banner command
can anyone give me a practical situation in which banner command is used ?
square gold fish
This question includes the assumption that everything must have a practical use (Try cowsay!)
Anyway, you could have a console script that could post its status ("GOOD", "BAD") in nice big letters so you could see it from across the room....
cmay
it have had a practical use once i think. but the only thing you can use it for now is to print a nice banner on a piece of paper if you redirect the out put to a printer. i read about it some time ago but i can not remember what the original use was and its also a very old program i think. but it is not written just for the fun of it that i am sure of.
xyz
one possible usage i could find is
/usr/games/banner -w50 Happy Birthday! |lpr
Sunday, May 31, 2009
how to lock and un lock terminals in linux ?
to lock just comment the tty entries in /etc/securetty file
and to un lock just un comment the commented entries
and to un lock just un comment the commented entries
Regular expression examples
ls -a | grep '.[a-z]'
rm 'ls | grep '^[ab]$''
ls | grep '^[a-c]$'
ls -a | grep '^[a.]*$'
grep 'lin.x'*
grep -ls '^hosts' *
grep -ls 'hosts$' *
\< and \>
Search for patterns at the beginning of a word or at the end of a word. For instance, the following would show lines that have text beginning with san:
grep \< san *
\{n\} : The preceding character or regular expression occurs at least times. This is useful in a regular expression where you are looking for a number, say, between 100 and 999, as in the following command:
grep -ls '0-9\{3\}' *
rm 'ls | grep '^[ab]$''
ls | grep '^[a-c]$'
ls -a | grep '^[a.]*$'
grep 'lin.x'*
grep -ls '^hosts' *
grep -ls 'hosts$' *
\< and \>
Search for patterns at the beginning of a word or at the end of a word. For instance, the following would show lines that have text beginning with san:
grep \< san *
\{n\} : The preceding character or regular expression occurs at least times. This is useful in a regular expression where you are looking for a number, say, between 100 and 999, as in the following command:
grep -ls '0-9\{3\}' *
Saturday, May 30, 2009
iptable rules file
In ubuntu linux, by default where does the iptable rules gets saved ?
bsd unix
I believe this is what your looking for:
Quote: Save your firewall rules to a file
Code: $ sudo sh -c "iptables-save > /etc/iptables.rules"
spd106
The short answer is... they don't.
You can view the current rules with
iptables -L
Usually you would add the commands to create these rules into the /etc/network/interfaces file or to a shell script file and place that somewhere in the init system.
Since Network Manager took over it's a little bit different and I'm not entirely sure how it works. I think you need to place a script in the /etc/NetworkManager/dispatcher.d/ folder.
See https://help.ubuntu.com/community/IptablesHowTo
NB:- tested on ubuntu 8.04
bsd unix
I believe this is what your looking for:
Quote: Save your firewall rules to a file
Code: $ sudo sh -c "iptables-save > /etc/iptables.rules"
spd106
The short answer is... they don't.
You can view the current rules with
iptables -L
Usually you would add the commands to create these rules into the /etc/network/interfaces file or to a shell script file and place that somewhere in the init system.
Since Network Manager took over it's a little bit different and I'm not entirely sure how it works. I think you need to place a script in the /etc/NetworkManager/dispatcher.d/ folder.
See https://help.ubuntu.com/community/IptablesHowTo
NB:- tested on ubuntu 8.04
Thursday, May 28, 2009
Wednesday, May 27, 2009
The /etc/sysctl.conf directives are important kernel security measures.
This is what the kernel parameters in the file mean:
net.ipv4.ip_forward = 0
This box is not a router, so make sure forwarding is turned off.
net.ipv4.icmp_echo_ignore_broadcasts = 1
Don’t respond to ping broadcasts. Ping broadcasts and multicasts are usually an
attack of some kind, like a Smurf attack. You may want to use a ping broadcast
to see what hosts on your LAN are up, but there are other ways to do this. It is a
lot safer to leave this disabled.
net.ipv4.tcp_syncookies = 1
This helps to protect from a syn flood attack. If your computer is flooded with
SYN packets from different hosts, the syn backlog queue may overflow. So, this
sends out cookies to test the validity of the SYN packets. This is not so useful on
a heavily loaded server, and it may even cause problems, so it’s better to use it
only on workstations and laptops.
net.ipv4.conf.all.rp_filter = 1
This helps to maintain state and protect against source spoofing. It verifies that
packets coming in on an interface also go out on the same interface. Obviously,
this can confuse multihomed routers, which routinely forward packets from one
interface to another, so don’t use it on them.
net.ipv4.ip_forward = 0
This box is not a router, so make sure forwarding is turned off.
net.ipv4.icmp_echo_ignore_broadcasts = 1
Don’t respond to ping broadcasts. Ping broadcasts and multicasts are usually an
attack of some kind, like a Smurf attack. You may want to use a ping broadcast
to see what hosts on your LAN are up, but there are other ways to do this. It is a
lot safer to leave this disabled.
net.ipv4.tcp_syncookies = 1
This helps to protect from a syn flood attack. If your computer is flooded with
SYN packets from different hosts, the syn backlog queue may overflow. So, this
sends out cookies to test the validity of the SYN packets. This is not so useful on
a heavily loaded server, and it may even cause problems, so it’s better to use it
only on workstations and laptops.
net.ipv4.conf.all.rp_filter = 1
This helps to maintain state and protect against source spoofing. It verifies that
packets coming in on an interface also go out on the same interface. Obviously,
this can confuse multihomed routers, which routinely forward packets from one
interface to another, so don’t use it on them.
Sunday, May 24, 2009
nslookup - a command line dns client
It manually retrieve a dns record from the server
zodiac@zodioc:~$ nslookup
>server a.root-servers.net
>server a.gtld-servers.net
> www.vtc.com
>server ns1.quay2.com
>www.vtc.com
nslookup interactive mode:-
> nslookup
>www.vtc.com
to change server
> server ip addr
> set type=mx
> vtc.com
Ex:-
user@ubuntu:~$ nslookup
> server ns4.dnsmadeeasy.com
Default server: ns4.dnsmadeeasy.com
Address: 208.80.127.2#53
> server 208.80.127.2
Default server: 208.80.127.2
Address: 208.80.127.2#53
> www.vtc.com
Server: 208.80.127.2
Address: 208.80.127.2#53
nslookup batch mode:-
nslookup www.ubuntu.com 192.168.1.1
nslookup -type=mx ubuntu.com
nslookup -debug -type=mx ubuntu.com
user@ubuntu:~$ nslookup -type=MX vtc.com
Server: 125.22.47.125
Address: 125.22.47.125#53
Non-authoritative answer:
vtc.com mail exchanger = 30 vtc.com.s8b1.psmtp.com.
vtc.com mail exchanger = 40 vtc.com.s8b2.psmtp.com.
vtc.com mail exchanger = 10 vtc.com.s8a1.psmtp.com.
vtc.com mail exchanger = 20 vtc.com.s8a2.psmtp.com.
Authoritative answers can be found from:
vtc.com nameserver = ns3.dnsmadeeasy.com.
vtc.com nameserver = ns4.dnsmadeeasy.com.
vtc.com nameserver = ns1.dnsmadeeasy.com.
vtc.com nameserver = ns2.dnsmadeeasy.com.
vtc.com nameserver = ns0.dnsmadeeasy.com.
ns3.dnsmadeeasy.com internet address = 208.80.125.2
ns0.dnsmadeeasy.com internet address = 208.94.148.2
ns1.dnsmadeeasy.com internet address = 208.80.124.2
ns4.dnsmadeeasy.com internet address = 208.80.127.2
ns2.dnsmadeeasy.com internet address = 208.80.126.2
zodiac@zodioc:~$ nslookup
>server a.root-servers.net
>server a.gtld-servers.net
> www.vtc.com
>server ns1.quay2.com
>www.vtc.com
nslookup interactive mode:-
> nslookup
>www.vtc.com
to change server
> server ip addr
> set type=mx
> vtc.com
Ex:-
user@ubuntu:~$ nslookup
> server ns4.dnsmadeeasy.com
Default server: ns4.dnsmadeeasy.com
Address: 208.80.127.2#53
> server 208.80.127.2
Default server: 208.80.127.2
Address: 208.80.127.2#53
> www.vtc.com
Server: 208.80.127.2
Address: 208.80.127.2#53
nslookup batch mode:-
nslookup www.ubuntu.com 192.168.1.1
nslookup -type=mx ubuntu.com
nslookup -debug -type=mx ubuntu.com
user@ubuntu:~$ nslookup -type=MX vtc.com
Server: 125.22.47.125
Address: 125.22.47.125#53
Non-authoritative answer:
vtc.com mail exchanger = 30 vtc.com.s8b1.psmtp.com.
vtc.com mail exchanger = 40 vtc.com.s8b2.psmtp.com.
vtc.com mail exchanger = 10 vtc.com.s8a1.psmtp.com.
vtc.com mail exchanger = 20 vtc.com.s8a2.psmtp.com.
Authoritative answers can be found from:
vtc.com nameserver = ns3.dnsmadeeasy.com.
vtc.com nameserver = ns4.dnsmadeeasy.com.
vtc.com nameserver = ns1.dnsmadeeasy.com.
vtc.com nameserver = ns2.dnsmadeeasy.com.
vtc.com nameserver = ns0.dnsmadeeasy.com.
ns3.dnsmadeeasy.com internet address = 208.80.125.2
ns0.dnsmadeeasy.com internet address = 208.94.148.2
ns1.dnsmadeeasy.com internet address = 208.80.124.2
ns4.dnsmadeeasy.com internet address = 208.80.127.2
ns2.dnsmadeeasy.com internet address = 208.80.126.2
Friday, May 22, 2009
netstat examples
To get routing information:-
netstat -rn
protocol statistics
netstat -sP tcp ,
netstat -sP udp
netstat -sP ip
netstat -sP icmp
To determine which daemons are currently running or which daemons will be started by inetd
netstat -ap --inet | LISTEN
connections to hosts outside a masqueraded n/w
netstat -M or netstat --masquerade
to display only listening sockets
netstat -l
to display only unix domain sockets
netstat --unix -l
to display only internet TCP sockets
netstat --inet -l
to get interface information
netstat --interface
( to obtain information similar to what ifconfig returns , use -c to refresh o/p every second)
To display information about programs that are using n/w connections
netstat --program
to display information from route cache
netstat -C
to display Active TCP connections
netstat -natp
to display Active UDP connections
netstat -napu
netstat -rn
protocol statistics
netstat -sP tcp ,
netstat -sP udp
netstat -sP ip
netstat -sP icmp
To determine which daemons are currently running or which daemons will be started by inetd
netstat -ap --inet | LISTEN
connections to hosts outside a masqueraded n/w
netstat -M or netstat --masquerade
to display only listening sockets
netstat -l
to display only unix domain sockets
netstat --unix -l
to display only internet TCP sockets
netstat --inet -l
to get interface information
netstat --interface
( to obtain information similar to what ifconfig returns , use -c to refresh o/p every second)
To display information about programs that are using n/w connections
netstat --program
to display information from route cache
netstat -C
to display Active TCP connections
netstat -natp
to display Active UDP connections
netstat -napu
Thursday, May 21, 2009
rsync examples
If you want to remote-copy a directory or files from one host to another, making a particular backup, you can use rsync, which is designed for network backups of particular directories or files, intelligently copying only those files that have been changed, rather than the contents of an entire directory. In archive mode, it can preserve the original ownership and permissions, providing corresponding users exist on the host system.
The following example copies the /home/george/myproject directory to the /backup directory on the host rabbit, creating a corresponding myproject subdirectory. The -t specifies that this is a transfer. The remote host is referenced with an attached colon, rabbit:.
rsync -t /home/george/myproject rabbit:/backup
If, instead, you want to preserve the ownership and permissions of the files as well as include all subdirectories, you use the -a (archive) option. Adding a -z option will compress the file. The -v option provides a verbose mode (you can leave this out if you wish):
rsync -avz /home/george/myproject rabbit:/backup
The -a option is the equivalent to the following options: r (recursive), l (preserve symbolic links), p (permissions), g (groups), o (owner), t (times), and D (preserve device and special files). The -a option does not preserve hard links, as this can be time consuming.
If you want hard links preserved, you need to add the -H option:
rsync -avzH /home/george/myproject rabbit:/backup
The rsync command is configured to use Secure Shell (SSH) remote shell by default. You can specify it or an alternate remote shell to use with the -e option. For secure transmission, you can encrypt the copy operation with ssh. Either use the -e ssh option or set the RSYNC_RSH variable to ssh:
rsync -avz -e ssh /home/george/myproject rabbit:/backup/myproject
You can also run rsync as a server daemon. This will allow remote users to sync copies of files on your system with versions on their own, transferring only changed files rather than entire directories. Many mirror and software FTP sites operate as rsync servers, letting you update files without having to download the full versions again. Configuration information for rsync as a server is kept in the /etc/rsyncd.conf file. Check the man page documentation for rsyncd.conf for details on how to configure the rsync server. You can start, restart, and shut down the rsync server using the /etc/init.d/rsync script: sudo /etc/init.d/rsync restart
TIP
Though it is designed for copying between hosts, you can also use rsync to make copies within your own system, usually to a directory in another partition or hard drive. In fact, you can use rsync in eight different ways. Check the rsync man page for detailed descriptions of each.
we can add a crontab entry like this:-
crontab -e
35 8 * * * rsync -pavc /home/mydir /backup
source richard petersen
The following example copies the /home/george/myproject directory to the /backup directory on the host rabbit, creating a corresponding myproject subdirectory. The -t specifies that this is a transfer. The remote host is referenced with an attached colon, rabbit:.
rsync -t /home/george/myproject rabbit:/backup
If, instead, you want to preserve the ownership and permissions of the files as well as include all subdirectories, you use the -a (archive) option. Adding a -z option will compress the file. The -v option provides a verbose mode (you can leave this out if you wish):
rsync -avz /home/george/myproject rabbit:/backup
The -a option is the equivalent to the following options: r (recursive), l (preserve symbolic links), p (permissions), g (groups), o (owner), t (times), and D (preserve device and special files). The -a option does not preserve hard links, as this can be time consuming.
If you want hard links preserved, you need to add the -H option:
rsync -avzH /home/george/myproject rabbit:/backup
The rsync command is configured to use Secure Shell (SSH) remote shell by default. You can specify it or an alternate remote shell to use with the -e option. For secure transmission, you can encrypt the copy operation with ssh. Either use the -e ssh option or set the RSYNC_RSH variable to ssh:
rsync -avz -e ssh /home/george/myproject rabbit:/backup/myproject
You can also run rsync as a server daemon. This will allow remote users to sync copies of files on your system with versions on their own, transferring only changed files rather than entire directories. Many mirror and software FTP sites operate as rsync servers, letting you update files without having to download the full versions again. Configuration information for rsync as a server is kept in the /etc/rsyncd.conf file. Check the man page documentation for rsyncd.conf for details on how to configure the rsync server. You can start, restart, and shut down the rsync server using the /etc/init.d/rsync script: sudo /etc/init.d/rsync restart
TIP
Though it is designed for copying between hosts, you can also use rsync to make copies within your own system, usually to a directory in another partition or hard drive. In fact, you can use rsync in eight different ways. Check the rsync man page for detailed descriptions of each.
we can add a crontab entry like this:-
crontab -e
35 8 * * * rsync -pavc /home/mydir /backup
source richard petersen
Sharing remote Directories with samba
To scan your network for SMB hosts
$findsmb
*=DMB
+=LMB
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.2.25 RENOY [RENOY] [Unix] [Samba 3.0.28a]
192.168.2.27 HOST14 [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.30 USER-DESKTOP [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.31 UBUNTU [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.32 UBUNTU +[UBUNTU] [Unix] [Samba 3.0.28a]
192.168.2.33 ZODIAC-DESKTOP [ZODIAC-DESKTOP] [Unix] [Samba 3.0.28a]
192.168.2.37 UBUNTU [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.43 SAGGAR [SAGGAR] [Unix] [Samba 3.0.28a]
192.168.2.44 AJAI [WORKGROUP] [Unix] [Samba 3.0.28a]
To view a text representation of your network neighbourhood(shared dir & printers)
sudo smbtree
To add an existing linux user as a samba user
sudo smbpasswd -a username
To list services offered by a server to an anonymous user
smbclient -L server
to get o/p from smbclient for a specific user named francois
smbclient -L server -U francois
Mounting Samba Shares
You can mount remote Samba shares on your local file system much as you would a local file
system or remote NFS file system. To mount the share:
$ sudo mount -t smbfs -o username=francois,password=MySecret \
//192.168.1.1/myshare /mnt/mymount/
NOTE The Samba file system (smbfs) is deprecated and should no longer be used in some Linux distributions; however, this is the type supported on Ubuntu. In other distributions, the preferred method is to indicate CIFS (-t cifs) as the file system type when you mount a remote Samba share.
You can see the current connections and file locks on a server using the smbstatus command. This will tell you if someone has mounted your shared directories or is currently using an smbclient connection to your server:
$ sudo smbstatus
Looking Up Samba Hosts
NetBIOS names are used to identify hosts in Samba. You can determine the IP address of a
computer using the nmblookup command to broadcast for a particular NetBIOS name on the local subnet as follows:
$ nmblookup thompson
querying thompson on 192.168.1.255
192.168.1.1 server1<00>
To find the IP address for a server on a specific subnet, use the -U option:
$ nmblookup -U 192.168.1.255 server1
querying server1 on 192.168.1.255
192.168.1.1 server1<00>
Checking Samba Configuration
If you are unable to use a Samba share or if you have other problems communicating with your Samba server, you can test the Samba configuration on the server. The testparm command can be used to check your main Samba configuration file (smb.conf):
$ testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Processing section “[myshare]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press Enter to see a dump of your service definitions
$findsmb
*=DMB
+=LMB
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.2.25 RENOY [RENOY] [Unix] [Samba 3.0.28a]
192.168.2.27 HOST14 [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.30 USER-DESKTOP [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.31 UBUNTU [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.32 UBUNTU +[UBUNTU] [Unix] [Samba 3.0.28a]
192.168.2.33 ZODIAC-DESKTOP [ZODIAC-DESKTOP] [Unix] [Samba 3.0.28a]
192.168.2.37 UBUNTU [WORKGROUP] [Unix] [Samba 3.0.28a]
192.168.2.43 SAGGAR [SAGGAR] [Unix] [Samba 3.0.28a]
192.168.2.44 AJAI [WORKGROUP] [Unix] [Samba 3.0.28a]
To view a text representation of your network neighbourhood(shared dir & printers)
sudo smbtree
To add an existing linux user as a samba user
sudo smbpasswd -a username
To list services offered by a server to an anonymous user
smbclient -L server
to get o/p from smbclient for a specific user named francois
smbclient -L server -U francois
Mounting Samba Shares
You can mount remote Samba shares on your local file system much as you would a local file
system or remote NFS file system. To mount the share:
$ sudo mount -t smbfs -o username=francois,password=MySecret \
//192.168.1.1/myshare /mnt/mymount/
NOTE The Samba file system (smbfs) is deprecated and should no longer be used in some Linux distributions; however, this is the type supported on Ubuntu. In other distributions, the preferred method is to indicate CIFS (-t cifs) as the file system type when you mount a remote Samba share.
You can see the current connections and file locks on a server using the smbstatus command. This will tell you if someone has mounted your shared directories or is currently using an smbclient connection to your server:
$ sudo smbstatus
Looking Up Samba Hosts
NetBIOS names are used to identify hosts in Samba. You can determine the IP address of a
computer using the nmblookup command to broadcast for a particular NetBIOS name on the local subnet as follows:
$ nmblookup thompson
querying thompson on 192.168.1.255
192.168.1.1 server1<00>
To find the IP address for a server on a specific subnet, use the -U option:
$ nmblookup -U 192.168.1.255 server1
querying server1 on 192.168.1.255
192.168.1.1 server1<00>
Checking Samba Configuration
If you are unable to use a Samba share or if you have other problems communicating with your Samba server, you can test the Samba configuration on the server. The testparm command can be used to check your main Samba configuration file (smb.conf):
$ testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Processing section “[myshare]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press Enter to see a dump of your service definitions
Tuesday, May 19, 2009
ping attack
can any help/explain me to protect my ubuntu machine against
D.O.S ping attacks such as this
ping ip -t -l 65500 ?
Admiral beotch
You can't really protect yourself from this kind of DoS attack if it's coming from the local network. Even if it's coming from the internet to your DSL connected firewall
, there's not much you can do. The problem is that, while you can certainly filter the packets when they get to you, the packets are still there soaking up the bandwidth between your ISP and firewall.
At best, you can simply drop the packets and "halve" the traffic because your host will not be responding.
If someone is DoSing you, you can report it to your ISP (or the owner of the source netblock) and hopefully they can apply the drop further upstream to protect you.
The cog
I think that using a firewall like gufw or guarddog you can block incoming ping requests. You cartainly can if you configure iptables directly (gufw and guarddog are GUI front-ends for driving iptables which is a command-line firewall configurer).
But ignoring pings won't prevent a DDOS from flooding your link with ping requests. You would need help from your ISP if that ever happened. All ignoring the pings would do is to avoid flooding your upload bandwidth with replies.
bodhi zazen
DOS are easy to handle with iptables.
For ping :
Code: sudo iptables -A INPUT -p icmp -m limit --limit 1/sec -j ACCEPT
D.O.S ping attacks such as this
ping ip -t -l 65500 ?
Admiral beotch
You can't really protect yourself from this kind of DoS attack if it's coming from the local network. Even if it's coming from the internet to your DSL connected firewall
, there's not much you can do. The problem is that, while you can certainly filter the packets when they get to you, the packets are still there soaking up the bandwidth between your ISP and firewall.
At best, you can simply drop the packets and "halve" the traffic because your host will not be responding.
If someone is DoSing you, you can report it to your ISP (or the owner of the source netblock) and hopefully they can apply the drop further upstream to protect you.
The cog
I think that using a firewall like gufw or guarddog you can block incoming ping requests. You cartainly can if you configure iptables directly (gufw and guarddog are GUI front-ends for driving iptables which is a command-line firewall configurer).
But ignoring pings won't prevent a DDOS from flooding your link with ping requests. You would need help from your ISP if that ever happened. All ignoring the pings would do is to avoid flooding your upload bandwidth with replies.
bodhi zazen
DOS are easy to handle with iptables.
For ping :
Code: sudo iptables -A INPUT -p icmp -m limit --limit 1/sec -j ACCEPT
Subscribe to:
Comments (Atom)