Kammo's Tech Blog

VMWARE Virtual Infrastructure Client one Windows 7

kammo — Tue, 24 Nov 2009 12:52:48 +0000

Since the release of Windows 7, VMware Virtual Infrastructure Client needs special attention for installation on this platform. Keep in mind that VMware VI Client is not supported on Windows 7; however, you can follow this guide to get it installed and functioning correctly.

1. The following ’system.dll’ file is required. This can be downloaded via the hyperlink below.

system.dll (this file has been zipped)

2. Once downloaded, either open the zip file or unzip it and place the ‘system.dll’ file into one of the following directories depending on the version of Windows 7 being used, which would be either 32 or 64 bit.

x86 Directory Path = C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib

x64 Directory Path = C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib

Note: If the ‘Lib directory does not exist, create it within the ‘Launcher’ directory.

3. Edit the VpxClient.exe.config file which is located in the ‘Launcher’ directory, making the changes as outlined below and as seen in the image.

Once the file has been edited, save the changes and close the file.

Note: If you receive a warning stating you cannot save the file, either reboot the computer or ensure that any VMware related software is closed and try again. If this doesn’t work then copy the file out of the “Launcher” directory, edit it, save it and then copy the file over the original one.

4. Next, edit the system properties of your machine. This can be achieved by right clicking on ’Computer’ (was usually known as ‘My Computer’ in older Microsoft OS versions) and selecting ’Properties’. Select ‘Advanced System Settings’

5. Select the ‘Environment Variables’ button

6. Add a new System variable. To do this, click ‘New…’ and add the following details.

Note: Depending on the Windows 7 OS version will depend on which Variable is required. Ensure the same path is used as per step 2.

Variable name = DEVPATH
Variable value (x86) = C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib
Variable value (x64) = C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib

Once this text is entered into the required fields, click OK, OK, OK and then close the View basic information about your computer properties window.

7. Launch the VI Client.

Note: You should run the VI Client with administrator privileges.

Go ahead…

kammo — Thu, 24 Sep 2009 08:52:29 +0000

Follow me on Twitter! - http://twitter.com/kameronkenny

Linux bond or team multiple network interfaces cards (NICs) into single bonded interface

kammo — Fri, 04 Sep 2009 05:16:20 +0000

Finally today I had implemented NIC bonding (bind two NICs so that it works as a single device for load balancing and/or fault tolerance). The idea here is to improve performance by pumping out more data from both NICs via NIC bonding/teaming

This box act as datastore server for my test VMware environment. Each virtual machine is run on top of an ESXi box, and the storage is stored on this server. Each virtual disk is anywhere between 15GB and 50GB. Since the virtual disks are stored on a separate piece of hardware from the virtualizing hardware, we must have a high level of throughput for our network traffic. I am using CentOS 5.3 for the purpose of this document. This process should readily work for most if not all Red Hat based distro’s.

Step #1: Create a bond0 configuration file

Red Hat Linux stores network configuration in /etc/sysconfig/network-scripts/ directory. First, you need to create bond0 config file:
# vi /etc/sysconfig/network-scripts/ifcfg-bond0Append following lines to it:DEVICE=bond0 IPADDR=192.168.1.20 NETWORK=192.168.1.0 NETMASK=255.255.255.0 USERCTL=no BOOTPROTO=none ONBOOT=yesReplace above IP address with your actual IP address. Save file and exit to shell prompt.

Step #2: Modify eth0 and eth1 config files:

Open both configuration using vi text editor and make sure file read as follows for eth0 interface# vi /etc/sysconfig/network-scripts/ifcfg-eth0Modify/append directive as follows:DEVICE=eth0 USERCTL=no ONBOOT=yes MASTER=bond0 SLAVE=yes BOOTPROTO=noneOpen eth1 configuration file using vi text editor:# vi /etc/sysconfig/network-scripts/ifcfg-eth1Make sure file read as follows for eth1 interface:DEVICE=eth1 USERCTL=no ONBOOT=yes MASTER=bond0 SLAVE=yes BOOTPROTO=noneSave file and exit to shell prompt.

Step # 3: Load bond driver/module

Make sure bonding module is loaded when the channel-bonding interface (bond0) is brought up. You need to modify kernel modules configuration file:# vi /etc/modprobe.confAppend following two lines:alias bond0 bonding options bond0 mode=balance-alb miimon=100Save file and exit to shell prompt. You can learn more about all bounding options in kernel source documentation file (click here to read file online).

Step # 4: Test configuration

First, load the bonding module:# modprobe bondingRestart networking service in order to bring up bond0 interface:# service network restartVerify everything is working:# less /proc/net/bonding/bond0Output:

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:c6:be:59

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:c6:be:63

List all interfaces:# ifconfigOutput:

bond0     Link encap:Ethernet  HWaddr 00:0C:29:C6:BE:59
 inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
 UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
 RX packets:2804 errors:0 dropped:0 overruns:0 frame:0
 TX packets:1879 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:250825 (244.9 KiB)  TX bytes:244683 (238.9 KiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:C6:BE:59
 inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
 inet6 addr: fe80::20c:29ff:fec6:be59/64 Scope:Link
 UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
 RX packets:2809 errors:0 dropped:0 overruns:0 frame:0
 TX packets:1390 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:251161 (245.2 KiB)  TX bytes:180289 (176.0 KiB)
 Interrupt:11 Base address:0x1400

eth1      Link encap:Ethernet  HWaddr 00:0C:29:C6:BE:59
 inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
 inet6 addr: fe80::20c:29ff:fec6:be59/64 Scope:Link
 UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
 RX packets:4 errors:0 dropped:0 overruns:0 frame:0
 TX packets:502 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:258 (258.0 b)  TX bytes:66516 (64.9 KiB)
 Interrupt:10 Base address:0x1480

Now you have bond multiple network interfaces into a single channel (NIC)

Find the update version of an ESX 3.5 server

kammo — Thu, 23 Jul 2009 14:30:49 +0000

Need to know the release version (Update 3, Update 4, etc.) of the ESX 3.5 servers in an environment, but don’t want to consult a chart of build numbers? Just execute this command as root:

esxupdate query | grep -o 'ESX Server 3.5.0 Update.*' | sort | tail -n 1

If the server is a build of ESX prior to Update 1, the command will return nothing. It’s nice to have the update version in this familiar format for documentation.

The Secret Screen Capture Shortcut in OSX

kammo — Mon, 22 Jun 2009 18:54:44 +0000

Okay, you probably already know the ol’ Command-Shift-3 shortcut for taking a screen capture of your entire screen, and you may even know about Command-Shift-4, which gives you a crosshair cursor so you can choose which area of the screen you want to capture. But perhaps the coolest, most-secret hidden capture shortcut is Control-Command-Shift-3 (or 4), which, instead of creating a file on your desktop, copies the capture into your Clipboard memory, so you can paste it where you want.

Help Support Melanoma Research with Outrun the Sun

kammo — Tue, 14 Apr 2009 13:53:57 +0000

I’m excited to be participating in the 2009 Outrun the Sun Race Against Melanoma in Indianapolis on Saturday, June 6. You can share in the excitement by helping support my involvement in this important initiative. All you need to do is log on to my personal fundraising page to learn more about melanoma education and research. It’s easy!

Please forward this email to anyone in your address book that you feel would want to help in such a generous cause!

Did you know:
Melanoma affects people of every age and every ethnicity?
Melanoma is the number one cancer in people ages 25-29?
One American dies of melanoma nearly every hour?

All gifts are important, welcome and appreciated! Thanks very much for your help.

Protect your skin. Protect yourself. Protect your life.

Follow This Link to visit my personal web page and help me in my efforts to support Outrun the Sun, Inc.

******************************************************************************
Some email systems do not support the use of links and therefore this link may not appear to work. If so, copy and paste the following into your browser:
http://raceagainstmelanoma.kintera.org/faf/r.asp?t=4&i=310059&u=310059-252960692
******************************************************************************

Funny Linux Commands

kammo — Mon, 23 Feb 2009 14:46:46 +0000

Hope you enjoy these humorous commands. Go ahead and try them, they really do work.

% cat "food in cans" cat: can't open food in cans

% nice man woman No manual entry for woman.

% "How would you rate Quayle's incompetence? Unmatched ".

% Unmatched ". Unmatched ".

% [Where is Jimmy Hoffa? Missing ].

% ^How did the sex change operation go?^ Modifier failed.

% If I had a ( for every $ the Congress spent, what would I have? Too many ('s.

% make love Make: Don't know how to make love. Stop.

% sleep with me bad character

% got a light? No match.

% man: why did you get a divorce? man:: Too many arguments.

% !:say, what is saccharine? Bad substitute.

% %blow %blow: No such job.

% \(- (-: Command not found.
$ PATH=pretending! /usr/ucb/which sense no sense in pretending!

$ drink matter matter: cannot create

Howto: Mount NTFS Partition in Read-Write mode in Linux

kammo — Sat, 21 Feb 2009 16:17:06 +0000

If you are having issues mounting your ntfs partition you will need to add a couple of rpms to make it happen.

You will need these rpm’s installed to make it happen:

fuse, fuse-ntfs-3g, dkms, dkms-fuse

Before installing these you need to install dag’s rpm repo. You can download the rpm for CentOS 5.* and RHEL 5.* here

Tip: Use wget from the directory you want to put the file in to download it so you don’t have to download locally then upload to your server.

install the rpm by issuing:

# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Once rpmforge has been added to yum, install the ntfs rpm’s by issuing:

# yum install fuse fuse-ntfs-3g dkms dkms-fuse

That will install all the needed software to mount your NTFS volume in rw mode.

next find where the NTFS partition is:

# fdisk -l | grep -i ntfs /dev/sdd1 * 1 60800 488375968+ 7 HPFS/NTFS

Now that we know where the NTFS partition is, lets create a mount point.
# mkdir /mnt/ntfs

now lets mount it up:
# mount -t ntfs-3g /dev/sdd1 /mnt/ntfs

That should have your ntfs partition mounted to /mnt/ntfs

Change to the directory and list the contents:
# cd /mnt/ntfs
# ls

HOWTO: Import JVC .mod camcorder files into iMovie, Final Cut or Convert to Another Format using ffmpegX

kammo — Mon, 16 Feb 2009 15:12:26 +0000

I purchased new JVC HDD camcorder over the weekend and took a couple test clips and found difficulties importing the videos over the firewire cable to my macbook in iMovie. Plugging the video camera into the firewire port of my Macbook did nothing. After some Googling I came to discover that the best way to import the videos is to actually use the USB port to do it.

