Howto: Use, setup, and Take advantage of the New Ubuntu Uncomplicated Firewall UFW
Here is an overview on howto use ufw the Uncomplicated Firewall:
Lets turn UFW on:sudo ufw enable
When you initially turn the firewall on, it is in ACCEPT mode, and will accept everything incoming and outgoing until you make rulesets.
The simple syntax to allow an incoming/outgoing connection on a specified port to any host would be:sudo ufw allow 53
To specify a protocol, append ’/protocol’ to the port. For example lets enable tcp connections on port 53 incoming/outgoing:sudo ufw allow 53/tcp
or for udpsudo ufw allow 53/udp
You can also allow by service name since ufw reads from /etc/services
Lets see what services are in /etc/services:cat /etc/services | less
As an example lets allow ssh which is port 22sudo ufw allow ssh
You can also use a fuller syntax, specifying the source and destination addresses and ports. This syntax is based on OpenBSD’s PF syntax. Which will deny all traffic to tcp port 22 on this hostufw deny proto tcp to any port 22
To deny all traffic from the RFC1918 Class A network (10.0.0.0/8) to tcp port 22 with the address 192.168.0.1 we would use this:ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 22
If you want to deny all traffic from the IPv6 2001:db8::/32 to tcp port 80 on this host you would use:ufw deny proto tcp from 2001:db8::/32 to any port 80
To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:ufw deny 80/tcp
Use this to delete it:sudo ufw delete deny 80/tcp
Lets deny all access to port 80sudo ufw deny 80
Lets allow all access to port 80sudo ufw allow 80/tcp
Lets block a single host:sudo ufw deny from 207.46.232.182
The above command blocked microsoft lol
Lets block microsoft's class bsudo ufw deny from 207.46.0.0/16
Lets allow all access from RFC1918 networks(LAN/WLAN's) to this host:sudo ufw allow from 10.0.0.0/8sudo ufw allow from 172.16.0.0/12sudo ufw allow from 192.168.0.0/16
Lets Deny access to udp port 139 from host 192.168.1.1:sudo ufw deny proto udp from 192.168.1.1 to any port 139
The same thing above with tcp instead:sudo ufw deny proto tcp from 192.168.1.1 to any port 139
Allow access to udp 192.168.1.1 port 22 from 192.168.1.100 port 22:sudo ufw allow proto udp from 192.168.1.100 port 22 to 192.168.1.1 port 22
To check the status of ufw with the ports in the listening state use:sudo ufw status
To disable ufw use:sudo ufw disable
To enable logging use:ufw logging on
To disable logging use:ufw logging off
Fore more complete information please see the Ubuntu Wiki
Or read the man pages via Applications->Accessories->Terminal
Then type:man ufw
Ubuntu Reference/Cheat Sheet
Here is a nice Cheat Sheet for newer Ubuntu Linux Users, which was originally found here
Howto: Limit upload/download speeds and optimize/improve internet connection speed and responsiveness in Ubuntu Linux!
Do you need to limit an applications upload/download speed? Or give priority to certain applications? I will introduce you to two different traffic shaping applications that you can install from the repository.
What does Wondershaper do?
wondershaper is a traffic shaping script that provides low latency, prioritizes bulk transfers below normal web traffic, prioritizes interactive shells above normal web traffic, and attempts to prevent upload and download traffic from affecting each other’s ack
packets. Put simply, the wondershaper makes your internet connection more "responsive"
More info:
* Maintain low latency for interfactive traffic at all times
This means that downloading or uploading files should not disturb SSH or even telnet. These are the most important things, even 200ms latency is sluggish to work over.
* Allow 'surfing' at reasonable speeds while up or downloading
Even though http is 'bulk' traffic, other traffic should not drown it out too much.
* Make sure uploads don't harm downloads, and the other way around
This is a much observed phenomenon where upstream traffic simply destroys download speed. It turns out that all this is possible, at the cost of a tiny bit of bandwidth. The reason that uploads, downloads and ssh hurt each other is the presence of large queues in many domestic access devices like cable or DSL modems.
Howto use Wondershaper:
Install wondershaper via searching synaptic or click here to install with 1 click
Open a Terminal via Applications->Accessories->Terminal
First figure out how much bandwidth you want to cap it to in kilobits
Of course you should calculate the above settings to what you prefer to shape
Now once you have the download/upload amounts in kilobits lets shape our traffic:wondershaper wlan0 1536 128
Replace wlan0 with your interface, 1536 with your downlink speed, and 128 with your uplink speed.
Check the status of wondershaper:sudo wondershaper ifacename
Howto disable shaping on specified interface:sudo wondershaper clear ifacename
Now I will introduce you to Trickle:
Click Here to install trickle
Trickle is a lightweight traffic limiter for applications like wget, firefox, and any other user space internet application.
Trickle is handy for limiting single applications upload and download speeds, what it does is starts the application in a speed limited sandbox.
In short
trickle is a portable lightweight userspace bandwidth shaper. It can run in collaborative mode (together with trickled) or in stand alone mode.
trickle works by taking advantage of the unix loader preloading. Essentially it provides, to the application, a new version of the functionality that is required to send and receive data through sockets. It then limits traffic based on delaying the sending and receiving of data over a socket. trickle runs entirely in userspace and does not require root privileges.
Here are a few examples:
wget example that limits the download speed to 30 KB/s
trickle -d 30 wget http://somerandomdownloadsite.com/filetodownloadPidgin example that limits the upload/download speed of filetransfers
trickle -u 30 -d 30 pidginFirefox Example that limits download/upload browsing speed as well as file transfer speed:
trickle -d 30 -u 30 firefoxAs you see above the -d operator means download speed and 30 is the KB/s that is specified and can be changed to whatever you choose, the -u operator is the upload speed in KB/s
References:
Trickle Developer site
Wondershaper Dev site
Howto: Create Split .Rar Files in Ubuntu Linux for archiving, filesharing, and backup purposes.
If you need to compress a large part of your hard drive to backup on a filesharing site or backup something larger than a cd/dvd you can use rar to split the file/files into multiple parts, you often see rar files on warez, torrents, and ftp's, here are the directions on creating these files and extracting them.
Lets grab the rar program:sudo apt-get install rar
Ok lets compress our directory of files:
To compress file(s) to split rar archive know which directory you want to compress, I used /home as an examplerar a -m5 -v5M -R myarchive /home/
Let me break the above command down
rar - starts the program
a - tells program to add files to the archive
-m5 - determine the compression level (0-store (fast)...3-default...5-maximum(slow))
-v5M - determine the size of each file in split archive, in this example you get files with size 5MB (if you wanted files of 512kB size you would write -v512k)
myarchive - name of the archive you are creating
/home/ - is folder of the files you wish to add to the archive
You can read the manual for more options:man rar
Press q to exit and arrows to scroll up/down
You can also add -p to the command after a and it will prompt you for a password.
To uncompress the archive type:rar x myarchive.part01.rar
Or right click on file myarchive.part01.rar and choose Extract Here.
Howto: Install Mac Fonts on Ubuntu
Want these mac fonts?
AppleGaramond
Aquabase
LITHOGRL
Lucida Grande
Lucida Mac
lucon
MacGrand
If you do follow me, I'll show you how easy it is to install them!
Open up a terminal:
Applications->Accessories->Terminal
Copy/paste these commands:wget http://ubuntu-debs.googlecode.com/files/macfonts.tar.gztar zxvf macfonts.tar.gzsudo mv macfonts /usr/share/fonts/sudo fc-cache -f -v
Now the Mac Fonts are installed, if you like these fonts and want them to be the default gnome font, right click on your desktop and select Change Desktop Backround then click on Fonts, and you can customize your system fonts there.
Howto: Restore All Installed packages in Ubuntu Hardy Heron and to a New machine
Ever forget what you had installed and find yourself at a fresh ubuntu install thinking to yourself... Damn now I gotta open up synaptic and search for everything I had... Well fortunately you dont need to do that. With this easy howto you can also restore all your packages that were installed by simply creating a package list and uninstalling every application installed after the list was made.
Lets get started shall we?
The following command creates a list of all the installed packages at the present time:sudo dpkg --get-selections > /etc/package.selections
Now we created our package list and we can copy this list to a new ubuntu computer and install the same packages in the list to the new machine or, restore the packages to the time you created the package list:sudo dpkg --set-selections < /etc/package.selections && apt-get dselect-upgrade
The above command will uninstall all packages installed after you created your restore list.
Crack your Zip Files in Ubuntu with the Ultimate Zip Cracker
Why, the hell, another zip cracker? fcrackzip isnt just any other file cracker, it is quiet old (born in 1998) and I believe the last version was from 2004. However it is simple mentioned for being the first open-sourced zip-cracker out there.
fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
FCrackZip is The Ultimate password cracker for zip archives
fcrackzip is a fast password cracker partly written in assembler.
It is able to crack password protected zip files with brute
force or dictionary based attacks, optionally testing with
unzip its results.
It can also crack cpmask'ed images.
Homepage: http://www.goof.com/pcg/marc/fcrackzip.html
How to Install:sudo apt-get install fcrackzip
Install with 1-click if you have apt-url installed and your using firefox!
Examples:fcrackzip -c a -p aaaaaa sample.zip checks the encrypted files in sample.zip for all lowercase 6 character passwords (aaaaaa ... abaaba ... ghfgrg ... zzzzzz).
fcrackzip --method cpmask --charset A --init AAAA test.ppm checks the obscured image test.ppm for all four character passwords. -TP fcrackzip -D -p passwords.txt sample.zip check for every password listed in the file passwords.txt.
More info from the authors site here
Need to crack rar, 7z files? Check here for another tool ive unleashed
Howto: Create TTY User to view logs via TTY in Ubuntu Linux
We all have various log files on our Ubuntu system, and sometimes it is nice to be able to easily view a log file within a tty. Here is a simple howto, to create a tty user that's only purpose is to watch a log file
First lets create the logging script after sudo -s:cat >>/usr/bin/logwatch
Paste this, then control-c when its pasted in the terminal, alternatively you can use a text editor..#! /bin/bash
watch tail -n 80 /var/log/messages
Note: You can replace /var/log/messages with any log you choose, like a firewall log for instance.
Make /var/log/messages Readable and our script executable, for this I'll use chmod:chmod 644 /var/log/messages
chmod +x /usr/bin/logwatch
Now append /usr/bin/logwatch to /etc/shells then save/exitgedit /etc/shells
Now lets create the user that we can login via the TTYadduser logwatch --shell /usr/bin/logwatch
Set a password, like "logwatch"
Now lets try this out, all you need to do now is simply press ALT-CTRL-F1 or any other TTY from F1-F6 then login as "logwatch" with password "logwatch", what will happen is the user will be logged into our /usr/bin/logwatch script and only be able to watch the log, so we can cycle between tty's and X
Howto: Mount .ISO, .IMG, .BIN, .MDF, and .NRG in Ubuntu Linux The Easy way
I download .iso's all the time, and wanted to be able to mount iso's for winblows games on wine. What this does is map your iso to a filesystem directory. Here is what I did, and here is what you can do as well.
First grab fuseisosudo apt-get install fuseiso
If you are in firefox and have apt-url installed click here to install with one click!
Then lets add ourselves to the fuse usergroupsudo adduser myusename fuse
If you were not in the fuse group you will need to log off, then back in right now.
Now lets create ourselves a fuseiso folder to mount our isosudo mkdir /media/fuseiso
Now we just grabbed an iso off the net, so lets mount it!sudo fuseiso myisofile.iso /media/fuseiso
Ok now the iso is mounted and we can use it like its a cd/dvd
Nautilus/cd your way to /media/fuseiso and the files from the iso will be mounted readonly.
More information on fuseiso can be found here
Howto:Recover and Undelete files in Ubuntu the easy way!
Ok I accidentally deleted my /etc/network/interfaces file and didnt have my access point connected to a pc, its just wireless now, so what I did to recover the file was this, please note if you delete the file shutdown your pc immediately or unmount your drive as fast as possible to avoid overwriting the deleted data. This method can be used to find unencrypted passwords and interesting information as well. This works best from a livecd/unmounted filesystem:grep --binary-files=text -300 "Unique String in Text file" /dev/hda1 > output.txt
The -300 option tells grep to report the 300 lines before the string you choose
Basically this will take quite a while depending on the size of your hard drive and may output a ton of irrelevent information to the output.txt file, you may want to edit the -300 line variable and do man grep to see further usage options.
This method worked for me only because I shutdown my pc immediately and booted into my Hardy Livecd and the file was still available, I just copied/pasted the relevant output to my interfaces file.
[update]
Alternatively you can use the strings command to dump all the text on a partition then grep the strings output for the relevent output, Here is an example:strings /dev/hda1 > bigtxtfilegrep -i "information" bigtxtfile >grepoutputfile
[update 2]
I ran into another program that is utterly Amazing, actually quite scary, I was able to recover photo's deleted from months ago, even after reading/writing the drive. So now I will need to find a tool to wipe what was deleted lol.. Here is some info..
Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
Originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research , foremost has been opened to the general public
source code http://foremost.sourceforge.net/
Grab foremost:sudo apt-get install foremost
Have Foremost audit your drive for recoverable files:sudo foremost -w -i /dev/hda -o /recovery/foremost
Have foremost recover jpg files:sudo foremost -t jpg -i /dev/hda -o /recovery/foremost
Here is the complete list of recoverable filetypes for usage with the "-t type" switch:
Available types:
jpg Support for the JFIF and Exif formats including implementations
gif
png
bmp Support for windows bmp format.
avi
exe Support for Windows PE binaries, will extract DLL and EXE files
along with their compile times.
mpg Support for most MPEG files (must begin with 0x000001BA)
wav
riff This will extract AVI and RIFF since they use the same file for‐
mat (RIFF). note faster than running each separately.
wmv Note may also extract -wma files as they have similar format. mov
ole This will grab any file using the OLE file structure. This includes PowerPoint, Word, Excel, Access, and StarWriter
doc Note it is more efficient to run OLE as you get more bang for your buck. If you wish to ignore all other ole files then use this.
zip Note is will extract .jar files as well because they use a simi‐
lar format. Open Office docs are just zip’d XML files so they are extracted as well. These include SXW, SXC, SXI, and SX? for undetermined OpenOffice files.
rar
htm
cpp C source code detection, note this is primitive and may generate documents other than C code.
all Run all pre-defined extraction methods. [Default if no -t is specified]
If you have additional suggestions or methods to restore files please comment and share your knowledge
Howto Twitter From the Command Line in Ubuntu!
Twitter rocks, here is a quick n easy way to twitter from your console in any Unix system:sudo apt-get install curlsudo gedit /usr/bin/twitter
Now Paste this in gEdit and simply replace "yourusername" with your username and "yourpasswd" with your twitter passwd and ctrl-s to save, then alt-F4 to exit!curl --basic --user "yourusername:yourpasswd" --data-ascii "status=`echo $@|tr ' ' '+'`" "http://twitter.com/statuses/update.json" -o /dev/null
echo Message Sent!
Then chmod for exec privileges:chmod +x /usr/bin/twitter
All done! w00t! Now lets try it out :)
All you gotta do is:twitter "message here without the quotes"
You dont even need to open the command line, all you gotta do is press alt-F2 and type twitter then your message, and dont forget to check "Run in Terminal"
Howto: Create a SSH Tunnel for Firefox to surf securely!
A ssh tunnel for Firefox to a remote computer is good security measure. Especially when connecting via an untrusted network like a wifi hotspot or other public networks. The tunnel encrypts and sends the data to your remote machine then it is sent over the web to your destination. This tutorial assumes you have an account on a remote machine you can ssh into. This is a pretty easy set up.
Now all you need to do is login your remote computer that you have access to with SSH then issue this 1 command:ssh -D 9999 -C me@ipaddress.com
The -D switch - Specifies a local “dynamic” application-level port forwarding. We are also adding the -C switch for compression.
Next we need to put the settings into Firefox.
Firefox> Edit> Preferences> Advanced tab> Network tab> Settings button.
Select Manual proxy configuration
SOCKS Host: localhost Port: 9999
SOCKS v5
No Proxy for: localhost, 127.0.0.1
Note: Sometimes localhost can cause a problem. If your settings are right and it still is not working replace localhost with 127.0.0.1.
How to destroy all your data on your Ubuntu Linux system!
WARNING: Do NOT try these examples; they will cause data loss!
If you intentionally want to wipe your hard drive or destroy all data on it, here are a few examples!
The following examples are provided to warn about the dangers of dd, if used incorrectly. Trying any of these commands with the proper privileges will almost certainly result in major data loss, and may make the system unusable. In order to prevent accidental copying and pasting, “dd” has been replaced with “[dd]” here.
This overwrites the complete first hard disk with null bytes, erasing it (though not in a manner that is as secure as overwriting with random data):
[dd] if=/dev/zero of=/dev/hda
This overwrites the first few blocks of the first hard disk with the file, resulting in a loss of the partition table:
[dd] if=funnysong.mp3 of=/dev/hda
This will completely corrupt an entire hard disk (/dev/dsp is the sound player/recorder):
[dd] if=/dev/dsp of=/dev/hda
This will overwrite an entire disk with pseudorandom data, making its initial contents unrecoverable outside a clean room in a hard drive forensics laboratory, and probably unrecoverable there as well.
[dd] if=/dev/urandom of=/dev/hda
The examples above presume device names (valid on some Linux systems) that may be different on other platforms. Here are some common variations.
Mac OS X:
[dd] if=/dev/zero of=/dev/disk0
Minix:
[dd] if=/dev/zero of=/dev/c0d0p0
NetBSD/OpenBSD (does not work if securelevel > 1):
[dd] if=/dev/zero of=/dev/rwd0
Let me know if you find anything more destructive/efficient!
Howto: Convert Redhat and Fedora .rpm files to .deb files in Ubuntu
Just switch from redhat/fedora to Ubuntu and your used to rpm's? Or did you find an rpm that isnt available as a .deb file? I sure have so I thought I would share the easy process of converting rpm to deb, check it out.
To do this, install Alien using:sudo apt-get install alien
And convert using:sudo alien -k name-of-rpm-file.rpm
To install .deb packages, double click the file and click Install Package or simply:sudo dpkg -i name-of-created-deb-file.deb
Alternatively you can simply install rpm files, This command converts rpm to deb then installs the deb file, after it will delete the temporary .deb createdsudo alien -i name-of-rpm-file.rpm
enjoy
defcon
Securely Delete files from Journaling Filesystems in Ubuntu and Linux Operating Systems
Previously I posted a tutorial on setting up wipe with Nautilus, It has come to my attention that since ext3 is a journaling file system that wipe isn't enough to securely delete files from people that have the tools/hardware to recover files, today I will show you how to delete a file that is unrecoverable to the best of my knowledge.. Read on if you like :)
WARNING: DO NOT RUN THESE POSIX COMMANDS UNLESS YOU ARE EXTREMELY CAREFUL
Issue these commands carefullydd if=/dev/zero of="file you want shreded"
sync
shred -u -v -n 5 "file you want shreded"
sync
Breaking it down, the commands say this:
* dd: "move data around"
* if=: "the input file is..."
* /dev/zero: "not a file at all, but a device that outputs an unending stream of zeros"
* of=: "and the output file is..."
* sync writes any data buffered in memory out to disk. This can include (but is not limited to) modified super blocks, modified inodes, and delayed reads and writes. This must be implemented by the kernel; The sync program does nothing but exercise the sync(2) system call.
* shred Overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.
If you have any other suggestions please share your knowledge, security & privacy should be common knowledge in todays world
defcon
Howto: Create ISO File From CD/DVD in Ubuntu Linux !
Have a CD or DVD lying around that you are sick of putting in the drive every time you need something on the disc?
How about just making an .iso file that you can mount as you need? Or maybe you just want a “master” copy of the media so you can create another copy at a future date.
At any rate it is rather easy to accomplish in Ubuntu:
sudo umount /dev/cdrom
dd if=/dev/cdrom of=file.iso bs=1024
You can also do the same with folders:
mkisofs -r -o file.iso /location_of_folder/
Don’t forget to make a checksum:
md5sum file.iso > file.iso.md5
Howto: Disable any Ubuntu users internet access
This is quite simple and very effective, I have used it a few times, its pretty convenient since it looks as if the internet is broke or something :)
Check it:
Simply:
sudo gedit /etc/network/interfaces
Then lets add the simple iptables rule to the interfaces file when the internet connection starts up...
Simply add this under auto wlan0 or auto eth0 in the interfaces file:
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner mykidsusername -j DROP
Ok now you can try it out:
type in the terminal:
sudo iptables -A OUTPUT -p tcp -m owner --uid-owner mykidsusername -j DROP
and switch users to the username you blocked and try to access the internet...
p00f there ya go
enjoy
Quickly Add/Remove Multiple packages with apt-get (command line hackery)
This is a simply yet effective way I personally add/remove packages in ubuntu when I change distro's and need to reinstall everything other than aptoncd which I have an article for, my site search will bring it up searching for "aptoncd". Basically the idea is to add all your favorite packages to a text file and install them all with a simple command as well as removing them:
simply make a text file with packages you like after you add the right repositories, I simply:echo "deb repository.com repo/">>/etc/apt/sources.list
to add repositories via the terminal
Now make a list like this:
pidgin
opera
firefox
and-any-package you need, save it in a safe location named aptfiles.txt
Now to simply restore/install your list do:
cat aptfiles.txt | xargs sudo apt-get -y install
Now you can also make a list to remove files you dont need named apt-remove.txt
Do the same:
cat apt-remove.txt | xargs sudo apt-get -y remove
I hope you enjoy this simple apt-get trick as much as I do, feel free to add any tips/tricks of your own in the comments.
d e f c o n
Howto Search And Replace Text in files Recursively on Ubuntu Linux
I just found a new tool called regexxer, im sure it has been around for a while but I just discovered it.
regexxer is a nifty GUI search/replace tool featuring Perl-style regular expressions. If you need project-wide substitution and you’re tired of hacking sed command lines together, then you should definitely give it a try.
simply apt-get install regexxer
Recover Forgotten Ubuntu Password without reinstalling
If you forgot you password for your ubuntu system you can recover using the following steps
Turn your computer on.
Press ESC at the grub prompt.
Press e for edit.
Highlight the line that begins kernel ………, press e
Go to the very end of the line, add rw init=/bin/bash
press enter, then press b to boot your system.
Your system will boot up to a passwordless root shell.
Type in passwd username
Set your password.
Type in reboot
If this doesnt work you can alternatively try this:
Turn on your computer, and as soon as you the Press Esc to enter grub message, press the escape key.
Select the option that says (recovery mode).
Your PC will boot into a shell. Once you get a command prompt, type "passwd username" where the username is your username.
Enter a new password when prompted, and again when prompted again
Type reboot to reboot your system
Another way is to boot into the system via a live cd open up Applications->Accessories->Terminal
then mount your ubuntu drive if its on /dev/sda1 do this:
mount /dev/sda1/ /media/sda1
Then we chroot into the system:chroot /media/sda1passwd user
Now change the password, and reboot your box!
