Linux.com

Home Linux Community Community Blogs

Community Blogs



Making Bootable USB using Syslinux

Note Kindly check the following packages on your system: 1. syslinux if not installed then install it using yum yum install syslinux 2. qemu-system-x86_64 ( i am installin 64 bit fedora so to test the pen drive finally we need this Virt. machine) if not installed then install it using yum yum install -y qemu.x86_64 it will take some time Note if you dont want to test ur pen drive then you can skip the above step: Now we can start the process 1. Download the ISO image of the OS ( Linux) on you system and mount the same under some directory. e.g with the following command. mount -t iso9660 /home/harkamal/ISO/Fedora-16-x86_64-Live-KDE.iso /mnt/iso/ 2. use a pen drive which doesn't contain any files, it can have folders but not free files. and at least 1GB free space. Now find out where you pen drive has mounted automaticall it gets mounted on /media/HARKAMAL Note: HARKAMAL is the LABEL of my pen drive yours could be something else pl. note it. command to find out where your pen drive gets mounted are df -h or fdisk -l use the first one as root user or use sudo instead. in my case it was /deb/sdb1 pl note it too. 3. go to /mnt/iso with the command cd /mnt/iso ( here u have mounted the ISO img. in step 1 with mount cmd) 4 Now run cp * -rv /media/HARKAMAL/ note: pl change the LABLEL accordingly 5 now run the following command syslinux --install -d EFI/boot/ /dev/sdb1 6 Now go to the directory /media/HARKAMAL/EFI/boot cd /media/HARKAMAL/EFI/boot 7. here copy isolinux.cfg to syslinux.cfg command is: cp isolinux.cfg syslinux.cfg 8 Now we have to edit the file syslinux.cfg open it using vim and changes the very first stanza under the heading label linux0 consisting of the line: "append initrd=initrd0.img root=live:CDLABEL=Fedora-16-x86_64-Live-KDE.iso rootfstype=auto ro liveimg quiet rhgb rd.luks=0 rd.md=0 rd.dm=0" now remove 'quiet and rhgb' entries from the above line and also remove root=live:CDLABEL=Fedora-16-x86_64-Live-KDE.iso change it to root=LABEL=HARKAMAL after making the above changes the line should finally look like: append initrd=initrd0.img root=LABEL=HARKAMAL rootfstype=auto ro liveimg rd.luks=0 rd.md=0 rd.dm=0 Note there should not be any space between root,LABELand HARKAMAL Now our usb is ready to use we can test it by running the following command on Virtual machine. command to test the USB is: qemu-system-x86_64 -hda /dev/sdb1 -m 256 -vga std. if you virtual machine gets started with installing Fedora 16 option it menas ur USN+B is ready to use and install the ISO Enjoy))))))))))))))))) Keep Posted Regards Harkamal

 

Open Source Think Assistant

The key to intelligence must be memory. It would then be a good idea if one could use a computer program to aid the human rather low memory capacity in a simple yet powerful way. The program I had in mind is a simple add to existing open source FreeMind type programs. To expand and structure your thought process you could choose from a drop down list of certain keywords or sentences that progresses the solution further to a new innovative product or answer in a textbook exercise. The keywords and sentences come from different areas like physics, chemistry, biology, engineering, mathematics and more. They can describe useful reasons for solving the problem. You should also be able view examples where the key reasons are used so to compare them with your problem. I would like the program to be modular so that the community can add and collaborate new reasons to existing areas or create new areas. Apart from importing the modules in an open format maybe it would be good to have an HTML export function. Like Bookmarks in Firefox. In education you could use these kind of programs to solve exercises in a more structured way. In innovation or problem solving you can easily expand your imagination by trying key sentences like already written perspectives from different areas otherwise missed. Further you could expand the program to include crowd sourcing whereby sharing the problem sheet with others gives you answers to reasons you know are valid but have not yet come up with an answer to yet. The idea is meant for GPL licensed or for Free and Open Source Software to aid small innovation and education. Idea by Per Lindholm
 

