Friday, February 26, 2010

How to manage your password information with chage

The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user


1.How to set the minimum password expiration date and the maximux expiration date for a user named john:

chage -m 3 -M 30 john

2.How to make a user's account inactive 1 day after his password has expired

chage -I 1 john

3.How to create a expiration date for the user and warn him with 3 days before that his account will expire.

chage -E 2010-03-20 -W 3

4. How to list user information

chage -l kate
Last password change : Mar 02, 2010
Password expires : Jun 30, 2010
Password inactive : Jul 01, 2010
Account expires : Jul 02, 2010
Minimum number of days between password change : 4
Maximum number of days between password change : 120
Number of days of warning before password expires : 7

5.How to remove password inactive and account expires settings.

chage -E -1  -I -1 kate

chage -l kate

Last password change : Mar 02, 2010
Password expires : Jun 30, 2010
Password inactive : never
Account expires : never
Minimum number of days between password change : 4
Maximum number of days between password change : 120
Number of days of warning before password expires : 7

Note : Only chage can help you set an account expiration date passwd can't.

Tuesday, February 23, 2010

How to use nmap security scanner

Nmap is a "Network Mapper", used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network despite the fact that such services aren't advertising themselves with a service discovery protocol. In addition Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.

Nmap features include:

Host Discovery
- Identifying computers on a network, for example listing the computers which respond to pings, or which have a particular port open
Port Scanning - Enumerating the open ports on one or more target computers
Version Detection - Interrogating listening network services listening on remote computers to determine the application name and version number
OS Detection - Remotely determining the operating system and some hardware characteristics of network devices.

Typical uses of Nmap:

-Auditing the security of a computer, by identifying the network connections which can be made to it
-Identifying open ports on a target computer in preparation for auditing
-Network inventory, Network mapping, maintenance, and asset management
Auditing the security of a network, by identifying unexpected new servers.

Nmap options
 Can pass hostnames, IP addresses, networks, etc.
 Ex:,,; 10.0.0-255.1-254
 -iL : Input from list of hosts/networks
 -iR : Choose random targets
 --exclude : Exclude hosts/networks
 --excludefile : Exclude list from file
 -sL: List Scan - simply list targets to scan
 -sP: Ping Scan - go no further than determining if host is online
 -P0: Treat all hosts as online -- skip host discovery
 -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
 -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
 -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
 --dns-servers : Specify custom DNS servers
 --system-dns: Use OS's DNS resolver
 -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
 -sU: UDP Scan
 -sN/sF/sX: TCP Null, FIN, and Xmas scans
 --scanflags : Customize TCP scan flags
 -sI : Idlescan
 -sO: IP protocol scan
 -b : FTP bounce scan
 -p : Only scan specified ports
 Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
 -F: Fast - Scan only the ports listed in the nmap-services file)
 -r: Scan ports consecutively - don't randomize
 -sV: Probe open ports to determine service/version info
 --version-intensity : Set from 0 (light) to 9 (try all probes)
 --version-light: Limit to most likely probes (intensity 2)
 --version-all: Try every single probe (intensity 9)
 --version-trace: Show detailed version scan activity (for debugging)
 -O: Enable OS detection (try 2nd generation w/fallback to 1st)
 -O2: Only use the new OS detection system (no fallback)
 -O1: Only use the old (1st generation) OS detection system
 --osscan-limit: Limit OS detection to promising targets
 --osscan-guess: Guess OS more aggressively
 Options which take  are in milliseconds, unless you append 's'
 (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
 -T[0-5]: Set timing template (higher is faster)
 --min-hostgroup/max-hostgroup : Parallel host scan group sizes
 --min-parallelism/max-parallelism : Probe parallelization
 --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout : Specifies
 probe round trip time.
 --max-retries : Caps number of port scan probe retransmissions.
 --host-timeout : Give up on target after this long
 --scan-delay/--max-scan-delay : Adjust delay between probes
 -f; --mtu : fragment packets (optionally w/given MTU)
 -D : Cloak a scan with decoys
 -S : Spoof source address
 -e : Use specified interface
 -g/--source-port : Use given port number
 --data-length : Append random data to sent packets
 --ip-options : Send packets with specified ip options
 --ttl : Set IP time-to-live field
 --spoof-mac : Spoof your MAC address
 --badsum: Send packets with a bogus TCP/UDP checksum
 -oN/-oX/-oS/-oG : Output scan in normal, XML, s|
 and Grepable format, respectively, to the given filename.
 -oA : Output in the three major formats at once
 -v: Increase verbosity level (use twice for more effect)
 -d[level]: Set or increase debugging level (Up to 9 is meaningful)
 --open: Only show open (or possibly open) ports
 --packet-trace: Show all packets sent and received
 --iflist: Print host interfaces and routes (for debugging)
 --log-errors: Log errors/warnings to the normal-format output file
 --append-output: Append to rather than clobber specified output files
 --resume : Resume an aborted scan
 --stylesheet : XSL stylesheet to transform XML output to HTML
 --webxml: Reference stylesheet from Insecure.Org for more portable XML
 --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
 -6: Enable IPv6 scanning
 -A: Enables OS detection and Version detection
 --datadir : Specify custom Nmap data file location
 --send-eth/--send-ip: Send using raw ethernet frames or IP packets
 --privileged: Assume that the user is fully privileged
 --unprivileged: Assume the user lacks raw socket privileges
 -V: Print version number
 -h: Print this help summary page.

How to use NMAP

1.How to scan your network to see which hosts are up:

nmap -sP (it will scan ip-s from to to see which hosts are up)
Starting Nmap 5.00 ( ) at 2010-02-23 19:05 EET
Host is up (0.0010s latency).
MAC Address: 00:25:9C:27:E5:01 (Cisco-Linksys)
Host is up (0.00021s latency).
MAC Address: 00:24:8C:5D:EC:6C (Asustek Computer)
Host is up.
Host is up (0.0013s latency).
MAC Address: 08:00:27:C1:3B:9D (Cadmus Computer Systems)
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.88 seconds

2. Now we scan using a SYN scan [-sS] and -A to enable OS fingerprinting and version detection.The results will be saved in a file named nmap.log.

nmap -sS -A -oN nmap.log

Starting Nmap 5.00 ( ) at 2010-02-23 19:12 EET
Interesting ports on
Not shown: 998 closed ports
80/tcp   open  http    Linksys WRT54GL wireless-G router http config
|_ html-title: 401 Unauthorized
|  http-auth: HTTP Service requires authentication
|_   Auth type: Basic, realm = WRT54GL
5431/tcp open  http    Belkin/Linksys wireless router http config (Linux 2.4; UPnP 1.0; BRCM400 1.0)
MAC Address: 00:25:9C:27:E5:01 (Cisco-Linksys)
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.18 - 2.4.35 (likely embedded)
Network Distance: 1 hop
Service Info: Devices: WAP, router

OS and Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 15.74 seconds

3.How to scan a host for open ports ,network services,os version,ipid:

nmap -sS -P0 -A -v

Starting Nmap 5.00 ( ) at 2010-02-23 19:38 EET
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 19:38
Scanning [1 port]
Completed ARP Ping Scan at 19:38, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:38
Completed Parallel DNS resolution of 1 host. at 19:38, 0.05s elapsed
Initiating SYN Stealth Scan at 19:38
Scanning [1000 ports]
Discovered open port 22/tcp on
Completed SYN Stealth Scan at 19:38, 1.41s elapsed (1000 total ports)
Initiating Service scan at 19:38
Scanning 1 service on
Completed Service scan at 19:38, 0.05s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against
Retrying OS detection (try #2) against
Retrying OS detection (try #3) against
Retrying OS detection (try #4) against
Retrying OS detection (try #5) against
NSE: Script scanning
NSE: Starting runlevel 1 scan
Initiating NSE at 19:38
Completed NSE at 19:38, 0.24s elapsed
NSE: Script Scanning completed.
Host is up (0.00085s latency).
Interesting ports on
Not shown: 999 closed ports
22/tcp open  ssh     OpenSSH 5.1p1 Debian 6ubuntu2 (protocol 2.0)
|  ssh-hostkey: 1024 51:08:cd:ba:ad:5a:4d:87:20:5b:41:ee:f2:34:80:e5 (DSA)
|_ 2048 a2:7c:9e:22:7e:9c:3f:2e:7d:46:d6:1a:29:f1:c2:c8 (RSA)
MAC Address: 08:00:27:C1:3B:9D (Cadmus Computer Systems)
No exact OS matches for host (If you know what OS is running on it, see ).
TCP/IP fingerprint:

Uptime guess: 0.004 days (since Tue Feb 23 19:33:04 2010)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=197 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 15.74 seconds
           Raw packets sent: 1103 (52.340KB) | Rcvd: 1076 (46.596KB)
vices available

Thursday, February 18, 2010

How to manage service in fedora

1.Open a shell and login as root
2.The service command

service --status-all (it shows you the status of the services)
service sshd restart (you can use start,stop,restart,reload)

3.The chkconfig command - run with no parameters it shows all the services and their status in all the runlevels.You can turn on or off a service as well in the desired runlevel.

chckconfig --level 5  sshd on (this option will automaticly start ssh server at boot in the default fedora runlevel)

4.The ntsysv command - it opens a menu where you can set your options.
ntsysv (this will help you set up if a service should start or not at boot in your default runlevel)

Friday, February 12, 2010

How to use GnuPG/GPG to encrypt and sign your files

GNU Privacy Guard (GnuPG or GPG) is a free software alternative to the PGP suite of cryptographic software.GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

This tutorial is for linux users.
1.Open a shell and type :

gpg --gen-key

This will produce a menu asking you what type of algorithm you want.

   Please select what kind of key you want:

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)

Your selection?

DSA, aka Digital Signature Algorithm, is an algorithm which is used for signing messages, whereas ElGamal useable for encryption as well as signatures. (A good discussion of the encryption options available is located here).The default should be fine, although any key length longer than 2048 will be ignored for the DSA algorithm (ie: your ElGamal key will be 2048 bits, but the DSA one will still be 1024). This is because DSA keys cannot be larger than 1024 bits, although they can be as small as 512 bits (but this would not be useful in a real world setting).

Next, you choose the length of your key.

SA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits

The problem with larger keys is that they will empty the entropy pool quickly during generation. You can get around this by having several people log in and do their work, which seeds the entropy pool on Linux (and other) systems. For this example key, I'll leave it at the default of 2048 bits.
Note: an entropy pool is used by the random number function on most operating systems. It is important to keep it random because keys generated from non-random numbers can be cracked much more easily. Linux (and other systems such as OpenBSD) keep the entropy pool fed by monitoring the input of the random device in a computer system: the human.
Please specify how long the key should be valid.
        0 = key does not expire
       d = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 1y
Key expires at Wed 16 Feb 2011 04:58:53 PM EET
Is this correct? (y/N) y

If you don't think you'll use your key much, but do want to be able to use it at any time, don't set your key to expire. If you are paranoid about security, you might want to set your keys to expire after a period (1 year to 3 years depending on key usage). Remember that you can always manually expire keys at a later time through key revocation.
Regardless of what expiry setting you choose, GnuPG will ask you to confirm it.

Key does not expire at all
Is this correct (y/n)?

Next you enter your user ID for the key.

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:

"John Lock "
Real name:
Email address:

If you entered the data as follows:

Real name:       John Lock
Email address:
Comment:       just beleve
You selected this USER-ID:    "John Lock (just beleve) "

Your ID would be: My name (me). GnuPG will then allow you to correct any mistakes, generate the key, or abort.

Next will be your passphrase. It is very, very important that you choose a strong one you can remember. Without this passphrase, anyone who can copy your PGP keys will be able to impersonate you (such as your local sysadmin on a shared system). If your system is cracked, a passphrase on your key ring might be the only thing stopping the cracker from impersonating you. The caveat is that if you forget your passphrase, you will not be able to use your own keys.
After this, GnuPG will generate your keys. You should see a message like this:

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.

You will see some characters scroll by. If GnuPG can't get enough random characters, you'll see a message like this:

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need NN more bytes)

Don't panic! Just run some programs,type some random characters in the shell, etc. If you have installed egd (the entropy gathering daemon [scroll down page for egd info and files]), play some music into the microphone. Once GnuPG is done, you should see this message:

public and secret key created and signed.

Congratulations. You now have a pair of keys. One is private, and one is public. Think of them as a birth certificate, library card, and drivers' licence rolled into one.

2.Generate a revocation certificate

After your key pair is created you should immediately generate a revocation certificate for the primary public key using the option -gen-revoke.If you forget your passphrase or if your private key is compromised or lost,this revocation certificate may be published to notify others that the public key should nolonger be used.A revoked public key can still be used to verify signatures made by you in the past, but it cannot be used to encrypt future messages to you.It also does not affect your ability todecrypt messages sent to you in the past if you still do have access to the private key.

gpg --output revoke.asc --gen-revoke  key_id(you can put the user id and it will work )

gpg --output revoke.asc --gen-revoke 915E0CF3
3.Exchange keys with your friends

To communicate with others you must exchange public keys.To list the keys on your public keyring use the command-line option -list-keys.The number 915E0CF3 in the example below is your public key's id number.

gpg  --list-keys

pub  2048R/915E0CF3  2010-02-16 [expires: 2011-02-16]
uid  John Lock (just beleve)
sub   2048R/597A4582  2010-02-16 [expires: 2011-02-16]

Now to export the key in armored format(is better to be armored if you email the key or if you publish it on the web) :

gpg --output johnlock.asc --armor --export key_id

Now you must give this key(johnlock.asc) which is in your home folder to your friend.If you send it by mail then you should call him/her and tell her the fingerprint.If the fingerprint is ok then the certificate is realy from that person.How to see the fingerprint of a key:

gpg --edit-key john_lock (you can use the id like this or gpg --edit-key  915E0CF3 )
Command> fpr (this will list the keysfingerprint)

4.Importing a friends public key

 Let's presume that your friend gave you his public key named

gpg --import

After checking the fingerprint, you may sign the key to validate it.Since key verification is a weak point in public-key cryptography, you should be extremely careful and always check a key’s fingerprint with the owner before signing the key.

 gpg --edit-key jack_shepard (or key_id)

Command> sign jack_shepard (or_key_id) 

Once signed you can check the key to list the signatures on it and see the signature that you have added.Every user ID on the key will have one or more self-signatures as well as a signature for each user that has validated the key.

Command> check

Then you can set a trust level for your friends key:

Command>trust jack_shepard(or key_id)

After that save and exit.

 Command> save

Note . It is a good practice to sign and trust someone else's public key then to export that persons key and send it back to them.That is how you rase the credibility of your public key by letting other people sign it and send it back to you.

5.Encrypt/Decrypt documents

 a.Encrypt a document
If you want to encrypt a document for someone else use his public key you just imported in the previous exercise.If you want to encrypt a document for yourself use your public key.
Note if you encrypt the document using someone else's public key only that person can decrypt that document.

gpg  --output doc_name.gpg  --encrypt --armor --recipient key_id  doc_name

b.Decrypt a document

gpg --output doc_name --decrypt doc_name.gpg

6.Symmetric encription

If you do not need to send the document to anyone and is your private document you can use symmetric encryption.

gpg  --output doc_name.gpg  --armor --symmetric   doc_name
Enter Passphrase:type_the_password_you_want(it is a new password don't use youre public key password)

To decrypt type:
gpg  --output doc_name  --decrypt   doc_name.gpg
Enter Passphrase:

7.Making and verifying signatures

A digital signature certifies and time stamps a document. If the document is subsequently modified in any way,a verification of the signature will fail.A digital signature can serve the same purpose as a hand-written signature with the additional benefit of being tamper resistant. The GnuPG source distribution,for example,is signed so that users can verify that the source code has not been modified since it was packaged.
Creating and verifying signatures uses the public/private key pair in an operation different from encryption and decryption.A signature is created using the private key of the signer.The signature is verified using the corresponding public key.
How to create a signature file:

gpg --output doc_name.sig --armored  --sign doc_name

The document is compressed before being signed, and the output is in binary format.
Given a signed document, you can either check the signature or check the signature and recover the original document.To check the signature use the -verify option. To verify the signature and extract the document use the -decrypt option.The signed document to verify and recover is input and the recovered document is output.
 To verify signature type:

 gpg  --verify doc_name.sig

To decrypt the document type:

gpg  --output doc_name  --decrypt   doc_name.sig

A common use of digital signatures is to sign usenet postings or email messages. In such situations it is undesirable to compress the document while signing it.The option -clearsign causes the document to be wrapped in anASCII-armored signature but otherwise does not modify the document.

gpg   --clearsign doc_name (this will create a signed document named doc_name.asc)

Detached signatures

A signed document has limited usefulness.Other users must recover the original document from the signed version, and even with clearsigned documents, the signed document must be edited to recover the original. Therefore, there is a third method for signing a document that creates a detached signature, which is a separate file.A detached signature is created using the -detach-sig option.

gpg --output doc_name.sig  --detach-sig doc_name

Both the document and detached signature are needed to verify the signature.The -verify option can be used to check the signature:
gpg  --verify doc_name.sig doc_name

