RSS Feed

Recovering Ubuntu After Installing Windows

Using the Ubuntu Desktop/Live CD Quick Start This option will use the Desktop/Live CD to install Grub into your MBR (Master Boot Record). This option will overwrite your Windows Boot Loader. It is OK to do this, in fact that is the goal of this how to (in order to boot Ubuntu) B) 1. Boot the Desktop/Live CD. (Use Ubuntu 8.04 or later) 2. Open a terminal (Applications -> Accessories -> Terminal) 3. Start grub as root with the following command : * sudo grub 4. You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0) * [ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB lists the possible completions of a device/filename. ] grub> Type the following and press enter: find /boot/grub/stage1 If you get “Error 15: File not found”, try the following: find /grub/stage1 Using this information, set the root device (fill in X,Y with whatever the find command returned): grub> root (hdX,Y) Install Grub: grub> setup (hd0) Exit Grub: grub> quit 5. Reboot (to hard drive). Grub should be installed and both Ubuntu and Windows should have been automatically detected. 6. If, after installing grub, Windows will not boot you may need to edit /boot/grub/menu.lst (That is a small “L” and not the number 1 in menu.lst) * Open a terminal and enter : gksu gedit /boot/grub/menu.lst Or, in Kubuntu: kdesu kate /boot/grub/menu.lst Your Windows stanza should look something like this : title Windows XP/Vista # You can use any title you wish, this will appear on your grub boot menu rootnoverify (hd0,0) #(hd0,0) will be most common, you may need to adjust accordingly makeactive chainloader +1

Snort

Snort NIDS

Features:

1. Network Intrusion Detection System (NIDS)

2. Packet Sniffer

3. Packet Logger – logs using TCPDump format

Tasks:

1. Download and install Snort NIDS

a. snort.org

b. Confirm MD5SUM: ‘md5sum snort-2.8.0.2.tar.gz’ Compare to snort-2.8.0.2.tar.gz.md5

c. Import GPG key used to sign the current release of Snort

d. gpg –verify snort-2.8.0.2.tar.gz.sig snort-2.8.0.2.tar.gz

Requirements:

1. gcc – C compiler

2. make – creates binaries

3. libpcre – Provides access to Perl Compatible RegExes

4. mysql-devel* – provides access to MySQL

5. libpcap* – provides the TCPDump, packet capture library

e. Extract and install (compile) Snort NIDS

e1. tar -xzvf snort-2.8.0.2.tar.gz – creates top-level directory

e2. ./configure –with-mysql –enable-dynamicplugin – checks for prerequisites, including: mysql-devel, libpcre, gcc, make, etc.

e3. make – creates binaries

e4. su (as ‘root’) and execute ‘make install’ – places binaries in /usr/local/ accessible location

Usage – Packet Sniffer:

1. snort -v -i eth0 – reveals layers 3 & 4 of the OSI model

2. snort -vde -i eth0 – reveals layers 2-7

3. snort -vde -i eth0 tcp port 23

Usage – Packet Logger:

1. snort -v -i eth0 -l ./ tcp port 23 – logs binary file in current directory with Unix Epoch suffix

2. snort -b -i eth0 – attempts to log in: /var/log/snort

3. snort -b -L test.snort.log -i eth0 – creates: /var/log/snort/test.snort.log.UnixEpochDate

Note: Snort drops less packets when run in binary logging mode than in verbose, dump-to-screen, mode

Snort NIDS Setup

1. Setup MySQL DB environment

a. create database snort;

b. grant insert,select on root.* to snort@localhost;

c. set password for snort@localhost=password(‘abc123′);

d. grant create,insert,select,delete,update on snort.* to snort@localhost;

e. grant create,insert,select,delete,update on snort.* to snort;

2. Import MySQL DB schema

a. mysql -u root -p < /home/linuxcbt/temp/Snort/snort-2.8.0.2/schemas/create_mysql snort

3. Setup Snort NIDS /etc/snort environment

a. mkdir /etc/snort && cp -v /home/linuxcbt/temp/Snort/snort-2.8.0.2/etc/* /etc/snort

Note: Snort’s primary configuration file for NIDS mode: /etc/snort/snort.conf

4. Download the latest Snort rules file and extract to: /etc/snort/rules

Note: Snort rules are available as follows:

1. Registered users: with delay

2. Subscriber: no delay – NOT FREE

3. Unregistered users: release version (very old) of rules

4. Various third-party sites: i.e. Bleeding Snort, etc.

a. cd /etc/snort && tar -xzvf snortrules*

5. Configure: /etc/snort/snort.conf to use MySQL and rules

a. MySQL – output

b. Rules – path to the rules

6. Start Snort in NIDS mode

a. snort -i eth0 -c /etc/snort/snort.conf -D

7. Setup BASE web analysis application

a. wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz

b. tar -xzvf adodb480.tgz

Note: adodb480.tgz – provides DB-connectivity for BASE to MySQL

c. Download BASE from http://base.secureideas.net

d. Configure: base_conf.php file

d1. $BASE_urlpath = ‘/base';

d2. $Dblib_path = “/var/www/html/adodb”;

d3. $Dbtype = ‘mysql';

d4. alert_dbname = ‘snort';

d5. alert_host = ‘localhost';

d6. alert_password = ‘abc123′;

Note: Ensure that your Apache instance has PHP support

Note: Ensure that ‘php-mysql*’ package is installed

8. Connect to BASE via web browser

Note: Consider protecting ‘/base’ application using HTDIGEST or basic auth

Trivial File Transfer Protocol Daemon (TFTPD)

Features:

1. Fast, connectionless (UDP), file transfers

2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)

Note: Implemented as 2 components:

a. Client – tftp-*rpm

b. Server – tftp-server*

Tasks:

1. Install TFTP client

a. yum -y install tftp

2. Install TFTP server

a. yum -y install tftp-server

Note: this also install ‘xinetd’ dependency

3. Configure and start ‘tftp’ via ‘xinetd’

a. /etc/xinetd.d/tftp – modify this file prior to starting ‘TFTPD’

b. service xinetd start – to start XINETD

Note: TFTPD listens to UDP:69, by default

Note: use ‘netstat -nulp | grep 69′ to check if ‘xinetd’ is listening

4. Copy Cisco Router configuration to TFTP server

a. copy running-config tftp://192.168.75.199

b. setsebool -P tftpd_disable_trans=1 – disables SELinux for TFTPD

c. ‘service xinetd restart’ – restart XINETD

d. ‘chmod 666 linuxcbtrouter1.config’ – to permit TFTPD to write

5. Use ‘tftp’ client to download ‘linuxcbtrouter1.config’ file

a. tftp 192.168.75.199 -c get linuxcbtrouter1.config

b. tftp – enters interactive mode

Note: tftp client operates in both non-interactive and interactive modes

Basic Provisioning of Partitions and File Systems

Features:

1. Ability to provision extra storage on-the-fly

Steps:

1. Identify available storage

a. ‘fdisk -l’ – returns connected storage

2. Create partitions on desired hard drive:

a. ‘fdisk /dev/sdb’ – interacts with /dev/sdb drive

b. ‘n’ – to add a new partition

c. ‘p’ – primary

d. ‘1’ – start cylinder

e. ‘+4096M’ – to indicate 4 Gigabytes

f. ‘w’ – to write the changes to the disk

Note: use ‘partprobe partition (/dev/sdb1)’ to force a write to a hard drive’s partition table on a running system

Note: ‘fdisk’ creates raw partitions

3. Overlay (format) the raw partition with a file system

a. mke2fs -j /dev/sdb1 – this will write inodes to partition

4. Mount the file system in the Linux file system hierarchy:

a. mkdir /home1 && mount /dev/sdb1 /home1

b. mount OR df -h – either will reveal that /dev/sdb1 is mounted

Note: lost+found directory is created for each distinct file system

5. Configure ‘/home1′ to auto-mount when the system boots

a. nano /etc/fstab and copy and modify the ‘/home’ entry

System Utilities

Features:
1. Process listing
2. Free/available memory
3. Disk utilization

1. ps – process status/listing
a. ps -ef or ps -aux
2. top – combines, ps, uptime, free and updates regulary
3. uptime – returns useful system utilization information:
a. current time
b. uptime – days, hours and minutes
c. connected users
d. load averaged – 1,5,15 minute values