The software needed is ffmpegX. Download it, then copy the binary to your applications directory. On your first launch, you will be prompted to get the encoders. I downloaded the encoders into a newly created directory: /Library/Encoders. Once you’ve downloaded and extracted the contents of the .zip file, click on the location buttons to tell the application where the encoders are.

Now lets look at the workflow:

1. Plug camera into the usb port of your macbook, a new drive will appear on your desktop.

2. copy the contents of the SD_Video folder to your mac excluding everything other than the *.MOD files. (This means you want the .MOD files on your mac)

3. Open ffmpegX

4. Drag the video you want to import to ffmpegX

5. Choose the video type you want to encode to (I like using DV, it makes bigger files, but is better quality IMO)

6. Click the encode button.

7. Repeat for all other video files you want to import.

8. Open your video editing application (I use iMovie) and import the converted video file for editing.

That’s it! Happy editing!

Mount iso in Linux

kammo — Tue, 10 Feb 2009 15:54:20 +0000

An ISO image is an archive file (disk image) of an optical disc using a conventional ISO (International Organization for Standardization) format. ISO image files typically have a file extension of .ISO. The name “ISO” is taken from the ISO 9660 file system used with CD-ROM media, but an ISO image can also contain UDF file system because UDF is backward-compatible to ISO 9660.

You can mount an ISO images via the loop device under Linux. It is possible to specify transfer functions (for encryption/decryption or other purposes) using loop device.

But, how do you mount an ISO image under Linux? You need to use mount command as follows:

Procedure to mount ISO images under Linux

1) You must login as a root user, if not root user then switch to root user using following command:
$ su -

2) Create the directory i.e. mount point:
# mkdir -p /mnt/disk

3) Use mount command as follows to mount iso file called disk1.iso:
# mount -o loop disk1.iso /mnt/disk

4) Change directory to list files stored inside an ISO image:
# cd /mnt/disk # ls -l

More about loop device

A loop device is a pseudo-device that makes a file accessible as a block device. Loop devices are often used for CD ISO images and floppy disc images. Mounting a file containing a filesystem via such a loop mount makes the files within that filesystem accessible. They appear in the mount point directory using above commands.

Linux creating CD-ROM ISO image

kammo — Mon, 22 Dec 2008 18:31:59 +0000

dd is a perfect tool for copy a file, converting and formatting according to the operands. It can create exact CD-ROM ISO image.

This is useful for making backup as well as for hard drive installations require a working the use of ISO images.

How do I use dd command to create an ISO image?

Put CD into CDROM

Do not mount CD. Verify if cd is mounted or not with mount command:

# mount

If cd was mouted automatically unmout it with umount command:

# umount /dev/cdrom

# umount /mnt/cdrom

Create CD-ROM ISO image with dd command:

# dd if=/dev/cdrom of=/tmp/cdimg1.iso

Where,

if=/dev/cdrom: Read from /dev/cdrom (raw format)
of=/tmp/cdimg1.iso: write to FILE cdimg1.iso i.e. create an ISO image

Now you can use cdimg1.iso for hard disk installation or as a backup copy of cd. Please note that dd command is standard UNIX command and you should able to create backup/iso image under any UNIX like operating system.

Stop Bashing LINUX!

kammo — Fri, 12 Dec 2008 19:31:10 +0000

I was sent this link today…
http://www.msnbc.msn.com/id/28039226/?pg=7#Tech_JerkGadgets

This is my response:
Linus is my homeboy. And yes, my mastery does excuse my “neck-beard”

I’m sick of how people complain about how hard Linux is. windows is just as hard… it’s just that people put forth the effort to learn it because “That’s what everyone uses”. They know windows and are comfortable with it and therefore Linux is too hard. OK, Linux may be a bit harder, but when it runs it runs… it doesn’t crap out for some unapparent reason like windows. it doesn’t get attacked by “In the wild” viruses. The only thing attacking it is script kiddies that think they’re hackers using a windows box. 99.99% of those attacks a so far from unsuccessful it’s ridiculous… the other 0.11% is an actual person that knows what they’re doing … probably using some attack application they wrote on a UNIX based system in perl, python or C.

if windows is so great, why is it that all the banking institutions run UNIX based servers for their highly sensitive transactions? why is it that the military servers run UNIX based servers? why is it that all your big phone systems have a UNIX based cluster under it? Wait they don’t I know of a particular one that was written on windows server 2003… and it crashes ALL the time, and they’re always chasing their tails trying to figure out why. at least Ma Bell knows better.

If UNIX/Linux breaks it’s because someone did something wrong or a piece of hardware actually failed and needs to be replaced… it doesn’t break “Just because it needs a reboot”.

Installing and configuring MySQL on Linux

kammo — Fri, 05 Dec 2008 17:32:55 +0000

I will be doing this on a Red Hat based distro, but should be very similar on a Debian or bsd style box.

First install mysql and mysql-server:
yum install mysql mysql-server

After the install has completed, start mysqld:
/etc/init.d/mysqld start

After that you need to login and set a root password. (It is BLANK by default)
mysqladmin -u root password 'new-password'

I would recommend changing ‘new-password’ to something you are not using anywhere else and not the one you are planning on using as the actual root password since this command can be viewed in the bash history and anyone with access to your box can read your shell history.

The next step is to login to the console and change it to what you want it to actually be. This step will not record the password in the shell history.

Don’t put the password after -p, if you do it will be recorded in the shell history. If you leave off the -p it will error saying no password used. Enter the command as above and it will prompt you for the password.

Now lets update the password:
mysql> USE mysql; mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root'; mysql> FLUSH PRIVILEGES;

Now you can either go forth and set other user accounts from here or simply type ‘exit’ to exit the command line interface. If you have installed phpmyadmin or mysqllcc, or any other of the mysql admin tools, you may also go now and use those to do your db administration.

Error 51: Unable to communicate with the vpn subsystem — Mac OSX Cisco VPN Client

kammo — Fri, 05 Dec 2008 17:06:10 +0000

If you are running Cisco’s VPNClient on Mac OSX, you might be familiar with (or tormented by) “Error 51: Unable to communicate with the VPN subsystem”. The simple fix is to quit VPNClient, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

and give your password when it asks. This will stop and start the “VPN Subsystem”, or in other words restart the CiscoVPN.kext extension. Cisco seems to have problems when network adapters disappear and reappear, something that happens commonly in Wireless or Dial-up scenerios. Sometimes putting a system to sleep, disconnecting an Ethernet cable or simply reconnecting your wireless will cause CiscoVPN to loose track of the network adapters on the system. Considering that CiscoVPN is typically used by telecommuters, this is an astonishing oversight on Cisco’s part. The above hack should side-step all of these issues by causing the CiscoVPN to re-initialize. It makes one ask, why couldn’t Cisco have just put the restart into their client? Or a better idea would be to not reinvent the wheel and use the existing IPSec VPN support in OSX! Am I missing something?

Fix for “Metadata file does not match checksum” error

kammo — Mon, 24 Nov 2008 19:10:51 +0000

When running yum, you get the error:

Metadata file does not match checksum

Run:

yum clean all

host is not allowed to connect to this mysql server — Resolved

kammo — Wed, 05 Nov 2008 12:45:57 +0000

When setting up a new mysql server, if you want to manage it from another machine, you will have to grant that machine access. If you don’t, you may get an error that says: “host is not allowed to connect to this mysql server“. This is how you fix it:

[root@mysql-server nss]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 118 Server version: 5.0.45 Source distribution

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

Grant permissions for root to connect to this server from your management machine. You can replace hostname with the IP Address if you’d like.
mysql> GRANT ALL PRIVILEGES ON *.* TO root@'hostname' IDENTIFIED BY 'root-passwd-goes-here' ; Query OK, 0 rows affected (0.00 sec)

We’re all done so exit:
mysql> exit Bye

Linux User Accounting Tools

kammo — Thu, 30 Oct 2008 13:36:27 +0000

Here is a list of commands you can use to get data about user logins:

who Shows a listing of currently logged-in users.
w Shows who is logged on and what they are doing.
last Shows a list of last logged-in users, including login time, logout time, login IP address, etc.
lastb Same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
lastlog This command reports data maintained in /var/log/lastlog, which is a record of the last time a user logged in.
ac Prints out the connect time in hours on a per-user basis or daily basis etc. This command reads /var/log/wtmp.

dump-utmp
  Converts raw data from /var/run/utmp or  /var/log/wtmp into ASCII-parsable format.

Also check the /var/log/messages, /var/log/secure, and /var/log/syslog files.

Displaying Login Banners

kammo — Thu, 30 Oct 2008 13:26:21 +0000

It is prudent to place a legal banner on login screens on all servers for legal reasons and to potentially deter intruders among other things. Consult legal counsel for the content of the banner.

If you want to print a legal banner after a user logs in using ssh, local console etc., you can use the /etc/motd file. Create the file if it doesn’t exist and type in the banner that applies to your organization.

# cat /etc/motd
This system is classified...
Use of this system constitutes consent to official monitoring.

#

For SSH you can edit the Banner parameter in the /etc/ssh/sshd_config file which will display the banner before the login prompt.

For local console logins you can edit the /etc/issue which will display the banner before the login prompt.

For GDM you could make the following changes to require a user to acknowledge the legal banner by selecting ‘Yes’ or ‘No’. Edit the /etc/X11/gdm/PreSession/Default file and add the following lines at the beginning of the script:

if ! gdialog --yesno '\nThis system is classified...\n' 10 10; then
    sleep 10
    exit 1;
fi

You have to add a sleep of 10 seconds, otherwise GDM will believe that X crashed if the session lasted less than 10 seconds. Unfortunately, at the time of this writing the 10 seconds timeout is hardcoded and there is no configuration parameter to change it - I checked the source code.

Restricting Direct Login Access for System and Shared Accounts

kammo — Thu, 30 Oct 2008 13:11:01 +0000

On an audited production system it is very important to know who switched to which system or shared account. Therefore it is prudent to restrict direct logins for all system and shared account where more than one individual knows the password. All users should do a direct login using their own account and then switch to the system or shared account. (If you are just interested in restricting direct root SSH logins, see Securing SSH.)
However, there are situations where you have to allow direct logins for system or shared accounts. For example, within an Oracle RAC cluster you have to enable direct ssh logins for oracle. But in such an environment you have to protect the whole cluster as a single entity against incoming ssh connection, i.e. direct oracle logins should not work if you come from a node that is not part of the cluster. In the following example I will show how to achieve this goal as well.

Usually all system and shared accounts have one thing in common, that is they are not in the “users” group. The following example assumes that all individual user accounts are in the “users” group but system and shared accounts like root and oracle are not. If you want to go a step further, a good solution would be to implement a new ‘logingroup’ users group which would require users to be given explicit access.

In this example I will show how to restrict direct logins for:

- SSH                   (/etc/pam.d/sshd)
- Console Login         (/etc/pam.d/login)
- Graphical Gnome Login (/etc/pam.d/gdm
- or for all logins     (/etc/pam.d/system-auth)

To accomplish this goal I will add the pam_access module to the PAM configuration files listed above. This module provides logdaemon-style login access control based on login names, host names, IP addresses, etc. The PAM module type that has to be used in the configuration files is account. This module type does the authorization, i.e. is the user allowed to login (e.g. time, day)? Don’t confuse the PAM module type account with auth which does the authentication, for example checking the password. And the control flag I will use is required. It specifies that Success is required, Failure means that it will still call the remaining modules, but the result is already determined.

For SSH Logins add the pam_access module to /etc/pam.d/sshd as follows:

auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_access.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

For Console Logins add the pam_access module to /etc/pam.d/login as follows:

auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_access.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
session    required     pam_selinux.so multiple open

For Graphical Gnome Logins add the pam_access module to /etc/pam.d/gdm as follows:

auth       required     pam_env.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_access.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

Now add the following line to the /etc/security/access.conf configuration file:

-:ALL EXCEPT users :ALL

The /etc/security/access.conf configuration file is read by the pam_access module. This entry specifies that no users are accepted except users that are in the “users” group. Since the pam_access module has been configured for “Authorization” (account) in the above PAM configuration files, it denies direct logins for all accounts except the ones that are in the “users” group.

Now on some systems like Oracle RAC clusters you have to enable direct ssh logins for oracle within the cluster. On such systems you can enable direct ssh logins for oracle within the cluster by adding/changing the following lines in /etc/security/access.conf

-:ALL EXCEPT users oracle:ALL
-:oracle:ALL EXCEPT rac1cluster.example.com rac2cluster.example.com rac3cluster.example.com

The first line has been edited to include the oracle account which will allow general direct logins. However, the second line specifies that direct logins for oracle are only allowed from Oracle RAC nodes (rac1cluster, rac2cluster, and rac3cluster) that are part of the cluster.

NOTE:

In RHEL4 pam_access is already configured for crond:

# grep pam_access /etc/pam.d/*
/etc/pam.d/crond:account    required   pam_access.so accessfile=/etc/security/access-cron.conf
#

This means that the above entries in /etc/security/access.conf will stop cron from working. Note that it is very prudent to always check whether pam_access is configured for any other service on the system!

To ensure that all users on the system can still run cron jobs you can add the following argument to pam_access in /etc/pam.d/crond

account    required   pam_access.so accessfile=/etc/security/access-cron.conf

This ensures that the /etc/security/access.conf configuration file is not invoked by crond. Since pam_cracklib does not grant permissions if the configuration file does not exist, execute the following command to create an empty file:

# touch /etc/security/access-cron.conf

Now verify that cron jobs can be launched by any user on the system.

NOTE:

The above example will only work if there exists no “users” account in the /etc/passwd file on the system, which is usually the case. Otherwise you have to either delete the “users” account or you have to designate or create another group name.

Brute Force Wordlists

kammo — Thu, 30 Oct 2008 11:58:42 +0000

Here are some links to a few good wordlists for dictionary attacks. While I have never been hugely successfull using brute-force attemtps, sometimes it’s good to try. You never know what you’ll find.

Adult Wordlist 1kb(r)(u)
http://www.0daymedia.net/p/files/id/267

Large English Wordlist 154kb (r) 520kb
http://www.0daymedia.net/p/files/id/269

Misc Wordlist 167kb (r) 467kb (u)
http://www.0daymedia.net/p/files/id/270

1337 Mini Wordlist 4mb (r) 23mb (u)
http://www.0daymedia.net/p/files/id/268

1337 Full Wordlist 16mb (r) 78mb (u)
http://www.0daymedia.net/p/files/id/271

245 mb wordlist 22mb (r) 245mb (u)
http://www.0daymedia.net/p/files/id/273

2 gig wordlist 80mb (r) 2gb (u)
http://www.theargon.com/achilles/wordli … stver2.zip

Milw0rm Cracked Passes list:
http://milw0rm.com/mil-dic.php

Huge archive of wordlists
http://www.theargon.com/achilles/wordlists/

Common Passwords and Accounts
http://packetstormsecurity.nl/Crackers/wordlists/

Phreak Wordlists
http://www.phreak.org/html/wordlists.shtml

Fix for vmmon compile error with VMWare Server and Ubuntu

kammo — Wed, 03 Sep 2008 05:34:32 +0000

Problem: include/asm/bitops_32.h:9:2: error: #error only can be included directly, and vmmon-only compile failes

Solution: change line 74 in vmmon-only source file to read: #include “linux/bitops.h”

Steps:

cd /usr/lib/vmware/modules/source
cp vmmon.tar vmmon.tar.orig
sudo tar xvf vmmon.tar
cd vmmon-only/include/
sudo vi vcpuset.h
change line 74 from: #include “asm/bitops.h” to: #include “linux/bitops.h”
cd ../..
rm vmmon.tar
sudo tar cvf vmmon.tar vmmon-only/
sudo rm -rf vmmon-only/
sudo vmware-config.pl

That’s it, the compile will work now and vmware should be usable as normal.

Snort Install Guide for Red Hat Enterprise Linux 5 to log to MySQL Database

kammo — Sun, 03 Aug 2008 18:30:25 +0000

This guide is intended for users who are using Red Hat Enterprise Linux 5, but this should work fine, or be rather easy to follow and manipulate for users using earlier versions of RHEL, or other Red Hat based Distorbutions such as CentOS and Fedora.

Pre-requisites: You need to have a MySQL database setup for Snort to log to. See my guide, Create MySQL Database for Snort, on how to setup the MySQL Database.

First Login to the server and su to root:
sudo su –

Then create a source directory for Snort and switch to it:
mkdir /root/snort cd /root/snort

Download Snort:
Be sure to check the latest version. As of this writing we will be using snort 2.8.2 which is the current. You can get the latest version by going to http://www.snort.org/dl/ and checking there.
wget http://www.snort.org/dl/old/snort-2.8.2.tar.gz

Uncompress the file:
tar –zxvf snort-2.8.2.tar.gz

Install Dependencies:
yum install libpcap-devel libtool pcre-devel mysql mysql-devel gcc

Install snort:
cd /root/snort/snort-2.8.2 ./configure --with-mysql --prefix=/usr

If you get any errors, you probably need to install other dependencies. Google them and try again.

After the ./configure completes successfully, do:
make all make install

Create Snort user and group:
groupadd snort useradd –g snort snort

Create Snort Directories:
mkdir –p /etc/snort/rules mkdir /var/log/snort

Change ownership of log directory:
chown snort.snort /var/log/snort

Copy your rules to /etc/snort/rules. These rules can be downloaded from http://www.snort.org.

Copy the snort.conf file from here and paste it to /etc/snort/snort.conf

Configure MySql information in snort.conf:
vi /etc/snort/snort.conf

Search for log, mysql by typing this exactly:
?alert, mysql
Then press Enter.

This will take you to the line that you will configure MySql logging on.
Set the variables it asks for on that line. If you don’t know what they are, you probably shouldn’t be doing this install to begin with…

At this point you should go in and setup your rules that you have at the bottom of the file. Just follow the format from the already configured rules.

Add script to /etc/init.d/ to start snort service:
vi /etc/int.d/snortd

press i to enable inserting text.

Copy the following text in gray:
#!/bin/sh # Description: start up script for snort # chkconfig: 2345 40 60 # # Source function library. . /etc/rc.d/init.d/functions # case "$1" in # 'start') echo "Starting up Snort..." /usr/bin/snort -c /etc/snort/snort.conf -D -g snort -u snort -i eth0 -l /var/log/snort echo "Done." ;; # 'stop') echo "Stopping Snort..." killproc snort echo "Done." ;; # 'restart') $0 stop $0 start ;; # status) status snort ;; # *) echo "Usage: $0 {start|stop}" exit 1 # esac exit 0

Go back to the ssh client and hold the shift key and press the Insert key (This will paste the script into the file. )

Press the Esc Key to leave insert mode.
Hold the Shift key and press z twice to save and exit the file.

Make the service script executable:
chmod +x /etc/rc.d/init.d/snortd

Start Snort Service at boot:
chkconfig snortd on

Start Snort:
service snortd start

Check that it’s runnig:
ps –ef | grep snort
or
service snortd status

If the only thing you see contains grep then snort is not running.

If this is the case, look at the messages log to see what held it up. Generally it’s a bad rule, which it will tell you what is bad about it.
tail –n100 /var/log/messages

Conclusion
Snort now should be running as a service and logging to the MySql database as defined above. The next step will be to install some sort of front-end (such as ACID) to monitor the alerts. We will cover this in the next post.

A non-bloated snort.conf that logs to mysql

kammo — Fri, 01 Aug 2008 10:50:45 +0000

You can use this config as a starting point for your Snort configuration. Note that you will need to change the MySql variable… You should see it if you scroll down some. Also comment out or add any rules that you may or may not have. A good source for rules would be http://www.snort.org, or google for bleeding-edge rules. I personally use a combination of the two rulesets.

#-------------------------------------------------- # http://www.snort.org Snort 2.8.2 Ruleset # Contact: snort-sigs@lists.sourceforge.net #-------------------------------------------------- # $Id$ # # Step #1: Set the network variables: # # You must change the following variables # to reflect your local network. The variable # is currently setup for an RFC 1918 address space. # # You can specify it explicitly as: # # var HOME_NET 10.1.1.0/24 # # # var HOME_NET $eth0_ADDRESS # # You can specify lists of IP addresses for HOME_NET # by separating the IPs with commas like this: # # var HOME_NET [10.1.1.0/24,192.168.1.0/24] # # MAKE SURE YOU DON’T PLACE ANY SPACES IN YOUR LIST! # # or you can specify the variable to be any IP address # like this:var HOME_NET any# Set up the external network addresses as well. var EXTERNAL_NET any# List of DNS servers on your network var DNS_SERVERS $HOME_NET# List of SMTP servers on your network var SMTP_SERVERS $HOME_NET# List of web servers on your network var HTTP_SERVERS $HOME_NET# List of sql servers on your network var SQL_SERVERS $HOME_NET# List of telnet servers on your network var TELNET_SERVERS $HOME_NET# List of snmp servers on your network var SNMP_SERVERS $HOME_NET# Ports you run web servers on portvar HTTP_PORTS 80# Ports you want to look for SHELLCODE on. portvar SHELLCODE_PORTS !80# Ports you might see oracle attacks on portvar ORACLE_PORTS 1521# Path to your rules files (this can be a relative path) var RULE_PATH /etc/snort/rules# frag3: Target-based IP defragmentation preprocessor frag3_global: max_frags 65536 preprocessor frag3_engine: policy first detect_anomalies# Target Based stateful inspection/stream reassembly for Snort preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ track_udp no preprocessor stream5_tcp: policy first, use_static_footprint_sizes# http_inspect preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252preprocessor http_inspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500# rpc_decode: normalize RPC traffic preprocessor rpc_decode: 111 32771# bo: Back Orifice detector preprocessor bo# sfPortScan preprocessor sfportscan: proto { all } \ memcap { 10000000 } \ sense_level { low } # database: log to a variety of databases####################################### #CHANGE THESE VALUES TO MATCH YOUR SETUP!!!! # #######################################output database: alert, mysql, user=snort password=snort dbname=snort host=snort# Include classification & priority settings include classification.config# Include reference systems include reference.config# Customize your rule set include $RULE_PATH/local.rules include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/dos.rules include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules include $RULE_PATH/tftp.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/web-coldfusion.rules include $RULE_PATH/web-iis.rules include $RULE_PATH/web-frontpage.rules include $RULE_PATH/web-misc.rules include $RULE_PATH/web-client.rules include $RULE_PATH/web-php.rules include $RULE_PATH/sql.rules include $RULE_PATH/x11.rules include $RULE_PATH/icmp.rules include $RULE_PATH/netbios.rules include $RULE_PATH/misc.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/oracle.rules include $RULE_PATH/mysql.rules include $RULE_PATH/snmp.rules include $RULE_PATH/smtp.rules include $RULE_PATH/imap.rules include $RULE_PATH/pop2.rules include $RULE_PATH/pop3.rules include $RULE_PATH/nntp.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/policy.rules include $RULE_PATH/porn.rules include $RULE_PATH/info.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules include $RULE_PATH/chat.rules include $RULE_PATH/multimedia.rules include $RULE_PATH/p2p.rules

Create MySQL Database for Snort

kammo — Fri, 01 Aug 2008 08:17:21 +0000

In this topic we will be creating a database for snort to use to log it’s alerts to. This is Part One in a series of installing snort with MySQL backend.

Create a source directory for Snort and switch to it:

mkdir /root/snort

cd /root/snort

Install Dep’s

yum install mysql-server mysql mysql-devel

Download Snort:

Be sure to check the latest version. As of this writing we will be using snort 2.8.2 which is the current. You can get the latest version by going to http://www.snort.org/dl/ and checking there.

wget http://www.snort.org/dl/old/snort-2.8.2.tar.gz

Uncompress the file:

tar –zxvf snort-2.8.2.tar.gz

Start MySql server

/etc/init.d/mysqld start

Login to mysql server

mysql -u root –p

If this is a new MySql install, there will be no password. Just hit enter when prompted for a password. If there is no password for root, we need to make one:

mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');

Create a Snort User:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'snort'@'localhost' -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION; mysql> GRANT ALL PRIVILEGES ON *.* TO 'snort'@'%' -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

Note: Hit enter at the end of a line, don’t type the ->

Create the snort database.

mysql> create database snort; mysql> exit
We will use the snort schema for the layout of the database.

# mysql -D snort -u root -p < /root/snort/snort-/schemas/create_mysql

Spying on the console

kammo — Thu, 31 Jul 2008 11:35:54 +0000

Some software prints error messages to the console that may not necessarily show up on your SSH session. Using the vcs devices can let you examine these. From within an SSH session, run the following command on a remote server:

# tail -f /dev/vcs1.

Type Ctrl+c to stop.

This will show you what is on the first console. You can also look at the other virtual terminals using 2, 3, etc. If a user is typing on the remote system, you’ll be able to see what he typed.

This doesn’t show you what is being typed via ssh terminals, only what is bing typed on the physical console itself.

In most data farms, using a remote terminal server, KVM, or even Serial Over LAN is the best way to view this information; it also provides the additional benefit of out-of-band viewing capabilities. Using the vcs device provides a fast in-band method that may be able to save you some time from going to the machine room and looking at the console.

Monitor for a Bad Hard Drive in Linux

kammo — Thu, 31 Jul 2008 11:06:45 +0000

Typically when your hard drive starts going bad in Linux, you will notice that your system remounted the root file system as read-only (ro). To get an email notification on when this happens, simply place this little script in a file and set cron to launch it every 10 minutes or so. If everything is OK, no output will be displayed, therefore no annoying emails to the root account telling you what the output for the cron job was.

Here is the script:
#!/bin/bash # # Change this to your email address. Please # note that if you cannot relay out or if you # have a dynamic IP, you may not be able to # send the email to an outside address. TO="changeme@yahoo.com" # # get the output from the mount command # MOUNT_OUT=`mount` # # see if the string 'ro' exists in the # output of the mount command. be careful, # if there is a CD-ROM inserted into the # server this will always be true and you # will get a lot of false positives echo $MOUNT_OUT | grep $ro$ # # get the return code for the grep # operation. # RO=$? # # grep returns an exit code # of 0 if there is a match # if [ "$RO" = "0" ] then # # send an e-mail notification saying # that there is a file-system that # has been mounted as read-only # BODY=$MOUNT_OUT echo read-only file systems found echo $BODY `which sendmail` -f root@`hostname –fqdn` -t << FooBar From: root@`hostname --fqdn` To: $TO Subject: `hostname` has read-only file systems $BODY FooBar # # exit with a status code of 1 if # read-only file systems were found # exit 1 fi # # exit with a status code of 0 if no # read-only file systems were found # exit 0

Unmounting the unresponsive DVD drive

kammo — Thu, 31 Jul 2008 10:30:11 +0000

The newbie states that when he pushes the Eject button on the DVD drive of a server running a certain Redmond-based operating system, it will eject immediately. He then complains that, in most enterprise Linux servers, if a process is running in that directory, then the ejection won’t happen. For too long as a Linux administrator, I would reboot the machine and get my disk on the bounce if I couldn’t figure out what was running and why it wouldn’t release the DVD drive. But this is ineffective.

Here’s how you find the process that holds your DVD drive and eject it to your heart’s content: First, simulate it. Stick a disk in your DVD drive, open up a terminal, and mount the DVD drive:

# mount /media/cdrom # cd /media/cdrom # while [ 1 ]; do echo “All your drives are belong to us!”; sleep 30; done

Now open up a second terminal and try to eject the DVD drive:

# eject

You’ll get a message like:

umount: /media/cdrom: device is busy

Before you free it, let’s find out who is using it.

# fuser /media/cdrom

You see the process was running and, indeed, it is our fault we can not eject the disk.

Now, if you are root, you can exercise your godlike powers and kill processes:

# fuser -k /media/cdrom

Boom! Just like that, freedom. Now solemnly unmount the drive:

# eject

fuser is good.

A Little Netstat Bash Script

kammo — Wed, 16 Jul 2008 16:24:14 +0000

Just a script to run netstat continuously for 5 minutes. I know you can run it with the -c option, but it sure is ugly and hard to keep up with everything as it scrolls by. this script clears the screen and runs netstat -ant again every second to give it output similar to top. I set it to stop after 5 minutes because we don’t want it to be a runaway process if we forget about it. I figure if I’m actually watching it for 5 minutes, it won’t kill me to hit the up arrow and the enter key to restart it.

#!/bin/bash # # Written by Kammouflage # http://blog.kameronkenny.com # # You may copy, distribute, modify... basically #do whatever the hell you want to with this #as long as you leave my name, web site and #this little message with the scriptCOUNTER=0#change 300 to whatever you want to lengthen or shorten the timewhile [ $COUNTER -lt 300 ]; do clear netstat -ant sleep 1 let COUNTER=COUNTER+1 done

Find number of processes on Linux Host

kammo — Tue, 24 Jun 2008 08:56:24 +0000

This command should find the number of processes running on your system.

ps ax | wc -l | tr -d " "

Find Memory Information on Linux

kammo — Thu, 12 Jun 2008 09:55:31 +0000

Sometimes you need to know what some of the detailed information is about your memory. Issue this command to get that detailed info:

cat /proc/meminfo

This will give you an output similar to:

MemTotal: 2075468 kB MemFree: 62432 kB Buffers: 28656 kB Cached: 1860400 kB SwapCached: 40 kB Active: 1088064 kB Inactive: 888416 kB HighTotal: 1179436 kB HighFree: 5736 kB LowTotal: 896032 kB LowFree: 56696 kB SwapTotal: 2031608 kB SwapFree: 2031476 kB Dirty: 1388 kB Writeback: 0 kB AnonPages: 87392 kB Mapped: 26264 kB Slab: 25204 kB PageTables: 2020 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 3069340 kB Committed_AS: 881604 kB VmallocTotal: 114680 kB VmallocUsed: 5012 kB VmallocChunk: 109152 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB

Find CPU information on Linux

kammo — Thu, 12 Jun 2008 09:51:42 +0000

Sometimes you need to know what some of the detailed information is about your processor. Issue this command to get that detailed info:

cat /proc/cpuinfo

This will give an output similar to:

processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Xeon(R) CPU 5130 @ 2.00GHz stepping : 6 cpu MHz : 1995.050 cache size : 4096 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 2 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 cx16 xtpr lahf_lm bogomips : 3992.35
processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Xeon(R) CPU 5130 @ 2.00GHz stepping : 6 cpu MHz : 1995.050 cache size : 4096 KB physical id : 0 siblings : 2 core id : 1 cpu cores : 2 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 cx16 xtpr lahf_lm bogomips : 3990.00

Find Linux Version Info

kammo — Thu, 22 May 2008 19:34:07 +0000

On Linux you can type: uname -r to get the kernel version will give results like 2.6.24.4-64.fc8

On Red Hat you can type: cat /etc/redhat-release to get the version of Red Hat and get a result like Red Hat Enterprise Linux Server release 5.1 (Tikanga)

Using SSH

kammo — Thu, 22 May 2008 19:30:31 +0000

Using SSH

SSH is a Secure Shell that runs over a secure, encrypted connection. It is superior to ftp and telnet because of it’s ability to encrypt the transmissions(usernames, passwords, data) instead of sending it in pain-text that is easily captured by sniffing the network.

SSH Clients

Linux

Linux has the ssh client built into it’s shell. There is no need to install any extra client.

Windows

Windows has a number of popular SSH clients that are easy to use and install.

Putty is probably the most popular SSH client, it can be installed or be portable. It does, however, lack the ability to “drag and drop” files to transfer to the server. You will need to use sftp to transfer files.

Download Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

SSH Secure Shell 3.2.9 client is an SSH client that has two modes. A command line mode (like putty) and a GUI mode to drag and drop files to and from the server (like ftp). I also find this one easier to use when it comes to managing profiles. It has a drop down menu with a list of your saved hosts and a quick connect button for hosts that do not yet exist.

Download: https://cf.wm.edu/it/software/public/ssh/sshsecureshellclient-3.2.9.exe

Examples

In both Windows Clients described above, you can set all of the options that are described below in the saved host profiles.

These examples are for the Linux Clients, or those who use Cygwin in Windows.

ssh $USER@$HOST Login to $HOST as $USER

ssh -X $USER@$HOST Login to $HOST as $USER and tunnel Xserver back to client

ssh $USER@$HOST command Run command on $HOST as $USER (default command=shell)

ssh -f -Y $USER@$HOSTNAME xeyes Run GUI command on $HOSTNAME as $USER

scp -p -r $USER@$HOST: file dir/ Copy with permissions to $USER\’s home directory on $HOST

ssh -g -L 8080:localhost:80 root@$HOST Forward connections to $HOSTNAME:8080 out to $HOST:80

ssh -R 1434:imap:143 root@$HOST Forward connections from $HOST:1434 in to imap:143

Add a New Hard Drive to Linux

kammo — Thu, 22 May 2008 19:23:18 +0000

Description

Adding a new disk to a linux host by using fdisk and mkfs

Instructions

Power down machine, install new hard drive. Boot the computer back up.

After startup, go to a command line. If you only HAD one disk your new disk should be /dev/XdY (X will be s if you used a scsi or sata drive, or h if you used an IDE drive)(Y will be the next letter in the alphabet from the previous drive. If this is your second serial drive, it should be /dev/sdb.

Note: You can issue fdisk -l to list the disks.

Switch to root

If you have access to the root user, lets switch to root.
su -
Then enter the password for root when prompted

Create Partitions

Once you have found out what your new disk is labeled, (In this example we are going to use /dev/sdb) type fdisk /dev/sdb

Press n for a new partition

When prompted, press p for Primary.

For the first partition, press 1

When prompted for the first cylinder, press enter to take the default.

When Prompted for the last cylinder, you can take the default to use the whole disk by pressing enter or you can type +sizeM to add howover many MB. (If you wanted to add 5GB you would type +5000M)

To create more partitions, repeat the above steps starting at n

After you are done creating your partition layout, press w to write the layout to disk.

Format New Partition

Now you need to format the partition for use. For this example I chose to use ext3.

At the command line, type:
mkfs -t ext3 /dev/sdb1
You will need to do this for each partition you created.

Mount new partitions

First lets create a mount point: mkdir /disk2
Now mount it:
mount -t ext3 /dev/sdb1 /disk2
Verify that it is indeed mounted:
df -h

You should now that /dev/sdb1 is mounted to /disk2.

Add new partition to FSTAB

The fstab file holds all of the used disks and partitions, and determines how they are supposed to be used by the operating system. So we edit the file to add the newly created partition. If you want the new partitions to be mounted at boot automatically, continue the following steps. If you want it to be manual, stop here.

Issue at the command line:
vi /etc/fstab
Add:

/dev/sdb1 /disk2 ext3 defaults 1 1

to the end of the file.
Save the file and exit.

Execute Command as Another User

kammo — Wed, 21 May 2008 17:51:37 +0000

Sometimes you need to execute a command as another user to test newly installed or configured software. For instance, if you just installed snort you want to make sure it’s going to run ok as the snort user. It’s relatively simple.

su username -c command

So if you wanted to execute a backups script called backup.sh as the user named backupadmin then you would type:

su backupadmin -c backup.sh

Disable X (GUI) in linux

kammo — Fri, 25 Apr 2008 14:14:59 +0000

Disabling X is very useful when running the system as a server and not using it as a workstation. It disables the GUI mode and gives you only command line access. Pretty much anything you need to do on the server can be done from the command line. If you do, however need to login to a GUI you can issue startx or init 5 from the command line.

To disable X by default issue:
vi /etc/inittab

Scroll down untill you see:

# Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:5:initdefault:

change: id:5:initdefault: to id:3:initdefault:

Set Time and Date on Linux using Command Line (CLI)

kammo — Fri, 15 Feb 2008 17:27:05 +0000

First lets look at the date. Issue:date at the CLI.

You should get a response like:
Fri Feb 15 11:36:02 CST 2008

If the time zone is off, type timeconfig and set it.

If the clock is off type: date -s 11:36:00
the -s means set then replace 11:36:00 with the respective time.

If the date is off, issue: date -s "02/15/2008" replacing the 02/15/2008 with the respective date.

Once you’ve changed everything to the way it needs to be, issue the command date again and verify.

Installing RPMForge to use DAG’s yum repo

kammo — Thu, 07 Feb 2008 15:19:51 +0000

It’s very easy. Just install the latest rpmforge-release package for your distribution and architecture.

This will automatically install the configuration and GPG keys that are for safely installing RPMforge packages.

Please select the correct command from the following list:

Supported

Red Hat Enterprise Linux 5 / i386:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
Red Hat Enterprise Linux 5 / x86_64:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
Red Hat Enterprise Linux 4 / i386:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
Red Hat Enterprise Linux 4 / x86_64:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.x86_64.rpm
Red Hat Enterprise Linux 3 / i386:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el3.rf.i386.rpm
Red Hat Enterprise Linux 3 / x86_64:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el3.rf.x86_64.rpm
Red Hat Enterprise Linux 2 / i386:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el2.rf.i386.rpm
Red Hat Linux 9 / i386:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.rh9.rf.i386.rpm
Red Hat Linux 7.3 / i386:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.rh7.rf.i386.rpm

Install Yum

Yum is an update-tool written in python. The advantage of Yum is that it is written in Python. The disadvantage is that there are many versions of Yum, and only recent versions work with recent distributions. If you like to use a single tool across all distributions, it’s better to use Apt.

Yum is usually already installed if you’re running Fedora Core. In case you are using Red Hat Enterprise Linux or an older Red Hat Linux distribution. You can find Yum at: http://dag.wieers.com/packages/yum/

Find the package that matches your distribution, right click it, choose the option that will copy the link. go to the command line and type:

rpm -Uvh [shift+Insert]

[shift+insert] will paste the link into your CLI then hit Enter. This will install Yum for your distro.

The configuration of Yum is inside the rpmforge-release package. You should have already installed this from above.

If you’ve done that, the rest is simple. Upgrade your system by doing:

yum update

You can add new software by typing:

yum install

Or update installed software:

yum update

Or search for software in the local repository meta-data:

yum search

Or simply list all available software:

yum list available

From time to time you may want to save some diskspace:

yum clean

Net cat tricks

kammo — Fri, 01 Feb 2008 01:57:01 +0000

Few Useful Netcat Tricks

I always say that small, simple and self contained tools can often be more useful, and more feature rich than huge bloated frameworks. For example lets take legendary â€œSwiss Army Knife of Networkingâ€ - netcat. It is a single binary, which takes up about 60KB of space on your disk (give or take a few KB depending on where and how you compile it). What can it do?

I guess a good question is what canâ€™t it do?

Port Scanner

Netcat can be a port scanner. It does not have as many features as say nmap, but if you just want to see what ports are open on a given machine, you can simply do:

nc -v -w 1 localhost -z 1-3000

The command above will scan all the ports in the range 1-3000 on localhost.

File Transfer

Letâ€™s say you want to transfer a big zip file from machine A to machine B but neither one has FTP, and using email or IM is out of the question due to file size, or other restrictions. What do you do? You can use netcat as a makeshift file transfer software.

On machine B do the following, where 1337 is some unused port on which you want to send the file:

nc -lp 1337 > file.zip

Assuming that the IP of machine B is 10.48.2.40 go to machine A and do:

nc -w 1 10.48.2.40 1337 < file.zip

Thatâ€™s it. The file will be magically transfered over the network socket.

Chat Server

Have you even needed an improvised one-on-one chat? Netcat can do that too. You simply start listening to connections on some port like this:

nc -lp 1337

Then on another machine simply connect to that port:

nc 10.48.2.40 1337

Now start typing on either machine. When you press enter, the line will immediately show up on the other machine.

Telnet Server

Nectat can also be used to set up a telnet server in a matter of seconds. You can specify the shell (or for that matter any executable) you want netcat to run at a successful connection with the -e parameter:

nc -lp 1337 -e /bin/bash

On windows you can use:

nc -lp 1337 -e cmd.exe

Then on a client machine simply connect to port 1337 and you will get full access to the shell, with the permissions of the user who ran nc on the server.

Spoofing HTTP Headers

You can use netcat to connect to a server using completely spoofed headers. You can actually type out your user agent, referrer and etc. Itâ€™s useful when you want to generate bunch of hits that can be easily found in the logs or something like that:

nc google.com 80
GET / HTTP/1.1
Host: google.com
User-Agent: NOT-YOUR-BUSINESS
Referrer: YOUR-MOM.COM

Note that your request wonâ€™t be sent until you generate a blank line. So hit return twice when your are done typing. You will get a response of headers and HTML streaming down your screen:

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=79f8f28c854d90ec:TM=1186369443:LM=1186369443:S=UIiTvi68MtmbcmGl; expires=Sun, 1
-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Server: GWS/2.1
Transfer-Encoding: chunked
Date: Mon, 06 Aug 2007 03:04:03 GMT

738

I deleted the HTML that followed the response - but you get the idea. It is also a good way of looking at headers. Some sites have nice surprises there (like slashdotâ€™s X-Bender and X-Fry headers). Seriously, check them out!

