…Boy was that a dilemma...

“Does this theme makes my blog look fat…”

It took me sometime to configure the basic features of the WordPress blog software but it took me few hours to download and change the themes on and off just to see which of them look better… I couldn’t decide so I had to ask few people for help and… Here it is…

The theme is called Red Evo Aphelion and it was found among circa 1300 other themes on the WordPress site.

After that it all was easy. So far I like the WordPress software. It has many interesting feature. I guess I have to learn more about the plugins and start using them but there are so many of them I have no idea where to start…

There are many things I am planning to do with my blog in the future. We will see how that goes. But that’s future.

In the past there were few things that I had to accomplish to get this place up and running… What are they?

I was collecting some old computer parts and after a while (2 or 3 years…) I have decided yhat I have just about enough of them to build my own “server” from the scratch. And so I did. Its not a power demon nor is it a speed demon. No its not. Its a regular computer. Comparing to Your gaming machine its a pocket calculator. BUT it works.

Specs of this FrankenPuter machine are:

CPU: Intel(R) Pentium(R) III Coppermine processor 700 MHz
RAM: 256 MB
SWAP: 1 GB
GPU: nVidia Corporation NV5M64 [RIVA TNT2 Model 64/Model 64 Pro] (rev 15)
SND: None
WIFI: None
3G: Huawei E160G modem
LAN1: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
LAN2: National Semiconductor Corporation DP83815 (MacPhyter) Ethernet Controller
SATA: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 10)
HDD: Some 10 GB Oldie
MSE: Some PS2 No-Name
PRNT: Lexmark x2650 AIO Device

Server runs my favorite Linux distribution – PCLinuxOS. Using its repositories I have managed to change this old beast into:

A) First and main firewall for my network
B) Internet Connection Sharing server
C) DNS server for my local network
D) Printing server for my LAN computers
E) Scanner server for my LAN computers
F) Apache HTTP server with WordPress blog on it
G) Remotely controlled SSH server from WAN and LAN side
H) LAN IRC server
I) LAN IRC Services
J) Pop3s and smtps e-mail server for LAN computers
K) Fail2ban brute-force preventing barrier
L) And few other network services…

Ports for the HTTP and SSH servers has been changed to avoid the botnet attacks. Some other precautions were also made to keep the creepy-crawlings out of here.

As You can see its not a very powerful machine and yet it does number of impressive things. Let me add here that server does not runs any graphical desktop manager. It runs Command Line only…

Why have I done it all? Just to prove to myself that I can.

What is it for? Nothing really. I am not planning to become “.com millionaire” anytime soon. Its just fun. Fun and learning are main goals of this blog. Fun and learning which in the future can get me a job “that pays the rent”.

What can be found here? Crapology. BS, fun and some nasty rants in pure form at least so far… Later I am planning on adding my videos and manuals.

Lets see what this causes…

Andy

P.S. 1 Cyryl – thanks Buddy You have made it a lot easier!
P.S. 2 Did I mentioned I hate blogs?