Password guessing as an attack vector

Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password. Password guessing in my view is the oldest hack in the book, and unfortunatley some of us are making it too easy for the bad guys. From simple things like password equal to username (I still see this often) to blank passwords or super easy combinations like 'qwerty'. As a system Administrator it is our job to serve and protect. However, despite our best efforts users often give things away too easily. Therefore how do we know our users are doing the right thing and how can we audit poor or weak passwords. We could purchase a commercial password auditing tool, but in my view that is a waste of money. The open source community has many excellent tools for this job. Two that I personally know on a first name basis are THC-Hydra and Medusa. Both are excellent password guessing tools, which if used correctly can help eliminate weak passwords from your environment. While Hydra has been ported to Windows, Medusa at this time is Linux only. In fact the author has put out a call to the community. He said, "If anyone can compile Medusa under Cygwin I'll buy you a beer at the next Defcon." ~ so far no takers. If you want to learn more about each tool check them out here: Medusa - http://www.foofus.net/~jmk/medusa/medusa.html THC-Hydra - http://thc.org/thc-hydra/ The coolest part about these tools is the fact they support a huge shopping list of protocols. From Windows LM to RDP, SSH, TELNET, HTTP, VNC, IMAP, POP and many others. While both are similar in function, Medusa is currently my top choice because it supports more protocols, including MS-SQL and has recently been updated to version 2.0. Medusa is fast, and because its available with my favourite distro its my tool of choice. As a penetration tester, once I let Medusa loose on your network I look for two to three things. 1. Accounts where password is equal to username 2. Accounts where password is blank 3. Accounts where passwords are simple dictionary words With Medusa, these are all easy, however with option 1, I typically see this with shared accounts, or accounts which are not used very often, typically some obscure low key service. Most often these accounts have regular user status in the domain, and that is exactly what I need. From a nobody to somebody in one step. Blank passwords are stupid easy, again shared accounts or really old accounts which were created under Windows NT 4 and were migrated from 2000, 2003 to 2008 over the years. I see this often in Manufacturing, where Windows 98 and DOS rules to this day. Lastly, the real power of Medusa or Hydra for that matter is Dictionary attacks. It can pump through a fairly large dictionary in minutes. And those of you believing a second language is more secure, think again. As long as its a dictionary word (in any language) you're done like dinner (as one of my students used to say).
 

Squid and Digest Authentication

This week I want to review Digest authentication, which is a step up from Basic proxy authentication, not the best choice but an improvement. Digest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617). Thing to remember is both Basic and Digest are on the weak end of the authentication security spectrum. If your only choice is Basic and Digest, the lesser of two evils is Digest. Digest is very similar to Basic from a configuration perspective. Squid uses an external helper program to facilitate the authentication process. From a Squid configuration perspective, the following pieces are required in the “OPTIONS FOR AUTHENTICATION” section of squid.conf auth_param digest program auth_param digest children auth_param digest realm auth_param nonce_garbage_interval auth_param nonce_max_duration auth_param nonce_max_count The following parameters are similar in nature to Basic authentication; auth_param digest program - provide location of external helper program auth_param digest children – number of spawned processes to facilitate user authentication requests auth_param digest realm – string presented to user when authentication appears on screen Digest authentication introduces the concept of a ‘nonce’ (number used once). This is a generated value (in this case generated by Squid). The client uses this value in conjunction with the password during the hashing process. Without nonce-salting, captured hashed passwords could be replayed. The ‘nonce’ value is regenerated at specified intervals to ensure its continual uniqueness. auth_param nonce_garbage_interval – Specifies how often Squid should clean up its nonce cache auth_param nonce_max_duration – Specified how long the nonce value remains valid auth_param nonce_max_count –Places a limit on how many time a nonce value may be used The last piece of this puzzle is a database of valid users and their associated password. Typically this information is in a hashed text file stored on the Squid server. You should know, Squid does not offer any capabilities for managing it, most users generate it manually or utilize scripts. On an Ubuntu based Squid server the Digest Helper program is located in the following location; /usr/lib/squid3/digest_pw_auth Given above configuration paramaters, the final product should look like this; auth_param digest program /usr/lib/squid3/digest_pw_auth –c /etc/squid3/password-file auth_param digest children 5 auth_param digest realm My Realm auth_param nonce_garbage_interval 5 minutes auth_param nonce_max_duration 30 minutes auth_param nonce_max_count 50 Don’t forget you must adjust Squid ACL’s. The procedure is identical to Basic Auth reviewed last week. Regarding the password file, it should be hashed to keep prying eyes off user passwords. By the way “-c” in above program parameter means you’re specifying the location of a hashed password file. This concludes Digest authentication, don’t forget to restart your proxy server. Next week I’ll talk about NTLM authentication, since most of you are using Windows networks. To find out more visit: www.digitalboundary.net/wp
 

Squid and Basic Authentication

This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I’m writing about it is it’s a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years. Ultimately you want to Kerberos authentication with your Squid proxy, but before we got there we had basic. And here is how to configure it; First thing that requires out magic touch is Squid’s configuration. Locate and navigate squid.conf The first section you’ll come across is for configuring authentication. It’s called; # OPTIONS FOR AUTHENTICATION # ----------------------------------------------------------------------------- You’ll notice there are many comments in this section explaining all the different options. But let’s jump ahead to what we came here for… Locate the following lines; note they will be commented out. Enable them by removing the hash character ‘#’ auth_param basic program auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours If you haven’t noticed already the first parameter auth_param basic program configures the location of an external helper program. This helper program is named pam_auth and on an Ubuntu system is located in the /usr/lib/squid directory. In fact all authentication helpers are located in this directory. Therefore our first line should look like this; auth_param basic program /usr/lib/squid/pam_auth Next we have the children parameter. This configures the specified number of processes to handle incoming authentication reuqests. In above example pam_auth will spawn 5 separate processes to handle all authentication requests. Anywhere between 5-10 helper processes is a good starting point. If Squid runs into trouble, it will tell you in /var/log/squid/cache.log , monitor this file closely. Then we have a realm parameter. This is a string which is presented to the user when the authentication prompt appears on screen. With Basic authentication this is an arbitrary string value. You can use anything, like; “Welcome to my really cool Proxy Server. Enter your Username and Password” Lastly we have the credentialsttl parameter which dictates how long Squid caches authentication requests internally. Keep in mind a small value increases Squid load, while a larger value will reduce it. You may need to play with this if you notice your Squid box is really busy. The last piece to this puzzle is enabling Squid’s authentication ACL. This includes changing two additional parameters. ( ACL & HTTP_ACCESS). The default ACL bases access or no access on client subnets. ACL LOCALNET SRC 192.168.0.0/24 is an example of one. To enable authentication, comment out above default ACL and replace with this; acl authenticatedusers proxy_auth REQUIRED Lastly enable above access list, named authenticatedusers http_access allow authenticatedusers That’s it. Restart Squid service and you should now be prompted for user name and password. You session will be authenticated until you close your browser. www.digitalboundary.net/wp
 

KeePass Password Safe - Keep and manage multiple account passwords

I'm sure you've heard numerous times from many sources, web site logins should always be unique. Unfortunately few follow this rule and often reuse passwords among different Internet sites. Primarily because keeping track of unique passwords is a real hassle. Really! think about all the sites you use daily, then double that for occasional sites and before you know it you're managing 50 passwords or more. So What's the solution? You could keep a ledger, but then you'd have to photocopy it a few times for every computer in the house. You could spend money on commercial solutions like 1Password or let the Open Source community help. KeePass Password Safe is a great and easy to use alternative. Best of all, its cross platform and free to use. You can download KeePass from www.keepass.info Installation is your typical Windows clicky-click. Installation has 3 options, Full Install, Compact or Custom. Full install maxes out at 5.4MB, compact just 2.8MB and custom anywhere in between. Full Install includes additional libraries, XML stylesheets and a number of optimizations, compact simply includes core KeePass libraries. After installation, the first required step is the creation of a KeePass database. Your encrypted database will store all recorded passwords and any other confidential information you'd like to keep safe. You have the option of encrypting your database with a master password, Key file, Windows user account or a combination of the three. KeePass uses AES/Rijndael 256bit encryption, so you can be confident encryption is strong. To improve database functionality and performance, tweaks are available in database settings. For example to reduce the chance of password type guessing attacks, AES/Rijndael encryption uses Key transformations. Default setting is 6000 times, but you can increase this value to whatever you like as long as you realize larger values increase database load time and a slight performance hit. Other options are available from a simple description to database compression to reduce file size. Once the database is created you're ready to add your first secret entry. More on that next week. http://www.digitalboundary.net/wp
 

Corks? Or Screw Tops? Why the Experience Matters

I've noticed a disturbing trend amongst a few of the high quality wineries in my state. They have abandoned the cork to close their high-end wine bottles and turned to screw caps. This is good news to people who struggle with how to get a cork out of a wine bottle. 

Read more... Comment (0)
 

Building LFS( Linux From Scratch)

After struggling for nearly one day, the LFS, linux from scratch, is finally built. I would note something about the building process. 1. about ssh There is some time that I just want to copy the command in LFS book and execute it directly. since copy between host OS and guest OS would be troublesome, SSH would be a convenient way to copy, paste and execute. execute "/etc/rc.d/init.d/sshd start" to start ssh service in LFS, one may also need to configure network interface using ifconfig command. 2. about mount After compiling all packages and changing root directory, I try to execute grub-install, and it tells me that there is no hard disk. And I eventually figured out that "mount -v --bind /dev ${LFS}/dev" is very critical in installing grub boot loader. Without it, grub-install would not find hd0.
 

openSUSE Weekly News 192 is out!

I'm happy to announce the new "openSUSE Weekly News, Issue 192".

 

 

In this Issue:

  • openSUSE Conference 2011
  • Plasma Active Status Report
  • Beta Pizza Party
     

You can download it there:

We hope you enjoy the reading :-)

If you want to help us collecting interesting articles for the openSUSE Weekly News, so you can all your stuff into our new ietherpad: http://os-news.ietherpad.com/2.

Found Bugs? Please place it in our Bugtracker: http://developer.berlios.de/bugs/?group_id=12095

Features, Ideas and Improvements can placed in our Featuretracker: http://developer.berlios.de/feature/?group_id=12095

Older content can be found there.

 

GuitarPro6 on Fedora 64 bit

 

Guitar Pro 6 on Fedora x64

GuitarPro6

 

After I've had a lot of trouble to get this working, I will show you the step by step guidance to run Guitar Pro 6 on a 64 bit version of Fedora (it should be almost the same on  all 64 bit versions of Linux though -> Notice, if you're using a x64 Debian based distribution, it's easier by using getlibs)

 

 

 

1.) First download the guitar pro 6 installer for linux from the website www.guitar-pro.com.

2.) The downloaded file is in .deb container format (for Debian distributions). Simple extract the deb file, and open the extracted folder.

3.) You can find two tar.gz files inside of it: control.tar.gz and data.tar.gz as well as debian-binary. The only file which we need is data.tar.gz, so delete the other two files.

Extract the data.tar.gz file.

Corresponding Shell-Command: tar -xf data.tar.gz

 

4.) Open up the data folder - again you see two folders opt and usr. Open the opt folder and copy the GuitarPro6 folder inside of it to /opt/. (You need sudo rights to do this, so either you do it directly over the terminal, or you call nautilus with root privileges: sudo nautilus /opt)

 

Corresponding Shell-Command: sudo cp -R GuitarPro6 /opt/

 

 

Ok basically that's it, but Guitar Pro 6 doesn't start up yet. It needs some dependencies. So let's see which ones it needs. Open up a terminal and change the directory to /opt/GuitarPro6

Corresponding Shell-Command: cp /opt/GuitarPro6


6.) start the shell script gp-launcher.sh by typing: sh gp-launcher.sh. It should give you the following output:

./GuitarPro: error while loading shared libraries: libportaudio.so.2: cannot open shared object file: No such file or directory

 

So we need all these dependencies (and we need the 32 bit Libraries!!!) So instead of let you find out each dependency after another here are the needed packages you have to install:

 

libstdc++.i686
mesa-libGL.i686
alsa-lib.i686
portaudio.i686
pulseaudio-libs.i686
libXrender.i686
glib2.i686
freetype.i686
fontconfig.i686

libgnomeui.i686
gtk2-engines.i686

 

 

Corresponding Shell-command: sudo yum -y install libstdc++.i686 mesa-libGL.i686 alsa-lib.i686 portaudio.i686 pulseaudio-libs.i686 libXrender.i686 glib2.i686 freetype.i686 fontconfig.i686 libgnomeui.i686 gtk2-engines.i686

 

7.) We're almost done, there's one more problem: After installing these libs and trying to start guitarPro6 with sh gp-launcher.sh the following error will occur:

./GuitarPro: /opt/GuitarPro6/./libz.so.1: version `ZLIB_1.2.3.3' not found (required by /usr/lib/libxml2.so.2)

 

This means GuitarPro6 tries to use a wrong version of libz. The trick is to remove the libz lib in the GuitarPro6 folder and let GuitarPro use the libz version of the system.


Commands:

sudo rm libz.so.1

 

After that GuitarPro6 should be able to start.


8.) Soundbank-Installation:

For some reasons (which I didn't find out yet) the soundbank installation doesn't work. However there's a workaround for this:

 

 

 

  1. Download the file Soundbanks.gpbank directly from the website and copy it to your GuitarPro6 folder (again you need root privileges to do this)

  2. Run sudo /opt/GuitarPro6/GPBankInstaller /opt/GuitarPro6/Soundbanks.gpbank /opt/GuitarPro6/Data/Soundbanks/

     (notice the blanks after each directory argument)

  1. It should sucessfully import it, doing it this way.

 

 

I hope everything worked out fine. You can also add a Desktop link to GuitarPro6 by adding a file in /usr/share/applications.

 

 

If you have questions you can ask here, I'll respond asap: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Buy me a beer :)

 

 

 

 

openSUSE 12.1 milestone 5 (aka, beta 1) released

On September 1st, the openSUSE team released the latest milestone for openSUSE 12.1. This brings the openSUSE 12.1 release closer to replacing standard SysV init with systemd, and closer to GNOME 3.2. Check it out!

 
Page 21 of 140

Upcoming Linux Foundation Courses

  1. LFS426 Linux Performance Tuning
    08 Sep » 11 Sep - New York
    Details
  2. LFS520 OpenStack Cloud Architecture and Deployment
    08 Sep » 11 Sep - Virtual
    Details
  3. LFD320 Linux Kernel Internals and Debugging
    15 Sep » 19 Sep - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board