Web Server

I think this is my favorite trick. Did you ever need to set up simple makeshift webserver that would serve a single page? I know I did. In the past when my web server at work melted down, I set up laptop with this simple script:

while true; do nc -l -p 80 -q 1 < error.html; done

The error.html page was just a very simple error message notifying our users about the outage, and giving them an estimate of when it would be fixed. It took me 3 minutes to set up, and probably saved us many angry support calls.

Cloning Hard Drive Partitions Over the Network

This trick was submitted by Craig in the comments. On a system you want to clone do:

dd if=/dev/sda | nc 192.168.0.1 9000

Where 9000 is some random port. On the receiving side di:

nc -l -p 9000 | dd of=/dev/sda

Of course you need to have the cloned partitions unmounted on both systems. So if you are cloning / you will have to boot from a live distro like Knoppix. Note that you can use this technique to clone NTFS partitions as well - just need to use a live Linux distro on both sides.

CyberKit

kammo — Mon, 21 Jan 2008 18:48:55 +0000

Cyberkit is a somewhat Swiss Army knife for the IT admin and for those looking for information.Â It implements quite a few of the different programs that are available via the *nix CLI such as NSLOOKUP, whois finger, and the more common ones such as Traceroute and ping.Â It also does whois and rWhois lookups.Â It will allow you to change multiple settings in the various tools, such as the delay time and packet size of the ping program.

It has a built-in portscanner.Â This port scanner is not very fast, however, if you’re looking to grab the headers from the services running to find out version information, this is the tool to use.Â (I know, I know, NMAP does the same thing and is faster in most cases) Â This just gives you a pretty little interface to look at.

This is definitely a tool to add to your collection.Â Best of all, it’s FREE

Download Cyberkit

Subnet Reference

kammo — Mon, 21 Jan 2008 15:56:31 +0000

I use this all the time to find out how many ip’s are in a subnet mask or to find the CIDR Prefix for a certain range etc…

Subnet Mask	CIDR Prefix	Total IP’s	Usable IP’s	Number of Class C networks
255.255.255.255	/32	1	1	1/256th
255.255.255.254	/31	2	0	1/128th
255.255.255.252	/30	4	2	1/64th
255.255.255.248	/29	8	6	1/32nd
255.255.255.240	/28	16	14	1/16th
255.255.255.224	/27	32	30	1/8th
255.255.255.192	/26	64	62	1/4th
255.255.255.128	/25	128	126	1 half
255.255.255.0	/24	256	254	1
255.255.254.0	/23	512	510	2
255.255.252.0	/22	1024	1022	4
255.255.248.0	/21	2048	2046	8
255.255.240.0	/20	4096	4094	16
255.255.224.0	/19	8192	8190	32
255.255.192.0	/18	16,384	16,382	64
255.255.128.0	/17	32,768	32,766	128
255.255.0.0	/16	65,536	65,534	256
255.254.0.0	/15	131,072	131,070	512
255.252.0.0	/14	262,144	262,142	1024
255.248.0.0	/13	524,288	524,286	2048
255.240.0.0	/12	1,048,576	1,048,574	4096
255.224.0.0	/11	2,097,152	2,097,150	8192
255.192.0.0	/10	4,194,304	4,194,302	16,384
255.128.0.0	/9	8,388,608	8,388,606	32,768
255.0.0.0	/8	16,777,216	16,777,214	65,536
254.0.0.0	/7	33,554,432	33,554,430	131,072
252.0.0.0	/6	67,108,864	67,108,862	262,144
248.0.0.0	/5	134,217,728	134,217,726	1,048,576
240.0.0.0	/4	268,435,456	268,435,454	2,097,152
224.0.0.0	/3	536,870,912	536,870,910	4,194,304
192.0.0.0	/2	1,073,741,824	1,073,741,822	8,388,608
128.0.0.0	/1	2,147,483,648	2,147,483,646	16,777,216
0.0.0.0	/0	4,294,967,296	4,294,967,294	33,554,432

Setting up sendmail to only accept connections from your spam firewall

kammo — Tue, 15 Jan 2008 18:02:34 +0000

You’ve got your spam firewall but you’ve noticed that some spam is still getting through even though it contains keywords that you know are blocked. This is caused by a spammer not using your MX record, but sending directly to your mail server. This means the spammers email didn’t even touch your spam firewall. After many hours of research and trial and error, I have finally come up with a way to make your sendmail only accept email if it was sent through your spam firewall. We are going to use a feature of sendmail that uses an access database (not a Microsoft access database, but an access control database) to determine who can send to your server. This isn’t firewalling port 25 like you may think. Your email users will still be able to authenticate and send via port 25, your server just won’t accept incoming mail to port 25 that’s not from your spam firewall.

First off, an excerpt from sendmail’s README file:

An “access” database can be created to accept or reject mail from selected domains. For example, you may choose to reject all mail originating from known spammers. To enable such a database, use

FEATURE(`access_db‘) Notice: the access database is applied to the envelope addresses and the connection information, not to the header.

The FEATURE macro can accept as second parameter the key file definition for the database; for example

FEATURE(`access_db', `hash -T /etc/mail/access_map') Notice: If a second argument is specified it must contain the option `-T’ as shown above. The optional third and fourth parameters may be `skip’ or `lookupdotdomain’. The former enables SKIP as value part (see below), the latter is another way to enable the feature of the same name.

The table itself uses e-mail addresses, domain names, and network numbers as keys. Note that IPv6 addresses must be prefaced with “IPv6:”. For example,

spammer@aol.com			REJECT

cyberspammer.com		REJECT

TLD				REJECT



192.168.212			REJECT



IPv6:2002:c0a8:02c7		RELAY



IPv6:2002:c0a8:51d2::23f4	REJECT

would refuse mail from spammer@aol.com, any user from cyberspammer.com (or any host within the cyberspammer.com domain), any host in the entire top level domain TLD, 192.168.212.* network, and the IPv6 address 2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network 2002:c0a8:02c7::/48.

The value part of the map can contain:

OK	Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable. “Accept” does not mean “relay“, but at most acceptance for local recipients. That is, OK allows less than RELAY.
RELAY	Accept mail addressed to the indicated domain or received from the indicated domain for relaying through your SMTP server. RELAY also serves as an implicit OK for the other checks.
REJECT	Reject the sender or recipient with a general purpose message.
DISCARD	Discard the message completely using the $#discard mailer. If it is used in check_compat, it affects only the designated recipient, not the whole message as it does in all other cases. This should only be used if really necessary.
SKIP	This can only be used for host/domain names and IP addresses/nets. It will abort the current search for this entry without accepting or rejecting it but causing the default action.
### any text	where ### is an RFC 821 compliant error code and “any text” is a message to return for the command. The string should be quoted to avoid surprises, e.g., sendmail may remove spaces otherwise. This type is deprecated, use one the two ERROR: entries below instead.
ERROR:###* any text*	as above, but useful to mark error messages as such.
ERROR:D.S.N:###* any text*	where D.S.N* is an RFC 1893 compliant error code and the rest as above.*

For example:

cyberspammer.com	ERROR:"550 We don't accept mail from spammers"

okay.cyberspammer.com	OK

sendmail.org		RELAY



128.32			RELAY



IPv6:1:2:3:4:5:6:7	RELAY



[127.0.0.3]		OK



[IPv6:1:2:3:4:5:6:7:8]	OK

would accept mail from okay.cyberspammer.com, but would reject mail from all other hosts at cyberspammer.com with the indicated message. It would allow relaying mail from and to any hosts in the sendmail.org domain, and allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* network. The latter two entries are for checks against ${client_name} if the IP address doesn’t resolve to a hostname (or is considered as “may be forged“). That is, using square brackets means these are host names, not network numbers.

With that said, we will move forward with setting up the access file. Since we are wanting to control access to only allow our spam firewall to send mail to our server, we will do this based on IP address instead of domain names or email addresses.

First, lets make a backup of the access files.

Do: cp -rv /etc/mail/access /etc/mail/access.bak

and: cp -rv /etc/mail/access.db /etc/mail/access.db.bak

Now lets open our access file.

Do: vi /etc/mail/access

This will open your access file in VI.

Right now your file probably looks a little bit like this:

# Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY

We will first allow access from our spam firewall, so add:
# Allow spam firewall to send mail: spamfirewall.domainname.com RELAY

If you haven’t assigned a DNS name to your spam firewall, simply replace spamfirewall.domainname.com with it’s respective IP address.

We will be using an error code so that we will be able to identify the spammers. I am going to give it error code 551 so I can grep it out later in the maillog.

The access file uses wildcards. If you wanted to block the entire class c of 75.75.46.23 you would do:
75.75.46 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to."

With that said, you can see that we can block BIG ranges very easily. The error message will be sent back to the spammer explaining why their email got blocked.

Now, lets block some BIG ranges… Add the following at the bottom of the access file.
#Start the BlackListing 1 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 2 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 3 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 4 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 5 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 6 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 7 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 8 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to." 9 ERROR:"551 We do not accept mail sent directly to our servers. You must use the valid MX record of the domain that you are sending to."

The 1 above will block anything coming from an address starting with 1. This includes 1.2.3.4, 10.2.4.245, 124.9.10.44. It also includes 127.0.0.1 and 192.168.*.*. So MAKE SURE that you have put any IP’s in that need to relay mail directly to your server as described above when putting the spam firewall address in. Also MAKE SURE you don’t remove the local IP, if the local IP is not there, put it there!

Now exit vi, saving the file (Shift+ZZ)

Now do:
makemap hash /etc/mail/access < /etc/mail/access

Don’t do: makemap hash /etc/mail/access < /etc/mail/access.db or makemap hash /etc/mail/access.db < /etc/mail/access

makemap hash /etc/mail/access < /etc/mail/access Will generate the file for you.

If you get any errors, do:rm -rfv /etc/mail/access.db then: makemap hash /etc/mail/access < /etc/mail/access
BEFORE YOU PULL AN rm -rfv MAKE SURE YOU’VE BACKED UP THE FILE!!!

