Recovering Ubuntu After Installing Windows

Using the Ubuntu Desktop/Live CD Quick Start This option will use the Desktop/Live CD to install Grub into your MBR (Master Boot Record). This option will overwrite your Windows Boot Loader. It is OK to do this, in fact that is the goal of this how to (in order to boot Ubuntu) B) 1. Boot the Desktop/Live CD. (Use Ubuntu 8.04 or later) 2. Open a terminal (Applications -> Accessories -> Terminal) 3. Start grub as root with the following command : * sudo grub 4. You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0) * [ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB lists the possible completions of a device/filename. ] grub> Type the following and press enter: find /boot/grub/stage1 If you get “Error 15: File not found”, try the following: find /grub/stage1 Using this information, set the root device (fill in X,Y with whatever the find command returned): grub> root (hdX,Y) Install Grub: grub> setup (hd0) Exit Grub: grub> quit 5. Reboot (to hard drive). Grub should be installed and both Ubuntu and Windows should have been automatically detected. 6. If, after installing grub, Windows will not boot you may need to edit /boot/grub/menu.lst (That is a small “L” and not the number 1 in menu.lst) * Open a terminal and enter : gksu gedit /boot/grub/menu.lst Or, in Kubuntu: kdesu kate /boot/grub/menu.lst Your Windows stanza should look something like this : title Windows XP/Vista # You can use any title you wish, this will appear on your grub boot menu rootnoverify (hd0,0) #(hd0,0) will be most common, you may need to adjust accordingly makeactive chainloader +1

Snort

Snort NIDS

Features:

1. Network Intrusion Detection System (NIDS)

2. Packet Sniffer

3. Packet Logger – logs using TCPDump format

Tasks:

1. Download and install Snort NIDS

a. snort.org

b. Confirm MD5SUM: ‘md5sum snort-2.8.0.2.tar.gz’ Compare to snort-2.8.0.2.tar.gz.md5

c. Import GPG key used to sign the current release of Snort

d. gpg –verify snort-2.8.0.2.tar.gz.sig snort-2.8.0.2.tar.gz

Requirements:

1. gcc – C compiler

2. make – creates binaries

3. libpcre – Provides access to Perl Compatible RegExes

4. mysql-devel* – provides access to MySQL

5. libpcap* – provides the TCPDump, packet capture library

e. Extract and install (compile) Snort NIDS

e1. tar -xzvf snort-2.8.0.2.tar.gz – creates top-level directory

e2. ./configure –with-mysql –enable-dynamicplugin – checks for prerequisites, including: mysql-devel, libpcre, gcc, make, etc.

e3. make – creates binaries

e4. su (as ‘root’) and execute ‘make install’ – places binaries in /usr/local/ accessible location

Usage – Packet Sniffer:

1. snort -v -i eth0 – reveals layers 3 & 4 of the OSI model

2. snort -vde -i eth0 – reveals layers 2-7

3. snort -vde -i eth0 tcp port 23

Usage – Packet Logger:

1. snort -v -i eth0 -l ./ tcp port 23 – logs binary file in current directory with Unix Epoch suffix

2. snort -b -i eth0 – attempts to log in: /var/log/snort

3. snort -b -L test.snort.log -i eth0 – creates: /var/log/snort/test.snort.log.UnixEpochDate

Note: Snort drops less packets when run in binary logging mode than in verbose, dump-to-screen, mode

Snort NIDS Setup

1. Setup MySQL DB environment

a. create database snort;

b. grant insert,select on root.* to snort@localhost;

c. set password for snort@localhost=password(‘abc123′);

d. grant create,insert,select,delete,update on snort.* to snort@localhost;

e. grant create,insert,select,delete,update on snort.* to snort;

2. Import MySQL DB schema

a. mysql -u root -p < /home/linuxcbt/temp/Snort/snort-2.8.0.2/schemas/create_mysql snort

3. Setup Snort NIDS /etc/snort environment

a. mkdir /etc/snort && cp -v /home/linuxcbt/temp/Snort/snort-2.8.0.2/etc/* /etc/snort

Note: Snort’s primary configuration file for NIDS mode: /etc/snort/snort.conf

4. Download the latest Snort rules file and extract to: /etc/snort/rules

Note: Snort rules are available as follows:

1. Registered users: with delay

2. Subscriber: no delay – NOT FREE

3. Unregistered users: release version (very old) of rules

4. Various third-party sites: i.e. Bleeding Snort, etc.

a. cd /etc/snort && tar -xzvf snortrules*

5. Configure: /etc/snort/snort.conf to use MySQL and rules

a. MySQL – output

b. Rules – path to the rules

6. Start Snort in NIDS mode

a. snort -i eth0 -c /etc/snort/snort.conf -D

7. Setup BASE web analysis application

a. wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz

b. tar -xzvf adodb480.tgz

Note: adodb480.tgz – provides DB-connectivity for BASE to MySQL

c. Download BASE from http://base.secureideas.net

d. Configure: base_conf.php file

d1. $BASE_urlpath = ‘/base’;

d2. $Dblib_path = “/var/www/html/adodb”;

d3. $Dbtype = ‘mysql’;

d4. alert_dbname = ’snort’;

d5. alert_host = ‘localhost’;

d6. alert_password = ‘abc123′;

Note: Ensure that your Apache instance has PHP support

Note: Ensure that ‘php-mysql*’ package is installed

8. Connect to BASE via web browser

Note: Consider protecting ‘/base’ application using HTDIGEST or basic auth

Trivial File Transfer Protocol Daemon (TFTPD)

Features:

1. Fast, connectionless (UDP), file transfers

2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)

Note: Implemented as 2 components:

a. Client – tftp-*rpm

b. Server – tftp-server*

Tasks:

1. Install TFTP client

a. yum -y install tftp

2. Install TFTP server

a. yum -y install tftp-server

Note: this also install ‘xinetd’ dependency

3. Configure and start ‘tftp’ via ‘xinetd’

a. /etc/xinetd.d/tftp – modify this file prior to starting ‘TFTPD’

b. service xinetd start – to start XINETD

Note: TFTPD listens to UDP:69, by default

Note: use ‘netstat -nulp | grep 69′ to check if ‘xinetd’ is listening

4. Copy Cisco Router configuration to TFTP server

a. copy running-config tftp://192.168.75.199

b. setsebool -P tftpd_disable_trans=1 – disables SELinux for TFTPD

c. ’service xinetd restart’ – restart XINETD

d. ‘chmod 666 linuxcbtrouter1.config’ – to permit TFTPD to write

5. Use ‘tftp’ client to download ‘linuxcbtrouter1.config’ file

a. tftp 192.168.75.199 -c get linuxcbtrouter1.config

b. tftp – enters interactive mode

Note: tftp client operates in both non-interactive and interactive modes

Basic Provisioning of Partitions and File Systems

Features:

1. Ability to provision extra storage on-the-fly

Steps:

1. Identify available storage

a. ‘fdisk -l’ – returns connected storage

2. Create partitions on desired hard drive:

a. ‘fdisk /dev/sdb’ – interacts with /dev/sdb drive

b. ‘n’ – to add a new partition

c. ‘p’ – primary

d. ‘1′ – start cylinder

e. ‘+4096M’ – to indicate 4 Gigabytes

f. ‘w’ – to write the changes to the disk

Note: use ‘partprobe partition (/dev/sdb1)’ to force a write to a hard drive’s partition table on a running system

Note: ‘fdisk’ creates raw partitions

3. Overlay (format) the raw partition with a file system

a. mke2fs -j /dev/sdb1 – this will write inodes to partition

4. Mount the file system in the Linux file system hierarchy:

a. mkdir /home1 && mount /dev/sdb1 /home1

b. mount OR df -h – either will reveal that /dev/sdb1 is mounted

Note: lost+found directory is created for each distinct file system

5. Configure ‘/home1′ to auto-mount when the system boots

a. nano /etc/fstab and copy and modify the ‘/home’ entry

System Utilities

Features:
1. Process listing
2. Free/available memory
3. Disk utilization

1. ps – process status/listing
a. ps -ef or ps -aux
2. top – combines, ps, uptime, free and updates regulary
3. uptime – returns useful system utilization information:
a. current time
b. uptime – days, hours and minutes
c. connected users
d. load averaged – 1,5,15 minute values

4. free – returns memory utilization
a. RAM
b. SWAP free -m – for human readable format
5. df – returns disk partition/mount point information
a. df – returns info. using kilobytes
b. df -h – returns info. using megabytes/human readable (gigs/teray/etc.)
6. vmstat – reports on: processes, memory, paging, block I/O, traps, CPU activity
a. vmstat
b. vmstat -p /dev/hda1 – returns partitions stats for /dev/hda1 (/boot)

7. gnome-system-monitor – GUI, combining most system utilities
8. ls -ltr /proc
a. cat /proc/cpuinfo
9. kill PID – kills the process with a given PID
10. runlevel – returns runlevel information using 2 fields:
a. represents previous runlevel
b. represents current runlevel

Perl

<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>

Perl

Features:

1. Parses text

2. Executes programs

3. CGI – Web forms, etc.

4. Supports RegExes (Perl and POSIX)

5. etc.

Task:

1. Print ‘Hello World’ to STDOUT

a. perl -c helloworld.pl – checks the syntax of the script

b. perl helloworld.pl – executes the script

c. chmod +x helloworld.pl && ./helloworld.pl

2. Parse RegExes from the command line

EX

#!/usr/bin/perl –w

Print “hello world”

EX

#!/usr/bin/perl

$var1 = $ARGV[0];

If ($var1 =~ m/test /)

{

print ”success matches of $var1”

}

Else

{

Print “Fail no matche”

}

sed & awk

Awk

Features:

1. Field/Column processor

2. Supports egrep-compatible (POSIX) RegExes

3. Can return full lines like grep

4. Awk runs 3 steps:

a. BEGIN – optional

b. Body, where the main action(s) take place

c. END – optional

5. Multiple body actions can be executed by separating them using semicolons. e.g. ‘{ print $1; print $2 }’

6. Awk, auto-loops through input stream, regardless of the source of the stream. e.g. STDIN, Pipe, File

Usage:

1. awk ‘/optional_match/ { action }’ file_name | Pipe

2. awk ‘{ print $1 }’ grep1.txt print 1^st column

Note: Use single quotes with awk, to avoid shell interpolation of awk’s variables

3. awk ‘{ print $1,$2 }’ grep1.txt

Note: Default input and output field separators is whitespace

4. awk ‘/linux/ { print } ‘ grep1.txt – this will print ALL lines containing ‘linux’

5. awk ‘{ if ($2 ~ /Linux/) print}’ grep1.txt print if colmun 2 = Linux ; awk ‘{if ($1 ~ /ali/) print $1,$2,$3 }’ /etc/passwd

6. awk ‘{ if ($2 ~ /8/) print }’ /var/log/messages – this will print the entire line for log items for the 8th

7. awk ‘{ print $3 }’ /var/log/messages | awk -F: ‘{ print $1}’

Sed – Stream Editor

Features:

1. Faciliates automated text editing

2. Supports RegExes (POSIX)

3. Like Awk, supports scripting using ‘-F’ option

4. Supports input via: STDIN, pipe, file

Usage:

1. sed [options] ‘instruction[s]‘ file[s]

2. sed -n ‘1p’ grep1.txt – prints the first line of the file

3. sed -n ‘1,5p’ grep1.txt – prints the first 5 lines of the file

4. sed -n ‘$p’ grep1.txt – prints the last line of the file

5. sed -n ‘1,3!p’ grep1.txt – prints ALL but lines 1-3

6. sed -n ‘/linux/p’ grep1.txt – prints lines with ‘linux’

7. sed -e ‘/^$/d’ grep1.txt – deletes blank lines from the document

8. sed -e ‘/^$/d’ grep1.txt > sed1.txt – deletes blank lines from the document ‘grep1.txt’ and creates ’sed1.txt’

9. sed -ne ’s/search/replace/p’ sed1.txt

10. sed -ne ’s/linux/unix/p’ sed1.txt

11. sed -i.bak -e ’s/3/4′ sed1.txt – this backs up the original file and creates a new ’sed1.txt’ with the modifications indicated in the command

Note: Generally, to create new files, use output redirection, instead of allowing sed to write to STDOUT

Note: Sed applies each instruction to each line

GREP

Features:

1. The ability to parse lines based on text and/or RegExes

2. Post-processor

3. Searches case-sensitively, by default

4. Searches for the text anywhere on the line

EX

1. grep ‘linux’ grep1.txt

2. grep -i ‘linux’ grep1.txt – case-insensitive search

3. grep ‘^linux’ grep1.txt – uses ‘^’ anchor to anchor searches at the beginning of lines

4. grep -i ‘^linux’ grep1.txt

5. grep -i ‘linux$’ grep1.txt – uses ‘$’ anchor to anchor searches at the end of lines

Note: Anchors are RegEx characters (meta-characters). They’re used to match at the beginning and end of lines

6. grep ‘[0-9]‘ grep1.txt – returns lines containing at least 1 number

7. grep ‘[a-z]?’ grep1.txt

8. rpm -qa | grep grep – searches the package database for programs named ‘grep’

