RSS Feed

Tag Archives: 1

Recovering Ubuntu After Installing Windows

Using the Ubuntu Desktop/Live CD Quick Start This option will use the Desktop/Live CD to install Grub into your MBR (Master Boot Record). This option will overwrite your Windows Boot Loader. It is OK to do this, in fact that is the goal of this how to (in order to boot Ubuntu) B) 1. Boot the Desktop/Live CD. (Use Ubuntu 8.04 or later) 2. Open a terminal (Applications -> Accessories -> Terminal) 3. Start grub as root with the following command : * sudo grub 4. You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0) * [ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB lists the possible completions of a device/filename. ] grub> Type the following and press enter: find /boot/grub/stage1 If you get “Error 15: File not found”, try the following: find /grub/stage1 Using this information, set the root device (fill in X,Y with whatever the find command returned): grub> root (hdX,Y) Install Grub: grub> setup (hd0) Exit Grub: grub> quit 5. Reboot (to hard drive). Grub should be installed and both Ubuntu and Windows should have been automatically detected. 6. If, after installing grub, Windows will not boot you may need to edit /boot/grub/menu.lst (That is a small “L” and not the number 1 in menu.lst) * Open a terminal and enter : gksu gedit /boot/grub/menu.lst Or, in Kubuntu: kdesu kate /boot/grub/menu.lst Your Windows stanza should look something like this : title Windows XP/Vista # You can use any title you wish, this will appear on your grub boot menu rootnoverify (hd0,0) #(hd0,0) will be most common, you may need to adjust accordingly makeactive chainloader +1



Snort NIDS


1. Network Intrusion Detection System (NIDS)

2. Packet Sniffer

3. Packet Logger – logs using TCPDump format


1. Download and install Snort NIDS


b. Confirm MD5SUM: ‘md5sum snort-’ Compare to snort-

c. Import GPG key used to sign the current release of Snort

d. gpg –verify snort- snort-


1. gcc – C compiler

2. make – creates binaries

3. libpcre – Provides access to Perl Compatible RegExes

4. mysql-devel* – provides access to MySQL

5. libpcap* – provides the TCPDump, packet capture library

e. Extract and install (compile) Snort NIDS

e1. tar -xzvf snort- – creates top-level directory

e2. ./configure –with-mysql –enable-dynamicplugin – checks for prerequisites, including: mysql-devel, libpcre, gcc, make, etc.

e3. make – creates binaries

e4. su (as ‘root’) and execute ‘make install’ – places binaries in /usr/local/ accessible location

Usage – Packet Sniffer:

1. snort -v -i eth0 – reveals layers 3 & 4 of the OSI model

2. snort -vde -i eth0 – reveals layers 2-7

3. snort -vde -i eth0 tcp port 23

Usage – Packet Logger:

1. snort -v -i eth0 -l ./ tcp port 23 – logs binary file in current directory with Unix Epoch suffix

2. snort -b -i eth0 – attempts to log in: /var/log/snort

3. snort -b -L test.snort.log -i eth0 – creates: /var/log/snort/test.snort.log.UnixEpochDate

Note: Snort drops less packets when run in binary logging mode than in verbose, dump-to-screen, mode

Snort NIDS Setup

1. Setup MySQL DB environment

a. create database snort;

b. grant insert,select on root.* to snort@localhost;

c. set password for snort@localhost=password(‘abc123’);

d. grant create,insert,select,delete,update on snort.* to snort@localhost;

e. grant create,insert,select,delete,update on snort.* to snort;

2. Import MySQL DB schema

a. mysql -u root -p < /home/linuxcbt/temp/Snort/snort- snort

3. Setup Snort NIDS /etc/snort environment

a. mkdir /etc/snort && cp -v /home/linuxcbt/temp/Snort/snort-* /etc/snort

Note: Snort’s primary configuration file for NIDS mode: /etc/snort/snort.conf

4. Download the latest Snort rules file and extract to: /etc/snort/rules

Note: Snort rules are available as follows:

1. Registered users: with delay

2. Subscriber: no delay – NOT FREE

3. Unregistered users: release version (very old) of rules

4. Various third-party sites: i.e. Bleeding Snort, etc.

a. cd /etc/snort && tar -xzvf snortrules*

5. Configure: /etc/snort/snort.conf to use MySQL and rules

a. MySQL – output

b. Rules – path to the rules

6. Start Snort in NIDS mode

a. snort -i eth0 -c /etc/snort/snort.conf -D

7. Setup BASE web analysis application

a. wget

b. tar -xzvf adodb480.tgz

Note: adodb480.tgz – provides DB-connectivity for BASE to MySQL

c. Download BASE from

d. Configure: base_conf.php file

d1. $BASE_urlpath = ‘/base’;

d2. $Dblib_path = “/var/www/html/adodb”;

d3. $Dbtype = ‘mysql’;

d4. alert_dbname = ‘snort’;

d5. alert_host = ‘localhost’;

d6. alert_password = ‘abc123’;