After that do service sendmail restart

Then watch the messages get bounced!
tail -fn100 /var/log/maillog | grep 551

Spam Keywords

kammo — Tue, 15 Jan 2008 17:07:06 +0000

Here is my list of subject and body keywords that i use in my Barracuda spam firewall. These signatures contain barracuda specific characters, such as a ‘.’ is a wild card for a single character and a ‘*’ is a wild card for multiple characters. If you don’t use a cuda, you will want to check if your device uses the same characters for wild cards, if it doesn’t you will want to remove those keywords.

WARNING: This list contains words that may be offensive to some. If you are easily offended or are around someone that may be offended by foul language, don’t read on!

Subject Blocking:

‘hair, hair’
1 dick
100\% off
100\% satisfied
10\% off
15\% off
18\+
2 chicks
20 mg
20 Tabs
20\% off
20\% off
25\% off
30\% off
4 night luxury
40\% off
50\% off
5\% off
60\% off
70\% off
75\% off
80\% off
85\% off
90\% off
95\% off
\$250\,000 policy for
\$\$
\bc.ck\b
\bc.mplementary w.tch\b
\bceleb\b
\bcialis\b
\bcock\b
\bcocks\b
\bcum\b
\berect\b
\berectile\b
\bf.ckers\b
\bhorny\b
\bsex\b
\btwat\b
a nice game
a funny game
a g i n g
a new game
a nice game
ababa
accepting credit cards
acne
acr0bat
acro6at
ad0be
add length
adipex
ado6e
adu kojo
adult en
adult material
adult s
adult site
adult video
adult videos
adults only
advertisement
affordable health care
affordable healthcare
agboola
age reversal
alimentarios
allÂnatural ingredients
alprazolam
already approved
already wealthy
amazing new discovery
amazing pranks
an excite game
and you’ll save
Angola
antigen antivirus found virus
antivirus report
antiÂvirus scanner has deleted
anything about anyoneÂ
approved medication
approved medications
are so cheap here
are you an inventor
are you single
ariset
artprice
as seen on national television
as seen on tv
ass fisting
ass fuck
ass fucked
ass fucking
ass parade
ass picture*
ass traffic
assfuck
assfucked
assfucking
at the pump
attachment block message notification
attachment removed
attract any woman
auto loan
auto loans
auto warranty
autorizascisn
babes
Back Pain Relief Guide
bad credit
banned CD
be 18
bedroom satisfaction
best discount offers
best motorola deal
best prices
best rate
bestial
better life security
big dick
big dicks
big savings
bigger guys
bigger than big
biggest dick
biggest dicks
bikini ass
bikini line
biscom
bitch
black ass
black dick
black worm
bleeding gums
blind date
bloomingdales
blow your load
boobs
bottles of fine wine
breasts
burn fat
buspar
butalbital
buy or sell a home
buy this stock
c0ck
cck
can afford
cannabis
cards accepted
carisoprodol
cash assistance is available
cash for you
cash now
celeb* ass
celebrities exposed
celexa
chineese hand made
chineese hand-made
chineese handmade
chinese hand made
chinese hand-made
chinese handmade
cialagen
cigarette brand
cigarette survey
classic winter coats
clear skin
click here
click to play video
click4drugs
coed
coeds
collect money judgments
college girls
coocks
copy any DVD movie
copy any movie
copy DVD
credit check
credit profile
credit rating
credit repair
credit report
critical patch
critical upgrade
cumming
cumulative patch
cunt
curn
current Microsoft critical patch
current Microsoft update
current upgrade
cyberturf
d1scounts
d\*e\*b\*t
D_V_D
de bt
dear future millionaire
debt consolidation
debt free
debt help
debt relief
degree in
departures from
designer sunglasses
deÂscramble
didrex
diet pills
direct marketing
directtv
directv
discontinue the receipt of emails
dlbDirect
do not delete this
doctor has prescribed
document_all.pif
dollar coin
dollar store
dong
dont look any further
dosage
doubleclick.com
dream date
dream vacation
drugs cost less
dvd backup
dx1
earn a college degree
earn a degree
earn big
earn money
earn up to
earn your college degree
earn your degree
earning potential
easy money
eat dick*
ebay tricks
ejactulation
ejaculation
eliminate your debt
em\@il
email not allowed
enter to win
erection
erotic
erotic
error announcement
error letter
everyone approved
exciting offer
exclusive gift
explore the lighter side
exquisite replica
extended auto warranty
extra income
eÂgift
f\_r
f\_r\_e\_e
failed to clean virus
fall fashions
familynewcomer
fantastic business
fat ass
fat burning
feel better
feel great
feel young
feel younger
file blocking warning
financial future
financial independence
fioricet
fly anywhere southwest flies
FordDirect
foreclosed
foreclosure
foreclosures
forex
forget this address
found my match
fountain of youth
four reports
franc muller
franck muller
frank muller
freak\|est
free business cards
free cable
free DVD movies
free gas
free gift
free installation
free iq test
free money
free movies
free of debt
free pager
free phone
free phones
free pos software
free roadside assistance
free software
freemegavideo
fresh girls
fu\=cked
fuck
fuck ass
fuck that ass
fucking
fucking ass
fukking
funny game
fuÂck
fuÂcks
fwee
gambling*
gamesofvegas
gay dick
genealogy helper
genuine newÂyorker
get a career
get a degree
get away
get cash now
get new mailing lists
get out of debt
get paid to take surveys
get published
get relief
get rid of
Get the new
get your dish free
gimmicks
girl dick
girls dick
give her something
gobbling
gold double eagle
gourmet coffee
government grants
great credit card
great deals network*
great jewlery
great savings
h_orny
hair removal
hammer is simply*
hard core
hardc0re*
hardcore
have a marvellous night
have heartburn
health at risk
health insurance
herba*
herbal
herbalists*
herbs
here is your chance
high interest
hiÂspeed media*
hochulexus
hockey
hola
holiday fun
holiday sale
hollyvalance
home based business
home bleaching kit*
home business
home document imaging
home employment directory*
home interest rates*
home is worth
homeworkers
homeÂbased business
honeymoon
hot ass
hot cock
hot cocks
hot dick
hot dicks
hot international opportunity*
hot ladies
hot married women*
hot moms
hot mother
hot stock
hot teens*
hot woman
hot women
hotel ski sale
housewives
how smart are you
HPSC\’s antivirus\/content filter
huge dick
huge dicks
huge discount
hulk watch
human growth hormone*
inheritance funds
ink sale
jack dick
juicy ass
lesbian*
m4m ass
medication* at low cost
Medications at a Discount
milk dick
milk that dick
money back
money-back guarantee
mortgage
movie challenge
nasonex
new cell phone*
nfsautoloan
nice ass
no obligation
one dick
ONLINE JOB APPLICATION
order now\!
order today
orgasm
over 18
over 21
paginate
pantyhose
peculare
penis
perfect ass
phentermine
porevo
print coupons
prozac
pump ass
pump that ass
pussies
pussy
quality medication*
r.pl.c. w.tch.s
reduce debt
refinance
retrieve your might
ringtone
ringtones
room makeover
round ass
secret shopper
sexier
sexiest
sexy
sexy ass
sexyer
shop kate’s
shop online
show it all
special internet prices for medications
sperm
stand in as next of kin
straponclub
suck dick*
sucking dick
super sale
sweet ass
tag heuer
test and keep
thick ass
thong ass
tight ass
toe nail fung*
toe nale fun*
toe-nail fung*
toe-nale fung*
toenail fung*
toenale fung*
tramadol
twats
two chicks
ultram
unbeatable prices
viagra
watch it fall off
whore
with your girl
xanax
xxx
yasamohuel
yigan999
Your over due
zyban

Subject Quarantine:

/bpill/b
/bpills/b
big and bad
bigger size
blackjack
breaking the habit
breath tester
breathalyzer
casino
citibank
dental coverage
diet
diplomas
don’t be shy
drugs
escorts
estimado
estrada
every business needs
exciting new
financing
find out more information
first million
fixed rate
free sample
free shipping
free website hosting
fresh roasted
gambling
girlfriend*
gold and silver
good deal\!
great price
great stock
holdem
homeloan
homeowner*
hot wheels
hottest
lengthen
poker
prequalify
university

