** ** ** WARNING! ** ** **

*DRAFT*DRAFT*DRAFT*DRAFT*DRAFT*DRAFT*DRAFT*DRAFT*

This article is a draft need more exact info and material to complete it, as for now this will be our base idea of how to do a Linux Whole Drive Encryption + secure boot disk.

Title: Linux Whole Drive Encryption

Distribution: Debian-current Stable

Crypto: Loop-AES

Hardware:

• A usb flash drive (secure boot disk)
• Notebook or a Desktop computer.

Main Idea:

• Install Debian with the whole disk is encryted using Loop-AES
• USB Flash/thumb drive will act as a secure boot disk all of the system kernel will reside in here, we configure our Debian will fail to boot without this drive
• Bootloader is Lilo with password if possible adding some secure authentication method to the startup disk for added security.

Note:

Further testing and R&D need to be done, need to get a working Debian will a whole disk encryted running, then will start working on the flash drive boot disk.

Reference:

http://tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/

Contributer:

Sifuh sifuh(AT)yenjie.net

Zuan zuan(AT)mylinux.net.my

If you like to contribute to this document please do email me, and bombard me with you ideas

Please check: http://mylinux.net.my/v1/linux-whole-drive-encryption/ for update

$revision: 1.0 (31/10/2008)

EOF-

Rgds,

Zuan

Before we start please make sure you have all of this :

1. SSH access to a Linux/Unix Server & the server have ruby installed
2. Putty SSH Client -> Download
3. SkyWizard@MyBSD pundek.rb (Our Proxy Daemon)
3. Know what you are doing

The purpose of this guide is to show you how to secure our connection via ssh tunnel same as having a secure proxy :). On this example we’ll be using Putty a window based ssh client to tunnel our connection to a remote proxy server so transparently we using the the proxy but via SSH tunnel.

We’ll start by configuring Putty to tunnel our connection:

Start your putty, By the way i assume most you guy already know how to use putty if you don’t try searching around first, I will not show you how to use putty here sorry:

Go to Connection -> Tunnels (refer to the figure below)

Add the following 10:10:10.2:1234 to the destination and 7777 to the Source Port, and don’t forget to tick the option “Local port accept connections from others hosts” you should have something like this when you click the add button:

go back to “Session” and enter your Linux/Unix hostname or IP and don’t forget to save your setting this step will conclude the client site setting. We can proceed to Server Side setting after this.

SSH to your Linux/Unix server using the previous setting that we made:

Now we need to get pundek.rb by Skywizard@MyBSD just type:

wget http://staff.mybsd.org.my/skywizard/devel/pundek.rb

Save it anywhere you feel like it, after you have what we need let us see what pundek.rb can offer us, run the proxy daemon by doing:

ruby -w pundek.rb -h

It should show something like this :

It a straight forward program you can edit the files using “vi” to see it source code (if you want to). Let we start our proxy daemon by doing ruby pundek.rb without any option:

well actually that the only thing we need I wont go through the detail how to use pundek.rb, next the last thing that we need to do is configure or web browser to use 127.0.0.1 port 7777 as a proxy the port maybe be different depend on your configuration and that it you are done you can now start browsing using your own secure ssh tunnel, I wont be showing how to configure your web browser to use custom proxy because if you are attempting to use ssh tunnel you should know how to configure your web browser already

Note:

the remote proxy doesn’t need to be pundek.rb it can also use with squid or any sock 4/5 proxy available in the net

This article is copyrighted by me and no one else please leave some credit if you are posting is somewhere

Thank You

Have you ever encountered this particular messages? don’t know what to do with it? I used to get this a lot on some of the freeBSD server that I maintain, mostly cause when I try to delete the sendmail queue’s, my sendmail realy like to fill up the /var/spool partition :p so from time to time I have to delete it manually, but the thing is the folder contain to many files when I try to rm -fr * nasty “/bin/rm: Argument list too long.” show up. Well the solution is fairly simple (for me that is) for me just use some shell script magic:

1st I make sure I’m in the /var/spool/mqueue, so we don’t want accidentally delete the / partition don’t we?, trust me I happen to me once good thing I run it on my VMware machine if not I’ totally fsck :p. So back to our folder /var/spool/mqueue that is, I just issued this single line of shell script:

for x in *; do rm -vfr $x; done

and all the thousand files in /var/spool/mqueue is gone! there some other way to delete multiple files here a good example how with a different approach :

find . -name '*' | xargs rm

where “.” is the current directory the command is being run

-EOF

the script:

#!/bin/sh
#
# daemon cron script can be use with anything program that have a pid files
# zuan(at)mylinux.net.my|daemon.cron|200810729|2343
#

daemon_dir=”/path/to/your/program”
daemon_exec=”program”
daemon_pid=”/path/to/your/program.pid”

#### don’t touch below here ####

cd $daemon_dir

# make sure filesystem isn’t full
freespace=`df -k . | tail -1 | awk {’print $4′}`
if [ $freespace -lt 10 ]; then
echo “Filesystem Full!”
exit
fi

# see if stale pid file
if [ -f $daemon_pid ]; then
pid=`cat $daemon_pid`
if [ `ps -p $pid | wc -l` -eq 2 ]; then
exit
else
echo “Stale PID File”
fi
fi

echo “Starting Your Deamon Process…”
$daemon_exec

the crontab check every 5 minutes:

*/5 * * * * /path/to/your/daemon.cron &>/dev/null

oh ya don’t forget to chown +x your daemon.cron or what ever you name it

Thank You

This messages is for those who OWN a wireless router.

