Re: [CentOS] Program to ban sniffers
On Sun, Jun 21, 2009 at 1:03 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: Very carefully... Lol, you missed the point. It's impossible. I was bluntly suggesting the reply was not applicable nor on topic to the op's post. Port scanning and packet sniffing have nothing to do with each other... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Ahh, it all makes sense now that I re-read your earlier reply to the OP with the benefit of this posting. I thought you were asking for yourself, not putting the question to the OP to cause reflection on that technical problem. When I saw sniff, I chalked it up to wrong use of terminology figuring he meant port scan. But you are correct in not assuming that fact as I did. Thanks for the clarification, and glad I was able to inject a bit of humour into the thread in the process. Jacques B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Program to ban sniffers
On Sat, Jun 20, 2009 at 10:38 PM, Joseph L. Casalejcas...@activenetwerx.com wrote: However if you are referring to packet sniffers there is no solid way of blocking them. How exactly would I sniff the packets from say my work computer between someone's home computer and work server? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Very carefully... as it sounds like you'd be potentially crossing legal/ethical lines... Why would you sniff from your home computer? If you are the sysadmin, then you sniff from the server and from home you could ssh to your server to check logs of course. On a more technical note, you have to be on the same subnet of either the point of origin or the destination machine. In other words at one of the two choke points. That is short of having some tool installed on the other person's home computer which again crosses that line. You obviously can't be at the home user's choke point because what lawful authority would you have to be sniffing on that subnet owned by his ISP? Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Program to ban sniffers
On Sat, Jun 20, 2009 at 8:35 PM, Bob Hoffmanb...@bobhoffman.com wrote: So I have been reading the ssh attack thread and finally want to ask about something. I doubt there is a program like this, but I would love to have a program that listens at common ports that I do not use at all...and only allow that program to listen to it, especially the usual ssh port (using a different one for real ssh)... That program would then, upon receiving a 'sniff' or 'user' would then add that ip to the deny hosts lists..for either a long or short time. Using this would seem like a win as you can easily grab someone before they can get somewhere one hopes. Also, by opening up a few other ports that are unusual like 8561well, if someone sniffs that it could be a 3 day ban or a month... In other words, anyone hitting those ports that are not being used at all except by our sniff protector, would allow instant banning. So...does something like this exist? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos A simple bash script run from a cronjob that looks for entries in /etc/secure for traffic to those ports and then parses out the IP and adds it to your host.deny might work. But if you are looking to set a date/time when it would expire, you could probably achieve this through a comment at the end of the entry containing the expiry date which your bash script would scan with a simple sed command looking for any lines with an expiry date matching the system's current date and removing those lines. fail2ban was also suggested by a few and I believe that was one I played with briefly a few years back and it worked but I wasn't using it in the scenario you describe but rather simply scanning for multiple failed ssh login attempts (not sure if it was looking for failed ssh login attempts, or Failed attempts period regardless the port being targeted) that resulted in a host.deny entry. But of course you can potentially lock yourself out (been there, done that) which is a p.i.t.a. You either have to wait until next day at the office to remove your ban, or try and get another IP from your ISP via disconnecting and reconnecting to your ISP. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] script help - '3rd last field'
On Mon, Jun 8, 2009 at 5:29 AM, Tom Brownt...@ng23.net wrote: Hi I need some logic to work out a value for me - this value is _always_ the 3rd last field in a string seperated by '.' but the string could be 5 or 6 fields long, e.g foo.bar.VALUE.baz.lala foor.bar.gigi.VALUE.baz.lala I need to find VALUE - if this were python or something i could do it but this has to be in shell - Any clues? thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I am pretty sure there is a way in awk to figure out how many fields you have, then take the total # of fields -3 each time to get the third last one. Just heading out the door and off hand can't remember how it would be done. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] script question
On Thu, Jun 4, 2009 at 9:47 AM, Jerry Geisge...@pagestation.com wrote: I have this line: ALSA=`aplay --version` in a script. when I execute the script I get the message line 187: --version: command not found when I do aplay --version on the command line it works just fine. What is happening here, --version is a valid command line option? Thanks, jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I tested it (mind you on a Fedora system as I don't have my CentOS partition booted) and it works fine. You can test it by doing a very, very short bash file with only that command in it along with the #!/bin/bash and see if that works. If that works, then you know that it should work. Other trouble shooting steps would be to make sure that line 187 is indeed that line (that should be your first trouble shooting step really). As someone else pointed out, what is line 187? Run the command: head -n 188 your_script | tail -n 3 That will output lines 186-188 so that you have some context (in case the line before is causing grief for some reason as a result of a missing quote or some such thing). If indeed that is the offending line then copy/paste those lines to this group so that others can look at the exact syntax. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] script question
On Thu, Jun 4, 2009 at 10:27 AM, Stephen Harrisli...@spuddy.org wrote: On Thu, Jun 04, 2009 at 10:11:37AM -0400, Jacques B. wrote: head -n 188 your_script | tail -n 3 That will output lines 186-188 so that you have some context (in case sed -n 186,188p your_script :-) -- rgds Stephen Got to learn sed, got to learn sed ... Thanks, Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping and traceroute...
