Some useful IBM Redbooks

I’ve found the IBM Redbooks page, in which, there’s many interesting books like this

TCP/IP Tutorial and Technical Overview

In this one, you can find info about the different network layers, from physic to application, with  explanations about routing protocols (OSPF, EIGRP, BGP…), IPv6, LDAP, VoIP, Wifi stuff, etc

Linux performance and tuning guidelines

In this, you’ll finde some very useful info. about how Linux works managing filesystems, I/O, memory, etc and how we can monitoring this with some well-know tools like Wireshark, vmstat, top, strace and many other commands.

Also in the IBM Redbooks page, there’re thousands of books about different topics, like WebSphere, DB2, AIX, Tivoli, Linux server integration and many other IBM stuff for their servers.

PD: I’ll add others redbooks . Send me suggestions about other books

Preventing ctrol+alt+del rebooting in our machine

Edit the /etc/inittab file as root

There’s a line like this in the file

ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

Just comment it, or replace it with something like this
ca:12345:ctrlaltdel:echo "Use the "shutdown -r now" command if you want to reboot the system"

Also you should read the shutdown manual. This is a part of this that I think is important if we want to lock the rebooting system.
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appro-
priate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard
can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in
on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation
of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then
compares the login names in that file with the list of people that are logged in on a virtual console
(from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Oth-
erwise it will write the message

shutdown: no authorized users logged in

to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty
lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this
file.

In some distros like Fedora, you must look for the /etc/event.d/control-alt-delete file to modify this event

Cheers

RSA2/DSA key access from PuTTY to a *NIX OpenSSH server

If you want to access to your *NIX server using PuTTY in Windows, you just should follow the next steps to create a secure access using RSA/DSA public key infrastructure.

1) The first thing is configuring our openSSH server in the “/etc/ssh/sshd_config” file and modifying some configuration fields

• Protocol 2
• RSAAuthentication yes
• PubkeyAuthentication yes
• AuthorizedKeysFile      %h/.ssh/authorized_keys

Reload the ssh daemon. /etc/init.d/ssh reload

2) Get the PuTTY Key Generator (Just typing it in google) and generate a RSA2/DSA public and private keys. Save them in a folder, and copy the text with Ctrl+C or in a file. This is your public key in openSSH format (The format which uses the ssh daemon)

It would be a good idea protect our private key with a passphrase, at least, if we’ll use the remote access in a public place like an office. Maybe you must try PuTTY PageAgent to manage your keys, but this is another bussiness

3) Paste the text in your server in you “$home/.ssh/authorized_keys” of the user that you want to authenticate with RSA/DSA. (I suppose that “public_key” file contains the text generated by PuTTY)

• cat public_key >>$home/.ssh/authorized_keys

4) Now, just open PuTTY and load your private key

5) Just login in the server as usual, and you should be logged in without typing your password. You must be type the keyphrase if you had set it in the  2nd step.

Regards, and be careful with your private key file

Which distro version am I using?

Maybe you have asked yourself sometimes about this. There are some ways:
This shows a text like the uname -a command output
cat /proc/version
This is another way which should works in practically all *NIX systems
cat /etc/issue
And this is valid for Debian and Debian based distros
cat /etc/debian_version

How to: Recovering your Debian/FreeBSD root password

Hi there again.

Probably, you’ve lost your root password at least one time in your life (yea, you are not the only one )… There’s no problem, I’m gonna show you a easy way to fix it.

• For Debian (Using GRUB, anyway, this will work in any boot loader)

1. In the line where is our Debian installation, press “e”
2. Now a kind of editor will be opened. Type the following command after the current commands: “init=/bin/bash”
3. Press enter
4. Now you would be back in the first step. Just press de “b” key, to boot the system with the new parameters
5. Now the system prompt would be a root session. But if you try to use “passwd” command, the system will deny the operation. To fix this, type “mount -o remount,rw /dev/[your_drive]“. Usally your drive will be sda1, hda1 or similar.
6. Now use the passwd root command to change.
7. Reboot and your computer and use your new root password

• For FreeBSD

1. In the boot menu, choose the option 4 “FreeBSD in single mode user”
2. Now a message like “Enter fill pathname of shell or RETURN for /bin/sh” will be shown. Just press ENTER
3. The next step is typing “mount -t ufs -a“. This will mount every file system found in /etc/fstab
4. Now just use the passwd root command
5. Reboot the system

Adding quotas support on FreeBSD

I followed these steps to add the QUOTA module in the kernel. Moreover, the new kernel will has the generic freebsd kernel options.

First, log in the system as root and type the following commands

• cd /sys/i386/conf
• vi QUOTAS_SUPPORT        You can write the file name you want
• In the file type:

include GENERIC
options QUOTA

• config CUOTAS_SUPPORT         Be sure that you type the file name you typed
• cd ../compile/CUOTAS_SUPPORT
• make cleandepend && make depend && make && make install

That’s all. You can also edit the /sys/i386/GENERIC or DEFAULTS file, but it is highly not recommended because you would lost the default kernel configuration.

Some useful *NIX commands

This is a collection of some *NIX commands (i’m using it on a FreeBSD  6.2), to manage some system process and signals.

wait -> It restore the second plane of the terminal until the process is running. You can type new commands, but it will be executed when the process ends.

[command] > /dev/null & -> This will not show the messages that the command print in the screen.

nice -> This command sets the priority of a process. The priority range goes from -20 to +20. To use it, type “nice +15 [process]“. You can also add a rule to a user or group using the “-g” and “-u” modifiers.

time -> This command allows you to watch how much time a process needs to execute.

m0n0wall Vs PfSense embedded security systems

I’ve found a great report about this BSD based security distros. Enjoy it

 http://www.bsdcan.org/2006/papers/BSD_Firewalling.pdf

Cisco 2007 Annual Security Report avaible

Hey, Happy new year

Cisco has released an interesting report about some security topics on the corporation, goverment and home networks.

This is the direct link[pdf]: Cisco 2007 Annual Security Report

Windows XP and WPA2 wireless cipher

Finally, i’ve installed DD-WRT in my Fonera . After this, i put a WPA2-AES key, but i tried to connect through a Windows XP (SP2) computer and i couldn’t connect!!!

After a google searchs, i found some information about the issue.Basically Windows XP need a patch to support the IEEE 802.11i which had the WPA2 instructions…

Just install it, and reboot your system.

Patch for Wi-Fi Protected Access 2 (WPA2) on Windows XP

Remember, you must get the patch in your OS language o it will not work.