RPM quickies – The Ultimate RPM Guide for Newbies!

From mynitor.com

Every once in awhile I find myself looking around for an rpm command to provide info on a specific thing such as displaying installed location of all files of a package that’s already been installed. Sure there is the man page but finding something from a man page is like finding a hard booger stuck way up in your nose….as you reach for it, you scratch other areas way too much and by the time you get that damn booger, you’re already bleeding from your nose!

Anyhow, didn’t mean to get so graphic talking about RPM (Redhat Package Manager). Here is a quick reference to go by when you’re dealing with RPM.

rpm -ivh apache2.i386.rpm
Install package apache2 already download on the system.

rpm -i ftp://ftp.mynitor.com/apache-3.i386.rpm
You can do it with http:// as well. Simple of installing RPM from remote server.

rpm -ev apache2
Uninstall apache2 package..

rpm -Uvh apache2-1.i386.rpm
Upgrade an existing package.

You can also do
rpm -Uvh ftp/http
to fetch pkg.

rpm –verify apache2
List files that did not pass the verify tests.

rpm -qpl apache2.i386.rpm
List location where RPM would be installed.

rpm -ql apache2
List location of files on the system where the RPM has already been installed.

rpm -qi apache2
This one is my favorite. It displays pkg information such as version, release, installed date and much more.

rpm -qf /etc/apache2/conf/httpd.conf
This will tell you which package the file httpd.conf belongs to.

rpm -qa
List all installed RPM packages on the system.

rpm -qa –last
List all the recently installed RPM packages.

rpm -qR apache2.i386.rpm
Outputs dependencies for the RPM.

agt-get secrets

From blogs.pcworld.co.nz

Hidden Linux : agt-get secrets

apt-get is the package handling utility behind Debian-based Linux systems such as Ubuntu, Mint and Mepis. You may be using it ‘by proxy’ via GUI-based package managers such as Synaptic, but hardened Linux users tend to prefer the command line – especially as the latter has a couple of neat tricks up its sleeve.

(Not that if you’re not a super-user you’ll need to prefix the following commands with sudo – well, all but the last one …)

The basics

apt-get update
Resynchronise installed packages with their sources. (Always do this before an upgrade.)

apt-get upgrade
Install the newest version of all packages installed on the system.

apt-get dist-upgrade
Upgrade to the latest version of your distribution.

apt-get install xxx yyy zzz
Install programs xxx, yyy and zzz along with all their dependencies.

apt-get remove xxx yyy zzz
Remove programs xxx, yyy and zzz.

apt-get purge xxx yyy zzz
Remove programs xxx, yyy and zzz and delete any configuration files that they used.

apt-get check
Update the package cache and check for any broken dependencies.

apt-get clean
Clean out retrieved package files.

apt-get autoclean
Clean out retrieved package files, but only those that are no longer needed.

apt-get autoremove
Remove any packages that were installed to satisfy dependencies but are no longer required.

Advanced stuff
So much for the basics, what about those neat tricks I mentioned? Well, did you know you can use apt-get to get a package’s source code?

apt-get source xxx
Retrieve source files for package xxx.

Or its build dependencies?

apt-get build-dep xxx
Get all the dependencies needed to build package xxx.

Or that you could get it to fetch and build the package for you?

apt-get source xxx -b
Fetch the source code then compile it. (The -b switch means ”build it„.)

The result with be a .deb package which you can install using the Debian package manager command:

dpkg -i xxx.deb

Inundator

From linuxpoison.blogspot.com

Inundator – IDS/IPS/WAF Evasion & Flooding Tool

Inundator is a multi-threaded, queue-driven, IDS evasion tool. Its purpose is to anonymously flood intrusion detection systems (specifically Snort) with traffic designed to trigger false positives via a SOCKS proxy in order to obfuscate a real attack.

The general idea is one would launch inundator prior to starting an attack, allow it to run during the attack, and continue to run it a while longer after you’ve accomplished the attack. The goal, of course, is to generate an overwhelming number of false positives so that your real attack is essentially buried within the other alerts, minimizing the chance of your attack being detected. It could also be used to ruin an IDS analyst’s day, or keep an organization’s infosec department busy for a while.

Other Example Scenarios:
* Before, during, and after a real attack to bury any potential alerts among a flood of false positives.
* Seriously mess with an IDS analyst and keep an InfoSec department busy for days investigating false positives.
* Test the effectiveness of an intrusion detection or prevention system. Less alerts means a better product; more alerts means a horrible product.

USE THIS TOOL FOR LEGAL PURPOSES ONLY!

Downloading and installing Inundator:

The preferred method of installation for all other .deb-based distributions is via software repository. This is by far the best and simplest way of installing Inundator and its dependencies.

Add repository to /etc/apt/sources.list:
deb http://inundator.sourceforge.net/repo/ all/
Next, download and install our GPG key:
wget http://inundator.sourceforge.net/inundator.asc
apt-key add inundator.asc

Then you can automatically pull in Inundator and all its dependencies:
aptitude update
aptitude install inundator

Hostmap

From linuxpoison.blogspot.com

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.
– Sun Tzu, The Art of War
As Sun Tzu said, you have to know your enemy. During an hacking engagement, like a penetration test, you need to retrieve as much information as possible from your target in order to be successful.

Hostmap helps you using several techniques to enumerate all the hostnames and configured virtual hosts associated with an IP address.

In the real world an IP address can be registered in a DNS server with multiple host names, because it can have some aliases or hosting a bunch of websites.
Example:
IP address 1.2.3.4 can have following entries in the DNS configuration file

www.foo.com CNAME foo.com
foo.com A 1.2.3.4
mail.foo.com A 1.2.3.4
goo.com A 1.2.3.4

An user or a penetration tester,that needs to test the security of the IP address 1.2.3.4 machine needs ti know all his host names.

Here the purpose of the hostmap is to discover all the registered DNS hostname or virtual names inorder to get the better knowledge of the target machine.

USE THIS TOOL FOR LEGAL PURPOSES ONLY!

The major features of Hostmap are:
* DNS names and virtual hosts enumeration
* Multiple discovery techniques
* Results correlation, aggregation and normalization
* Multithreaded and event based engine
* Platform independent

Installation:
Download hostmap from here
Untar the package and type following command to start host-name discoveries:
ruby hostmap.rb -t 192.168.1.1
and you should see something similar to ….

hostmap.png

Ubuntu Kung-Fu – 10 Best Tricks

From canoo.com

Ubuntu Kung-Fu – 10 Best Tricks (and some even work on Macs)

By my count, Ubuntu Kung-Fu from Pragmatic Bookshelf is the perfect summer reading book. It’s light, the content is not going to strain your mind the way some computer science tomes will; it’s easy to read, as always with Prag books the writing is conversational and the fonts large; and it’s fun, where else can you read about easter eggs like talking cows and floating desktop fish.

Admittedly, some of the 315 tips are useless. I’m not sure when I’ll ever use the “cowsay” command to invoke a talking ascii cow, but for some reason I’m glad I know about it. I predict the error output in my Bash scripts is about to get a lot more bovine. Most of the tips are good, though. Of the 315 total tips (less than a page long each), there are maybe 25 dual boot and Windows related tips and maybe 25 more system recovery and troubleshooting tips. It isn’t a comprehensive reference to administration or dual booting, but these tips are still good to keep around in case of emergencies. Someone switching from Windows and still dual booting will find this book extremely helpful. There are also quite a few Gnome desktop tips for how to tune the desktop manager; for instance, how to use drapes to change the wallpaper every morning. But the majority of the book details cool and useful programs and packages to install… stuff I didn’t realize I needed until I found out about it. Normally I prefer printed books, but the best way to read Ubuntu Kung-Fu is by viewing the PDF directly on the computer and having a command prompt open to try the tips as you go.

If your vision of a great vacation is laying down with a laptop on your belly, banging away on new bash commands and scripts, then this is the book for you.

Now here are my favorite 10 tips…

read more here…

How to setup a LAMP server with less than 100 characters

From mabishu.com

One of the reasons cause I love the GNU/Linux for developing is its easy and quick setup. So if you’re a LAMP-dev you can setup a LAMP server with less than 100 chars.

With the next command you will have a apache2+php5+mysql on Debian based systems with the bonus of phpmyadmin for administer your databases.

sudo apt-get install libapache2-mod-auth-mysql phpmyadmin lamp-server^

Dont forget the trailing ‘^’ char.

Best Linux Downloads

From lifehacker.com

We love Linux, and want to make it easier for others to do so, too. This first edition of the Lifehacker Pack for Linux includes our favorite apps that get things done and make your desktop great.

Linux isn’t quite like Windows or Mac, as there are many, many distributions, usually running on one of two desktop systems (GNOME or KDE). We’ve chosen to write this list up from the perspective of a standard, GNOME-based Ubuntu user. Ubuntu is what the Lifehacker editors use, it’s what most of our Linux-leaning readers use, and it’s generally popular and frequently updated. Many of these apps can be downloaded and installed on other Linux systems, of course—check the Download link, or search out its name in your own system’s package installer.

If you are using Ubuntu, you can also install these apps by clicking the “Install in Ubuntu” link after each item. It’s a link that prompts your own Ubuntu system to search out and install an app from its own repositories—with your permission, of course. You may be asked on your first install to allow your browser to open up an Ubuntu app to handle the link, but go ahead and agree with it, and you’ll be installing apps with one click after that. We’ve also placed aggregated installer links at the bottom of each section, and a mega-installer at the bottom of the post, so you can install multiple apps at once.

Some other apps (Chrome and Dropbox) require a download, some are pre-installed in Ubuntu, and others may require the enabling of an extra repository or two for certain third-party apps, but we’ve explained how to do so in a previous Ubuntu feature (short version: open “Software Sources” from the System/Administration menu).

Now let’s get straight to the goodies:

read more here…

SSH infoz

From derwiki.tumblr.com

How I Learned to Stop Worrying and Love SSH

Before there were VPNs, there was ssh. And when you don’t have access to your VPN or can’t set one up, you can still get most of the functionality over ssh.

Quick and dirty HTTP tunneling

This is useful if you need to hit an internal server through a proxy server:

ssh -f -N -L 31609:hostireallywanttogetto.com:80 proxyhost.com

and then load http://localhost:31609 in your browser and it will look like http://hostireallywanttogetto.com from proxyhost.com’s point of view. Similarly:

ssh -f -N -L 31610:securehost.com:443 proxyhost.com

will forward SSL traffic to https://localhost:31610/. Not gonna work completely, but it’s a quick and dirty solution I’ve used to get to internal wiki servers before.

Quicker and Dirtier SSH tunneling

This isn’t very different from ssh’ing into one box and immediately ssh’ing to another. It avoids an extra bash process and it’s quicker, but that’s really it — except for the BAMF factor:

ssh -t gatewaymachine.com ssh hostireallywanttogetto

Reverse SSH tunneling a shell

Got a computer behind a firewall whose configuration you don’t have access to? It’s pretty easy to get the computer behind the firewall to poke out to another server.

(step 1, from the computer you wish to access)
derwiki@firewalledcomputer:~$ ssh -R localhost:2002:localhost:22 mypublicserver.com

(step 2, from any computer than can access mypublicserver.com)
derwiki@mylaptopontheinternet:~$ ssh mypublicserver.com -p 2002
(authenticate)
derwiki@firewalledcomputer:~$

I’ve found this especially useful to get into my dad’s computer and fix things. I put the “ssh -R” command into a shell script called “letadamin”, made it executable, and put it on his desktop. Now it’s super easy for him to grant me access in.

Tunneling SCP through a gateway

Sometimes you want to file transfer through a gateway machine:

ssh -N -L 1234:targetmachine:22 mypublicserver.com
scp -P 1234 localhost:~/remotefile localfile

Quickly setting up passwordless SSH

First make sure you’ve generated a key file: ssh-keygen
Ubuntu (and other Linux distros) make it really easy:
ssh-copy-id user@remotehost
OS X seems to lack this, so the quick one liner I have is:
cat ~/.ssh/id_dsa.pub | ssh username@myslicehostserver.com “cat - » ~/.ssh/authorized_keys”
These are the most frequent ssh commands that I’ve “discovered.” What’s your favorite thing to do with ssh that I’ve missed?

Thanks to Lann and Shivaram for helping me come up with this list

Update: some people have contributed some great ssh tips on Hacker News

How to use auditd to track file changes

From lazyscripter.com

Alright, here’s a post for the advanced Linux users that doesn’t have time to mess around. Have you ever wanted to track what accesses a file on your server? Using the auditd daemon, you can do just that.

Is auditctl installed?

[root@eclipse ] ~ # which auditctl
/sbin/auditctl

How to install auditctl
If your output is blank, or shows an error message, you may need to install the audit package.

[root@eclipse ] ~ # yum -y install audit
Running auditd on boot
[root@eclipse ] ~ # chkconfig auditd on
[root@eclipse ] ~ # ntsysv

You’ll see a screen like this:

ntsysv

Just make sure auditd has a star, then hit once to go to the “Ok” button, and hit Enter to save.

After you save, be sure to start the auditd daemon by executing:

[root@eclipse] ~ # /etc/init.d/auditd start
Starting auditd: [ OK ]

Setting up a file watch
To setup a file watch, you’ll need 3 things:

  • The filename to watch
  • A shadow file to record the changes
  • A permission filter with at least one of these flags: a -> append, r -> read, w -> write, x -> execute

Once you have all of that, then go ahead and create your audit rule using the auditctl command like so:
[root@eclipse] ~ # auditctl -w /path/to/my/file -k /path/to/my/shadow-file -p rwxa

For example i’m going to use a file called /root/notouchie:

[root@eclipse] ~ # auditctl -w /root/notouchie -k /root/notouchie-shadow -p rwxa

You should then list your auditctl rules to verify that rule is in place.

[root@eclipse] ~ # auditctl -l
LIST_RULES: exit,always watch=/root/notouchie perm=rwxa key=/root/notouchie-shadow

Then, against better judgement, we’re going to touch /root/notouchie like so:

[root@eclipse] ~ # touch /root/notouchie

This should set off auditd, so now we search our audit database with ausearch and give it a few arguments.

[root@eclipse] ~ # ausearch -i -f /root/notouchie
----
type=PATH msg=audit(07/14/2010 00:53:12.844:94) :
item=0 name=/root/notouchie inode=131757 dev=08:02 mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(07/14/2010 00:53:12.844:94) :
cwd=/root
type=SYSCALL msg=audit(07/14/2010 00:53:12.844:94) :
arch=x86_64 syscall=open success=yes exit=0 a0=7fffcec7fa71 a1=941 a2=1b6 a3=0 items=1 ppid=27044 pid=18781 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=4294967295 comm=touch exe=/bin/touch key=/root/notouchie-shadow

Now we see that uid=root executed /bin/touch and modified the file.

This is just the beginning of the possibilities of auditd, check out more options at the manpage:

aureport(8)

Five-Way Linux Distro Comparison

From phoronix.com

With many Linux distributions receiving major updates in recent weeks and months we have carried out a five-way Linux distribution comparison of openSUSE, Ubuntu, Fedora, PCLinuxOS, and Arch Linux. We have quite a number of tests comparing the 32-bit performance of these popular Linux distributions on older PC hardware.

Our test system was a Lenovo ThinkPad T60 notebook with an Intel Core Duo T2400 (1.83GHz dual-core) CPU, 1GB of system memory, an 80GB Hitachi HTS541080G9SA00 SATA HDD, and ATI Radeon Mobility X1400 graphics. Below are some of the key software components for the different distributions that were tested in this article.

openSUSE 11.3 RC1:
OS: SUSE LINUX 11.3, Kernel: 2.6.34-9-default (i686), Desktop: KDE 4.4.3, Display Server: X.Org Server 1.8.0, Display Driver: radeon 6.13.0, OpenGL: 1.5 Mesa 7.8.1, Compiler: GCC 4.5, File-System: ext4

Ubuntu 10.04:
OS: Ubuntu 10.04, Kernel: 2.6.32-21-generic (i686), Desktop: GNOME 2.30.0, Display Server: X.Org Server 1.7.6, Display Driver: radeon 6.13.0, Compiler: GCC 4.4.3, File-System: ext4

Fedora 13:
OS: Fedora release 13 (Goddard), Kernel: 2.6.33.3-85.fc13.i686.PAE (i686), Desktop: GNOME 2.30.0, Display Server: X.Org Server 1.8.0, Display Driver: radeon 6.13.0, OpenGL: 1.5 Mesa 7.8.1, Compiler: GCC 4.4.4, File-System: ext4

PCLinuxOS 2010.1:
OS: PCLinuxOS release 2010 (PCLinuxOS) for i586, Kernel: 2.6.32.12-pclos1.bfs (i686), Desktop: KDE 4.4.3, Display Server: X.Org Server 1.6.5, Display Driver: radeon 6.12.4, OpenGL: 1.4 Mesa 7.5.2, Compiler: GCC 4.4.1, File-System: ext4

Arch Linux 2010.5:
OS: Linux, Kernel: 2.6.33-ARCH (i686), Desktop: KDE 4.4.4, Compiler: GCC 4.5.0, File-System: ext4

Tests included World of Padman, OpenArena, Bullet Physics, C-Ray, TTSIOD 3D Renderer, LAME MP3 encoding, FFmpeg, x264, Himeno, GraphicsMagick, LZMA compression, 7-Zip compression, PostMark, and Unpack-Linux. All testing was done through the Phoronix Test Suite

tl;dr…

As you can see though, with an older Intel dual-core notebook at least in many tests the five Linux distributions performed close to the same speed, but depending upon your specific workload there may be benefits to using one Linux distribution over another.

read more here…