Linux Faqs & HowTos archive.
If you ever see your SSH session gets killed, don’t panic ๐ There is nothing wrong, you ne
ed to modify the following directives in your /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
Update these directives :
TCPKeepAlive yes ClientAliveInterval 30 ClientAliveCountMax 99999
Restart ssh daemon
/etc/init.d/sshd restart
DONE!
What is FireSheep ?
Come on damn.. Its not new! ๐ Its an old firefox addon. I am explaining it here for how can you use or install it on Linux.
Lets start ;
Taking Checkout from the repository :
git clone https://github.com/codebutler/firesheep.git
Output :
Initialized empty Git repository in /root/firesheep/.git/
remote: Counting objects: 1020, done.
remote: Compressing objects: 100% (605/605), done.
remote: Total 1020 (delta 589), reused 770 (delta 402)
Receiving objects: 100% (1020/1020), 5.48 MiB | 123 KiB/s, done.
Resolving deltas: 100% (589/589), done.
cd firesheep/
git submodule update --init
Output :
Output :Submodule ‘backend/deps/http-parser’ (git://github.com/ry/http-parser.git) registered for path ‘backend/deps/http-parser’
Initialized empty Git repository in /root/firesheep/backend/deps/http-parser/.git/
remote: Counting objects: 815, done.
remote: Compressing objects: 100% (328/328), done.
remote: Total 815 (delta 549), reused 735 (delta 483)
Receiving objects: 100% (815/815), 185.18 KiB | 95 KiB/s, done.
Resolving deltas: 100% (549/549), done.
Submodule path ‘backend/deps/http-parser’: checked out ‘459507f534c807d8ba741730fbc36d4b93b133c1’
Dependencies :
apt-get install libpcap-dev xulrunner-1.9.2-dev libboost-all-dev libtool libhal-dev autoconf
Compilation :
./autogen.sh
make
DONE!
How to Load it into Firefox?
firefox build/firesheep.xpi
Anonymous proxy is used to hide your source information that includes UserAgent, YourIP, and many other header information can be hide easily.
In this Howto, we will configure our proxy to work highly anonymously with squid authentication, We will use CEntOS 5.5 with squid 2.6 stable21 release.
Squid Installation
yum install squid
User Authentication
User authentication is necessary to restrict it for personal use only.
vi /etc/squid/squid.conf
add;
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl px-users ident testuser http_access allow all px-users
save the file.
htpasswd -md /etc/squid/passwd testuser
New password:
Re-type new password:
service squid start
Now, set your browser to use this newly configured proxy and go to Verify your proxy header and you should see following header;
HTTP_CACHE_CONTROL:max-age=259200 HTTP_CONNECTION:keep-alive HTTP_VIA:1.1 hackersgarage.com:2312 (squid/2.6.STABLE21) HTTP_CONTENT_LENGTH:0 HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_CHARSET:ISO-8859-1,utf-8;q=0.7,*;q=0.7 HTTP_ACCEPT_ENCODING:gzip, deflate HTTP_ACCEPT_LANGUAGE:en-us,en;q=0.5 HTTP_HOST:www.proxydetect.com HTTP_USER_AGENT:Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 HTTP_X_FORWARDED_FOR:222.223.32.13
๐ Ops.. It is disclosing all information are we running. Lets make it highly anonymous.
Making it Highly Anonymous Proxy
Before making it highly Anonymous Proxyย Note WARNING: Doing this VIOLATES the HTTP standard.
vim /etc/squid/squid.conf
add following;
## HackersGarage.com - ACL forwarded_for transparent header_access Allow allow all header_access Authorization allow all header_access Cache-Control allow all header_access Content-Encoding allow all header_access Content-Length allow all header_access Content-Type allow all header_access Date allow all header_access Expires allow all header_access Host allow all header_access If-Modified-Since allow all header_access Last-Modified allow all header_access Location allow all header_access Pragma allow all header_access Accept allow all header_access Accept-Enncoding allow all header_access Accept-Language allow all header_access Content-Language allow all header_access Mime-Version allow all header_access Cookie allow all header_access Set_Cookie allow all header_access Retry-After allow all header_access Title allow all header_access Connection allow all header_access Proxy-Connection allow all header_access All deny all header_replace User-Agent anonymous
squid -k reconfigure
Now go to Verify your proxy header and you should see a new header which is highly anonymous.
HTTP_CACHE_CONTROL:max-age=259200 HTTP_CONNECTION:keep-alive HTTP_CONTENT_LENGTH:0 HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_LANGUAGE:en-us,en;q=0.5 HTTP_HOST:www.proxydetect.com HTTP_USER_AGENT:anonymous
Got a problem? Ask below ๐
Running multiple php version e.g php4 & php5 required some times for old style applications that is dependant on php4 but applications like wordpress you are required to have php5. Let see how we tackle this problem.
In my scenario, i have CentOS 5 running on my server with apache2. I will be installing php4 in CGI mode and php5 as standalone module for apache. You can use the following method for debian distro too.
Installing apache2 & php5
yum install httpd
yum install php
php4 Installation 
Now download the source code of php4, you can chose nearest php4 mirror from here.
wget http://www.php.net/get/php-4.4.9.tar.gz/from/ar.php.net/mirror
tar -zxvf php-4.4.9.tar.gz
cd php-4.4.9
Note : do not add support for apxs2, it will break up the php5 as module for apache2
./configure โprefix=/usr/local/php4
make
make install
cp -v php.ini-recommended /usr/local/php/etc/php.ini
Configuring php4 as CGI script for Apache.
ln โs /usr/local/php4/bin/php /var/www/html/cgi-bin/php
chmod 755 /var/www/html/cgi-bin/php
Configuring Apache for php4
cp โav /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php4.conf
Update these :
vi /etc/httpd/conf.d/php4.conf
Action php4-script /cgi-bin/php
AddHandler php4-script .php4
AddType text/html .php
DirectoryIndex index.php4
Question:
I am managing a team of Linux System Administrators, which manages a large number of servers remotely. This admins require root level privileges on servers. Now how can I keep track of each user activity for audit purpose and to keep record of each command is executed on server. Recommend open source application on Linux.
There are couple of available tools/scripts on Linux to achieve this goal. But we have found Rootsh a simple solution to this hitch.
What is rootsh?
rootsh is a shell wrapper that logs all keystrokes of a terminal with output and save it into a file whcih is randmoly generated for each user. rootsh also supports logging into syslog but it is bad idea because syslog file can easily be removed by a root user.
We will create a separate folder for logs where we will apply group level privileges & apply append attribute to restrict the group members to write/read only to this folder so our files would be secured.
How to install rootsh?
cd /tmp/
wget http://sourceforge.net/projects/rootsh/files/rootsh/1.5.3/rootsh-1.5.3.tar.gz/download
tar -zxvf rootsh-1.5.3.tar.gz
Create logs directory :
mkdir -vp /secure/admins-logs
./configure --disable-syslog --disable-linenumbering --with-logdir=/secure/admins-
make && make install
Create a group for your admins so limited users can write to this folder.
groupadd admins
Creating a testadmin user and adding it to the group.
useradd testadmin
usermod -G testadmin admins
Applying appropriate permissions to logs folder & apply attributes.
chmod 770 /secure/admins-logs
chgrp admins /secure/admins-logs
chattr +a /secure/admins-logs
Edit /etc/shells – to allow our new loggable shell.
echo "/usr/local/bin/rootsh" >> /etc/shells
Enable logging for our user “testadmin”
vim /etc/passwd
search for a user testadmin and replace /bin/bash with /usr/local/bin/rootsh
Thats it! Now, try to login in with testadmin and you should see a log file created with username+timestamp e.g /secure/admins-logs/testadmin.3243423432.log
If you have any question, feel free to ask in comments.
Few days back, one of our friend from Pakistan requested us to write a recipe to Use WorldCall USB on Linux. By default Linux 2.6 Kernel support USB EVO devices but it required a little configuration in /etc/wvdial.conf.
BTW We are using BackTracK 5 Linux on our stations.
Configuring WorldCall usb on linux :
Install a PPP dialer on Ubuntu/BackTrack Linux
aptitude install wvdial
lsusb
You should see following
Bus 004 Device 002: ID 16d5:6502 AnyDATA Corporation
vim /etc/wvdial.conf
copy & paste following configuration,
[Dialer Defaults] init1 = ATZ init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ;init3 = AT+CGDCONT=1,"IP","data:tre:se" Modem Type = USB Modem Dial Command = ATDT Baud = 460800 New PPPD = yes Modem = /dev/ttyUSB0 Stupid Mode = 1 ISDN = 0 Phone = #777 Username = wcall@worldcall.com Password = wcall
Run wvdial and start surfing internet ๐
wvdial
DONE!