| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 5,245
» Latest member: dprp
» Forum threads: 4,031
» Forum posts: 16,406
Full Statistics
|
| Online Users |
There are currently 558 online users.
» 0 Member(s) | 555 Guest(s)
Baidu, Bing, Google
|
| Latest Threads |
how to allow only steam t...
Forum: Xorg Problems
Last Post: moquber
2026-03-17, 09:40 PM
» Replies: 0
» Views: 505
|
Wi-Fi works for a few min...
Forum: Network Problems
Last Post: kabifff
2025-12-15, 12:57 AM
» Replies: 0
» Views: 892
|
How to install Archboot i...
Forum: Network Problems
Last Post: Meup
2025-05-13, 01:41 PM
» Replies: 0
» Views: 4,180
|
clear logs in smoothwall
Forum: Security and Firewalls
Last Post: amanda63
2024-03-10, 03:27 PM
» Replies: 8
» Views: 126,179
|
I cannot install RedHat 8...
Forum: Redhat
Last Post: hybrid
2023-11-11, 01:01 PM
» Replies: 1
» Views: 75,912
|
How things are done, usin...
Forum: Xorg Problems
Last Post: ross
2023-09-04, 09:03 AM
» Replies: 0
» Views: 5,567
|
Im back.....
Forum: Hello
Last Post: anyweb
2021-01-17, 11:36 AM
» Replies: 1
» Views: 9,493
|
add mp3 plugin to xmms in...
Forum: Fedora
Last Post: anyweb
2021-01-17, 11:30 AM
» Replies: 11
» Views: 48,237
|
Configuring VSFTPd Server
Forum: FTP Server
Last Post: Johnbaca
2020-10-14, 10:25 AM
» Replies: 32
» Views: 168,715
|
Wolf won't play sound!
Forum: Game Problems
Last Post: Guest
2020-10-03, 05:51 PM
» Replies: 1
» Views: 98,984
|
|
|
| Setting up Tripwire |
|
Posted by: xDamox - 2005-07-11, 07:10 PM - Forum: Security and Firewalls
- Replies (2)
|
 |
Well I though I would write this tutorial on tripwire as I use it and think it's and excellent pieace of
software.
The way tripwire works is it takes an MD5 or SHA1 checksum of important files on your machine
and stores them in a ciphered database. It also alert you if their is any new files placed onto the
machine as it generates reports and emails them to root.
The first step to install tripwire is to install it using yum :) so if you issue the command below
tripwire will be installed for you.
Code: yum install tripwire
Once tripwire is installed you have to create a key which will be used to decipher the tripwire database
also it is require when updating the tripwire database. To setup a key issue the following command
below. Tripwire will as for a site key password also it will as for a local key file password, you may enter
the site key and local key differently to increase security.
Code: /usr/sbin/tripwire-setup-keyfiles
When issuing this command you should get a similar output as shown below:
Code: ----------------------------------------------
The Tripwire site and local passphrases are used to sign a variety of
files, such as the configuration, policy, and database files.
Passphrases should be at least 8 characters in length and contain both
letters and numbers.
See the Tripwire manual for more information.
----------------------------------------------
Creating key files...
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the site keyfile passphrase:
Verify the site keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the local keyfile passphrase:
Verify the local keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.
----------------------------------------------
Signing configuration file...
Please enter your site passphrase:
Wrote configuration file: /etc/tripwire/tw.cfg
A clear-text version of the Tripwire configuration file:
/etc/tripwire/twcfg.txt
has been preserved for your inspection. It is recommended that you
move this file to a secure location and/or encrypt it in place (using a
tool such as GPG, for example) after you have examined it.
----------------------------------------------
Signing policy file...
Please enter your site passphrase:
Wrote policy file: /etc/tripwire/tw.pol
A clear-text version of the Tripwire policy file:
/etc/tripwire/twpol.txt
has been preserved for your inspection. This implements a minimal
policy, intended only to test essential Tripwire functionality. You
should edit the policy file to describe your system, and then use
twadmin to generate a new signed copy of the Tripwire policy.
Once you have a satisfactory Tripwire policy file, you should move the
clear-text version to a secure location and/or encrypt it in place
(using a tool such as GPG, for example).