9. rpm -qa | grep -i xorg | wc -l – returns the number of pacakges with ‘xorg’ in their names

10. grep sshd messages

11. grep -v sshd messages – performs and inverted search (all but ’sshd’ entries will be returned)

12. grep -v sshd messages | grep -v gconfd

13. grep -C 2 sshd messages – returns 2 lines, above and below matching line

14-. grep -c 2 sshd messages – returns count of lines

Note: Most, if not all, Linux programs log linearly, which means one line after another, from the earliest to the current

Note: Use single or double quotes to specify RegExes

Also, execute ‘grep’ using ‘egrep’ when RegExes are being used

Tar, Gzip, Bzip2, Zip

Features:

1. Compression utilities (gzip, bzip2, zip)

2. File rollers (the ability to represent many files as one)

Gzip:

Includes:

1. gzip – compresses/decompresses files

2. gunzip – decompresses gzip files

Tasks:

1. compress ‘1million.txt’ file using gzip

a. gzip -c 1million.txt > 1million.txt.gz

Note: gzip auto-dumps to STDOUT, by default

b. gzip -l 1million.txt.gz – returns status information

c. gunzip 1million.txt.gz – dumps to file, and removes compressed version

d. gzip -d 1million.txt.gz

e. zcat 1million.txt.gz – dumps the contents to STDOUT zcat file.gz > file2.txt

f. less 1million.txt.gzip – dumps the contents of gzip files to STDOUT

Bzip2: better compress

1. bzip2 -c 1million.txt > 1million.txt.bz2

Note: Bzip2 tends to outperform gzip on larger files

2. bunzip2 1million.txt.bz2

3. bzip2 -d 1million.txt.bz2

4. bzcat 1million.txt.bz2 – dumps contents to STDOUT

5. less 1million.txt.bz2 – also dumps the contents to STDOUT

Zip & unzip:

1. zip filename.zip path/ – general usage

2. zip 1million.txt.zip 1million.txt

Note: zip differs slight from gzip and bzip2 in that the destination file (resultant zip file) is specified before the source

1. unzip 1million.txt.zip

Tar & Gzip/Bzip2:

1. tar -cvf filename.tar path/ – creates a non-compressed archive

1. tar -cvf 1million.txt.tar 1million.txt

Note: tar, requires a small overhead for itself in each file

3. tar -czvf 1million.txt.tar.gz 1million.txt – creates, tar/gzip document

4. tar -cjvf 1million.txt.tar.bz2 1million.txt – creates, tar/bzip2 document

1. tar -tzvf display archive content
2. tar -xzvf extract archive content

6. tar -cjvf 1million.txt.tar.bz2 1million.txt testRH5/- creates, tar/bzip2 document for the text file and ‘testRH5′ directory tree

Linux Redirection & Pipes

Linux Redirection & Pipes

Features:

1. Ability to control input and output

Input redirection ‘<’:

1. cat < 123.txt

Note: Use input redirection when program does NOT default to file as input

Output redirection ‘>’:

1. cat 123.txt > onetwothree.txt

Note: Default nature is to:

1. Clobber the target file

2. Populate with information from input stream

Append redirection ‘>>’:

1. cat 123.txt >> numbers.txt – creates ‘numbers.txt’ if it doesn’t exist, or appends if it does

1. cat 456.txt >> numbers.txt

Pipes ‘|’:

Features: Connects the output stream of one command to the input stream of a subsequent command

1. cat 123.txt | sort

2. cat 456.txt 123.txt | sort

3. cat 456.txt 123.txt | sort | grep 3

Command Chaining

Features:

1. Permits the execution of multiple commands in sequence

2. Also permits execution based on the success or failure of a previous command

1. cat 123.txt ; ls -l – this runs first command, then second command without regards for exit status of the first command

2. cat 123.txt && ls -l – this runs second command, if first command is successful

3. cat 1234.txt && ls -l

4. cat 123.txt || ls -l – this runs second command, if first command fails

24. more|less – paginators, which display text one-page @ a time

1. more /etc/fstab

2. less 1thousand.txt

25. seq – echoes a sequence of numbers

a. seq 1000 > 1thousand.txt – creates a file with numbers 1-1000

26. su – switches users

a. su – with no options attempts to log in as ‘root’

27. head – displays opening lines of text files

a. head /var/log/messages

28. tail – displays the closing lines of text files

a. tail /var/log/messages

29. wc – counts words and optionally lines of text files

a. wc -l /var/log/messages

b. wc -l 123.txt

30. file – determines file type

a. file /var/log/messages