Thursday, December 11, 2008

Linux Wake on LAN

WakeOnLan allows you to switch your PC without physically accessing it by sending a magic packet to it.For more information visit this Wikipedia's page

Check weather WOL is supported by your NIC

Downlad and install ethtool and then issue the command sudo ethtool eth0 { or what ever your ethernet device is and you will get something like this

linux@ubuntu:~$ sudo ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pg
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes

check out the line Supports Wake-on ( as highlighted above) if it contains a g flag the your NIC supports WOL


Enabling WOL


To enable WOL issue the command sudo ethtool -s eth0 wol g this can be verified by checking the Wake-on flag

linux@ubuntu:~$ sudo ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pg
Wake-on: g
Current message level: 0x000000ff (255)
Link detected: yes




Note down the mac address of the machine


To get the mac address use the command sudo ifconfig eth0

linux@ubuntu:~$ sudo ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1d:72:04:59:25 inet addr:192.168.155.6 Bcast:192.168.159.255 Mask:255.255.248.0 inet6 addr: fe80::21d:72ff:fe04:5925/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14840 errors:0 dropped:0 overruns:0 frame:0 TX packets:2521 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2362485 (2.3 MB) TX bytes:608765 (608.7 KB) Interrupt:16



Install wakeonlan package on a different machine

Install the wakeonlan package in the machine from where you need to send the magic packet to switch on your server.

Finally, Switch ON the machine remotely without physical access
When the server is not up, execute the following command from another machine which is connected to the same LAN. Once the magic packet is sent, the remote system will start to boot.


Enabling WOL across multiple reboots


The WOL feature has to be enabled manually after every reboot in order to avoid this problem just install the following script in /etc/rc.d directory by using chkconfig (Red hat or fedora) or update-rc.d (ubuntu or debian)

#!/bin/bash
DEV="eth0"
FEATURE="wol"
FLAG="g"
ETTOOL="ethtool"
$ETTOOL -s $DEV $FEATURE $FLAG
n=$?
if [ $n -eq 0 ]
then
echo "WOL enabled successfully "
else
echo "Cannot enable WOL"
fi

Sunday, December 7, 2008

Say hello to TUX

How many a times it has happened that many a people try Linux for some time and then dump it ? well if u ask me I'll say plenty of times.It all starts like this.
You are bored of using a proprietary OS over the ages and want to try something new also now a days tere is a lot of buzz about Linux , so it all boils down to you calling your (Geek) friend and asking him to install Linux on your PC ( although there is no need of any external f1(help) , any one can install Linux[Ubuntu] easily).
After the installation is finished you are all set to breathe free in the Open Source World so you try your Linux for some time and then you start feeling "Oh God my proprietary OS was better as it played all my videos ....or where is my i tunes...." and things like that and finally you handcuff yourself to the proprietary OS and probably never think of coming out of it.
Let me tell you there are open source alternates to almost any proprietary software on this planet , some of the popular open source software alternatives to proprietary softwares can be found on the sites

http://whdb.com/2008/the-top-50-proprietary-programs-that-drive-you-crazy-and-their-open-source-alternatives/


But how to get these working on your Linux(Ubuntu 8.10) box ? The following tutorials links prove handy in getting your favorite open source software up and running on your box

https://help.ubuntu.com/community/InstallingSoftware
http://linuxgator.org/forums/viewtopic.php?f=15&t=1067
http://www.ehow.com/how_2243216_install-software-linux-using-synaptic.html
http://simplyubuntu.wordpress.com/2006/06/27/a-beginners-guide-to-installing-programs-in-ubuntu/

Wednesday, December 3, 2008

Securing your Linux Box

On fine day when i was working on my Ubuntu 8.10 system one of my friend ran up to me and told me that he was able to telnet into my machine( as he knew my user name and password) . I was stunned and had no words to say then i got upto the task of securing my box and the very first thing i did was running nmap ( a very popular portscanner )against my box and here's what i found.





linux@ubuntu:~$ nmap ubuntu
Starting Nmap 4.62 ( http://nmap.org ) at 2008-12-04 02:46 IST Interesting ports on ubuntu (127.0.1.1): Not shown: 1708 closed ports PORT STATE SERVICE
22/tcp open ssh

23/tcp open telnet
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
902/tcp open iss-realsecure
2049/tcp open nfs

Nmap done: 1 IP address (1 host up) scanned in 0.154 seconds


I was shocked at this surprising discovery as i was very vulnerable to attacks and intrusions and hence began the task of securing my box.
The first thing that came into my mind was iptables ( linux's inbuild firewall) so inserted simple iptables rules to block any unsolicited traffic on the above listed ports. which were as follows


sudo iptables -A INPUT --dport 23 -j DROP
sudo iptables -A INPUT --dport 111 -j DROP
sudo iptables -A INPUT --dport 139 -j DROP
sudo iptables -A INPUT --dport 445 -j DROP
sudo iptables -A INPUT --dport 902 -j DROP



delibrately i kept ssh and nfs open for remote administration and file sharing respectively.
But in the long run this thing proved inefficient as i kept on intalling services like apache ...etc and every time i did so i manually had to insert a new firewall rule to make my mashine secure.

So i once again sought help of the documentation and opened the man page of the iptables there it seemed to me as and ocean of knowledge the finally i got something interesting the state module which provides iptables to finetune the firewall based on the state of connections not on their source or destination port numbers. Hola i got what i was looking for .I immediately erected the following iptables rules.

sudo iptables -A INPUT -m state --state NEW,INVALID -j DROP


This finally got the job done for me but there was a problem in this whoe setup. I was unable to download anything from the DC++ hub ( forget any data I was not able to download any file list also) .So i went back to basics and studied the DC Protocol and there i got the solution for the problem.Got to my DC client and there I checked the firewall with manual port forward option and selected 7777 tcp and 7777 as udp ports to work with( not to mention 7 is my lucky number) and then keyed in the following commands to get my DC client working.


sudo iptables -I INPUT 1 -p tcp --dport 7777 -j ACCEPT
sudo iptables -I INPUT 1 -p udp ---dport 7777 -j ACCEPT



and there i was i got the job done ( well that was what i thought initially) but later i figured out that this was not perfect as others could ping me . I wanted to stop others pinging me while i could do anyting form my box i:e net surfing , using DC++ , FTP etc... so i finally erectd the set of rules( technical details delibrately omitted to make this post small). To achieve this you need to follow the following 2 steps.


1 . just copy the following lines and save it in a normal text file

# Generated by iptables-save v1.4.0 on Thu Dec 4 02:45:50 2008
*filter
:INPUT DROP [1773:224581]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [389800:258208271]
-A INPUT -p tcp -m tcp --dport 7777 -j ACCEPT
-A INPUT -p udp -m udp --dport 7777 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Dec 4 02:45:50 2008


2 . As a root user type in the following command iptables_restore < { path to the file in which you Saved the following lines }

There you have it a very safe and secure box which cannot be pinged also while you can do any thing from it.Remember to change your DC++ settings(as mentioned above) for your DC client to work.

Installing VMware Server on Ubuntu 8.10

I got Ubuntu 8.10 installed the other day on my intel box ......wow what an experience ...I traditionally have been using Red Hat and Fedora Linux but this time around i decided to try some debian flavor and so there I was ready to Lock and Load with my Ubuntu 8.10 .After using it for a while my 1st love i:e Red Hat started calling me again and so all the ingredients where there calling for a nice vmware server installation. I simply downloaded Vmware Server from the official vmware website banked out some cash and obtained it's license.There i was a happy spirit ready to go .I installed gcc and kernel headers matching my running kernel version after which i began my installation of vmware and boy o boy what a pleasant sight it was but suddenly something odd happened and the installation crashed out suddenly despite the matching kernel version and the corresponding gcc .Then i learned this is the common problem faced by many of my friends so i decided to blog it down ..

1. Get vmware server 2.0 form the official vmware site as for my case i had chosen the tar ball above .deb as it world install on both red hat and debian flavous alike then cashed out it's licence.

2.Installed kernel headers which in my case was 2.6.27-7-generic (to do this use synaptic or apt-get )
Note : for finding your running kernel version use the command uname -a

3 Installed gcc matching my kernel i:e the one from which kernel was build.

4. Install other dependences like build-essential xinetd

5.Downloaded a patch needed for getting whole thing work which is available from http://www.insecure.ws/warehouse/vmware-update-2.6.27-5.5.7-2.tar.gz

Now that we have all of the dependencies and archives downloaded we can unpack them. In the same location where you downloaded the .tar.gz files (likely your home folder or Desktop), run the following command: tar -xvf vmware-update*.tar.gz and tar -xvf VMware-server*.tar.gz Installing VMware Server 2.0 + patchWe’ll now start the installation. First we need to install the core vmware application. We’ll then patch the configuration script, and configure the system. cd vmware-server-distrib/ sudo ./vmware-install.pl On my installation I used the defaults until it asked me if I’d like to run the vmware-config.pl configuration script. At this point select [no]. Once this has finished and you’ve quit at the configuration option, use these commands to patch the config: cd ../vmware-update*/ sudo ./runme.pl This script will patch the configuration and then again ask you to run the vmware-config.pl configuration script. This time around select [yes]. On my installation I selected the defaults for the remaining questions and my installation works fine