Why I urge you guys to secure it?, I recently moved to a new place since the new house have no telephone line which mean I have no internet access until I get the phone line (DAM!). So booted my Ubuntu and plugged my D-Link DWL-G122 usb wireless stick to my notebook (I haven’t used it for while because my notebook have internal wifi card)

So you guys much be wondering why should I use it now, It because DLink DWL-G122 Rev C1 are commonly known for cracking Wireless AP and I urgently need an Internet access (You should get the point) . So you have configured your AP to use WEP either 64 or 126 bit hex key and you it think it secure enough, guess what you might want to think about it again, with a proper sotfware tools, knowlage and hardware (which I do meet the requirement :p) now days I can easily Crack WEP configured router for WPA it can be done too but we malaysian like too use password that commonly not listed in any password list in the net (Good for those WPA guys are safe from me :p).

Around my house (I’m at the 6th Floor btw) I can see average 5-7 AP available, In just 30 minutes I cracked most of them :p, just a few that take a bit longer because it have no client active when I’m doing the cracking. WEP is actually safe for common people but IT NOT SAFE AROUND PEOPLE LIKE ME! SO BEWARE! >:) here some tips help you guys strengthen up your wireless networks.

1. If you going to use WEP combine it with MAC address access list so only your pre-define MAC address can connect to your AP.
2. Use WPA!! and with a not common use password combine it with letter and number!! So if some realy want to crack your AP it will give him a lot of time to do it or maybe fail and give up :p
3. !!!CHANGE YOUR DEFAULT ACCESS POINT ROUTER!!! don’t think you configured using WEP no one will able to connect, example all of the crack AP around my house still using the default password for the router ADMIN this is common mistake when people think there are secure enough!!
4. !!!CHANGE YOUR DEFAULT ACCESS POINT ROUTER!! <– MANDATORY!! (just to make sure you remember! :P)
5. Always check your Access Point Log if you configured DHCP check the client list!! make sure NO UNWANTED people connecting!!!

I really really really really really recommended using WPA because even using MAC Address List I can still connect by spoofing the MAC access to a Valid Mac address that allowed by the Access Point!. Unless you are like me that own 2 firewall that I can configured it to block any IP that not in the access list so I don’t really mind someone manage to crack my WEP key because they wont get anywhere with it

Thanks for reading my 1st can be considered useful for some people

Makin hari nampak macam tiada aktiviti yang menarik sangat dalam website ni, maybe kekurang kaki dan tangan atau admin-admin nyer semua nyer pemalas? ntah we see …

PS: POST ini sekadar memenuhkan database tiada kene mengena dengan manusia atau binatang yang hidup atau pun yang telah kojol TQ

http://www.bharian.com.my/m/BHarian/Friday/Komputer/20070504100004/Article/

Interesting part is “perisian berlesen Linux menerusi NCL pada kadar yang sudah disubsidikan.” I wonder which software that they mention in the article and also the picture is just a shot from someone playing emulated DOOM on Linux nothing to brag about :D. But it still a good effort to bring more people to use open source software, but the license part make me wonder ..

I’m still figuring out a project for mylinux that can benefit not only me but to fellow readers, right now I can think of any yet if you guy have any suggestion of what we should do or want to contribute please do so email me at webmaster@mylinux.net.my

FYI all mail account has being migrated to google mail services

Thank You

SSH brute force prevention

Quote dari email MyCert

1) Make sure the OPENSSH you’re using is up-to-date with latest patches.
2) Utilize SSH key authentication.
3) Disable SSH to accounts/users that don’t need it, esspecially remote root logins.
4) Or filter SSH to allow only authorized IP Address sources.
5) Avoid using generic login accounts
6) Use strong passwords,at least 8 characters long consisting of numbers and letters both upper case and lower case. Consider changing the passwords regularly, for example every 2 weeks, or every month.
7) Consider using a script that blocks an ip through iptables after a certain amount of failures.

# Drop Semua ssh hackers - detect 5 atau lebih connection attempts dalam masa
# 60 saat reject selama 5 minutes
iptables -N BAD-SSH
iptables -A BAD-SSH -m recent –name badSSH –set -j LOG –log-level DEBUG –log-prefix “BAD SSH : ”
iptables -A BAD-SSH -j REJECT

iptables -N SSH
iptables -A SSH -p tcp ! –syn -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A SSH -p tcp –syn -m recent –name badSSH –rcheck –seconds 300 -j REJECT
iptables -A SSH -p tcp –syn -m recent –name sshconn –rcheck –seconds 60 –hitcount 5 -j BAD-SSH
iptables -A SSH -p tcp –syn -m recent –name sshconn –set
iptables -A SSH -p tcp –syn -j ACCEPT

dan jangan lupa add kat flush rules firewall anda:

iptables -F SSH
iptables -F BAD-SSH

Since the last phpBB forums does not get much attention i decide to not to setup any forums,
current I’m trying to extract ONLY useful post from the phpBB sql backup and post it here so we can still make use of it, and all the crap and shit will automatically goes in the dust bin or recycle bin :), as for now still think what to do with the new host we got will keep it up2date.