Now run "tripwire --init" to enter Database Initialization Mode. This
reads the policy file, generates a database based on its contents, and
then cryptographically signs the resulting database. Options can be
entered on the command line to specify which policy, configuration, and
key files are used to create the database. The filename for the
database can be specified as well. If no options are specified, the
default values from the current configuration file are used.
Once you have done that you will need to go into /etc/tripwire directory, you should see
some files similar to the following.
Code: localhost.localdomain-local.key site.key tw.cfg twcfg.txt tw.pol twpol.txt
You will need to edit the twpol.txt. This file is well commented and you should be able to configure
the file yourself. When editing this file you will see similar lines as shown below.
Code: /sbin/accton -> $(SEC_CRIT);
/sbin/badblocks -> $(SEC_CRIT);
/sbin/busybox -> $(SEC_CRIT);
/sbin/busybox.anaconda -> $(SEC_CRIT);
/sbin/convertquota -> $(SEC_CRIT);
/sbin/dosfsck -> $(SEC_CRIT);
Make sure these files exists or tripwire will complain about them. You could do ls -l /sbin/dosfsck
to check the file exists.
Once you have edited the configuration file you will have to re-sign it with twadmin issue the following
two command below to re-sign the configuration files.
Code: twadmin --create-polfile --site-keyfile /etc/tripwire/site.key /etc/tripwire/twpol.txt
twadmin --create-cfgfile --site-keyfile /etc/tripwire/site.key /etc/tripwire/twcfg.txt
Once that has been done all you have to do is initialize tripwire this is done by issue the following
command as shown below this may take a little while as it is generating the files of SHA1 checksums
and updating the database. If you ever need to update the tripwire database just issue the initialize and it will create a new database.
This command should produce some output similar to the output below.
Code: Please enter your local passphrase:
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
Wrote database file: /var/lib/tripwire/localhost.localdomain.twd
The database was successfully generated.
Now that the database is in place you will know about EVERYTHING that happens on
your machine now. To do a check on your machine just issue the command below:
This may take a little bit, you will not need to enter a password when running this command once
the check has finished you should get similar output as shown below.
Code: Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /var/lib/tripwire/report/localhost.localdomain-20050711-183846.twr
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Mon 11 Jul 2005 06:38:46 PM BST
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: localhost.localdomain
Host IP address: 127.0.0.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/localhost.localdomain.twd
Command line used: tripwire --check
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
User binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
Libraries 66 0 0 0
Operating System Utilities 100 0 0 0
Critical system boot files 100 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Kernel Administration Programs 100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
(/sbin/rtmon)
Shell Related Programs 100 0 0 0
Critical Utility Sym-Links 100 0 0 0
Shell Binaries 100 0 0 0
* Tripwire Data Files 100 1 0 0
Critical configuration files 100 0 0 0
System boot changes 100 0 0 0
OS executables and libraries 100 0 0 0
Security Control 100 0 0 0
Boot Scripts 100 0 0 0
Login Scripts 100 0 0 0
Root config files 100 0 0 0
Invariant Directories 66 0 0 0
Temporary directories 33 0 0 0
Critical devices 100 0 0 0
Total objects scanned: 33267
Total violations found: 1
===============================================================================
Object Summary:
===============================================================================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/var/lib/tripwire)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/var/lib/tripwire/localhost.localdomain.twd"
===============================================================================
Error Report:
===============================================================================
No Errors
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
Well thats about it for this tutorial :) O one last thing keep the twpol.txt safe and the twcfg.txt I would
suggest ciphering them.
|
|
|
| Wolf won't play sound! |
|
Posted by: SnaveZ - 2005-07-11, 02:36 PM - Forum: Game Problems
- Replies (1)
|
|
I have SuSE 9.3 Professional, and the AC'97 card, that SuSE was able to get drivers going with.
My problem is, that Wolfenstein Enemy Territory needs OSS to work, which my sound card won't work with.
Anyone know of a way to make it so Wolfenstein plays with ESD??
I also have a sound blaster live in my computer, but SuSE was unable to install drivers for it.
I know that I could compile drivers emu10k1, but I'm a total n00b at linux..
thanks in advance,
SnaveZ :P
|
|
|
|
| Port scan detection |
|
Posted by: xDamox - 2005-07-10, 07:45 PM - Forum: Security and Firewalls
- Replies (8)
|
|
Well, it's another one of my security articles :) before I start I would like to thank the man znx ;)
for getting PortSentry working due to a little programming error.
The piece of software you will need to install is "PortSentry" which can be downloaded from here.
Once you have downloaded the source file you can decompress it by issue the following command:
Code: tar zvxf portsentry-1.2.tar.gz
Once this has been decompressed you should see a directory called: "portsentry_beta" change
into that directory this can be do by issue the cd command as shown below:
Once you are in this directory you should be able to see a file called portsentry.c open this with
your favorte editor (mine is vim as it counts the lines) and scroll down to line 1584 and it will look
like:
Code: printf ("PortSentry - Port Scan Detector.\n");
printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot
sourceforget dot net>\n");
printf ("Licensing restrictions apply. Please see documentation\n");
printf ("Version: %s\n\n", VERSION);
You need to change the line that wraps so the above should now look like:
Code: printf ("PortSentry - Port Scan Detector.\n");
printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n");
printf ("Licensing restrictions apply. Please see documentation\n");
printf ("Version: %s\n\n", VERSION);
Now that the file is fixed issue the following commands
Code: make linux
make install
Now portsentry is installed :) you can edit the configuration file portsentry.conf this file is well
commented so I wont go into detail. Once you have edited the config file open the portsentry.ignore
file and you should see the following:
Code: # Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
#
# PortSentry can support full netmasks for networks as well. Format is:
#
# <IP Address>/<Netmask>
#
# Example:
#
# 192.168.2.0/24
# 192.168.0.0/16
# 192.168.2.1/32
# Etc.
#
# If you don't supply a netmask it is assumed to be 32 bits.
#
#
127.0.0.1/32
0.0.0.0
Because we are going to test portsentry comment out 127.0.0.1/32 with a hash # so it will look like:
Code: # Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
#
# PortSentry can support full netmasks for networks as well. Format is:
#
# <IP Address>/<Netmask>
#
# Example:
#
# 192.168.2.0/24
# 192.168.0.0/16
# 192.168.2.1/32
# Etc.
#
# If you don't supply a netmask it is assumed to be 32 bits.
#
#
#127.0.0.1/32
0.0.0.0
Once that is done its time to start portsentry. PortSentry can be started with a -tcp or a -udp these
are for basic stealth scans but you can also issue -atcp and -audp which mean advanced monitoring.
To start portsentry issue the following:
Code: ./portsentry -atcp
./portsentry -audp
Once these two have started check they are running fine by issuing the following command:
Code: tail /var/log/messages
you should have similar output to mine as shown below:
Code: Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced mode will manually exclude port: 520
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced mode will manually exclude port: 138
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced mode will manually exclude port: 137
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced mode will manually exclude port: 67
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 68
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 520
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 138
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 137
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 67
Jul 10 20:23:13 localhost portsentry[9918]: adminalert: PortSentry is now active and listening.
Now to run the test, issue the following nmap command:
Code: nmap -sS -O 127.0.0.1
if you check the /var/log/messages again you should see the following or similar:
Code: Jul 10 20:02:20 localhost portsentry[9667]: attackalert: Host: localhost.localdomain/127.0.0.1 is already blocked Ignoring
Jul 10 20:02:20 localhost portsentry[9667]: attackalert: TCP SYN/Normal scan from host: localhost.localdomain/127.0.0.1 to TCP port: 487
Jul 10 20:02:20 localhost portsentry[9667]: attackalert: Host: localhost.localdomain/127.0.0.1 is already blocked Ignoring
Jul 10 20:02:20 localhost portsentry[9667]: attackalert: TCP SYN/Normal scan from host: localhost.localdomain/127.0.0.1 to TCP port: 617
:)portsentry works now if you check the /etc/hosts.deny you will notice a new entry in there
which is 127.0.0.1 which portsentry blacklisted. Now finally delete the entry in the /etc/hosts.deny
and in the portsentry.ignore uncomment out 127.0.0.1/32 and you are ready to go.