Body Blocking

‘hair, hair’
0086-20-39757427
0086-20-39757427
100\% satisfied
171 Shaukiwan Road
18\+
20 mg
20 Tabs
27-73-926-1407
72 New Bond Streets
90 Tabs
\$500 to spend
\$\$
\bc.mplementary w.tch\b
\bceleb\b
\bcialis\b
\bcock\b
\bcocks\b
\bcum\b
\bf.ckers\b
\bhorny\b
\bp.nis\b
\bpe.is\b
\bpen.s\b
\bpeni.\b
a nice game
a funny game
a g i n g
a new game
a nice game
ababa
accepting credit cards
Access Medications
act as the relative
add length
adipex
adknowledge
adu kojo
adult en
adult material
adult s
adult site
adult video
adult videos
adults only
affordable health care
affordable healthcare
agboola
age reversal
alimentarios
allÂnatural ingredients
alprazolam
already approved
already wealthy
amazing new discovery
amazing pranks
Amount Won
an excite game
and you’ll save
Anti-corruption Bill passed in Hong Kong
antigen antivirus found virus
antivirus report
antiÂvirus scanner has deleted
anything about anyoneÂ
appealingtrafficpublicity
approved medication
approved medications
are you an inventor
are you single
ariset
artprice
as seen on national television
as seen on tv
at the pump
attachment block message notification
attachment removed
auto loan
auto loans
auto warranty
autorizascisn
Award Promo
aweber
babes
Back Pain Relief Guide
bad credit
baiyun
banned CD
be 18
bedroom satisfaction
Been told by your doctor
best discount offers
best motorola deal
best prices
best rate
bestial
better life security
big cock
big savings
bigger guys
bigger than big
bikini line
biscom
bitch
black worm
bleeding gums
Bloomingdales
blow your load
Bonanza
boobs
bowlinblue98
breasts
brylanehome
burn fat
buspar
butalbital
buy or sell a home
buy this stock
c0ck
cck
cannabis
cards accepted
carisoprodol
celebrities exposed
celexa
cialagen
cigarette brand
Cipo
claim this fund
claiming to be your true representative
clear skin
click to play video
click4drugs
collect money judgments
college girls
Complete qualified sponsor offer
complete the participation
coocks
copy any DVD movie
copy any movie
copy DVD
couponsinc
credit profile
credit rating
credit repair
critical patch
critical upgrade
cumming
cumulative patch
cunt
curn
current Microsoft critical patch
current Microsoft update
current upgrade
cyberturf
d1scounts
d\*e\*b\*t
D_V_D
dark meat
de bt
dear future millionaire
dear sir*madam
Dear Sirs or Madams
debt consolidation
debt free
debt help
debt relief
degree in
designer sunglasses
deÂscramble
di-ve\.com
didrex
diet pills
direct marketing
directtv
directv
discontinue the receipt of emails
dlbDirect
do not delete this
doctor has prescribed
document_all.pif
dollar coin
dollar store
dong
dosage
doubleclick.com
Dr\. Richard Allen
dream date
dream vacation
Drew the Lucky Numbers
drugs cost less
dvd backup
dx1
earn a college degree
earn a degree
earn big
earn up to
earning potential
ebay tricks
ejactulation
ejaculation
eliminate your debt
em\@il
email not allowed
erection
erotic
error announcement
error letter
everyone approved
exciting offer
explore the lighter side
extended auto warranty
eÂgift
F ree
f\_r
f\_r\_e\_e
failed to clean virus
familynewcomer
fat burning
feel better
Fight back against creditors
file blocking warning
fioricet
Follow redemption Instructions
FordDirect
foreign inheritance
forex
freak\|est
free business cards
free cable
free DVD movies
free gas
free gift
free installation
free iq test
free money
free movies
free of debt
free pager
free phone
free phones
free software
freemegavideo
fresh girls
fwee
gambling*
gamesofvegas
genealogy helper
genuine newÂyorker
get a career
get a degree
get cash now
get coupons
get lasting relief
get out of debt
get paid to take surveys
get relief
get rid of
get your dish free
Get Your Gift Card Here
Get Your GiftCard Here
gift fulfillment
gimmicks
gobbling
gold double eagle
Gone in Just Days
gourmet coffee
government grants
great credit card
great deals network*
great jewlery
great savings
Guangzhou
h_orny
hair removal
hammer is simply*
Hang Seng Bank Ltd
hard core
hardc0re*
hardcore
have heartburn
Healing Miracles
health at risk
health insurance
helping me receive a large amount of money
herba*
herbal
herbalists*
herbs
Here are her information’s for you to confirm
here is your chance
high interest
hochulexus
holiday fun
holiday sale
hollyvalance
home based business
home bleaching kit*
home business
home document imaging
home employment directory*
home interest rates*
home is worth
homeworkers
homeÂbased business
hot international opportunity*
hot ladies
hot married women*
hot moms
hot mother
hot stock
hot teens*
housewives
how smart are you
HPSC\’s antivirus\/content filter
http\:\/\/net-ali-rxorder\.net
http\:\/\/netrxor-uxa-der\.net
http\:\/\/www\.rxset\.com
huge discount
hulk watch
human growth hormone*
I have an obscured business suggestion for you
i live and work here in United Kingdom
I lost * lbs last week
inheritance funds
international remittance
invest in any foreign land
jiangxia
jopers
Keep more of what you earn each month
Keep what you earn
Kenya
lastoneform
learn about the real cause
longing for better life
matter of urgency if this woman is from you
Medications at a Discount
MegaDik
Ming Yang
mingy325@yahoo.com.hk
money in Hong Kong
money-saving coupons
myway\.com
nasonex
National lottery
NATIONAL LOTTERY PTY
Nelson Mandela Way
new cell phone*
newadobedeals
nfsautoloan
Nigeria
nlma
no obligation
online book-keeper
order now\!
order today
orgasm
over 18
over 21
over due inheritance
own any huge amount of money
p a i d a d v e r t i s e m e n t
paginate
Participate in the survey
penis
pharmstoregone
phentermine
pinnsupport
porevo
Prize attached is
prozac
QianDu
reduce debt
refinance
remit this money into your account
rewards program
rgpamer
richallen101\@sbcglobal\.net
ringtone
ringtones
rxset
rybber
Sai Wan Ho Branch
secret shoppers
SecureWebDeals
secureworksmessagecenter
sex
simplytraditions
solidwebdeals
speakgas
special internet prices for medications
Speed Lotto
sperm
stand in as the beneficiary
straponclub
stride rite
Stride Rite Children.s Group
striderite
surgery is the only option
Taffeta Fabric
telecoms interception in Hong Kong
The Best Prices on the WEB
TheBigRewardCenter
this is an advertisement
tramadol
ultram
Vantage Media
viagra
Vibe Ring
vylkeit
we advice all winners
without dangerous medications
Would you like to work online
xanax
xxx
yasamohuel
yigan999
You are requested to fill and send this information’s
Your email address has emerged
Your over due inheritance funds
Your previous prescription
zixmail
zyban

Body Quarantine:

can afford
fountain of youth
four reports
fu\=cked
fucking
fukking
funny game
fuÂck
fuÂcks
give her something
hiÂspeed media*
in the money

View, Edit, and Export Outlook’s Autocomplete database

kammo — Thu, 20 Dec 2007 17:32:44 +0000

As you know with Outlook, when you start typing an address in the “To” field, if you’ve sent them an email before it will begin to suggest addresses for you to choose from. That data, however is stored in a file that is unreadable by just opening the file. There is a program called NK2.info that will read the file and give you a list of the addresses in your auto-complete database. Once the file is open in NK2.info, you can add addresses, edit addresses(for those that have incorrectly typed in an address and keep getting that wrong address popping up), remove addresses and clear the file. The best part of it is that you can export to CSV (Comma separated values) or TSV (Tabbed separated values) for importing back into your address book if the entries aren’t already there.

How to do it:

First you need to download NK2.info

Then run NK2.info, if the file isn’t already loaded, click the browse icon.Â It should open to the folder where the file is stored, if not look and see if there isÂ an Outlook folder.Â If so, double click it and choose the Outlook.nk2 file and open it.

It’s pretty self explanitory from there.Â if you want to export the file for importing into your Outlook address book.Â at the bottom note the path it says it’s going to save it to, or change it if you’d like.Â It should save to your My Documents folder by default.Â Choose weather you want to save as CSV(this is the option I chose) or TSV.Â Then click export.

Now go to your Outlook Client.Â I would create a new address folder.Â Go to your address book.Â Right-click on your current address book on the top left and choose New Folder.Â Name it whatever you like, I named it Imports.Â Now click File -> Import and Export.Â This brings up a new window.Â Choose import from another program or file and click next.Â If you chose to export to a CSV file choose Comma separated values (windows) and click Next.Â If you chose to export to a TSV choose Tab seperated values(windows) and click next.Â Now click the browse button, go to where the file is saved and open it.Â Then click next.Â Now you will select the folder you created that I called imports and click next.Â On the next window maker sure the box next to “import “*” into folder: imports is checked, then choose finish.

After that, you can edit your addresses, add names, phone numbers or whatever then drag them over to your contacts list when you’re finished.

Linksys WAG200G Information Disclosure

kammo — Tue, 18 Dec 2007 17:54:40 +0000

Summary
The Linksys WAG200G ADSL modem/router has been found to return sensitive information to anyone sending it a packet to its UDP port 916, this information includes the PPPoA username and password.

Credit:
The information has been provided by Daninl Niggebrugge.

Details
By sending a packet to UDP port 916, the Linksys answers with the following information:
* Product model
* Password webinterface
* Username PPPoA
* Password PPPoA
* SSID
* WPA Passphrase

This can be done on both the LAN interface as well as the Wireless interface.

I have not tested yet but do have plans to do so in the near future.Â I will post up more info on the technique and success after testing.

House vote on illegal images sweeps in Wi-Fi, Web sites

kammo — Mon, 10 Dec 2007 19:12:32 +0000

The U.S. House of Representatives on Wednesday overwhelmingly approved a bill saying that anyone offering an open Wi-Fi connection to the public must report illegal images including “obscene” cartoons and drawings–or face fines of up to $300,000.

Â Read more…

Reveal root password for MySQL on an Linux based Ensim Server

kammo — Thu, 06 Dec 2007 03:36:09 +0000

ensim-python -c'import sys; sys.path.append("/usr/lib/opcenter/mysql"); \ import mysqlbe; print mysqlbe.read_mysqlpass()'

AutoIt

kammo — Wed, 21 Nov 2007 01:43:32 +0000

I found a VERY cool tool today for automating tasks in windows. You can manipulate just about anything you can with your mouse and keyboard in script with AutoIt. With AutoIt, you can convert your scripts to .exe files for those who don’t already have AutoIt installed and have no plans of installing it in the future.

Download it Here

Run Ensim Through Maintenance Mode

kammo — Fri, 16 Nov 2007 18:03:15 +0000

There are some times when you will need to run Ensim through maintenance, here’s how to do it:

/usr/local/sbin/set_pre_maintenance /usr/local/sbin/set_maintenance /usr/local/sbin/set_post_maintenance /sbin/service epld restart

Make Ensim Control Panel SUPER FAST!

kammo — Fri, 16 Nov 2007 17:36:37 +0000

Make Ensim Control Panel Super quck!

Editing /usr/lib/ensim/frontend/httpd/conf/eplhttpd.conf.template:

Code:

LoadModule access_module modules/mod_access.so
#LoadModule include_module modules/mod_include.so
#LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
#LoadModule dav_module modules/mod_dav.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule ssl_module modules/mod_ssl.so

That’s removing a pretty considerable amount of fluff, and it’s certainly reduced the load when users are browsing the panel…

Or, the kinder, gentler version … Delete all the LoadModule’s there and just use these:

Code:

LoadModule access_module modules/mod_access.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so

Now … Let’s do a little more … In your “IfModule prefork.c” section:

Code:

#StartServers       8
#MinSpareServers    5
#MaxSpareServers   20
#ServerLimit      256
#MaxClients       256
#MaxRequestsPerChild  4000
StartServers       2
MinSpareServers    1
MaxSpareServers    8
ServerLimit       32
MaxClients        32
MaxRequestsPerChild  256

And in your “IfModule worker.c” section:

Code:

#StartServers         2
#MaxClients         150
#MinSpareThreads     25
#MaxSpareThreads     75
#ThreadsPerChild     25
#MaxRequestsPerChild  0
StartServers         1
MaxClients          32
MinSpareThreads      1
MaxSpareThreads     25
ThreadsPerChild      5
MaxRequestsPerChild  0

Then all ya need to do is `service epld restart` and, voila! A nasty-fast control panel.