Note: Ensure that your Apache instance has PHP support

Note: Ensure that ‘php-mysql*’ package is installed

8. Connect to BASE via web browser

Note: Consider protecting ‘/base’ application using HTDIGEST or basic auth

Trivial File Transfer Protocol Daemon (TFTPD)


1. Fast, connectionless (UDP), file transfers

2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)

Note: Implemented as 2 components:

a. Client – tftp-*rpm

b. Server – tftp-server*


1. Install TFTP client

a. yum -y install tftp

2. Install TFTP server

a. yum -y install tftp-server

Note: this also install ‘xinetd’ dependency

3. Configure and start ‘tftp’ via ‘xinetd’

a. /etc/xinetd.d/tftp – modify this file prior to starting ‘TFTPD’

b. service xinetd start – to start XINETD

Note: TFTPD listens to UDP:69, by default

Note: use ‘netstat -nulp | grep 69’ to check if ‘xinetd’ is listening

4. Copy Cisco Router configuration to TFTP server

a. copy running-config tftp://

b. setsebool -P tftpd_disable_trans=1 – disables SELinux for TFTPD

c. ‘service xinetd restart’ – restart XINETD

d. ‘chmod 666 linuxcbtrouter1.config’ – to permit TFTPD to write

5. Use ‘tftp’ client to download ‘linuxcbtrouter1.config’ file

a. tftp -c get linuxcbtrouter1.config

b. tftp – enters interactive mode

Note: tftp client operates in both non-interactive and interactive modes

Basic Provisioning of Partitions and File Systems


1. Ability to provision extra storage on-the-fly


1. Identify available storage

a. ‘fdisk -l’ – returns connected storage

2. Create partitions on desired hard drive:

a. ‘fdisk /dev/sdb’ – interacts with /dev/sdb drive

b. ‘n’ – to add a new partition

c. ‘p’ – primary

d. ‘1’ – start cylinder

e. ‘+4096M’ – to indicate 4 Gigabytes

f. ‘w’ – to write the changes to the disk

Note: use ‘partprobe partition (/dev/sdb1)’ to force a write to a hard drive’s partition table on a running system

Note: ‘fdisk’ creates raw partitions

3. Overlay (format) the raw partition with a file system

a. mke2fs -j /dev/sdb1 – this will write inodes to partition

4. Mount the file system in the Linux file system hierarchy:

a. mkdir /home1 && mount /dev/sdb1 /home1

b. mount OR df -h – either will reveal that /dev/sdb1 is mounted

Note: lost+found directory is created for each distinct file system

5. Configure ‘/home1’ to auto-mount when the system boots

a. nano /etc/fstab and copy and modify the ‘/home’ entry

System Utilities

1. Process listing
2. Free/available memory
3. Disk utilization

1. ps – process status/listing
a. ps -ef or ps -aux
2. top – combines, ps, uptime, free and updates regulary
3. uptime – returns useful system utilization information:
a. current time
b. uptime – days, hours and minutes
c. connected users
d. load averaged – 1,5,15 minute values

4. free – returns memory utilization
a. RAM
b. SWAP free -m – for human readable format
5. df – returns disk partition/mount point information
a. df – returns info. using kilobytes
b. df -h – returns info. using megabytes/human readable (gigs/teray/etc.)
6. vmstat – reports on: processes, memory, paging, block I/O, traps, CPU activity
a. vmstat
b. vmstat -p /dev/hda1 – returns partitions stats for /dev/hda1 (/boot)

7. gnome-system-monitor – GUI, combining most system utilities
8. ls -ltr /proc
a. cat /proc/cpuinfo
9. kill PID – kills the process with a given PID
10. runlevel – returns runlevel information using 2 fields:
a. represents previous runlevel
b. represents current runlevel


<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>



1. Parses text

2. Executes programs

3. CGI – Web forms, etc.

4. Supports RegExes (Perl and POSIX)

5. etc.


1. Print ‘Hello World’ to STDOUT

a. perl -c – checks the syntax of the script

b. perl – executes the script

c. chmod +x && ./

2. Parse RegExes from the command line


#!/usr/bin/perl –w

Print “hello world”



$var1 = $ARGV[0];

If ($var1 =~ m/test /)


print ”success matches of $var1”




Print “Fail no matche”