8.Exporting a key from a key server 

 Exporting a key:

gpg --send-keys --keyserver

Importing a key:

gpg --recv-keys --keyserver  

9.Key Management and examples

gpg --edit-key key_id     Present a menu which enables you to do all key related tasks:

sign     Make a signature on key of user name If the key is not yet signed by the default user (or the users given with -u), the program displays the information of the key again   together with its fingerprint and asks whether it should be signed. This question is repeated for all users specified with -u.
lsign     Same as --sign but the signature is marked as non-exportable and will therefore never be used by others. This may be used to make keys valid only in the local environment.
nrsign     Same as --sign but the signature is marked as non-revocable and can therefore never be revoked.
nrlsign     Combines the functionality of nrsign and lsign to make a signature that is both non-revocable and non-exportable.
revsig     Revoke a signature. For every signature which has been generated by one of the secret keys, GnuPG asks whether a revocation certificate should be generated.
trust     Change the owner trust value. This updates the trust-db immediately and no save is required.
enable     Disable or enable an entire key. A disabled key can not normally be used for encryption.
adduid     Create an alternate user id.
addphoto     Create a photographic user id. This will prompt for a JPEG file that will be embedded into the user ID. Note that a very large JPEG will make for a very large key.
deluid     Delete a user id.
delsig      Delete a signature.
revuid       Revoke a user id.
addkey       Add a subkey to this key.
delkey     Remove a subkey.
addrevoker [sensitive]     Add a designated revoker. This takes one optional argument: "sensitive". If a designated revoker is marked as sensitive, it will not be exported by default (see export-options).
revkey     Revoke a subkey.
expire     Change the key expiration time. If a subkey is selected, the expiration time of this subkey will be changed. With no selection, the key expiration of the primary key is changed.
passwd     Change the passphrase of the secret key.
primary     Flag the current user id as the primary one, removes the primary user id flag from all other user ids and sets the timestamp of all affected self-signatures one second ahead. Note that setting a photo user ID as primary makes it primary over other photo user IDs, and setting a regular user ID as primary makes it primary over other regular user IDs.
uid n     Toggle selection of user id with index n. Use 0 to deselect all.
key n     Toggle selection of subkey with index n. Use 0 to deselect all.
check     Check all selected user ids.
showphoto     Display the selected photographic user id.
pref     List preferences from the selected user ID. This shows the actual preferences, without including any implied preferences.
showpref     More verbose preferences listing for the selected user ID. This shows the preferences in effect by including the implied preferences of 3DES (cipher), SHA-1 (digest), and Uncompressed (compression) if they are not already included in the preference list.
setpref string     Set the list of user ID preferences to string, this should be a string similar to the one printed by "pref". Using an empty string will set the default preference string, using "none" will set the preferences to nil. Use "gpg -v --version" to get a list of available algorithms. This command just initializes an internal list and does not change anything unless another command (such as "updpref") which changes the self-signatures is used.
updpref     Change the preferences of all user IDs (or just of the selected ones to the current list of preferences. The timestamp of all affected self-signatures will be advanced by one second. Note that while you can change the preferences on an attribute user ID (aka "photo ID"), GnuPG does not select keys via attribute user IDs so these preferences will not be used by GnuPG.
toggle     Toggle between public and secret key listing.
save     Save all changes to the key rings and quit.
quit     Quit the program without updating the key rings.
    The listing shows you the key with its secondary keys and all user ids. Selected keys or user ids are indicated by an asterisk. The trust value is displayed with the primary key: the first is the assigned owner trust and the second is the calculated trust value. Letters are used for the values:
-     No ownertrust assigned / not yet calculated.
e     Trust calculation has failed; probably due to an expired key.
q     Not enough information for calculation.
n     Never trust this key.
m     Marginally trusted.
f     Fully trusted.
u     Ultimately trusted.

gpg --delete-key  key_id  (deletes a public key you don't need)

For mor information check this out is the online man page:

For windows users there is gpg4win if they want to use gnupg.

Thursday, February 11, 2010

What is md5sum

md5sum is a computer program that calculates and verifies 128-bit MD5 hashes, as described in RFC 1321. The MD5 hash (or checksum) functions as a compact digital fingerprint of a file. It is extremely unlikely that any two non-identical files existing in the real world will have the same MD5 hash (although as with all such hashing algorithms, there are an unlimited number of files that will have any given MD5 hash).
Because almost any change to a file will cause its MD5 hash to also change, the MD5 hash is commonly used to verify the integrity of files (i.e., to verify that a file has not changed as a result of file transfer, disk error, meddling, etc.). The md5sum program is installed by default in most Unix, Linux, and Unix-like operating systems or compatibility layers. BSD variants (including Mac OS X) have a similar utility called md5. Versions for Microsoft Windows do exist (see external links at the bottom of the page).

