Today is the last day of 2009, and I welcome 2010 with open arms...
I hope my blog the past year has made people more interested in Linux (especially Ubuntu) and/or computer security. I am looking forward to hearing from you... especially if you find my postings useful.
END!
Thursday, December 31, 2009
Monday, November 23, 2009
Installing Websecurify 0.4...
Websecurify is a web application testing tool developed by Petko Petkov that automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies. To know more about Websecurify, click on the link here.
For Ubuntu 8.10 (or older) users (others can skip to the Websecurify Installation section below)
Before installing Websecurify on your Ubuntu system, you will need to have xulrunner v1.9.1 (or higher) installed. Since your installation of Ubuntu has an older version of xulrunner, you will need to update your system to meet this pre-requisite. The easiest way to do this is by installing Firefox 3.5 which come with the required version xulrunner.
The easiest/safest way to do this is to go to the "ubuntu-mozilla-daily" PPA archive at URL:
https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa
Follow the instruction there to get your version of Ubuntu installed with the correct repository that holds the version on firefox 3.5 compatible with your Ubuntu installation. Remember to also install the public key to you don't get prompted with security warnings when trying to use the repository.
Then, we update the machine's repository database with:
sudo apt-get update
sudo apt-get upgrade
To install Firefox 3.5 (warning, this will replace older versions of firefox in your Ubuntu machine):
sudo apt-get install firefox-3.5
Websecurify Installation
Download the Linux version at URL http://websecurify.googlecode.com/files/Websecurify%200.4.tgz (download the file to your Desktop)
Create a folder to store the websecurify application:
mkdir ~/websecurify-0.4
Go into the folder you just created:
cd ~/websecurify-0.4
Extract the archive:
tar -zxvvf ~/Desktop/Websecurify\ 0.4.tgz
To install the application, type:
xulrunner --install-app application.ini
To launch Websecurify, type:
xulrunner --app application.ini
Note: For Ubuntu 8.10 (or older) users, you must type in xulrunner-1.9.1 instead of xulrunner to install and to launch Websecurify.
For Ubuntu 8.10 (or older) users (others can skip to the Websecurify Installation section below)
Before installing Websecurify on your Ubuntu system, you will need to have xulrunner v1.9.1 (or higher) installed. Since your installation of Ubuntu has an older version of xulrunner, you will need to update your system to meet this pre-requisite. The easiest way to do this is by installing Firefox 3.5 which come with the required version xulrunner.
The easiest/safest way to do this is to go to the "ubuntu-mozilla-daily" PPA archive at URL:
https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa
Follow the instruction there to get your version of Ubuntu installed with the correct repository that holds the version on firefox 3.5 compatible with your Ubuntu installation. Remember to also install the public key to you don't get prompted with security warnings when trying to use the repository.
Then, we update the machine's repository database with:
sudo apt-get update
sudo apt-get upgrade
To install Firefox 3.5 (warning, this will replace older versions of firefox in your Ubuntu machine):
sudo apt-get install firefox-3.5
Websecurify Installation
Download the Linux version at URL http://websecurify.googlecode.com/files/Websecurify%200.4.tgz (download the file to your Desktop)
Create a folder to store the websecurify application:
mkdir ~/websecurify-0.4
Go into the folder you just created:
cd ~/websecurify-0.4
Extract the archive:
tar -zxvvf ~/Desktop/Websecurify\ 0.4.tgz
To install the application, type:
xulrunner --install-app application.ini
To launch Websecurify, type:
xulrunner --app application.ini
Note: For Ubuntu 8.10 (or older) users, you must type in xulrunner-1.9.1 instead of xulrunner to install and to launch Websecurify.
Wednesday, November 18, 2009
Installing OpenVAS 2.0.x on Ubuntu Linux...
This is a follow-up to my earlier article on Installing OpenVAS 1.0.x
OpenVAS has started releasing betas of v3.0.x, so I thought I'd write a tutorial on how to install the latest stable version of OpenVAS (v2.0.x).
Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:
sudo apt-get update
sudo apt-get upgrade
Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:
sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison
sudo apt-get install libgtk2.0-dev libglib2.0-dev libgpgme11-dev libssl-dev htmldoc
Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29
Download the latest version of the following:
openvas-libraries (latest v2.0.x)
openvas-libnasl (latest v2.0.x)
openvas-server (latest v2.0.x)
openvas-plugins (latest v1.0.x)
openvas-client (latest v2.0.x)
You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:
tar zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..
Once all five components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:
sudo ldconfig -v
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
sudo openvas-mkcert
sudo openvas-adduser
Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:
sudo openvas-nvt-sync
To start the OpenVAS server, activate the server by typing in:
sudo openvasd -D
And running the OpenVAS client by typing:
sudo OpenVAS-Client
If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/
Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode.
OpenVAS has started releasing betas of v3.0.x, so I thought I'd write a tutorial on how to install the latest stable version of OpenVAS (v2.0.x).
Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:
sudo apt-get update
sudo apt-get upgrade
Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:
sudo apt-get install build-essential libgnutls-dev libpcap0.8-dev bison
sudo apt-get install libgtk2.0-dev libglib2.0-dev libgpgme11-dev libssl-dev htmldoc
Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL http://wald.intevation.org/frs/?group_id=29
Download the latest version of the following:
openvas-libraries (latest v2.0.x)
openvas-libnasl (latest v2.0.x)
openvas-server (latest v2.0.x)
openvas-plugins (latest v1.0.x)
openvas-client (latest v2.0.x)
You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:
tar zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
sudo make install
cd ..
Once all five components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:
sudo ldconfig -v
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
sudo openvas-mkcert
sudo openvas-adduser
Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:
sudo openvas-nvt-sync
To start the OpenVAS server, activate the server by typing in:
sudo openvasd -D
And running the OpenVAS client by typing:
sudo OpenVAS-Client
If you want to learn or know more about OpenVAS, visit them at http://www.openvas.org/
Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode.
Metasploit 3.3 is now available!
The guys at Metasploit have release Metasploit Framework 3.3. To install this in Ubuntu, please follow the instructions from their wiki page.
Thursday, November 12, 2009
eee-control for Ubuntu 9.10 (Karmic Koala)
I have been waiting patiently for Grigori Goronzy, the developer of eee-control to release a version of the utility for Karmic Koala (URL http://greg.geekmind.org/eee-control/). However, three weeks since Karmic was released, Grigori has yet to release an update.
Dan Amlund has downloaded the latest version Grigori released for Jaunty Jackalope (0.9.4) and fixed it so that it will install on Karmic Koala. I have installed iton my EeePC 701 and everything seems to be working (your mileage may vary).
To get Dan's version of eee-control which works on Karmic Koala,visit Ubuntu Geek's article at URL http://www.ubuntugeek.com/howto-install-eee-control-in-ubuntu-9-10-karmic.html
Dan Amlund has downloaded the latest version Grigori released for Jaunty Jackalope (0.9.4) and fixed it so that it will install on Karmic Koala. I have installed iton my EeePC 701 and everything seems to be working (your mileage may vary).
To get Dan's version of eee-control which works on Karmic Koala,visit Ubuntu Geek's article at URL http://www.ubuntugeek.com/howto-install-eee-control-in-ubuntu-9-10-karmic.html
Saturday, September 12, 2009
The ever important /tmp folder...
I was busy trying to see if I could speed up Adobe's flash which crawls on Linux systems, yet on the same computer running Windows XP, the same flash application runs much faster. I Googled the net and tried the recommendations other users had posted. I tried one of those recommendations and noticed that the application started quick enough but over time, slowed down to a crawl. Even if I reload that web page, the application still crawled.
What did I do? I said to myself, maybe if I deleted the /tmp folder, the flash application would reload and work like normal. I then started the command shell and typed:
sudo rm -r /tmp
Thinking that if anything goes wrong, just restart Ubuntu and it should recreate the /tmp folder since I've came to an understanding that Linux will delete all files in the /tmp folder at startup anyway. Once I deleted the folder, I didn't get the results I was expecting and said to myself that I best restart my computer.
Computer restarts and loads up in about 30 seconds (Jaunty does that on my Pentium M 1.73GHz computer). I then give my login credentials but get an error message saying "mkdtemp: private socket dir: Permission denied".
I Googled the error message (from another computer) and it turns out that if you delete the /tmp folder, Ubuntu will recreate the /tmp folder but with the wrong permission settings!
How did I solved this? I restarted Ubuntu in recovery mode, then issued the command:
sudo chmod a+w /tmp
Restarted Ubuntu and problem solved. Now you know how to DoS your own machine and fix it. :)
What did I do? I said to myself, maybe if I deleted the /tmp folder, the flash application would reload and work like normal. I then started the command shell and typed:
sudo rm -r /tmp
Thinking that if anything goes wrong, just restart Ubuntu and it should recreate the /tmp folder since I've came to an understanding that Linux will delete all files in the /tmp folder at startup anyway. Once I deleted the folder, I didn't get the results I was expecting and said to myself that I best restart my computer.
Computer restarts and loads up in about 30 seconds (Jaunty does that on my Pentium M 1.73GHz computer). I then give my login credentials but get an error message saying "mkdtemp: private socket dir: Permission denied".
I Googled the error message (from another computer) and it turns out that if you delete the /tmp folder, Ubuntu will recreate the /tmp folder but with the wrong permission settings!
How did I solved this? I restarted Ubuntu in recovery mode, then issued the command:
sudo chmod a+w /tmp
Restarted Ubuntu and problem solved. Now you know how to DoS your own machine and fix it. :)
Tuesday, August 25, 2009
Create a .deb package from source files
If you are like me, you will find that you need to install a lot of application software from the source code and compile the build for your specific platform. The most common way of installing the program is to download the source (usually it's a file with .tgz or .tar.gz extension to it), unpack the file, go into the directory where the source files are extracted, run the configure tool, followed by the make and finally the make install commands.
wget http://site.com/source/program-1.0.tgz
tar -zxvf program-1.0.tgz
cd program-1.0
./configure
make
sudo make install
This will download, extract, compile and install the program in your Ubuntu eco-system.
If you have to do this to a few machines or need to reinstall your computer ever so often, it would simply be easier if you could create a .deb file and simply install the program when you need to which is faster, and you do not need the installation of compiler, make utility, header and dev libraries.
There is a tool called checkinstall which you can install from the Ubuntu repository. To do that, simply run the command:
sudo apt-get install checkinstall
Once that is installed, when you want to create a .deb file, you do pretty much everything like normal but instead of installing the program with "sudo make install", you create a .deb at this point with the command "sudo checkinstall" which will create the .deb file for you.
You can then copy the .deb file into a safe place, and when you need to install in the future, copy the .deb file to your local directory and issue the command "sudo dpkg -i package.deb" which will install the applictaion for you without the need for the source download, dev libraries, compiler, etc.
Note: These are basic instructions that may not always work. Some packages require additional dependencies and optional parameters to be specified in order to build them successfully.
wget http://site.com/source/program-1.0.tgz
tar -zxvf program-1.0.tgz
cd program-1.0
./configure
make
sudo make install
This will download, extract, compile and install the program in your Ubuntu eco-system.
If you have to do this to a few machines or need to reinstall your computer ever so often, it would simply be easier if you could create a .deb file and simply install the program when you need to which is faster, and you do not need the installation of compiler, make utility, header and dev libraries.
There is a tool called checkinstall which you can install from the Ubuntu repository. To do that, simply run the command:
sudo apt-get install checkinstall
Once that is installed, when you want to create a .deb file, you do pretty much everything like normal but instead of installing the program with "sudo make install", you create a .deb at this point with the command "sudo checkinstall" which will create the .deb file for you.
You can then copy the .deb file into a safe place, and when you need to install in the future, copy the .deb file to your local directory and issue the command "sudo dpkg -i package.deb" which will install the applictaion for you without the need for the source download, dev libraries, compiler, etc.
Note: These are basic instructions that may not always work. Some packages require additional dependencies and optional parameters to be specified in order to build them successfully.
Wednesday, July 8, 2009
Using BackTrack 4 applications on a Ubuntu (8.10 Intrepid) build...
There is a security tools distro called BackTrack which in it's own words:
BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
To know more about BackTrack, click here.
The latest version of BackTrack (BackTrack 4) does away with a simple build that is only good for the next six months (you could never really update the build completely). It now uses Ubuntu (8.10 Intrepid) as a base so that application and updates are easily available and updated.
As much as I like BackTrack which uses KDE, I am a GNOME person. Instead of using the BackTrack build, I wanted to use Ubuntu, yet leveraging on the vast amount of tools that BackTrack offers. To do that, you must add the following into your /etc/apt/sources.list file:
Before you can start using the BackTrack repository, you will need to install the GPG key so that the APT tool does not give you an error message saying the repository has no public key. To do that:
wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
You can then issue the apt-get update command and download the list of application that the repository hosts and use the Synaptic Package Manager to view what is available and install the applications that you want.
Note, you should only do this on Ubuntu 8.10 Intrepid as all the work the BackTrack team does is using this version of Ubuntu. I am assuming you are well versed in the ways of Ubuntu and know when you need to use root access to do some of the actions stated in this article.
BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
To know more about BackTrack, click here.
The latest version of BackTrack (BackTrack 4) does away with a simple build that is only good for the next six months (you could never really update the build completely). It now uses Ubuntu (8.10 Intrepid) as a base so that application and updates are easily available and updated.
As much as I like BackTrack which uses KDE, I am a GNOME person. Instead of using the BackTrack build, I wanted to use Ubuntu, yet leveraging on the vast amount of tools that BackTrack offers. To do that, you must add the following into your /etc/apt/sources.list file:
Before you can start using the BackTrack repository, you will need to install the GPG key so that the APT tool does not give you an error message saying the repository has no public key. To do that:
wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
You can then issue the apt-get update command and download the list of application that the repository hosts and use the Synaptic Package Manager to view what is available and install the applications that you want.
Note, you should only do this on Ubuntu 8.10 Intrepid as all the work the BackTrack team does is using this version of Ubuntu. I am assuming you are well versed in the ways of Ubuntu and know when you need to use root access to do some of the actions stated in this article.
Monday, July 6, 2009
Speeding up your Ubuntu updates -- Malaysian update
I had posted an article called Speeding up your Ubuntu updates on 7-Mar-2009. What I had failed to realise was the fact that Ubuntu updates are now hosted on a Malaysian site at the Multimedia University at archive.mmu.edu.my since 21-Jun-2008.
Jaunty users will see the Malaysian host when they run the Software Sources program in Ubuntu. Earlier distros will need to manually change the source in /etc/apt/source.list file. Go to this link for more details.
Jaunty users will see the Malaysian host when they run the Software Sources program in Ubuntu. Earlier distros will need to manually change the source in /etc/apt/source.list file. Go to this link for more details.
Saturday, May 30, 2009
Keeping yourself updated (really useful links) - 20090530...
I have found that no one person or website can keep track of security issues. Below are the addresses of some sites that I visit or subscribe to to keep me updated.
Tuesday, April 28, 2009
Sunday, April 26, 2009
Misc info...
Tenable has released Nessus 4, you can go give it a try at http://www.nessus.org/nessus/.
I have upgraded all my machines (except my EeePC) to Ubuntu 9.04 Jaunty Jackalope. So anything I post from now onwards is most probably done on a Jaunty build and maybe an Intrepid (my EeePC).
In case anyone is wondering, I have successfully upgraded my wubi installation of Ubuntu from 8.10 to 9.04.
I have upgraded all my machines (except my EeePC) to Ubuntu 9.04 Jaunty Jackalope. So anything I post from now onwards is most probably done on a Jaunty build and maybe an Intrepid (my EeePC).
In case anyone is wondering, I have successfully upgraded my wubi installation of Ubuntu from 8.10 to 9.04.
Saturday, April 11, 2009
Installing Metasploit 3.2 on Ubuntu 9.04...
If you want to use Metasploit, you will need to install this program manually as it is not found in Ubuntu's repository (feel free to correct me on this).
You will first need to install the following libraries from Ubuntu's repositories:
sudo apt-get install subversion ruby libruby rdoc libyaml-ruby libzlib-ruby
sudo apt-get install libopenssl-ruby libdl-ruby libreadline-ruby
sudo apt-get install libiconv-ruby rubygems libgtk2-ruby libglade2-ruby
You will then need to download Metasploit 3.2 from the Metasploit website at URL:
http://spool.metasploit.com/releases/framework-3.2.tar.gz
The easiest way would be to use the wget command:
wget "http://spool.metasploit.com/releases/framework-3.2.tar.gz"
Unpack the program:
tar -zxvf framework-3.2.tar.gz
You will then need to update Metasploit with the latest exploits and updates by going into the framework-3.2 sub-directory and issuing the subversion update command:
sudo svn update
You now have the latest version of Metasploit. It is recommended that you issue the "sudo svn update" command every time you are about to use the program or at least once a week.
Tested this on Ubuntu 9.04 (Jaunty Jackalope) beta...
You will first need to install the following libraries from Ubuntu's repositories:
sudo apt-get install subversion ruby libruby rdoc libyaml-ruby libzlib-ruby
sudo apt-get install libopenssl-ruby libdl-ruby libreadline-ruby
sudo apt-get install libiconv-ruby rubygems libgtk2-ruby libglade2-ruby
You will then need to download Metasploit 3.2 from the Metasploit website at URL:
http://spool.metasploit.com/releases/framework-3.2.tar.gz
The easiest way would be to use the wget command:
wget "http://spool.metasploit.com/releases/framework-3.2.tar.gz"
Unpack the program:
tar -zxvf framework-3.2.tar.gz
You will then need to update Metasploit with the latest exploits and updates by going into the framework-3.2 sub-directory and issuing the subversion update command:
sudo svn update
You now have the latest version of Metasploit. It is recommended that you issue the "sudo svn update" command every time you are about to use the program or at least once a week.
Tested this on Ubuntu 9.04 (Jaunty Jackalope) beta...
Tuesday, March 17, 2009
Installing Chromium Browser in Ubuntu
The people in launchpad.net are building early builds of the Chromium browser (this is not Google's Chrome browser) for Ubuntu with daily builds released. Take note that this is still early-alpha builds, but will give you a glimpse of what is to come. For instructions, go to:
https://launchpad.net/~chromium-daily/+archive/ppa
https://launchpad.net/~chromium-daily/+archive/ppa
Saturday, March 7, 2009
Speeding up your Ubuntu updates
This is so essential, I wonder why I didn't mention this earlier.
Now, I am sure most Ubuntu users when they first install Ubuntu on their computer, will usually (as part of the installation process) tell the Ubuntu installer where they are located and the timezone they are at. The installer then tries to point your Ubuntu installation to the nearest repository so that you can download all the latest patches and updates via this point instead of the main Ubuntu servers.
I am located in Malaysia, so the installer places me on the Malaysian server which is located at my.archive.ubuntu.com. Now, the problem with the internet is, routing is never an exact science and the Malaysian server at my.archive.ubuntu.com is actually located in the United Kingdom and it shows when I run an update and usually get around 20kb/s download transfers.
I have two choices to try and speed up my updates. The first thing you need to do is to run a program called "Software Sources" found at:
System -> Administration -> Software Sources
In this program, under the "Download from:" option, you can select the "Other..." option and a list of servers that mirrors the main Ubuntu server are listed. You can simply select a server in your country or if your country is not listed, a near or neighboring country from the list as your source of Ubuntu updates. This is your first option, which usually works quite well and you will notice a faster then before download rate.
The second and preferred option is to click the "Select Best Server" button which will ping all the servers on the list and automatically select for you the server with the faster response time. This option usually points you to the server that will give you the fastest download rates.
I am now pointed to a server in Taiwan which gives me a very high download rate (about 150kb/s) and quite strangely, without the "Select Best Server" button, I would have chosen a server in Singapore or Thailand due to the close proximity of the two countries to Malaysia.
Do give this a try and let me know if this article was useful.
Now, I am sure most Ubuntu users when they first install Ubuntu on their computer, will usually (as part of the installation process) tell the Ubuntu installer where they are located and the timezone they are at. The installer then tries to point your Ubuntu installation to the nearest repository so that you can download all the latest patches and updates via this point instead of the main Ubuntu servers.
I am located in Malaysia, so the installer places me on the Malaysian server which is located at my.archive.ubuntu.com. Now, the problem with the internet is, routing is never an exact science and the Malaysian server at my.archive.ubuntu.com is actually located in the United Kingdom and it shows when I run an update and usually get around 20kb/s download transfers.
I have two choices to try and speed up my updates. The first thing you need to do is to run a program called "Software Sources" found at:
System -> Administration -> Software Sources
In this program, under the "Download from:" option, you can select the "Other..." option and a list of servers that mirrors the main Ubuntu server are listed. You can simply select a server in your country or if your country is not listed, a near or neighboring country from the list as your source of Ubuntu updates. This is your first option, which usually works quite well and you will notice a faster then before download rate.
The second and preferred option is to click the "Select Best Server" button which will ping all the servers on the list and automatically select for you the server with the faster response time. This option usually points you to the server that will give you the fastest download rates.
I am now pointed to a server in Taiwan which gives me a very high download rate (about 150kb/s) and quite strangely, without the "Select Best Server" button, I would have chosen a server in Singapore or Thailand due to the close proximity of the two countries to Malaysia.
Do give this a try and let me know if this article was useful.
Saturday, February 14, 2009
Opening Microsoft Compressed HTML Help (.chm) files
I have a few e-books formatted in Microsoft's Compress HTML Help format. To open these files, I had to install a viewer called xchm. To install it in Ubuntu, I opened a terminal shell and typed:
sudo apt-get install xchm
However, the installer did not associate .chm files with the xchm program in GNOME. To fix this, I right-clicked on a .chm file and selected "Properties". I then selected the "Open with" tab and chose xchm from the list of applications.
sudo apt-get install xchm
However, the installer did not associate .chm files with the xchm program in GNOME. To fix this, I right-clicked on a .chm file and selected "Properties". I then selected the "Open with" tab and chose xchm from the list of applications.
Friday, February 13, 2009
What anti-virus?
One cool thing about being a Ubuntu user the last four years is the fact that I do not need to install an anti-virus program into my computer. This only goes to show that linux is superior in design to Windoze. This saves me money (don't need to buy) and time (computer works faster). :)
Sunday, February 8, 2009
Installing OpenVAS 1.0.x on Ubuntu Linux...
OpenVAS (URL http://www.openvas.org) is an open source and fully GPL'ed fork of the now closed source Nessus security scanner. I will not go into the history of Nessus and why OpenVAS is a fork of that source code but will focus more on how I installed OpenVAS on my favorite Linux distro Ubuntu.
If you go to the OpenVAS site, they only have .rpm (aka RedHat) packages and can't be used on a Debian based distro like Ubuntu. Also, as a side note, if you want to do something else with OpenVAS which I am not covering, remember that you should best follow only the Ubuntu specific instructions and when that is not possible, for the Debian Etch instructions as Ubuntu uses the "Etch" branch of Debian.
The instructions below are for use with OpenVAS v1.x and not the new beta 2.0 (will write another article later when it gets out of beta).
Firstly, you will need to add the following repositories into aptitude by editing /etc/apt/sources.list and adding the following line into the sources.list file:
deb http://apt.intevation.de/ etch openvas
You then update your Ubuntu repositories by issuing the "apt-get update" command.
You then need to download the following source codes from the OpenVAS website. Which you can find at URL http://wald.intevation.org/frs/?group_id=29
They are:
openvas-libraries 1.0.2 (not needed, a .deb installer is available in the repository)
openvas-libnasl 1.0.1
openvas-server 1.0.2
openvas-plugins 1.0.4 (if there is a newer version > 1.0.4, download that instead)
Create a sub-directory in your home directory called "~/openvas1" and move all the .tar.gz source code files into this folder.
Then, you need to install certain libraries which OpenVAS uses prior to compiling the source codes you've downloaded by issuing the command:
apt-get install openvas-client libopenvas1 libopenvas1-dev libgpgme11 libgpgme11-dev bison build-essential
!
! in Ubuntu 8.10, prior to issuing the above command, you will need to install
! some libraries which are missing in Ubuntu 8.10.
!
! Download the following .deb (libgnutls13 and libopencdk10) files from the
! hardy packages (they'll work in Ubuntu 8.10)
!
! http://packages.ubuntu.com/hardy-updates/i386/libgnutls13/download
! http://packages.ubuntu.com/hardy/i386/libopencdk10/download
!
! You can install the two .deb files by issuing the command:
!
! dpkg -i libgnutls13_2.0.4-1ubuntu2.1_i386.deb
! dpkg -i libopencdk10_0.6.6-1ubuntu1_i386.deb
!
You will then need to open the three source code files, untar them and compile them. You can do this for all three packages by typing in:
tar zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
make install
cd ..
You will need to do the above with all three files, mainly:
openvas-libnasl-1.0.1.tar.gz
openvas-server-1.0.2.tar.gz
openvas-plugins-1.0.4.tar.gz
in the above order.
You will then need to let your linux system know about the new libraries you have just compiled before the can be used by typing in:
ldconfig -v
You then need to copy the file openvas-services from the server source code folder into the /var/lib/openvas directory by issuing the following command in a bash shell:
mkdir /var/lib/openvas
cp ~/openvas1/openvas-server-1.0.2/openvas-services /var/lib/openvas/
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
openvas-mkcert
openvas-adduser
To start OpenVAS, activate the server by typing in:
openvasd -D &
And running the OpenVAS client by typing:
openvas-client
If all works well, when you run openvasd, you will see it attempt to load in all the plug-ins and in the openvas-client, connect to the openvas server.
Feel free to comment!
Note: Tested on Ubuntu 7.10, 8.04 and 8.10, and I assume you are doing all this with root access and am running the kernel in i386 (32-bit) mode.
If you go to the OpenVAS site, they only have .rpm (aka RedHat) packages and can't be used on a Debian based distro like Ubuntu. Also, as a side note, if you want to do something else with OpenVAS which I am not covering, remember that you should best follow only the Ubuntu specific instructions and when that is not possible, for the Debian Etch instructions as Ubuntu uses the "Etch" branch of Debian.
The instructions below are for use with OpenVAS v1.x and not the new beta 2.0 (will write another article later when it gets out of beta).
Firstly, you will need to add the following repositories into aptitude by editing /etc/apt/sources.list and adding the following line into the sources.list file:
deb http://apt.intevation.de/ etch openvas
You then update your Ubuntu repositories by issuing the "apt-get update" command.
You then need to download the following source codes from the OpenVAS website. Which you can find at URL http://wald.intevation.org/frs/?group_id=29
They are:
openvas-libraries 1.0.2 (not needed, a .deb installer is available in the repository)
openvas-libnasl 1.0.1
openvas-server 1.0.2
openvas-plugins 1.0.4 (if there is a newer version > 1.0.4, download that instead)
Create a sub-directory in your home directory called "~/openvas1" and move all the .tar.gz source code files into this folder.
Then, you need to install certain libraries which OpenVAS uses prior to compiling the source codes you've downloaded by issuing the command:
apt-get install openvas-client libopenvas1 libopenvas1-dev libgpgme11 libgpgme11-dev bison build-essential
!
! in Ubuntu 8.10, prior to issuing the above command, you will need to install
! some libraries which are missing in Ubuntu 8.10.
!
! Download the following .deb (libgnutls13 and libopencdk10) files from the
! hardy packages (they'll work in Ubuntu 8.10)
!
! http://packages.ubuntu.com/hardy-updates/i386/libgnutls13/download
! http://packages.ubuntu.com/hardy/i386/libopencdk10/download
!
! You can install the two .deb files by issuing the command:
!
! dpkg -i libgnutls13_2.0.4-1ubuntu2.1_i386.deb
! dpkg -i libopencdk10_0.6.6-1ubuntu1_i386.deb
!
You will then need to open the three source code files, untar them and compile them. You can do this for all three packages by typing in:
tar zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
./configure
make
make install
cd ..
You will need to do the above with all three files, mainly:
openvas-libnasl-1.0.1.tar.gz
openvas-server-1.0.2.tar.gz
openvas-plugins-1.0.4.tar.gz
in the above order.
You will then need to let your linux system know about the new libraries you have just compiled before the can be used by typing in:
ldconfig -v
You then need to copy the file openvas-services from the server source code folder into the /var/lib/openvas directory by issuing the following command in a bash shell:
mkdir /var/lib/openvas
cp ~/openvas1/openvas-server-1.0.2/openvas-services /var/lib/openvas/
For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:
openvas-mkcert
openvas-adduser
To start OpenVAS, activate the server by typing in:
openvasd -D &
And running the OpenVAS client by typing:
openvas-client
If all works well, when you run openvasd, you will see it attempt to load in all the plug-ins and in the openvas-client, connect to the openvas server.
Feel free to comment!
Note: Tested on Ubuntu 7.10, 8.04 and 8.10, and I assume you are doing all this with root access and am running the kernel in i386 (32-bit) mode.
Simple way to create an ISO image of your disc in Ubuntu...
Go to Terminal:
sudo umount /dev/cdrom
dd if=/dev/cdrom of=filename.iso bs=1024
To verify your ISO file is good:
md5sum /dev/cdrom
md5sum filename.iso
Both instances should produce the same md5 hash. :)
Note: "filename.iso" is only an example filename, feel free to use any name you want.
sudo umount /dev/cdrom
dd if=/dev/cdrom of=filename.iso bs=1024
To verify your ISO file is good:
md5sum /dev/cdrom
md5sum filename.iso
Both instances should produce the same md5 hash. :)
Note: "filename.iso" is only an example filename, feel free to use any name you want.
Sunday, February 1, 2009
Making the Firefox browser special
Let's face it, a web browser, is a web browser, is a web browser. Every operating system has at least two web browsers that users can choose to use. The difference between most browsers with Firefox is the fact that Firefox has add-ons which basically extends the functionality of the browser. I am sure that this is nothing new to most seasonal Ubuntu users, but most users new to Firefox do not realise that they can expand the functionality. This blog shows users (not in the know) how to find and add these add-ons and what are my favourite personal add-ons which you may or may not find useful.
Adding the add-ons
Launch Firefox and go to Tools -> Add-ons and the "Add-ons" windows will appear. You then go to the "Get Add-ons" tab and you can then find any and every add-on that was ever made for Firefox that Mozilla has tested and deemed safe for users to use. There are sites that offer the add-ons directly. However, getting them directly from Mozilla is a safe bet as they have been tested to work correctly "as advertised".
The best way to know what add-ons you want is to simply use the browser and ask yourself what improvements you would like to see to Firefox. Once you know what you want, simply figure out what keyword would best describe the feature you want and query in the "Get Add-ons" tab. The query result will display all add-ons that fit the search query and will then display a short description of what the add-on does. If the description fits what you want, you are then given the opportunity to install the add-on. You can also check the "Extension" tab to see what add-ons you have installed. You can also configure the behaviour of the extension to better fit your needs.
Extension/Add-ons that I use
The list below are the extensions that I use. It is in no way an endorsement to the following add-on authors but it is a list of add-ons that I use that I find useful and convenient. They are:
To know what these tools do, may I suggest you query them in the "Get Add-ons" tab and have a read yourself.
Adding the add-ons
Launch Firefox and go to Tools -> Add-ons and the "Add-ons" windows will appear. You then go to the "Get Add-ons" tab and you can then find any and every add-on that was ever made for Firefox that Mozilla has tested and deemed safe for users to use. There are sites that offer the add-ons directly. However, getting them directly from Mozilla is a safe bet as they have been tested to work correctly "as advertised".
The best way to know what add-ons you want is to simply use the browser and ask yourself what improvements you would like to see to Firefox. Once you know what you want, simply figure out what keyword would best describe the feature you want and query in the "Get Add-ons" tab. The query result will display all add-ons that fit the search query and will then display a short description of what the add-on does. If the description fits what you want, you are then given the opportunity to install the add-on. You can also check the "Extension" tab to see what add-ons you have installed. You can also configure the behaviour of the extension to better fit your needs.
Extension/Add-ons that I use
The list below are the extensions that I use. It is in no way an endorsement to the following add-on authors but it is a list of add-ons that I use that I find useful and convenient. They are:
- Ad Block Plus
- Download Statusbar
- PageZoom
- QuickJava
- Server Spy
- ShowIP
- SwitchProxy Tool
To know what these tools do, may I suggest you query them in the "Get Add-ons" tab and have a read yourself.
Saturday, January 31, 2009
Getting the public key of a ubuntu repository
I sometimes have problems when I add an APT line to the source.list and when I do and apt-get update, get an error message saying I do not have an authentication key, especially from one of the launchpad.net repositories. The usual message would be:
GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0123456789ABCDEF
I have a short script that can help you get the correct key. Simply create a file called import-ubuntu-key.sh and type in the following code:
gpg --keyserver keyserver.ubuntu.com --recv $1
gpg --export --armor $1 | sudo apt-key add -
You then have to make the file an executable file, this can be done by using the chmod command with the +x switch:
chmod +x import-ubuntu-key.sh
To import the signature, simply type:
./import-ubuntu-key.sh 0123456789ABCDEF
The above assumes the script is located in the current directory and the repository's public key is located on the keyserver.ubuntu.com server.
GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0123456789ABCDEF
I have a short script that can help you get the correct key. Simply create a file called import-ubuntu-key.sh and type in the following code:
gpg --keyserver keyserver.ubuntu.com --recv $1
gpg --export --armor $1 | sudo apt-key add -
You then have to make the file an executable file, this can be done by using the chmod command with the +x switch:
chmod +x import-ubuntu-key.sh
To import the signature, simply type:
./import-ubuntu-key.sh 0123456789ABCDEF
The above assumes the script is located in the current directory and the repository's public key is located on the keyserver.ubuntu.com server.
Wednesday, January 28, 2009
Installing Ubuntu 8.10 on my EeePC 701...
Got myself a 16GB class 4 SDHC card and decided to upgrade my EeePC 701 with the latest version of Ubuntu (8.10 Intrepid).
I used a DVD drive to install Ubuntu on my EeePC and almost everything worked OOTB (out of the box) with the exception of wifi and a shutting down problem.
To fix the first problem, I disabled the "Support for Atheros 802.11 wireless LAN cards" on Hardware Drivers, and rebooted.
Then, I installed the backports modules which has a working wifi driver by typing the following in a terminal shell:
sudo apt-get install linux-backports-modules-intrepid-generic
Before anyone asks... Yes, I had to do this with a wired internet connection.
To solve the shutdown problem, all I had to do was to edit the "halt" file at "/etc/default/" and add in "rmmod snd-hda-intel" on the last line of the file.
This basically gets the whole computer working as everything else is already supported by Ubuntu.
To enhance the computer, I also installed a utility called Eee Control. The latest version as of this writing is v0.8.3. You can get this utility at URL http://greg.geekmind.org/eee-control/.
This utility allows you to control the switching on/off of certain components like wifi, camera, etc. You can also overclock or underclock the EeePC with the option to auto powersave when your EeePC runs off batteries regardless of the clock speed when plugged to the wall.
To increase the lifespan of the SSD (or SDHC card in my case), we can reduce the frequency of writes to the media by adding the following into the "/etc/fstab":
tmpfs /var/tmp tmpfs noatime 0 0
tmpfs /tmp tmpfs noatime 0 0
You can also add the "noatime" to the other medias that Ubuntu accesses.
I used a DVD drive to install Ubuntu on my EeePC and almost everything worked OOTB (out of the box) with the exception of wifi and a shutting down problem.
To fix the first problem, I disabled the "Support for Atheros 802.11 wireless LAN cards" on Hardware Drivers, and rebooted.
Then, I installed the backports modules which has a working wifi driver by typing the following in a terminal shell:
sudo apt-get install linux-backports-modules-intrepid-generic
Before anyone asks... Yes, I had to do this with a wired internet connection.
To solve the shutdown problem, all I had to do was to edit the "halt" file at "/etc/default/" and add in "rmmod snd-hda-intel" on the last line of the file.
This basically gets the whole computer working as everything else is already supported by Ubuntu.
To enhance the computer, I also installed a utility called Eee Control. The latest version as of this writing is v0.8.3. You can get this utility at URL http://greg.geekmind.org/eee-control/.
This utility allows you to control the switching on/off of certain components like wifi, camera, etc. You can also overclock or underclock the EeePC with the option to auto powersave when your EeePC runs off batteries regardless of the clock speed when plugged to the wall.
To increase the lifespan of the SSD (or SDHC card in my case), we can reduce the frequency of writes to the media by adding the following into the "/etc/fstab":
tmpfs /var/tmp tmpfs noatime 0 0
tmpfs /tmp tmpfs noatime 0 0
You can also add the "noatime" to the other medias that Ubuntu accesses.
Installing the Firewalk security tool
Unfortunately for all, the firewalk tool is not found in any of the Ubuntu repositories nor is there a .deb file that you can download and install. You will need to download the source code and compile the program yourself.
To get the firewalk source, go to URL http://www.packetfactory.net/projects/firewalk/. Download the source file from the site called "firewalk.tar.gz". You then need to untar the file by typing in a terminal shell:
tar -xvvzf firewalk.tar.gz
This will untar all the files and create their respective directories. You will then need to install the relavent supporting libraries and their development tools with the command:
sudo apt-get install build-essential libpcap-dev libnet1-dev libdnet-dev libdumbnet-dev
Since this tool (firewalk) was developed a few years ago, two of the libraries it uses have changed their names, we will need to link the old name to the new object name with the following sequence of commands:
cd /usr/lib
sudo ln -s libdumbnet.so libdnet.so
cd /usr/include
sudo ln -s dumbnet.h dnet.h
Before you can compile firewalk, there is one change you will need to make to the source. Gutsy (and newer Ubuntu distros) install gcc 4.0 by default, which doesn't like switch statements with no instructions in the "default" case. To fix this, just insert the "break;" command on line 193 of src/firewalk.c:
==== old =====
default:
/* empty */
==== new =====
default:
break;
/* empty */
Now, you are ready to compile everything, issue the following commands in the Firewalk directory:
./configure
make
sudo make install
To install the man pages, type in the following:
sudo mkdir /usr/local/man/man8
sudo cp man/firewalk.8 /usr/local/man/man8
You are now ready to use the firewalk utility command. :)
Note: This was done on a Ubuntu 8.10 distro.
To get the firewalk source, go to URL http://www.packetfactory.net/projects/firewalk/. Download the source file from the site called "firewalk.tar.gz". You then need to untar the file by typing in a terminal shell:
tar -xvvzf firewalk.tar.gz
This will untar all the files and create their respective directories. You will then need to install the relavent supporting libraries and their development tools with the command:
sudo apt-get install build-essential libpcap-dev libnet1-dev libdnet-dev libdumbnet-dev
Since this tool (firewalk) was developed a few years ago, two of the libraries it uses have changed their names, we will need to link the old name to the new object name with the following sequence of commands:
cd /usr/lib
sudo ln -s libdumbnet.so libdnet.so
cd /usr/include
sudo ln -s dumbnet.h dnet.h
Before you can compile firewalk, there is one change you will need to make to the source. Gutsy (and newer Ubuntu distros) install gcc 4.0 by default, which doesn't like switch statements with no instructions in the "default" case. To fix this, just insert the "break;" command on line 193 of src/firewalk.c:
==== old =====
default:
/* empty */
==== new =====
default:
break;
/* empty */
Now, you are ready to compile everything, issue the following commands in the Firewalk directory:
./configure
make
sudo make install
To install the man pages, type in the following:
sudo mkdir /usr/local/man/man8
sudo cp man/firewalk.8 /usr/local/man/man8
You are now ready to use the firewalk utility command. :)
Note: This was done on a Ubuntu 8.10 distro.
Tuesday, January 27, 2009
Life with Ubuntu
Just started this blog today as I wanted to write about how easy it is to use Ubuntu Linux. I will only write about what I do, use, experience and think about Ubuntu (for now) and hopefully help and assist others on this journey as well. A little background, I have been using Ubuntu for the last 4 years (since Ubuntu 5.04) and use Ubuntu on all my own PCs with the exception of my laptop which I use in the office that has Windoze XP (with wubi and Ubuntu 7.10). One of my laptops is an EeePC 701 so you will also read a bit of Eee centric posts as well as security applications which I use for work. More to come in the following days... :)
Subscribe to:
Posts (Atom)