Hi guys !
hmm how do i start off with !Its 11 :) In the morning sleep still through my eyes :) but i will still go around :) !
watch out fo rmore in the hols ;P :)
taggy !
Welcome to my new blog powered by Movable Type. This is the first post on my blog and was created for me automatically when I finished the installation process. But that is ok, because I will soon be creating posts of my own!
I woke up today and and my mobile started buzzing .I thought it was an good morning message. And my mother somehow knew
it had to be a girl. She thought Probably Preeti :p
She read the message and looking at me . it read " Some people are alive only because it's illegal to kill them."
and i turned around to see who it was and realised it was my friend all the way from Glasgow i had forgot to mail him for almost a month and no holi wishes too. BTW i still didnt reply to his mesg.
Im sure you are reading this. Happy Holi machan :P
PHP is always interesting ! for it can give a nice insight in to the system ur working.Without reallyhaving a shell access. And when i saw i could execute php in wordpress immediately jumped on to it.
And here is the code i typed in which gives the out put !
< ?php
echo "Current date and time: ";
echo date("l dS of F Y h:i:s A");
?>
echo date("l dS of F Y h:i:s A");
?>
While waiting for ADSL to be enabled in my area, which (I've been told) will happen soon, I did some tinkering with my Debian Linux workstation to make it more protected against remote attacks, and I thought of compiling a list of security measures against the dangers of full-time Internet connection. Obviously the list is not complete, but it has tips that can surely help.
Linux Core
Configure and Enable Firewall
The firewall is the front-line defense against remote attacks, it's highly recommended that you enable and configure it, Linux firewall infrastructure is called netfilter/iptables, unfortunately it is quite complicated, the details can't be covered here, so check out this howto, or use configuration frontends like m0n0wall (CLI), shorewall (CLI), and FireStarter (GUI).
I suggest you drop all incoming connections, and then open the ports you need, like SSH or Bittorrent.
Avoid Easy-to-compromise User Accounts
The machine must not have user accounts with easy-to-guess passwords, especially accounts like test/test or guest/guest, many Linux worms try to exploit such accounts over SSH. open /etc/passwd and make sure there are no such accounts, if you do have an account like that, delete it:
# userdel username
If you really need such an account for some odd reason, change its shell to /bin/false,so an attacker won't be able to login to it:
# chsh -s /bin/false username
Mount /tmp as noexec
Many exploits and script kiddies rely on downloading scripts to /tmp and executing them, by mounting /tmp as noexec, scripts located in /tmp will not be executable, effectively disabling exploits that rely on /tmp, and stumping many script kiddies, here is the /tmp config line from my /etc/fstab:
/dev/hda5 /tmp ext2 noatime,noexec 0 0
Protect against Fork Bombs
Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren't remote exploits because they require a local user to execute the bomb, however, users may be tricked into running a fork bomb, for example the following example may look innocent, but running it on an unprotected system may take the whole system down:
:(){ :|:& }; :
WARNING: do NOT run the above code on an unprotected system!
The above shell script will actually keep forking at an exponential rate until system resources are exhausted.
To protect a system against such attacks, there is a file for limiting the number of processes for each user, it is /etc/security/limits.conf, add the following two lines to it:
@users soft nproc 100
@users hard nproc 150
The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.
Your system may not have a users group, so you may need to edit the lines to suit your needs.
Limit Usage of su/sudo
su lets normal users switch to the root account, and sudo enables root to grant more privileges to users, it's always better to grant only the absolutely necessary privileges to specific users, and limit the usage of su to a specific group, in Gentoo Linux, only users in the wheel group can use su.
When the usage of su/sudo is limited, even if the system was compromised through a dummy account (like test as username and password), the attacker will have less options to play with.
Linux Daemons
OpenSSH
Users of machines with broadband connections usually need to remotely connect to their machines through SSH, so even if the workstation is protected by a firewall, SSH's port need to be open for inbound connections, as a result, SSH is a common target for remote attacks.
Here is a list of OpenSSH configuration settings that make it more secure against attacks, SSH settings are usually at /etc/ssh/sshd_config
Port 22 (change the port number)
SSH default port is 22, change it through the above line, this will stop many automated attacks. Notice that when remotely connecting to the workstation, the new port number needs to be specified to the SSH client, for example:
$ ssh -p new port username@host.domain
Protocol 2
Make sure the protocol is set to 2, it's more secure than the 1st version.
LoginGraceTime 2m
MaxAuthTries 6
These config lines protect against brute force attacks.
PermitRootLogin no
Random attackers will usually try random usernames when trying to break through SSH, and since the root account exists on every machine, it will be on the attack list, the above config line disables root login over SSH, and stops those attackers, if root access to a remote machine is needed, login using your regular account, then su to root.
PermitEmptyPasswords no
A username with blank password may be added accidentally, the above config line makes it not possible to login with such accounts.
In addition, to the configuration lines I listed, and in case you login to your machine from the same IP address or range, limit IP addresses that can connect to SSH using /etc/hosts.allow, use the following format:
sshd : 127.0.0.1 : allow
sshd : IP address here : allow
sshd : IP address here : allow
sshd : ALL : deny
MySQL
if you use MySQL for local development, then it's safer to limit its connections to localhost (among the other things), to do so, run the mysql_secure_installation script, and it will take care of things for you.
Samba
Many need Samba for sharing files over the local network, here is a list of config lines to secure it, the configuration file is usually located at /etc/samba/smb.conf or /etc/smb.conf:
hosts allow = 127.0.0.1 192.168.0.0/24
hosts deny = 0.0.0.0/0
This config line limits hosts that can connect to Samba to localhost and local IP ranges, modify to suit your needs.
security = user
Set security to user, in this case, users connecting to Samba will need to login before continuing, to add Samba user accounts, use the following command:
# smbpasswd -a username
And then you will be asked to provide a password for the new account.
By the way, if you login to your Samba share from a MS Windows machine, you may set your Samba username/password to match those on Windows, and avoid having to enter them every time you connect to the share.
As a final Samba tip, do NOT share your home folder, if you do so, you are just asking for trouble, create a folder for sharing, and drop files there as necessary.
General Tips
* Keep your system up-to-date, especially when security vulnerabilities appear in packages you use, all major Linux distos have security mailing lists, subscribe to your distro's.
* Disable services you don't need, every open service makes your system more open to attacks.
* Regularly monitor the output of the following command for odd entries:
# vi /var/log/messages (system log)
# ps aux (running processes)
# netstat -anp (active connections)
* Update your system
* Don't rely on security through obscurity as the only measure, it can be another defense line, but full dependence on it can only lead to trouble.
* Did I mention keeping the system up-to-date? ;)
Hope this helps, will try to keep the list up-to-date, and add more entries whenever I come across something new.
A lady in a faded gingham dress and her husband, dressed in a homespun threadbare suit, stepped off the train in Boston
and walk timidly without an appointment into the Harvard University President's outer office.
The secretary could tell in a moment that such backwoods, country
Hicks had no business at Harvard and probably didn't even deserve to be in Cambridge.
"We want to see the president," the man said softly. "He'll be busy all day,"
the secretary snapped. "We'll wait," the lady replied". For hours the secretary ignored them, hoping that the couple would finally become discouraged and go away.
They didn't and the secretary grew frustrated and finally decided to disturb the president, even though it was a chore she always regretted.
"Maybe if you see them for a few minutes, they'll leave," she said to him. He sighed in exasperation and nodded. Someone of his importance obviously didn't have the time to spend with them, but he detested gingham dresses and homespun suits cluttering up his outer office.
The president, stern faced and with dignity, strutted toward the couple. The lady told him, "We had a son who attended Harvard for one year. He loved Harvard. He was happy here. But about a year ago, he was accidentally killed. My husband and I would like to erect a memorial to
him, somewhere on campus".
The president wasn't touched... He was shocked. "Madam," he said, gruffly, "we can't put up a statue for every person who attended Harvard and died. If we did, this place would look
like a cemetery. "Oh, no," the lady explained quickly. "We don't want to erect a statue. We thought we would like to give a building to Harvard."
The president rolled his eyes. He glanced at the gingham dress and Homespun suit, and then exclaimed, "A building! Do you have any earthly idea how much a building costs? We have over seven and a half million dollars in the physical buildings here at Harvard."
For a moment the lady was silent. The president was pleased. Maybe he could get rid of them now. The lady turned to her husband and said quietly, "Is that all it costs to start a university? Why don't we just start our own?"
Her husband nodded. The president's face wilted in confusion and bewilderment. Mr. and Mrs. Leland Stanford got up and walked away, traveling to Palo Alto, California where they established the university that bears their name, Stanford University, a memorial to a son that Harvard no longer cared about.
We have all heard enough of forks and crashes .But this simple piece of one line can FORK BOMB
ur system until all your resources get exhausted.
:(){ :|:& }; :
It exponentialy increases the forking .
ON Linux BSD :P jus try out guys may be u can crash ur server :P when the assignmenst are due :)
"Duniya se tujhe chura looon.....
Toda intezaar kar loon. "
I hear someone say this all day .Probably he is wanting to say this to someone.May be he is just rehearsing.
Wait is sweet enough when u know for sure,the dreams shall come true for sure.Its then the anticipation blooms in to a joyous reality.
I wish oneday my dreams dance thru.
Somehow i cant be idle for long.Blame iton the campus life :p or my original self.These 3 days sitting at home and not much to do .I feel terribly bad :( and add to it :o none to bug ;)
I thought for a while would try building up ISO frm a linux installation then realised i already had 15 distros lined up at home andtried to do something.Then made plans to go to iitm to meet prabhu and may be talk some nice stuff .Unfortunately he had gone a trek to ooty :(
So jus whiling away at blogs... nice read i had after a long time.
Taggy---
WHAT WOULD BE UR ANSWER TO THIS?
You have this friend since elementary and after
college; then both of
you lost contact with each other. But she is someone
really special to you, and you are someone very
special to her too.
Five years later you receive a phone call from her.
"Hi, I'll visit you"
she says. "Hi, Leah, when?" you ask her. "Just wait
for me" she replies. It seems weird but you prepare
for her coming anyway.
One rainy night you hear a knock on the door. And
you're surprised to see that it's your friend Leah.
Losing touch for five years is so long and
you start talking about everything. The both of you
even go to your room upstairs. Suddenly there is a
power outage, but the two of you continue talking by
candle-light.
Then the phone rings. "I'll just get the phone
downstairs," you say. "No,
don't get it, we're in the middle of our talk," she
says. "It might be
important," you say. "Okay if you say so, but promise
me you'll be back," she says. You promise her a
million times that you'll be back.
Then you run downstairs to answer the phone. "Hello,"
you say. "Hello," says the person on the line.
"Yeah?" you say, wondering who it is. "I'm calling on
behalf of Leah's family. They had an accident and her
parents are in the hospital right now," he says. "How
are they?" you ask. He continues, "They are injured
but stable. But I'm sorry to say that Leah died. We
found your name and phone number in Leah's purse..."
his voice trails off as you look up at the long
stairs.
WOULD YOU GO BACK AS YOU HAVE PROMISED?
Recent Comments