1.If you download for example ubuntu-9.10-desktop-i386.iso and want to verify the integrity of the file open a shell and type:

md5sum ubuntu-9.10-desktop-i386.iso
the out put will be:
8790491bfa9d00f283ed9dd2d77b3906  ubuntu-9.10-desktop-i386.iso

Ok now go to this page UbuntuHashes and search for the md5hash for your distribution compare with your result.If they match then the file is ok.Some sites like snort provide the md5 hash in a file for download.To check the integrity of the file you just downloaded you must download the .md5 file too and use md5sum like this:

md5sum snort-  -c  snort-

For windows you can use:
Jacksum - Jacksum is a free and platform independent software for computing and verifying checksums, CRCs and message digests
Fsum - a command line utility to check the md5hash.
HashCheck - is another utility to check the md5hash from explorer.
MD5Summer - is another standalone utility utility to check the md5hash.

What is TCPDUMP and how to use it

TCPDUMP is a packet analyzer that runs under the command line.It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.I has a version for windows too named WinDump.

What is it good for?

Tcpdump is frequently used to debug applications that generate or receive network traffic. It can also be used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.
It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as TELNET or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.


I.To see on which network interfaces tcpdump can capture packets type:

sudo tcpdump -D

Output of the above command :
2.any (Pseudo-device that captures on all interfaces)

II.How to capture packets from a interface

sudo tcpdump -i eth0 or if you want the output saved in a file for later analysis type  sudo tcpdump -i eth0 -w tcpdumpfile.log

III.How to see data in human readable format while captured:

sudo tcpdump  -l  |  tee dat

IV.Print packets ariveing from ubuntubox1( or departing from it using the host name or the ip:

sudo tcpdump host ubuntubox1 
              or like this:
sudo tcpdump host

V.To print traffic between ubuntumaster  and either ubuntubox1 or ubuntubox2:

tcpdump host ubuntumaster and \( ubuntubox1 or ubuntubox2 \)

VI.To print all IP packets between ubuntubox1 and any host except ubuntumaster:

tcpdump ip host ubuntubox1 and not ubuntumaster 

VII. How to print packets that are send and recived from port 22:

sudo tcpdump port 22 -w tcpdump.log

VIII. How to print trafic showing the ip-s of the sender and reciver
sudo tcpdump -nS
sudo tcpdump -nnvvS (to see a good amount of traffic with verbosity and no name)

IX.How to print traffic from only a source or destination ignoring one side of the host conversation

sudo tcpdump src
sudo tcpdump dst

X.How to capture traffic from an entire network

sudo tcpdump net
             or like this:
sudo tcpdump net

XI.How to print a specific number of packets  from a specific protocol (protocols supported are TCP, UDP,ICMP,ARP and IP):

sudo tcpdump -c20  TCP

XII. How to filter traffic based on source port and destination port

sudo tcpdump src port 22 and dst port 22

Note you can combine options using expressions.Accepted expresions are: and,or,not.

If you save the output to a file with -w option, it is not human readable.You must use another software like WireShark to be able to see it in human readable format.

Wednesday, February 10, 2010

Open SSH basic security

For the ssh to be secure any competent network admin will tell you to do the following:
Open a shell and type :
sudo nano /etc/ssh/sshd_config (this is the openssh-server configuration file)
1.Find the line where you see port 22 and change the port number to another number example port 2232 (the number must be higher than  1024).Now when you log to this sistem you must specify the port number like this:
ssh -p 2232 cata@ubuntubox1
2.Find the line where you see PermitRootLogin yes and change to no .If you do this nobody can ssh login with the root user.
3.Try to use passwordless authentication and   in the sshd_config set PasswordAuthentication no.

How to configure password-less authentication with Open SSH

 In my experience as a network admin is not a good ideea to let users login with their machine credentials so I will show you how to ssh login using public key and private key authentication.
Note . I presume that you have already installed the openssh-server package.
1.Open a shell and type
ssh-keygen (this is the ssh utility for PKI authentication.It will generate a public key and a private key.)

Generating public/private rsa key pair.
Enter file in which to save the key (/home/cata/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in
The key fingerprint is:
7a:df:3b:ac:6f:72:24:44:31:9d:c1:61:bb:59:9f:61 cata@krishnamurti2
The key's randomart image is:
+--[ RSA 2048]----+
|          o+++   |
|          .o+.   |
|         .  . .E |
|          .  +..o|
|        S.  o  ..|
|       .  . .    |
|      . .  +     |
|       . ...=    |
|          o*+o   |

2.Lets presume you want to login without a password to the pc named xubuntu(

ssh-copy-id -i ~/.ssh/  cata@ - this will copy your public key( to the remote sistem and generate the file /home/cata.ssh/authorized_keys where your public key will be inserted.

3.Restart ssh server on the remote host :

suso service ssh restart

4.Now from your shell type:

ssh (and you will be loged in without a password)

5.If you want to test that everything is ok type:

ssh-add -l (this will show you all the public keys thata are stored in your public agent)
If there are no keys here and ssh-copy-id has made an error to add a public key manualy do this:
If you want to delete a key from the agent do this
ssh-add -d or ssh-add -D (deletes all keys)
Change your public key password at least once a year .To change the password without generating a new key type:
ssh-keygen -p

How to copy files with SCP

1.Copy a file to another host: 

scp sourcefile user@host:/directory/TargetFile

2.Copying file from host:  

scp user@host:/directory/sourcefile TargetFile

Note that if the remote host uses a port other than the default of 22, you can specify it in the command.
For example, copying a file from host:

scp -P 2222 user@host:/directory/SourceFile TargetFile

Friday, February 5, 2010

Virtual Box How to change screen resolution in a Ubuntu 9.10 guest system

Two days ago I installed a ubuntu 9.10 virtual machine.The process of installation went great except for the video driver.I have a  Sapphire ATI HD 4850 HD 512 DDR3 with an  and a Samsung SyncMaster T240HD monitor 1920x1200 maximum resolution.And yet the secreen maximum resolution was 800x600.
So after some reading of Virtual Box manual i found the answer.

You must install the Guest Drivers in the Ubuntu guest machine and create a xorg.conf file.

Step 1 - Start the virtual machine and mout the VBoxAdditions.iso
 If you can't find it on the menu you will have to find the image and mount it .If your on a windows host you will find it in your VirtualBox instalation folder mine is on d:\VirtualBox\.If you are on linux host you will find it in /usr/share/Virtual Box/ folder.

Step 2 - install the guest adition drivers
Open a shell and type:

cd /media/cdrom0/
ls -ltr 
If you are on 32 bit machine you must install like this:
sudo sh
After the install completes reboot the sistem
Step 3 - create a xorg.conf file
Open a shell and type:
sudo  gedit /etc/X11/xorg.conf
Now copy this lines bellow in the xorg.conf file you just created and save the file.

Section "Device"
   Identifier   "Configured Video Device"
   Driver    "vboxvideo"


Section "Screen"
   Identifier    "Default Screen"
   Device    "VirtualBox graphics card"
   Monitor    "Generic Monitor"
   DefaultDepth    24
   SubSection "Display"
     Depth    24
     Modes      "1920x1200"

Under modes put your own monitor resolution.Log out and after that you will be able to change the screen resolution using Sistem-->Preferences-->Display

Thursday, February 4, 2010

Xinetd the super server

Xinetd performs the same function as inetd: it starts programs that provide Internet services. Instead of having such servers started at system initialization time, and be dormant until a connection request arrives, xinetd is the only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.The only reason for the existence of a super-server was to conserve system resources by avoiding to fork a lot of processes which might be dormant for most of their lifetime. While fulfilling this function, xinetd takes advantage of the idea of a super-server to provide features such as access control and logging. Furthermore, xinetd is not limited to services listed in /etc/services. Therefore, anybody can use xinetd to start special-purpose servers.

SIGHUP causes a hard reconfiguration, which means that xinetd re-reads the configuration file and terminates the servers for services that are no longer available. Access control is performed again on running servers by checking the remote location, access times and server instances. If the number of server instances is lowered, some arbitrarily picked servers will be killed to satisfy the limit; this will happen after any servers are terminated because of failing the remote location or access time checks. Also, if the INTERCEPT flag was clear and is set, any running servers for that service will be terminated; the purpose of this is to ensure that after a hard reconfiguration there will be no running servers that can accept packets from addresses that do not meet the access control criteria. SIGQUIT causes program termination. SIGTERM terminates all running servers before terminating xinetd. SIGUSR1 causes an internal state dump (the default dump file is /var/run/xinetd.dump; to change the filename, edit config.h and recompile). SIGABRT causes an internal consistency check to verify that the data structures used by the program have not been corrupted. When the check is completed xinetd will generate a message that says if the check was successful or not.
xinetd.conf is the configuration file that determines the services provided by xinetd. Any line whose first non-white-space character is a ’#’ is considered a comment line. Empty lines are ignored.You can find it in /etc/xinetd.conf. The file contains entries of the form: service { ... ... }
The necessary attributes for a service in xinetd.conf are: 

user (non-internal services only) 
server (non-internal services only) 
wait protocol (RPC and unlisted services only)
rpc_version (RPC services only) 
rpc_number (unlisted RPC services only)
port (unlisted non-RPC services only)


# # Sample configuration file for xinetd

log_type = FILE /var/log/servicelog
log_on_success = PID
log_on_failure = HOST
only_from =
only_from =
instances = 10
disabled = rstatd


service ftp

socket_type = stream 
wait = no 
nice = 10
user = root
server = /usr/etc/in.ftpd
server_args = -l 
instances = 4
log_on_success += DURATION HOST USERID
access_times = 2:00-9:00 12:00-24:00

For more details see

How to run a software with *.sh or *.run extension

Open a shell and go to the folder where the executable aplication is then type:

1. sudo  sh
or like this
2. sudo ./

For a software with *.run extension is done the same.

Wednesday, February 3, 2010

TCP Wrappers

If you want to set up a very good security you must build a layerd security.Tcp Wrappers is like a basic firewall that protects your network services.

A basic security before you set up ipfilters firewall   looks like this:
xinetd -->TCPWrappers-->network service (layerd security)
To create the TCP Wrappers rules edit these two files:

hosts.allow and hosts.deny

These two files, located in your /etc/ folder, allow you to limit or permit connections from specific hosts or ips. Using these two files you could setup a whitelisting basic firewall or blacklist.

Here is the format:

daemon_list : client_list [ : shell command]

daemon_list - is a list of one or more daemon process names (argv[0] values) or server port numbers or wildcards.
client_list - is a list of one or more host names, host addresses, patterns or wildcards that will be matched against the client host name or address.
shell command is optional
List elements should be separated by blanks and/or commas.


Here are lists of wildcards support by tcp wrappers:

ALL The universal wildcard, always matches. 
LOCAL Matches any host whose name does not contain a dot character.
UNKNOWN Matches any user whose name is unknown, and matches any host whose name or address are unknown. 
KNOWN Matches any user whose name is known, and matches any host whose name and address are known.  
PARANOID Matches any host whose name does not match its address.

Shell commands

I never used theese but you can open a shell type man hosts.allow to find out more

Example of editing rules for TCP Wrappers:

Open your favorite editor and open the hosts.allow file

sudo nano /etc/hosts.allow

ALL: 127.0. (the 127.0. range is allowed)

telnetd : (specific IP) 192.168.0. (specific range) EXCEPT (range exceptions)

sudo nano  /etc/hosts.deny

ALL : ALL (denying all services to all hosts)

How to test if tcpwrappers is working:

1.Open a shell and type:
tcpdchk -v   (tcpdchk examines your tcp wrapper configuration and reports all potential and real problems it can find. The program examines the tcpd access control files (by default, these are /etc/hosts.allow and /etc/hosts.deny), and compares the entries in these files against entries in the inetd(xinetd) network configuration file.)
2.Open a shell and type:
tcpdmatch in.telnetd (tcpdmatch predicts how the tcp wrapper would handle a specific request for a service.The program examines the tcpd access control tables (default /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For maximal accuracy, it extracts additional information from your inetd(xinetd) network configuration file.When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format; this makes it easier for you to spot any discrepancies between what you want and what the program understands.)
 How to check if a service is compatible with tcpwrappers:
1. Not all the services are compatible with TCP Wrappers , so to see which services are compatible open a shell and type:

ldd /usr/sbin/telnetd | grep libwrap (this example tests the telnet service)

In the example above we see that the telnetd (telnet server) is referring to the, so we can tell that any restrictions in hosts.allow and hosts.deny are applicable to that service.