4. free – returns memory utilization
a. RAM
b. SWAP free -m – for human readable format
5. df – returns disk partition/mount point information
a. df – returns info. using kilobytes
b. df -h – returns info. using megabytes/human readable (gigs/teray/etc.)
6. vmstat – reports on: processes, memory, paging, block I/O, traps, CPU activity
a. vmstat
b. vmstat -p /dev/hda1 – returns partitions stats for /dev/hda1 (/boot)

7. gnome-system-monitor – GUI, combining most system utilities
8. ls -ltr /proc
a. cat /proc/cpuinfo
9. kill PID – kills the process with a given PID
10. runlevel – returns runlevel information using 2 fields:
a. represents previous runlevel
b. represents current runlevel

Perl

<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>

Perl

Features:

1. Parses text

2. Executes programs

3. CGI – Web forms, etc.

4. Supports RegExes (Perl and POSIX)

5. etc.

Task:

1. Print ‘Hello World’ to STDOUT

a. perl -c helloworld.pl – checks the syntax of the script

b. perl helloworld.pl – executes the script

c. chmod +x helloworld.pl && ./helloworld.pl

2. Parse RegExes from the command line

EX

#!/usr/bin/perl –w

Print “hello world”

EX

#!/usr/bin/perl

$var1 = $ARGV[0];

If ($var1 =~ m/test /)

{

print ”success matches of $var1”

}

Else

{

Print “Fail no matche”

}

sed & awk

Awk

Features:

1. Field/Column processor

2. Supports egrep-compatible (POSIX) RegExes

3. Can return full lines like grep

4. Awk runs 3 steps:

a. BEGIN – optional

b. Body, where the main action(s) take place

c. END – optional

5. Multiple body actions can be executed by separating them using semicolons. e.g. ‘{ print $1; print $2 }’

6. Awk, auto-loops through input stream, regardless of the source of the stream. e.g. STDIN, Pipe, File

Usage:

1. awk ‘/optional_match/ { action }’ file_name | Pipe

2. awk ‘{ print $1 }’ grep1.txt print 1st column

Note: Use single quotes with awk, to avoid shell interpolation of awk’s variables

3. awk ‘{ print $1,$2 }’ grep1.txt

Note: Default input and output field separators is whitespace

4. awk ‘/linux/ { print } ‘ grep1.txt – this will print ALL lines containing ‘linux’

5. awk ‘{ if ($2 ~ /Linux/) print}’ grep1.txt print if colmun 2 = Linux ; awk ‘{if ($1 ~ /ali/) print $1,$2,$3 }’ /etc/passwd

6. awk ‘{ if ($2 ~ /8/) print }’ /var/log/messages – this will print the entire line for log items for the 8th

7. awk ‘{ print $3 }’ /var/log/messages | awk -F: ‘{ print $1}’

Sed – Stream Editor

Features:

1. Faciliates automated text editing

2. Supports RegExes (POSIX)

3. Like Awk, supports scripting using ‘-F’ option

4. Supports input via: STDIN, pipe, file

Usage:

1. sed [options] ‘instruction[s]‘ file[s]

2. sed -n ‘1p’ grep1.txt – prints the first line of the file

3. sed -n ‘1,5p’ grep1.txt – prints the first 5 lines of the file

4. sed -n ‘$p’ grep1.txt – prints the last line of the file

5. sed -n ‘1,3!p’ grep1.txt – prints ALL but lines 1-3

6. sed -n ‘/linux/p’ grep1.txt – prints lines with ‘linux’

7. sed -e ‘/^$/d’ grep1.txt – deletes blank lines from the document

8. sed -e ‘/^$/d’ grep1.txt > sed1.txt – deletes blank lines from the document ‘grep1.txt’ and creates ‘sed1.txt’

9. sed -ne ‘s/search/replace/p’ sed1.txt

10. sed -ne ‘s/linux/unix/p’ sed1.txt

11. sed -i.bak -e ‘s/3/4′ sed1.txt – this backs up the original file and creates a new ‘sed1.txt’ with the modifications indicated in the command

Note: Generally, to create new files, use output redirection, instead of allowing sed to write to STDOUT

Note: Sed applies each instruction to each line

Follow

Get every new post delivered to your Inbox.