On 1/23/09, John Doe jd...@yahoo.com wrote: Hi everybody, Right now, we are blocking pings and traceroutes to our website. But, in order for our members to test the connection when they are experiencing slow browsing, we are thinking about unblocking them... Are there still any security issues (flooding, etc...) in enabling them or is that an old problem fixed a long time ago? Thanks, JD Can't help you on that specific question. However do you have the luxury of having your members coming from a block of IPs so you could open pings to that block only. Even if it included more than just your members (i.e. all pings from a particular ISP or geographical area) at least it would reduce your visibility thus reduce your vulnerability should it be an issue. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] init script question
On Fri, Dec 12, 2008 at 8:37 AM, Davide Cittaro davide.citt...@ifom-ieo-campus.it wrote: Hi all, is there a function (or variable) I can use in a custom init script that identifies the init script name? i.e. I'm porting some init scripts from gentoo, where the $SVCNAME variable identifies the init script name within the script itself... d /* Davide Cittaro Cogentech - Consortium for Genomic Technologies via adamello, 16 20139 Milano Italy tel.: +39(02)574303007 e-mail: davide.citt...@ifom-ieo-campus.it */ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Do you mean like $0? That gives you the current script name. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Unix/Linux Training Online
On Wed, Sep 17, 2008 at 1:03 PM, Matt [EMAIL PROTECTED] wrote: This is a bit off topic but I was interested in taking some online classes. I currently have an associates degree in electronics tech from about 15 years back but was wanting to expand on that and learn more about linux. Oreillyschool.com has a somewhat affordable online certificate course in UNIX/linux admin. The downside is I do not know if there credits would ever transfer if I wanted to build on that. Has anyone taken there course or know anyone that did? Is it worth a hoot? Is there a better option? Is a simple certificate worth that much anyway? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I've taken their course. It's not too bad a course I suppose. I'm not a sysadmin. Had I been one I might have put to use the skills learned on how to set up a secondary DNS for example. The module on bash/perl scripting was good for me as was the one on networking. The first two would be basic for most people who've been around Linux CLI for any amount of time. Unless you want/need the certificate, I'd simply look at the course description and do the one(s) that you feel you need. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Message size rejected
On Sun, Jul 6, 2008 at 2:16 PM, Anne Wilson [EMAIL PROTECTED] wrote: On Sunday 06 July 2008 17:26:05 Scott Silva wrote: That is one of the biggest of my beefs about windows. It allows any computer noob to shoot themselves in the foot very easily. That can be a plus or a negative. The biggest negative is that there are now millions of computers on the internet that have run out on their free 2 months of virus scanner updates, and are now owned by someones bot network, while the clueless user keeps plugging along wondering why the darn machine is so slow. I guess the positive is that it is easy for Grandma and Grandpa on the other side of the country to get pics of the grandkids. I just wish that PC manufacturers would just contract with one of the free virus scanner companies like Grisoft, instead of putting in Norton with a 60 day cripple point. Most users will just ignore the update message until it stops because they don't know it is really necessary software. A free virus scanner with updates will beat a heave commercial soft with no updates anytime. I fail to see what any of this has to do with my question. As it happens she is not a computer newbie and she has had an AV contract since the Win3.1 days. However, that's totally irrelevant. She simply hadn't realised just how big a pdf with two large graphics and embedded fonts would be. Anne ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Have you considered a file transfer service such as yousendit.com? File size might still be an issue I guess as they limit it to 100 MB for their free account. There's another thought. Why not create yourself a gmail account or other such online account that is as forgiving as possible on file size and have her send it to that account. Probably the easiest solution of all, Honey, use this email address instead: . Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Message size rejected
Have you considered a file transfer service such as yousendit.com? File size might still be an issue I guess as they limit it to 100 MB for their free account. There's another thought. Why not create yourself a gmail account or other such online account that is as forgiving as possible on file size and have her send it to that account. Probably the easiest solution of all, Honey, use this email address instead: . Jacques B. Further to my last message, GigaSize.com allows up to 600 MB files on the free account. As for an alternate email address, Gmail imposes 20 MB, but LycosMail offers 3 gigs of storage, and unlimited attachment size (of course you must not exceed your 3 gig total I would expect). So create a lycos mail account and have her send it there. Easy for you, easy for her. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: command for brand of monitor
On Wed, Jul 2, 2008 at 4:50 PM, Jerry Geis [EMAIL PROTECTED] wrote: / Is there a linux command that would tell me what model of monitor is // presently attached to my computer? // Thought about automating different setups based on the monitor // connected. X config files basically. // // Could be done with different kickstart files - but would like to not go // there if I dont have to. // // Jerry // ___ // CentOS mailing list // CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos // http://lists.centos.org/mailman/listinfo/centos /http://www.cyberciti.biz/faq/howto-use-linux-ddcprobe-command/ yum did not find xresprobe, tried downoading source and compiling that went no-where also. I see the monitor type being printed when anaconda is installing. How can I execute the same command it does so I can get the monitor information? Thanks, jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Wouldn't kudzu do that? Can't test it as I'm not near a Linux machine right now. -p will only probe and print to the screen (as you can also use kudzu to configurehardware according to the man pages). Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] African IP addresses list
for someone who wishes to contact them thus allowing anyone the ability to contact them in this fashion (one which a scammer is not likely to use because it's a manual, tedious process vs email shotgun approach). If your company does potentially do business with any part of the world, then this is obviously not a good solution. In addition to all this you will want to train your employees to recognize a potential scam either via email or phone. These days with VoIP it is no longer cost prohibitive for someone to run phone scams from half way across the world. My 2 cents as well. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Copy of own messages
On Sun, Jun 29, 2008 at 5:20 AM, AnneWilson [EMAIL PROTECTED] wrote: For some reason I'm no longer seeing copies of my own messages. I've checked http://lists.centos.org/mailman/listinfo/centos and the preferences setting is still fine. Does anyone know what the problem might be? Thanks Anne ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I believe Google is responsible for that one. I never see my own messages sent to a list (appear in my INBOX) until someone replies to it. Until then it's only in SENT ITEMS. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange behavior from grep
On Fri, Mar 28, 2008 at 9:37 AM, Mário Gamito [EMAIL PROTECTED] wrote: Hi, Thank you for your answer. After a little more research, I found out that the line containing the word 'gamito' is huge and yet it scrolls so fast in the screen that I can barely see it. I tried redirecting the output of the grep to a file and that huge line went in to it. So, I've tried a double grep: $ grep 'gamito' file | grep 'gamito' but without success. Well, my question now is, how do I get the word 'gamito' alone from the file ? Any help would be appreciated. Warm Regards, Mário Gamito I'm not a sed user but I believe that would do it for you. Someone else can no doubt fill the blanks. I believe you could also do it with awk as it also accepts a regular express in its syntax. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts The only software I know that could do this isn't supported anymore (trisentry) or is too confusing and I don't know it yet (snort). Suggestions? denyhosts is pretty widely used. You could probably also make use of iptables. I used it a while back and it worked well except the time I locked my own IP out somehow (or perhaps some bot infected PC from my ISP that had that IP previously took care of that for me, not sure as I didn't dig deeper). One thing I did was set up hosts.deny for ranges of IPs that I knew I would never come from (i.e. overseas), obtaining them from IANA. A bit tedious, but you may deem that option to be worth your while. Alternatively if you only ever come from a given range of IPs (your ISP), then you could deny all in hosts.deny and then in hosts.allow only allow your ISP's range of IPs. But if ever on the road you'll not be able to connect unless you happen to have your home system set up for SSH which would then allow you to SSH to the office from it. The idea being that a person coming from an IP outside of your ISP wanting access to your office PC would have to know that it only allows connection from certain IPs and then seek out a machine on that IP - your home PC - which could be compromised to in turn launch an attach against the office PC from it. The inconvenience to you of having to first go through your home PC to get to the office PC would only apply when away from your ISP connection. Of course if you are on the road alot then this may not be an attractive option. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] md raid1 - no speed improvement
On Sun, Mar 23, 2008 at 8:11 AM, Kieran Clancy [EMAIL PROTECTED] wrote: Hi, I have two 320 GB SATA disks (/dev/sda, /dev/sdb) in a server running CentOS release 5. They both have three partitions setup as RAID1 using md (boot, swap, and an LVM data partition). snip When I do tests though, I find that the md raid1 read performance is no better than either of the two disks on their own snip Thanks, Kieran Clancy. As a few already pointed out, RAID 1 is mirroring. So whatever gets written to the first drive also gets written to the second drive as well. It provides redundancy, not performance. I've used RAID 5 in the past to achieve performance with redundancy. But of course it has to be stripped across drives and not partitions. I saw a case where someone implemented RAID 1 by partitioning the drive into two and setting up the two partitions as RAID 1. So drive performance took a drastic nose dive and redundancy was practically worthless as the mirror resided on the same drive. With only two drives, your options are RAID 0 or RAID 1 (see http://en.wikipedia.org/wiki/RAID#Standard_levels). RAID 0 will cause the two drives to be treated as one big drive (or each combination of partitions to be treated as larger partitions). The data would be stripped across the two drives (for each respective partition) which would give you a performance increase. However there would be no fault tolerance. If something crashed, your data is gone. And data recovery on a RAID where the data is stripped across drives is no easy task vs a standalone drive. So if redundancy is an important factor you will want a good backup system in lieu of another RAID level which offers fault tolerance. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Here's a little script that I have to play around with positional parameters. I'm pretty certain I did not author this one but got it either off the web or ina book. I added a line of comment in it but I don't believe I made any other contributions to it. Jacques B. #!/bin/bash # arglist.sh # Invoke this script with several arguments, such as # ./scriptname one two three four five;six\ seven eight 'nine ten' E_BADARGS=65 if [ ! -n $1 ] then echo Usage: `basename $0` argument1 argument2 etc. exit $E_BADARGS fi echo index=1 # Initialize count. echo Listing args with \\$*\: for arg in $* # Doesn't work properly if $* isn't quoted. do echo Arg #$index = $arg let index+=1 done # $* sees all arguments as single word. echo Entire arg list seen as single word. echo index=1 # Reset count. # What happens if you forget to do this? echo Listing args with \[EMAIL PROTECTED]: for arg in $@ do echo Arg #$index = $arg let index+=1 done # $@ sees arguments as separate words. echo Arg list seen as separate words. echo index=1 # Reset count. echo Listing args with \$* (unquoted): for arg in $* do echo Arg #$index = $arg let index+=1 done # Unquoted $* sees arguments as separate words. echo Arg list seen as separate words. exit 0 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Unless I'm terribly mistaken (again?), the only way I've been able to see loop thru a list of files work reliably is with find using the -print0 option, in cahoots with xargs. Is there any other way? -Ben -- If I understand you correctly, you are referring to the problem caused by spaces in filenames? Steve mentioned the environment variable IFS (individual field separator if memory serves me correctly). By default it's space, tab, or newline. You can change that in your script to be newline only in order to process file names with spaces in it, and then change it back afterwards (so save the value of $IFS at the beginning of the script to something like Default_IFS and then just prior to exiting the script reassign that value back to IFS to return it to its original state). If that's what you are looking at doing I'm sure someone here can fill in the blanks on that one. If not when I get to the office tomorrow I can have a look at some of my scripts where I had to do that and post sample code for you. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos