Jul 31, 2007

Question: Do I need to have AntiVirus Software running on my Linux Machine?

After thinking long and hard about this one I am going to tell you that you SHOULD have some sort of antivirus installed on your Linux distro. It doesn't matter if it is ClamAv, Avast! or any other with a good track record.

And now I am going to tell you why. There are about 100 know Linux viruses out there and they are not be turning up new ones every day like windows viruses BUT they do exist. And not being protected is just stupid. No offense. Actually you can take offense I don't realy care. I personally back up every OS incrementally and run some sort of AV software with heuristics. This should give you some protection from Zero day threats.

Ok ok simmer down. Now onto WHY I think it is very necessary to be protected. I have a question for you:

Do you have insurance? You know medical dental or what not?

Of course you do you would be crazy not to because WHAT IF something happens. This should be your same attitude to computer security. Do you have a lock on your home? How about a security alarm?

Are you following me here? As an Admin I always feel it is better safe then sorry. And especially if it is all because you were SURE that no one could hack into YOUR machine. Now who better to have a try at it than a Linux Guru? It won't be long before the spammers and virus writers get tired of the Windows platform and move on... After all isn't Mac OSX built on Linux?
Hmmm... Gaining the majority of market share might cause some new internest by hackers...

Here is an excerpt from DesktopLinux.com:

Security, and freedom from viruses, has been one of the key selling points for
moving to Linux in the home and for the enterprise. How is Linux at risk from
viruses today? by Keith Peer

Currently there are under 100 native Linux viruses known but in many organizations the fact that a Linux viruses exists is enough reason to install and use Linux antivirus protection on Linux desktops and servers.

Additionaly users of StarOffice and OpenOffice.org have the ability to
open and view Microsoft Office documents that may contain viruses. These viruses
may not infect the Linux computer but the user can easily attach and send these
infected documents unknowingly to someone else
and that is a serious problem.As
system administrators move to Linux files servers they have a real problem to
deal with since the Linux file server can store Windows-based viruses.

Windows-based viruses can write to a Linux/Samba network share as easily as they can on a Microsoft Windows based network. System administrators must protect the Linux server from storing these viruses. The only way is through active
antivirus defense on the Linux server itself. Our Vexira Antivirus for Linux, as
an example, detects not only Linux-based viruses but also Windows and DOS-based
as well, I think the current number of malicious or potentially malicious
applications (viruses, trojans, worms, etc...) we detect is above 74,000

Still not sure continue reading this article for more Fan boy dream killing information... _TheAdmiN_

Originally Posted on Ask The Admin By

Don't Forget your Bauer-Power Gear!

Jul 30, 2007

Norton Ghost 12 VProConsole Error

I was messing around this weekend with Norton ghost 12 on one of my home computers. It would install fine, then after reboot I would get an error saying "VProConsole has encountered an error and needs to close...". I was getting so frustrated, I couldn't see straight. I tried looking on Symantec's website with no luck. I tried a general search on Google for the error, no luck there. Why wasn't this thing working for me?

Well I finally found the answer. I checked my system's event logs and found out that Ghost was crashing because of a problem with .NET Runtime 2.0. I decided to go to Windows updates and check for any missing updates. Sure enough I was missing a patch for .NET Framework 2.0. Of course, with my luck the patch didn't install. I decided plan B for getting my necessary patch. I opened Firefox and went to Windiz Updates. That's right, I didn't misspell that. Windiz updates is a place you can go for Microsoft updates if you are a Firefox user.

Anyway, long story short, I got the patch installed then rebooted. When my machine came back up, Norton Ghost was running like a charm. Now there finally is an article online on how to correct that VProConsole error, because Symantec is too lazy to put something up about it in their knowledge base! (In case you missed it, the fix is to install any missing .NET Framework 2.0 Patches from Microsoft).

Don't Forget your Bauer-Power Gear!

Jul 28, 2007

Free Antivirus for Linux!

I am sure most of you have heard of Avast! anti virus for Windows. Many of you probably use their free home version already. Did you know that they make a version for Linux as well?

Many of you who are new to Linux might be thinking of anti virus as an after thought. I mean, according to the MAC commercials, only Windows gets viruses right? That isn't true, all operating systems can be a victim of viruses and mal-ware (though none as prevalent as Windows). So you will need to protect yourself.

You can download the free Linux version of Avast! here. They have RPM packages for Red Hat based systems, DEB packages for Debian based systems (like Ubuntu), and tarball installs for the rest.

Don't Forget your Bauer-Power Gear!

Dell + Ubuntu = 1337 (Or @ Least $1337.00)

That's right that is the actual price for the Dell Inspiron 1420N Pre-Loaded with all its Ubuntu goodness. The specs rock including 160gb hard drive, Wide Screen, Shinny Anti Glare, Core 2 duo 2.2ghz, Dvd/Cd Burner with dual layer, Bluetooth. This thing is uber sweet @ just the right 1337 price! We couldn't make this stuff up if we tried.

And for those of you going HUH? What's so special about that? Check this Wikipedia Entry on l33t.

Originally Posted on Ask The Admin By

Don't Forget your Bauer-Power Gear!

Bauer-Power: Mobile!

Bauer-Power Mobile

I am on-call this weekend for my real job. When we are on call we have to carry around a blackberry phone so we can monitor alerts, as well as take emergency support calls. While checking the messages for anything I may have missed while playing soccer with my daughter, I decided to see what Bauer-Power looks like via a mobile device. I was pleasantly surprised.

Blogger automatically shrinks my header picture to fit the screen, and automatically takes you to the post section. This is great because it blocks out all the extra stuff on the side for a smoother mobile web browsing experience. It Also gives you links to the side bar at the top of the screen, and a link at the top to take you back to the main page!

Now you have no more excuses not to read Bauer-Power! You can do it anywhere your phone has service!

Don't Forget your Bauer-Power Gear!

Spybot Search & Destroy 1.5 Beta!

Spybot Search & Destroy

For those of you out there that haven't heard, or haven't been keeping an eye out for it, Spybot has a new version in the works. Spybot S&D 1.5 Beta.

I have it installed, and can tell you this much about it:

1) The interface is almost identical to version 1.4
2) They have a new update manager
3) The Immunization interface has changed

I'm sure there are other things different that I didn't mention. Hopefully they get more noticeable feature changes and improvements by the time they finally release it. You can download it here. Test it out, and let me know in the comments other new features/improvements that you find.

Don't Forget your Bauer-Power Gear!

Jul 27, 2007

Advanced Windows Firewall Subversion

This video is from last year's ToorCon, which is a hacker/security convention held here in San Diego every year. Enjoy:

Don't Forget your Bauer-Power Gear!

I've been Simpsonized!

MySpace now now has a new Simpsonizing site to promote the new Simpson movie coming out. I went on there to create a new avatar for my Myspace page. You should check it out, it is pretty fun :-)

Notice my Simpson's character is sporting a shirt from the Bauer-Power store! Don't be left out! Get yourself some schwag from the store yourself!

Don't Forget your Bauer-Power Gear!

Jul 25, 2007

UPDATE: VMWare Server on Ubuntu (apt-get baby!)

Oh man! I am such an idiot! I'm not sure why I made it all hard on myself. There is a repository where you can apt-get the VMWare server install now.

Instead of killing yourself doing what is mentioned in my previous post, just do the following:

edit your /etc/apt/sources.list file by opening your terminal and typing:

sudo gedit /etc/apt/sources.list

Add the following line at the end and save the file:

deb http://archive.canonical.com/ubuntu feisty-commercial main

Next, in the terminal run:

sudo apt-get update

After you are done updating, now we run apt-get in all of it's glory:

sudo apt-get install vmware-server vmware-tools-kernel-modules

Follow the prompts, and your done!

(Note, you will still need to register for your free serial at VMWare.com)

[EDIT] - Trying to Install VMWare on Ubuntu 9.04? Check out my post here: (Install VMWare Serve 2 on Ubuntu 9.04 Server)

Jul 24, 2007

Installing Free VMWare Server on Ubuntu

I have been an Ubuntu user off and on for about two years now. Each time I tried to install VMWare whether it be workstation or server, I could never get it to install and would give up. The other day, I mentioned that I would be rebuilding my laptop and installing Linux only (I think I mentioned Sabayon in that post, but decided to go with my favorite Ubuntu). Anyway, this time I resolved to not let the VMWare fiasco go this time. i would not stop until I was able to get that bastard installed.

I finally found my answer! i found a small how-to on How To Forge, and I will share my discovery with you fine people. Here you go:

vmware logo1) Make sure you have the needed build environment and tools to compile the vmware modules for the kernel. To do this, open a terminal and type the following:

sudo aptitude install linux-headers-`uname -r` build-essential

When that is complete, run the following in the terminal:

sudo aptitude install xinetd

2) Download the VMWare Server tar file to your home directory. Open a file manager like nautilus or thunar and browse to your home directory. Right click on the tar file and select extract here.

3) Download the vmware-any-any patch here (As of this article the latest is version 112) to your home directory. Just like the VMWare server package, open your home directory in nautilus or thunar, right click on the tarball and select extract here.

4) Go to your terminal and CD into your home directory. Now do the following:

cd vmware-serv*
sudo ./vmware-install.pl

When you get to the part that says:

Before running VMware Server for the first time, you need to configure it by invoking the following command: "/usr/bin/vmware-config.pl". Do you want this program to invoke the command for you now? [yes]

Type no then enter

5) Now you will need to run the patch to finish the install. To run the patch do the following in the terminal:

cd ..
cd vmware-any*
sudo ./runme.pl

Now when you get to the part asking:

Before running VMware Server for the first time, you need to configure it by invoking the following command: "/usr/bin/vmware-config.pl". Do you want this program to invoke the command for you now? [yes]

Type yes, and follow the prompts.

6) When the install is finished, type vmware to launch the server.

Don't Forget your Bauer-Power Gear!

Jul 22, 2007

Prison Inmates Practice Thriller!

I know this has nothing to do with hacking or technology, but it does have some seriously nerdyness issues. This is probably the coolest thing I've seen in a while. It is a bunch of Phillipino prison inmates re-enacting Michael Jackson' Thriller!

Don't Forget your Bauer-Power Gear!

Jul 21, 2007

Creating Deployable Encrypted Windows Images

Every once in a while I wipe down my laptop's hard drive and re-image it a different way. Two times ago, I set it up as a dual boot system with Windows XP Pro and Ubuntu. The most recent one was Windows XP encrypted with Compu-Sec full hard drive encryption. I had VMWare installed so I could still play around with Ubuntu if I liked, but running Ubuntu through VMWare just isn't the same to me as having it directly installed.

Anyway, I decided it was time to image my machine again, this time I am going to install Sabayon Linux only. I will install Linux VMWare version and put Windows on it this time. Before I do that though, I want to "ghost" my current configuration so I can go back to that if I want. The problem is that the entire hard drive is encrypted.

What one normally does to create a deployable image is to run sysprep then reboot the computer to a boot disk or CD of some kind whether it is Symantec's Ghost or, my favorite, The Ultimate Boot CD for Windows and create a bit by bit image of the hard drive. The problem with my setup is that when I reboot to the bootable CD, the imaging program doesn't see anything on the disk. Everything is encrypted so I can't create the image, because these bootable disks only see a blank hard drive.

What I decided to do is to create the image while Windows is running using the installable Drive Image XML. If your laptop is going to be joined to a domain, or is already joined to a domain, you will want to disjoin it and put it in a workgroup first. You will also want to create your sysprep folder and sysprep.inf file in the root of your system drive. You will not run sysprep though.

After you have the computer in workgroup mode, with the sysprep folder ready, you will download and install Drive Image XML. Once installed use the backup option and follow the wizard. When prompted, select the option to try Volume Shadow Services (Volume locking will not work while Windows is running). Now backup the drive.

When you are ready to deploy the image to another similar computer (It has to have the same hardware like all operating system images) Boot it up using The Ultimate Boot CD For Windows, follow the step I outlined in a previous post here for restoring the operating system image. After you boot up the newly imaged computer and login, now is the time you will want to run sysprep and re-join the laptop to your domain.

If this doesn't make sense to you, or if you have any questions, hit me up in the comments!

Service Pack 1 for Vista is comming out... No wait its not. Now stop talking about it!

So we have been hearing all this hub bub about Vista service pack 1. Wasn't this suppose to be the service packless operating system? Am I the only one who remembers hearing that? Well it looks like Microsoft has got their panties all knotted and bunched up because they are lashing out at blogs to stop spreading mis-information. Look who's talking! People have been getting take down notices left and right to pull the "mis-information" and propaganda. Am I missing something here? Well here is a round up of information:

Microsoft wants you to be informed about the current state of the Windows
Vista SP1 beta. (Not really, but they are pretending they do….)

Here is the latest official missive on Vista SP1 from Microsoft headquarters:

“There will be a Windows Vista service pack and our current expectation is that a beta will be made available sometime this year. Service packs are part of the traditional software lifecycle — they’re something we do for all Microsoft products as part of our commitment to continuous improvement, and providing early test builds is a standard practice that helps us incorporate
customer feedback and improve the overall quality of the product."

“Service packs are just one example of the work we do to constantly improve the Windows experience. We also deliver improvements to Windows via Windows Update, which is an excellent channel for providing our customers with the most significant updates as they happen. And, since Windows Vista launched, we have continued working with partners to improve overall device coverage and application compatibility. There are now more than 2.1 million supported devices and more than 2,000 logoed applications for Windows Vista. We think customers will have a great experience using Windows Vista today."

“Spread the word to stop misinformation.”

I agree. It is time to stop the misinformation, the bulk of which is coming from Microsoft right now.

Who said there would be a public beta of Vista SP1 this week? I’ve been saying Microsoft would extend a beta of Vista SP1 to a selected group of testers in mid-July, most likely this week. (Microsoft has got testers so panicked now about being fingered as sources of leaks that even if and when they do get the SP1 code, I’m doubtful anyone will dare say anything.)

Here’s a little more of an update, courtesy of the Bink.nu site:

“So the only release (of Vista SP1) that’s occurring is a limited Beta to a very small, very select group of advance customers. A public version of the Beta is not being released this
week, nor next, nor in July, nor anytime in the immediate future.” (Update: Looks like the powers-that-be at Microsoft got to Bink. This part of the statement has been removed. Oh well.)

Yeah, I’ve had no luck in getting Microsoft to provide a date for if or when there will be a public beta of SP1, either. Nothing but no comments. All I know is Microsoft has told some testers they are shooting to get SP1 out by November. Maybe they meant a public beta of SP1…not sure.
If Microsoft is going to such great lengths to keep the status and feature set of a service pack secret, what will they do when it’s finally time to start talking about Windows Seven? Will wiretaps be involved? Scouring employees’ phone records for calls to unapproved numbers? Logging people’s private IM sessions? I better get out my long blond wig and heels (again)…. Just remember folks: It’s just a service pack. Something that should be seen as good news for the many businesses and individuals that still prefer to wait for a fix pack from Microsoft before rolling out a new product. [ZdNet]

Originally Posted on Ask The Admin By

Jul 20, 2007

Stop Firefox's Session Restore Pop-Up!

I love Firefox. Mainly because it isn't from Microsoft, but also because it is more secure that Internet Explorer, and has millions of cool plug-ins and skins so you can customize it. Your Firefox browser can be as individualized as you are if you want it to be.

The one thing I can't stand about it is after a while, it will not stop with the "Session Restore" pop-up. I like the idea of it, but no matter how cleanly I close the program, after a while it will say that it wasn't closed properly last time do I want to restore the session? No... Not really I tell my computer, but like my two year old daughter, my computer doesn't listen to me.

I found a way to stop it though. If you know a better, easier way let me know:

1) In Firefox type about:config in the address bar and press enter.
2) You will get a list of stuff you've probably never seen before.
3) Find the string saying browser.sessionstore.enabled.
4) Right-click on it and select toggle. That changes the value from True to False.
5) Turning the value to False turns that annoying feature off.

Like I said, if you know a better way, please leave a comment in the comment section.

Don't Forget your Bauer-Power Gear!

Jul 16, 2007

You Wouldn't Like Me When I'm Angry...

...Angry Ip Scanner that is. That's right, no pre-amble today, just straight to the nitty gritty. Angry Ip Scanner is basically what it sounds like. It is a tool that lets you scan an entire network for hosts simultaneously using ping. Once you have a list of live nodes on the network, you can then go through and do a port scan. Hackers use tools like this to scan for hosts, then check for open ports. They can then use other tools at their disposal to exploit those open ports and get access to your system. This makes a very good case for disabling ICMP requests on your firewall.

I'll tell you what made me think of this tool today though. It wasn't really hacking per se. What happened was I had a user call in from one of our remote offices. She was turning on a PC that hadn't been turned on in months and for some reason it had fallen off the domain due to the lack of communication with the server. Since it was no longer trusted on the domain, she could no longer login. I had her tell me the computer's name, but DNS wasn't finding it either. Since she couldn't login, I couldn't walk her through finding the IP Address for me to try connecting to it that way. So what does one do in this circumstance?

Well, I busted out Angry Ip Scanner, and I plugged in the IP Address range for her subnet. In less than a minute, I had a complete list of all live nodes on the network, including her computer complete with IP address. I was able to login through IP, and rejoin it to the domain.

There are many other uses for this type of utility. If you can think of some more, please leave a comment. If you have never used it before, you have got to try it out!

Don't Forget your Bauer-Power Gear!

Jul 15, 2007

Vista Gadget Bar...On Windows XP!

In a previous blog post I mentioned an entire skin pack to transform Windows XP into a Vista Look-a-like. One of the features of that program is that it installs a side gadget bar just like Windows Vista. I didn't mention that you can get that sidebar by itself though. Well, guess what, You can.

In fact, there is a brand new version of it that has more gadgets that ever before. It is called Thoosje's Side Bar Version 2.0. I'm not sure if they had this feature in the older version (Because I never checked, they may very well have), but now they offer you an option to download and change certain skins of the gadgets.

Some of the gadgets include:

* Clock
* CPU/RAM Monitor
* Local Weather
* Calculator
* Run Gadget (As in click on start > Run)
* Calendar

And so much more! Check it out today!

Jul 14, 2007

White and Nerdy

When Weird Al put this out it was an instant classic!

Don't Forget your Bauer-Power Gear!

Jul 13, 2007

Web Crash 2007

I got this video from The Onion. It is friggin' hillareous!

Don't Forget your Bauer-Power Gear!

Posting Less Frequently

I hate to do this, but I will have to start posting less frequently than before. When I first started this, I did it mainly because I was getting board at work. After a while of sitting on the help desk phone taking the same types of calls over and over, you need to do something to escape and maybe challenge yourself a little more.

Well, my bosses noticed that I have been board and I needed to be challenged, so they have started moving me in more of a system administration role rather than a systems support role. This will start taking up more and more of my time. In fact, this last week was very hectic. My boss had me build a new production server for one of our offices on the east coast. It was sort of an emergency, so I had very little time to get it done. Anyhoo, I finished it up today and got it shipped out. That is only the beginning though.

I will be meeting with my boss on Monday, as he has a whole bunch of server side projects he has been needing to get done, but hasn't had anyone who could do it. That is where I will be. I am still fairly "Green" in the industry, so this really is my big break.

Wish me luck! I will try to keep posts coming as time will permit.

Don't Forget your Bauer-Power Gear!

Jul 11, 2007

NTFS File Compression: Why Blue?

Man-o-man, I love getting funny questions working in the I.T. field. I don't blame users for not knowing certain things, so don't get me wrong, but many problems are caused just because people don't know. Anyway, I got this ticket in (I have omitted the name of course), with a very interesting question:

"Why is the font color of our S drive now blue? It is difficult to read. Can we change it back to black?"

Sounds like a pretty straight forward question right? Well for those of you who do not know, when Microsoft moved from the FAT32 file systems to NTFS, they added a feature called File Compression. It is kind of like a built in ZIP, and is used to save space on the disk. To enable it, right click on your hard drive and select properties, and check the box that says "Compress drive to save disk space." If you only want one folder compressed, then right click on that folder, and select properties. on the general tab click on the advanced button. You will see two boxes at the bottom, check the box that says "Compress contents to save disk space." Once enabled, Windows will change the font color of everything in the compressed folders to blue to indicate that compression is turned on.

You may also notice when you go into advanced attributes on the folder that there is another check box that says "Encrypt contents to secure data." You cannot have that selected while file compression is turned on, and vice versa. If you decide to use that, it will encrypt all of the contents in that folder and only you will be able to access them. It will also change the font to green. If you knew that, great! If you didn't, then now you know...and knowing is half the battle!

Now, if you do not wish to view these colors, you can open that folder then click on Tools> Folder Options> View Tab. Scroll to the bottom of the list. Un-check the third box up from the bottom that says "Show encrypted or compressed NTFS files in color."

Don't Forget your Bauer-Power Gear!

Jul 10, 2007

Blast From Past: Sony Beta Max Promo Video

Oh, the sweet days of Sony Beta Max! Kind of reminds me of the HD-DVD versus Blu-Ray fiasco going on now...

Don't Forget your Bauer-Power Gear!

Jul 9, 2007

Another Good FREE Defragger

Some people may think I am a little weird for doing this, but hey, it works for me. I am a very deep sleeper. I have been known to sleep right through the alarm clock if I am tired enough. I am also a chronic snooze button pusher. Anyway, a few years ago I developed a system where I set my alarm to wake me up an hour before I have to start getting ready, then I walk out into the front room and set the egg timer on the microwave for fifteen minutes then I go and crash on the recliner. Every fifteen minutes I get up to reset the alarm for another fifteen minutes. This lets me not get into such a deep sleep that I cannot wake up, and I eventually get sick of doing this and start getting ready. Anyway, I got out of bed this morning at 4:30 to begin my morning ritual. When I got out to the recliner, I layed there for 10 minutes wide awake. I decided to give up and went to the computer to do a little surfing. While doing this surfing I came across a new FREE third part defrag utility that I am going to share with you.

I previously blogged about a free defrag utility I use called DIRMS which is cool because you can write a batch file and set a scheduled task to run it. The only problem with that is most average people don't understand command line, and even more don't know what a batch file is. The average user wants a GUI based defrag utility where they can see some progress being made. They also want something they can set and forget without too much hassle. I think I found that program for them, and like just about everything I recommend, it is free because it is open source.

This utility is called JKDefrag Gui. You can use it as a stand alone executable and run it from your USB drive if you want, or you can install it. Either way, scheduling is a snap. you just click on the scheduling tab, select the days you want it to run, and the time and you are all set. It even has a screen saver that defrags your hard drive every time you are away from your desk. You literally don't have to think about defragging anymore! That is great, because if you are like me, you probably don't want to have to think more than you already have to.

Jul 8, 2007

The Code Linux

This is an awesome video documentary on Linux and open source code in general.

Don't Forget your Bauer-Power Gear!

Jul 7, 2007

PandaLabs Says: Talking Computers = BAD NEWS!

If your computer starts talking to you and tells you that you are infected and your files have been deleted, it's not a joke. I REPEAT ITS NOT A JOKE! We have just seen this in the wild so if your computer is saying you are infected in the near future chances are you have just been infected by the BotVoice.A Trojan. This new malicious code detected by PandaLabs last week uses the Windows text reader to play the following sentences:

"You have been infected I repeat you have been infected and your system files have been deleted -- Sorry, have a nice day and bye bye."

These comments are repeated over and over again while the Trojan tries to delete the entire content of the computer's hard disk. Sometimes, BotVoice.A might not manage to delete all of the system files. However, this doesn't prevent it from rendering computers unusable as it modifies the Windows registry so that none of the programs installed on the computer nor the task manager can be run. It also disables the Windows registry editor in order to safeguard its malicious actions.

"This is a very unique Trojan. Not only does it delete computer files, but also makes fun of users. Meanwhile, it does everything necessary to make it impossible to stop its actions," explains Luis Corrons, Technical Director of PandaLabs.

This Trojan uses the usual means of propagation: P2P networks, physical storage devices, such as USB memory sticks, floppy disks or CD-ROMs, and downloads performed by other malware or from malicious web pages, etc. In cases of a new and previously unknown Trojan like BotVoice.A, the infection will not be prevented by traditional antivirus software which relies primarily on signature files of known malware..

Direct from Panda Labs:

Even when the Trojan is unable to wipe all files, it may still remove Windows files, which could stop all the programs installed on the machine functioning, PandaLabs warned.“This is a very peculiar Trojan,” said Luis Corrons, technical director of PandaLabs. “Not only does it delete computer files, it does everything necessary to make it impossible to stop its actions. In cases like this, it is important to prevent the infection, which makes proactive protection techniques, capable of detecting unknown threats, a necessity.”Researchers said the malware is spreading via a variety of methods, including physical storage devices, such as USB sticks, floppy discs and CD-ROMs, and through visiting websites hosting malicious code and downloads performed by other viruses.

Make sure you are blocking P2P on your network to be safe. And still realize that those laptops that leave the office can come back infected. So make sure your security policies are up to snuff as Well! -TheAdmiN-

Originally Posted on Ask The Admin By

Don't Forget your Bauer-Power Gear!

Jul 6, 2007

Gentoo Linux for the rest of us: Part II

So I have had some time to play with Sabayon a little bit. My verdict...Pretty Cool! I am still not switching my Linux of choice yet from Ubuntu, but for those out there trying to break into the Linux realm, this is pretty good. I think die-hard Gentoo lovers won't like it, because it is a little too "pre-configured" for many of their tastes.

I tried installing it on VMWare, which was okay, but OpenGL isn't supported under VMWare. So, alas, I didn't get the full experience of the 3D desktop environment. The whole process is automated from the live CD installer, and you don't have to do too much thinking which is what I hated about the original Gentoo. Here are some bullets I noted when installing:

* OpenGL automatically installed if graphics card supports it.
* Choice between Gnome, KDE, Enlightenment, or Fluxbox at installation (Not XFCE though!)
* Set boot loader password at installation for greater security
* I installed version 3.3, apparently 3.4 is HD ready

I didn't spend a lot of time playing with it. There are, I am sure, other better features that I didn't even scratch the service of. For ease of use and installation though, I give this distro an A+, and in my book they have totally redeemed the name of Gentoo.

Don't Forget your Bauer-Power Gear!

Jul 5, 2007

Matrix Spoof

This is a funny video clip from the 2003 MTV Movie Awards, where Sean William Scott, Justin Timberlake, Wanda Sykes, and the great Will Farrell do the best Matrix spoof of all time.

Don't Forget your Bauer-Power Gear!

Sorry so late: Happy 4th of July

american flag

I know, I know. I should have posted this yesterday. I would have too, but I was too busy partying, and having a good time to visit my blog. Anyway, I hope everyone had a great independence Day! I will be following up with more on Sabayon as soon as I've played with it more!

Don't Forget your Bauer-Power Gear!

Jul 3, 2007

Gentoo Linux for the rest of us: Part I

So there I am last night in my "Switches and Routers" class listening to my teacher jaw on about the differences between Distance-Vector protocols, and Link-State protocols board out of my mind. Sure, the stuff is worth learning, and I find it interesting, but the material really is rather dry. Anyway, I look over and I see this nerdy guy in my class, We call him Neo because he always dresses in black and wears sunglasses even at night time. Anyway, Neo opened up his laptop and booted up to a Linux distro that I had never heard of before. I was watching him play with it, and at first I thought, maybe it was Ubuntu, then I notice the guy playing with a bunch of cool 3d animations, so I immediately thought, 'wow, this guys got XGL working.' After a while he shut it down, and I finally noticed the logo was not Ubuntu, but Sabayon.

I immediately thought to myself, "Self, what is Sabayon? I must look that up!" So I did. Sabayon is a rather new Gentoo based Linux distro. Well, what does that mean to you and me? Well, if you haven't tried to do a Gentoo install yourself, you just haven't lived. Gentoo is what I refer to as a royal pain in the arse. You literally have to compile the kernel yourself and build it from the ground up. The first time I was getting into Linux, my old supervisor loaned me an old laptop and told me to install Gentoo on it. After three days of downloading binaries across my DSL connection, I finally gave up and found Ubuntu. Gentoo apparently has a Live CD installer, but each time I tried it it failed. Seriously, installing an operating system shouldn't be hard. Well, Sabayon apparently is a Gentoo install, without all the fuss.

I haven't actually installed it yet, I am currently downloading it now. The full install is over 3GB in size, so make sure you have a DVD burner to put the ISO on. I will keep you all informed on what I find.

Don't Forget your Bauer-Power Gear!

Jul 1, 2007

How To Fully Encrypt Your Ubuntu Installation

I found this little "how-to" guide on doing a full hard drive encryption of Ubuntu. Fully encrypting your operating system can prevent people from getting access to your files using some form of live CD or other methods. I previously blogged about full hard drive encryption here, but that was mainly for Windows (some forms of Linux were supported, but not Debian based distros like Ubuntu).

Anyway, these instructions were written by Rudá Moura, on the Ubuntu Forums, and was originally performed on Ubuntu 5.10, but most principles should still work on the latest version.

I would also like to mention that Rudá gives instructions for using the text editor vi, which can be kind of hard to use for beginners. If you are a Windows convert and are used to using notepad, then use gedit instead when operating in the GUI. I prefer nano or pico myself from the terminal which is what you will be in when you do this, but that is neither here nor there. Anyway, without further ado, here are the instructions:

Part 1: Ubuntu installation

Install Ubuntu with server profile with the following initial partitioning scheme:

/dev/hda1 /boot 100 MB ext3
/dev/hda2 / 512 MB ext3

Mark that 512 MB is really the shortest size you can set for a server type of installation. A complete Ubuntu installation requires at least 2.4 GB. Make your choice now. In addition, I created two more spaces to hold my future encrypted root and /home partitions, so as the following:

/dev/hda3 future / 10GB
/dev/hda4 future /home 30GB

Set these partitions in the installer option for filesystem as "do not use the partition". Note that it is not absolutely necessary to have an exclusive /home partition, so this is optional since you can have only one partition for a whole encrypted system. Just ignores the alert about not having a swap partition and keep walking.

Part 2: Cryptography software installation

Configures your apt to use all the optional repositories which come with Ubuntu. This is done by modifying /etc/apt/sources.list, uncommenting all the “deb” repositories. Since you are on a terminal with no gedit or something like that, you will need a pure text editor such as Vi. If you know how to use it, don't care for the following explanation for begginers: to edit text files on a terminal using the Vi command, follow this example:

# vi /etc/apt/sources.list

Press “i” to enter in the INSERT mode, make the alterations, press ESC to enter the COMMAND mode and then press SHIFT+zz (ZZ) to save and quit.

Just install the following additional packages: crypsetup 1.0.1, hashalot 0.3, initrd-tools 1.78 e cramfsprogs 1.1 with the command:

# apt-get install cryptsetup hashalot initrd-tools cramfsprogs

Important: initrd-tools must be updated to 1.78 version, because the original one that comes with Ubuntu has a severe bug which makes it unusable.

Part 3: Creating the encrypted system

Now it is time to create the cryptography devices. First, root: choose a trustworthy password, so that you will not end with a weak security implementation. Do not even use your personal login password. Observe that it is hard to change this password later (you would need to re-encrypt the full system again) and this is not explained in this article. The password for /home can be more weak, because it will be stored encrypted inside the file /etc/keys/home (remember that / is being fully encrypted). This is necessary to avoid that /home password would be asked at every boot in order to be mounted.

# cryptsetup -y create root /dev/hda3
# sha256 > /etc/keys/home
# cryptsetup -d /etc/keys/home create home /dev/hda4

The password for root will be asked twice, but the one for /home will be asked only one time and it does not provide confirmation! The partitions with support for cryptography will be available at /dev/mapper/. Now create the filesystem. I prefer the XFS filesystem (this is the one for high performance boxes created by Silicom Graphics, with no undelete policies and 64bit technology. Also there are not tools for windows which can be used to mount a xfs system – but who cares since now we are going to be encrypted!) You can use any filesystem supported by Ubuntu and the one everyone use is ext3, but that's a matter of taste.

# mkfs -t xfs /dev/mapper/root
# mkfs -t xfs /dev/mapper/home

Now mount the new partitions to /mnt and copy the old root to the new one at /mnt. This will be a perfect copy, preserving data, symbolic links and everything.

# mount /dev/mapper/root /mnt
# mkdir /mnt/home
# mount /dev/mapper/home /mnt/home
# cp -axv / /mnt

The copy process took two minutes and a half for a server profile and sixteen for a complete installation. Mount /dev inside /mnt/dev to get access to the devices.

# mount --bind /dev /mnt/dev

Part 4: Adjusts inside chroot

Enter the encrypted system by using the chroot command and mount /boot, /proc and /sys:

# chroot /mnt
# mount /boot
# mount /proc
# mount /sys

This step must be done in order to fix a bug in Ubuntu, but do not ask me why..

# ln -sf /lib/libdevmapper.so.1.01 /lib/libdevmapper.so.1.00

Edit /etc/crypttab and add the following lines:

root /dev/hda3
home /dev/hda4 /etc/keys/home

Edit /etc/fstab in order to change root to the new mounting point at /dev/mapper/root and add a line for /home. I did it this way:

/dev/mapper/root / xfs defaults 0 1
/dev/mapper/home /home xfs defaults 0 2

Edit /etc/kernel-img.conf and add the following line:

ramdisk = /usr/sbin/mkinitrd

Edit /boot/grub/menu.lst, search for kopt and change this line to:

# kopt=root=/dev/mapper/root devfs=mount ro

Note that the initial # should NOT be removed!

Asks it to reconfigure kernel so that it obtains a new file for grub and a new initrd image able to support cryptography.

# dpkg-reconfigure linux-image-2.6.12-9-386

This command takes into consideration that the installed kernel is the original one from the installation, but if it is NOT the case, substitute it properly – for example, 686 instead of 386, or any other updated version.

Part 5: Finishing

Unmount all chroot file systems, quit chroot and reboot:

# umount -a
# exit
# reboot

If everything worked fine, your system will ask for the password in order to mount /root and then the boot process will continue. If you type a wrong password the system will not output any alert and will fail drastically, probably with a Kernel Panic.

Part 6: Encrypted Swap

This process is like the other we done for /home, but the only difference is that the password will be different for every boot, since it will be read from /dev/random.

# cryptsetup create swap /dev/hda2

Type any **** as password, since it will not be used by the user.

Edit /etc/crypttab and add the line for swap:

swap /dev/hda2 /dev/random swap

Edit /etc/fstab and add the file for swap:

/dev/mapper/swap none swap sw 0 0

To enable swap immediately:

# cryptsetup remove swap
# /etc/init.d/cryptdisks start
# swapon -a

From this moment your whole filesystem is encrypted. In order to turn your server instalation into a default and complete one, just do it:

# apt-get install ubuntu-desktop

Don't Forget your Bauer-Power Gear!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam