Archive for June, 2008

FAQ: Reconfigure Xorg: Ubuntu way

Date: June 23, 2008. Categories: linux. Comments

Q: How can I reconfigure Xorg windows system in Ubuntu? I played with its configuration and broke it!

A: First recommendation is to always save a copy of /etc/X11/xorg.conf before editing it. Once you decide you would like system to create new xorg.conf type one of these  commands and follow instructions at the screen:

dpkg-reconfigure xserver-xorg

or

sudo dpkg-reconfigure xserver-xorg

In most cases it helps.

Update: for automatic configuration (autodetect) you should use the following:

sudo dpkg-reconfigure -phigh xserver-xorg

Configure Sudo: no password for certain commands (nopasswd)

Date: June 22, 2008. Categories: linux and tips. Comments

Sudo (Super User Do) is Linux console only utility allowing users to execute programs which require root rights without knowing root password. There are lots of topic why sudo rocks on the Web so here you can find a tip how to configure sudo in order to execute certain root right requiring programs without any passwords (it known as sudo nopasswd).

There are several ways to configure sudo in Linux regardless distribution you use. Its configuration file is located at /etc/sudoers and can be edited using any text editor like vi, nano, pico, gedit, mcedit whatever:

sudo vi /etc/sudoers
or
sudo visudo

So, in order to allow user named artemn to execute, say, ifconfig command and assign IP addresses, netmasks to interfaces, add the following line to /etc/sudoers:

artemn ALL = PASSWD: ALL, NOPASSWD: /sbin/ifconfig

Please notice if there is already line for artemn in sudoers file, just replace it with the new one.

Set Linux Gateway

Date: June 22, 2008. Categories: linux and tips. Comments

One can say that it is rather trivial task to set Linux gateway (or in other words to set up/change default gateway in Linux operating system) but I noticed that this question is one of the most popular among linux newbies so I decided to post a quick tip here on Linux Screw.

There are two most used ways to set up default gateway using Linux console. Of course modern linux distributions comes with graphical tools and programs for this purpose but old school CLI commands will live forever as are very simple and allow to do the job very quickly:

route add default gw 10.0.0.1
where 10.0.0.1 is IPv4 IP address of default gatway you would like to set up in your Linux.

ip route add default via 10.0.0.1

According to general networking recommendation it is a good practice to have gateway’s IP as the last IP from selected pool so very often default gateway’s IP will end with .254 e.g. 10.0.0.254. Anyway using above mentioned commands you can apply ANY default gateway. By the way, if you’d like to delete current default gateway, here is corresponding command:

route del default

Hope it helps!

P.S. Don’t forget that these commands require root previleges.

Install Firefox 3 in Debian Etch

Date: June 21, 2008. Categories: applications, debian, hacks, linux and tips. Comments

If you downloaded fresh Firefox 3 installation e.g. from here and tried to install it in Debian Etch, you might notice that latest version of the popular browser requires GTK+ 2.10 while Etch contains only 2.8:

We're sorry, this application requires a version of the GTK+
library that is not installed on your computer.
You have GTK+ 2.8.This application requires GTK+ 2.10 or newer.Please upgrade your GTK+ library if you wish to use this application

Thankfully there is no need to upgrade GTK+, the tips given here (and here) will keep you from headache. The only thing that is necessary to do to get Firefox 3 working at Debian Etch, is to get GTK+ from backports by the following commands:

wget http://apt.linex.org/linex/gtk-2.10/libgtk2.0-0_2.10.13-2%7Ebpo.1_i386.deb
dpkg-deb -x libgtk2.0-0_2.10.13-2~bpo.1_i386.deb gtk2-10

Then copy contents of newly created directory gtk2-10 to /opt/firefox3 and add the following line into /opt/firefox3/firefox:

#!/bin/sh
#
export LD_LIBRARY_PATH="/opt/firefox3/gtk2-10/usr/lib"

It is necessary to inform Firefox where is new GTK+ is located :) Now it’s time to start Firefox…

P.S. In other distributions you can try to compile/install GTK+2.10 manually:

cd /usr/local/src
wget http://ftp.gnome.org/pub/GNOME/sources/gtk+/2.10/gtk+-2.10.14.tar.bz2
tar xjf gtk+-2.10.14.tar.bz2
mkdir gtk210
cd gtk+-2.10.14
./configure --prefix=/opt/firefox3/gtk2-10
make install

FAQ: How to block/allow packets sent by specific Operating System with iptables?

Date: June 19, 2008. Categories: faq, fedora, howtos and linux. Comments

Question: How can I block traffic coming from specific operating system in Linux? In other words, how can I block traffic from Windows users on my firewall and allows other people?

Answer: There is an iptables module named OSF (passive OS Fingerprinting) that was written by Evgeniy Polyakov. This module allows passively detect OS packet was sent from and perform various netfilter actions based on this match. Packets with SYN bit set are analyzed.

In order to install OSF module, do the following:

1. Download latest release from here, for example as follows:
wget http://tservice.net.ru/~s0mbre/archive/osf/osf-2008_06_14.tar.gz

2. Edit Makefile from unpacked archive in order to set proper path to iptables headers (iptables.h and libiptc/ dir).

3. If your kernel sources can not be accessed via /lib/modules/$(shell uname -r)/build, you have to replace KDIR variable with the correct path to kernel sources.
4. Run make that should build ipt_osf.ko kernel module.
5. Run make lib that will build libipt_osf.so shared library (copy it to where all other iptables shared libs are placed in your distro e.g. /lib/iptables or /lib64/iptables in Fedora).

6. Run make bin that will build userspace applications which allows to load fingerprints and obtain information about matched packets (load, osfd, ucon_osf).

7. Download signatures list:
wget http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os

8. Install kernel module:
insmod ./ipt_osf.ko

9. Load signatures:
./load ./pf.os /proc/sys/net/ipv4/osf

10. Set up iptables rules allowing/disallowing packets generated by certain OS:
iptables -I INPUT -j ACCEPT -p tcp -m osf --genre Linux --log 0 --ttl 2

This example allows traffic from Linux systems and logs packets from other ones:
ipt_osf: Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -> 11.22.33.44:139

BTW, OSF has following options:

  • –log
    If present, OSF will log determined genres even if they don’t match desired one.
    0 – log all matched and unknown entries.
    1 – only first one.
    2 – log all matched entries.
  • –ttl
    0 – true ip and fingerprint TTL comparison. Works for LAN.
    1 – check if ip TTL is less than fingerprint one. Works for global addresses.
    2 – do not compare TTL at all. Allows to detect NMAP, but can produce false results.
  • –connector
    If present, OSF will log all events also through netlink connector(1.0 id).
    More about connector can be found in Documentation/connector in kernel source tree.

« Previous Entries
Pages: 1 2 3 Next
Friendly Sites:Who is behind Linux Screw?
GeekyBits³ | Bash Cures Cancer | OMG! Ubuntu!
My SysAd Blog | Web Upd8
ZEPY | Linux config Wiki | Planet Sysadmin
a non-geek's linux notes | Linux Today
TuxArena: The arena of Tux | LinuxAlt.Com
 My name is Artem N. (artiomix AT gmail DOT com) and I'm Linux/Unix, Cisco systems engineer. The main idea of Linux Screw is to share relevant knowledge, skills and observations over The Web. Here you can find a lot of information related to different Linux distributions, FreeBSD, IOS as well as a other Open Source around staff. Read more ››