Well thats it another tutorial finished :)
|
|
|
|
| UAE - Compiling for network access |
|
Posted by: Memphisartguy - 2005-07-09, 02:11 AM - Forum: Compiling
- Replies (6)
|
|
So I used WinUAE to set up a nice Amiga OS 3.9, with a Cnet Pro BBS, debugged the telser.deviced and telnetd.device to work with the CnEt Pro. Every thing runs great.
So when moving to the Linux platform I have to compile the configure file with the bsddevice-=new uncommented.
How do I Compile this? Nothing has yet to make a binary I can use.
I am using the latest version of E-UAE
|
|
|
|
| Webmin & Virtualmin & Fedora |
|
Posted by: Memphisartguy - 2005-07-09, 01:15 AM - Forum: Fedora
- Replies (4)
|
|
Been trying to follow these instructions in Fedora Core 4
Every things cool unitl step three. Sense these instructions are 1 year old, i have adapted it a little. Main issue is part 3
rpm -ivh ~/httpd-2.0.40-21.16.legacy.src.rpm
Does this.
warning: ./httpd-2.0.50-1.0.src.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
1:httpd ########################################### [100%]
No files are created as the guide below says should happen.
-------------------------- missing how to -----------------------------
Here's how to rebuild Apache from SRPM, including the change you want to make.
1. Grab the httpd SRPM from the FC1 updates:
% wget [/url][url=http://download.fedora.us/fedora/fe....48-1.2.src.rpm]http://download.fedora.us/fedora/fe....48-1.2.src.rpm
2. Set up your RPM build area:
% echo "%_topdir /home/yourname/src/rpm" >> ~/.rpmmacros
% mkdir -p ~/src/rpm/
% cd ~/src/rpm
% mkdir BUILD RPMS RPMS/i386 SOURCES SPECS SRPMS
3. Install the SRPM:
% rpm -ivh ~/httpd-2.0.48-1.2.src.rpm
This will put the source tarball and patches in SOURCES, and a specfile (metadata and instructions for building) in SPECS.
4. Edit the specfile, bumping up the release number, changing the suexec docroot, and noting this in the changelog:
% vi SPECS/httpd.spec
line 8:
< Release: 1.2
> Release: 1.3
line 202:
< --with-suexec-docroot=%{contentdir} \
> --with-suexec-docroot=/home \
line 510:
%changelog
* Tue May 18 2004 Your Name <you@yours> 2.0.48-1.3
- Rebuilt with suexec-docroot set to /home instead of %{contentdir}
5. Rebuild httpd, creating both a binary RPM and a source SRPM:
% rpmbuild -ba SPECS/httpd.spec
You may have to install some additional packages to satisfy build dependencies here. When it's done, you'll have binary packages in RPMS/i386/, and a source package including your modified specfile in SRPMS/.
6. You can now either upgrade to the httpd you just compiled...
% sudo rpm -Fvh RPMS/i386/httpd*.rpm RPMS/i386/mod_ssl*.rpm
7. ...or simply extract the suexec binary and copy it over the original one:
% rpm2cpio RPMS/i386/httpd-2.0.48-1.3.i386.rpm | cpio -imVd ./usr/sbin/suexec
% sudo cp -p /usr/sbin/suexec /usr/sbin/suexec.orig
% sudo cp ./usr/sbin/suexec /usr/sbin/suexec
% sudo chown root:apache /usr/sbin/suexec
% sudo chmod 4510 /usr/sbin/suexec
Personally, I haven't yet had any problems with just keeping the suexec binary I compiled months ago and reusing it with later updates of Apache (i.e., repeat step 7 after installing an httpd update), YMMV. Obviously if there is ever a security update involving suexec itself, though, you should rebuild again.
________________________________________
Last edited by bradthemad : 2004-05-18 at 07:14 AM PDT.
------------------how to that was missing --------------------------
|
|
|
|
| Installing Samba 3.0.14a-2 under Fedora Core 4 |
|
Posted by: ASrael - 2005-07-08, 07:31 PM - Forum: Samba and NFS
- Replies (5)
|
|
This Tutorial is free and may be distributed with reference to this website
It is for people running Fedora Core 4 wanting to setup a working Samba
Server to access the Shares on a Linux machine from a Windows machine
Commands are written in green
Everything else are things you might edit / write / add
Get my Tutorials from [/url][url=http://www.bildunxxluecke.de/usr/fedora]http://www.bildunxxluecke.de/usr/fedora
1.
