How to watch the BBC outside of the UK (Updated version)

This is an update to an older post. The main difference is the UK exit nodes have been updated to ones that are currently working and are faster. This is a step by step instructions done on Ubuntu so any Debian flavor system shall work as well.

Step 1:

If you don't know which codename of Ubuntu that you are using type:
lsb_release -c

Then add this line to your /etc/apt/sources.list file:
deb http://deb.torproject.org/torproject.org distribution main

Replace the word distribution with the codename (i.e. lucid,maverick)

Then add the gpg key used to sign the packages by running the following commands as root at your command prompt:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -


Now refresh your sources and install Tor by running the following commands at your command prompt:

apt-get update
apt-get install tor tor-geoipdb


Step 2:

Polipo gets installed with the command above at the time of this writing. Polipo is a caching web proxy that does http pipelining well, so it's well-suited for Tor's latencies.


After polipo is installed you will need to change the script to work with tor.

Backup the original polipo config

cp /etc/polipo/config /etc/polipo/config.backup

Then edit the config file

nano /etc/polipo/config

Delete the script that is in there and replace with This

Step 3:

For this to work with tor you need an exit that has an UK ip address. To do this:

nano /etc/tor/torrc

And add the following at the top and save.

ExitNodes $B3C940F41C692FEBE7838D608BFF6114F936C3C6, $83F62F50DB1E5E4B6A6B58D9F970E40F26689911, $38B6A42E84BC86A0D217D3CF30EFFEC2678DBA17
StrictExitNodes 1


Finally Step:

Install the Tor Button for Firefox and restart.

FYI You have to restart Polipo and Tor by doing ie. /etc/init.d/polipo restart or service polipo restart To allow flash to play you need to go into Firefox's preference -> security settings and uncheck disable plugins during Tor's usage.

Thanks to the Tor Project and John Lewis for the UK exit node information.
Read More

Friday, March 18, 2011

How to watch the BBC outside of the UK (Old see updated version)

I despise restrictions on content. I believe that information shouldn't be restricted to location. I will walk you step by step so you can achieve the same, the instructions will be done on an Ubuntu system.

Step 1:

If you don't know which codename of Ubuntu that you are using type:
lsb_release -c

Then add this line to your /etc/apt/sources.list file:
deb http://deb.torproject.org/torproject.org distribution main

Replace the word distribution with the codename (i.e. lucid,maverick)

Then add the gpg key used to sign the packages by running the following commands as root at your command prompt:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -


Now refresh your sources and install Tor by running the following commands at your command prompt:

apt-get update
apt-get install tor tor-geoipdb


Step 2:

The next step is to set up web browsing. Start by installing Polipo. Polipo is a caching web proxy that does http pipelining well, so it's well-suited for Tor's latencies.

apt-get install polipo

After polipo is installed you will need to change the script to work with tor.

nano /etc/polipo/config

Delete the script that is in there and replace with This

Step 3:

For this to work with tor you need an exit that has an UK ip address. To do this:

nano /etc/tor/torrc

And add the following at the bottom and save.

ExitNodes PDQVPNUK1, PDQVPNUK2, st0nerhenge
StrictExitNodes 1


Finally Step:

Install the Tor Button for Firefox and restart.

Thanks to the tor project and where ever I found the UK exit node information.
Read more

Saturday, February 19, 2011

How To Restore Grub2 In Debian Based Systems

Sometimes we get curious or need curtain features and install other systems on our computers. The problem that we run into is that it will trash the way we boot them. It is ever easy to get Grub2 to back to the state it was.

You will need a LIVE cd if you are going to recover Grub2. I will be using an Ubuntu disk for this step by step tutorial. Open up terminal and continue by entering :

$sudo fdisk -l

This will show your partition table.Here is my table to understand it better :

/dev/sda1 29 8369 66999082+ 83 Linux
/dev/sda2 * 8370 13995 45190845 7 HPFS/NTFS
/dev/sda3 13996 14593 4803435 5 Extended
/dev/sda5 13996 14593 4803403+ 82 Linux swap / Solaris


Now i will mount Linux (sda1 here), Yours could be different it depends on where your boot partition for Linux was.)

$sudo mount /dev/sda1 /mnt
$sudo mount --bind /dev /mnt/dev
$sudo mount --bind /proc /mnt/proc



Now chroot into the enviroment we made :

sudo chroot /mnt

After chrooting, you will not have to use sudo anymore as you will be root(you can tell by #).

You may want to edit /etc/default/grub file to fit your system (timeout options etc) just upadte grub if you do.

#nano -w /etc/default/grub

Now install/recover Grub2 via :

#grub-install /dev/sda

You can use reconfirm by using:

#grub-install --recheck /dev/sda

Now you can exit the chroot, umount the system and reboot your box :

#exit
$sudo umount /mnt/dev
$sudo umount /mnt/proc
$sudo umount /mnt
$sudo reboot


That is it and you are back in business.
Read more

Wednesday, November 3, 2010

Stuxnet Virus Worm - Cyber Attack False Flag by Iran




I got this from Study4cyberwar. This site is dedicated to cyberwar information. They have some good information to keep you updated.
Read more

Sunday, June 20, 2010

Using ClamAV to Protect Your Windows Clients

ClamAV can scan incoming emails and you also can configure Squid web proxy to use ClamAV as well. One of the coolest options is that Samba can be configured to use ClamAv to scan files when they are accessed. Note: Using ClamAV on your Linux servers to sanitize oncoming data to filter email and HTTP traffic won't make you completely safe so I advise to still have a local anti-virus program installed on those Windows PC. Most distros have ClamAV in the repository except for RHEL and CentOS so if you have them installed just search the web for the RPMs. ClamAV supports a server mode making it avaiable to other available systems on the network. With this feature you can have one centralized ClamAV server that is kept up to date and has some horsepower to be used by other machines, such as an email server to scan for viruses without bogging down your email server.
To get started install claman-scanner-sysvinit package on Fedora or Clamav-daemon on Debian based systems. On Fedora the clamd conf file (/etc/clamd.d/scan.conf) will need to be edited by uncommenting the TCPScoket and TCPAddr lines.
One of the important things that has to be done is updating the signatures of the antivirus. The majority of antivirus scanners rely on signatures to detect viruses; very few scanners implement heuristic or behavior-based monitoring which I believe to be the better choice. To update ClamAv with the up to date signatures install the clamav-update package on Fedora or the clamav-freshclam on Debian. The configure file in /etc/clamav/freshclam.conf is used for updating info. Then you can add freshclam to a cronjob so it can run regularly and notify you of the results:

0 * * * * /usr/bin/freshclam | mail -s "freshclam update info" admin@localhost.org

Note: To make sure clamd has the most up to date signatures you need to configure freshclam to send a "RELOAD" command to it.
Fedora: NotifyClamd /etc/clamd.d/scan.conf
Debian: NotifyClamd /etc/clamav/clamd.conf


Getting email protection is simple as installing clamsmtp,it will act as a proxy and filter email. In todays world one of the most popular techniques for creating botnets is by what is called "drive-by" downloads. That is where an attacker inserts malicious content into a web page and then infects several hundred or thousands Windows clients that are then compromised and taken over; the answer to that is to use Squid web proxy and install c-icap; basically ICAP is like Milter for Sendmail, in that it allows the offload of antivirus processing to a different server.

Now we move on to Samba protection. What happens when someone brings a removable media with a virus onboard, and it copies itself onto the file server in hoping to infecting others? The samba-vscan module adds on-access scanning for Samba. The minute a file with a virus is accessed it should be detected and block access to the file. Samba-vscan is not in Debain so you can get it at Open Anti-Virus.org
Read more

Wednesday, May 12, 2010

Controlling login attempts with PAM (Pluggable Authentication Module)

It is generally a good and sensible practice to lock out a user after a number of failed login attempts, with some exceptions. You don't want to give an intruder unlimited attempts, but you don't want clumsy users pestering you all the time for login resets. And users who wish to play practical jokes locking out other users by trying to su to a different user's account, and failing on purpose.

On Debian, add this line to /etc/pam.d/common-auth:

auth required pam_tally.so onerr=fail no_magic_root

And this line to /etc/pam.d/common-account:

account required pam_tally.so onerr=fail deny=3 reset no_magic_root

On Red Hat, add the above two lines to /etc/pam.d/system-auth. This gives users three chances to log in, then locks them out if they fail. The no_magic_root option is very important -- this prevents the root user from being locked out. In this era of great bootable rescue disks like Knoppix, that's nowhere near the catastrophe it used to be.

When the offending user has sufficiently soothed your upset sensibilities, restore access this way:

# pam_tally --user doofusfred --reset=0
user doofusfred (1006) had 29

It even tattles on how many times the user tried to login.
Read more

Working with User and Group Management

Group Commands

Group definitions reside in the /etc/group file. A standard Linux /etc/group file contains the following information: groupname:x:groupid:user list.

The “x” in the group definition file is a deprecated placeholder for a group password.

To find out which groups you belong to, type groups at a command prompt.

$ groups
khess rdpusers
By default on most Linux systems, when an administrator creates a new user account, the system automatically creates a group account with the same name as the user account. An SA can specify a group when he creates the account but the group must already exist.

Here are two illustrative examples:

# useradd fred

# grep fred /etc/passwd
fred:x:504:506::/home/fred:/bin/bash

# grep fred /etc/group
fred:x:506:
# useradd -g 100 -c "Bob Alobdob" bob

# grep bob /etc/passwd
bob:x:505:100:Bob Alobdob:/home/bob:/bin/bash

# grep bob /etc/group
#
Why did the system return no response when you typed in grep bob /etc/group? It’s because the users group is Bob’s primary group. If users were a secondary group, Bob’s username would appear in the list. For example, create a new user with rpdusers (Group ID 504) as a secondary group.

# useradd -G 504 -c "Jon Shmon" john

# grep john /etc/passwd
john:x:506:507:Jon Shmon:/home/john:/bin/bash

# grep john /etc/group
rdpusers:x:504:khess,john
john:x:507:
A group must exist before you assign users to it. The groupadd command creates new groups with a specific Group ID (GID) and name.

# groupadd -g 1040 accounting

# grep 1040 /etc/group

accounting:x:1040:
You may also create a new group with just a group name and the system will assign a GID for you with the command, # groupadd groupname.

The groupmod command allows you to change the group name but the SA will have to change any files associated with the old group manually.

# groupmod -n accounting beancounters
# grep 1040 /etc/group
beancounters:x:1040:
Note: Don’t confuse chgrp (changes group permissions) with groupmod (changes the name of a group).

You can remove a group with the groupdel command.

# groupdel beancounters
If you prefer to edit configuration files directly, although you shouldn’t, the vigr command edits the /etc/group file in a safe manner by setting locks so that only one administrator at a time can edit the file.

Administrators rely heavily on the “group” commands for group administration, user administration and in scripting those functions for automated solutions.

User Commands

I call this collection of utilities the “user” commands because their functionality centers on user administration and not on action taken by the users themselves. Even if a user knows the location of these commands (/usr/sbin), they still can’t issue them without root privilege.

For example, a clever user on your system tries to issue useradd and vipw.

$ /usr/sbin/useradd steve
useradd: Only root may add a user or group to the system.

$ /usr/sbin/vipw
vipw: Couldn't lock file: Permission denied
vipw: /etc/passwd is unchanged
The User commands have their Group analogs; you add a new user with useradd, modify a user account with usermod and delete a user account with userdel. And you edit the /etc/passwd file directly with vipw. You’ve already seen the useradd command in action in the Group Commands discussion.

The usermod allows Admins to alter any user account attribute including the user’s real name (comment field), home directory name, account expiration date, disabling functionality, group add and change, login name, account locking and unlocking, alter the user’s shell and more.

# grep khess /etc/passwd
khess:x:500:500:Kenneth Hess:/home/khess:/bin/bash

# usermod -c "Ken Hess" khess

# grep khess /etc/passwd
khess:x:500:500:Ken Hess:/home/khess:/bin/bash
The usermod command requires some restraint and careful typing when issuing commands that can make a user account unusable. Let’s say that Bob Alobdob, from an example in the Group discussion, wants his login name and home directory changed to robert.

# usermod -d "/home/robert" -m -l robert bob

# grep robert /etc/passwd
robert:x:505:100:Bob Alobdob:/home/robert:/bin/bash
Notice how I explicitly entered “/home/robert” in the command? If you don’t specify the whole path, Robert won’t have a home directory nor will its contents exist anymore. The command, as shown, changes his current home directory from /home/bob to /home/robert, his login from bob to robert and the -m moves the contents of his “bob” home directory to his “robert” home directory. User permissions change to robert as well for all files in his home directory.

Note: You cannot change the login name of a currently logged in user.

The userdel command’s function might seem obvious to you but you might surprise yourself after issuing the command to find that the user’s home directory is still intact.

Why would any programmer allow that directory to remain as clutter on your home filesystem? This is actually a failsafe mechanism and you should thank the thoughtful programmer who maintains userdel.

What if two user names only differ by a single letter and you removed the wrong one? The incorrectly deleted user’s home directory and files were wiped from the system with a slip of your finger. With the failsafe mechanism in place, you have to manually remove the home directory and hopefully you would catch your error before doing so.
Read more
 

Shaun Mallette's Blog Design by Insight © 2009