--------------------------------------------------------------------------------
Prepare your Enviroment:
- samba-common-3.0.14a-2.i386.rpm
- samba-3.0.14a-2.i386.rpm
- samba-client-3.0.14a-2.i386.rpm
- samba-swat-3.0.14a-2.i386.rpm (install only if you want have samba-webinterface)
2.
--------------------------------------------------------------------------------
Now its time to configure SAMBA:
rpm -i samba-common-3.0.14a-2.i386.rpm
rpm -i samba-3.0.14a-2.i386.rpm
rpm -i samba-client-3.0.14a-2.i386.rpm
rpm -i samba-swat-3.0.14a-2.i386.rpm
3.
--------------------------------------------------------------------------------
Everything should be installed now, its time to configure Samba:
- cd /etc/samba/
- vi smb.conf
You can safely edit this file (in fact you must) necessary is :
workgroup = < your windows network workgroup > e.g.: WORKGROUP
server string = < Information about your Samba Server >
netbios name = < Hostname of Sambaserver > e.g.: SMBSERV01
You dont need to touch the shares so far, if you want to share
other directorys keep and eye on the examples in the smb.conf
4.
--------------------------------------------------------------------------------
Now everything is done and you can start:
[root@test] smbd -D
[root@test] nmbd -D
Now you should be able to access your Sambaserver from your
Windowsmachine via \\< smb machine ip >
(5.)
--------------------------------------------------------------------------------
For those who want to use swat with samba :
- cd /etc/xinetd.d/
- vi swat
change disable = yes to => disable = no
- cd /etc/
- vi services
make sure the following line is in it : swat 901/tcp # Samba Web Administration Tool
to test do 'grep 901 /etc/services' , if not in insert it
now do : service xinetd restart
Swat should be running now !
(6.)
--------------------------------------------------------------------------------
To access Swat Webinterface from Lan :
- cd /etc/xinetd.d/
- vi swat
change 'only_from = 127.0.0.1' to 'only_from = 'your.netmask.0.0' e.g.: '192.168.0.0'
the 0 stands for wildcards (e.g. 192.168.0.0 to 192.168.255.255)
--------------------------------------------------------------------------------
Everything is fine .. enjoy now just do http:// SAMBAIP : 901 and login as root
|
|
|
|
| Easily save embeded media in Firefox |
|
Posted by: hijinks - 2005-07-08, 11:58 AM - Forum: Web Browsers
- Replies (3)
|
 |
I just found out this nice little feature in firefox. If you like to save those funny video clips you see on some websites and hate searching through the page source for the link to the media then this is for you.. So lets go to this funny video for example
[/url][url=http://www.ebaumsworld.com/videos/signfun.html]http://www.ebaumsworld.com/videos/signfun.html
Ok so when viewing that page in firefox right click anywhere on the page and goto "View Page Info" and then click the tab "Media"
Now the embeded movie should be listed as embeded in type.. just click on that and then the save as button and your saving it without looking at the source and then using wget.. NICE!
|
|
|
|
| Audio on IBM 600X |
|
Posted by: brodyj - 2005-07-07, 11:07 PM - Forum: Xorg Problems
- Replies (1)
|
|
Ok, so I just installed Core 4 on my IBM Thinkpad 600X, everything went smooth, except for the audio.
When I go to "soundcard detection", i'm presented with the nifty little screen, and it says it found a
Cirrus
Logic CS 4614/22/24 [CrystalClear SoundFusion Audio Accelerator
snd-cs46xx
But when I click "Play test sound", nothing seems to happen, and yes the volume is up and on.
Any ideas?
|
|
|
|
| dns/dhcp using dnsmasq |
|
Posted by: mechtn - 2005-07-07, 09:31 PM - Forum: DNS and DHCP
- Replies (1)
|
|
/etc/dnsmasq.conf
---------------------------------
domain-needed
bogus-priv
interface=eth0
local=/rkbrb.local/
expand-hosts
domain=rkbrb.local
dhcp-range=10.10.23.105,10.10.23.240,255.255.255.0,192h
dhcp-option=44,10.10.23.99 # WINS server(s)
---------------------------------
Currently working on getting dhcp/dns running using dnsmasq!
|
|
|
|
|
