UBUNTU COMMAND

Posted: January 13, 2012 in LINUX, Ubuntu Command ref
Tags: ,

##How to view installed packages on ubuntu

 

OR

# dpkg –list

# dpkg –info packageName

# apt-get remove packageName

 

4: Keep Linux Kernel and Software Up to Date

# apt-get update && apt-get upgrade

 

#6.3: Locking User Accounts After Login Failures

To see failed login attempts, enter:

faillog

To unlock an account after login failures, run:

faillog -r -u userName

 

Note you can use passwd command to lock and unlock accounts:

# lock account

passwd -l userName

# unlocak account

passwd -u userName

#6.4: How Do I Verify No Accounts Have Empty Passwords?

 

Type the following command

# awk -F: ‘($2 == “”) {print}’ /etc/shadow

Lock all empty password accounts:

# passwd -l accountName

 

#6.5: Make Sure No Non-Root Accounts Have UID Set To 0

 

Only root account have UID 0 with full permissions to access the system. Type the following command to display all accounts with UID set to 0:

# awk -F: ‘($3 == “0”) {print}’ /etc/passwd

 

Q.How Do I Secure Grub Boot Loader?

#1: Create A Password For Grub

 

Type grub-md5-crypt command to create password in MD5 format:

# grub-md5-cryptOutput:

 

Password:<ENTER-YOUR-PASSWORD>

Retype password:<ENTER-YOUR-PASSWORD>

$1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0

 

Please note that you need to copy and paste the MD5 password ($1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0) to your configuration file. Use mouse to copy the same.

#2 Add MD5 Password To Grub Configuration File

 

Under Debian GNU/Linux the Grub configuration file is located at /boot/grub/menu.lst. (Red Hat / Fedora user use /boot/grub/grub.conf file)

# vi /boot/grub/menu.lst

 

Edit file and add a password line as follows:

password –md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0

 

To require use of the password for entering single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

 

# lockalternative=true

 

 

To disable the reboot action taken by pressing the Ctrl+Alt+Delete key combination, comment out the following line in the file /etc/event.d/control-alt-delete.

 

#exec /sbin/shutdown -r now “Control-Alt-Delete pressed”

 

 

#9.1: Find Listening Network Ports

 

Use the following command to list all open ports and associated programs:

netstat -tulpn

OR

nmap -sT -O localhost

nmap -sT -O server.example.com

 

#15: Disable Unwanted SUID and SGID Binaries

#See all set user id files:

find / -perm +4000

# See all group id files

find / -perm +2000

# Or combine both in a single command

find / \( -perm -4000 -o -perm -2000 \) -print

find / -path -prune -o -type f -perm +6000 -ls

 

#15.1: World-Writable Files

 

Anyone can modify world-writable file resulting into a security issue. Use the following command to find all world writable and sticky bits set files:

find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print

 

#15.2: Noowner Files

 

Files not owned by any user or group can pose a security problem. Just find them with the following command which do not belong to a valid user and a valid group

find /dir -xdev \( -nouser -o -nogroup \) -print

 

ArpON – Protect yourself from MITM attacks.

ArpON (Arp handler inspectiON) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle through ARP Spoofing/Poisoning. It detects and blocks also Man In The Middle through ARP Spoofing/Poisoning for DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.

 

This is possible using two kinds of anti ARP Poisoning tecniques: the first is based on SARPI or “Static Arp Inspection” the second on DARPI or “Dynamic Arp Inspection” approach. SARPI and DARPI protects both unidirectional, bidirectional and distributed attacks.

 

Here’s a very quick example of it’s usage, we will use SARPI.

 

arpon -n 10 -g -u 1 -s -i eth0

 

ArpON “Arp handler inspection” version 1.90 (http://arpon.sourceforge.net)

 

[00/02/2011 – 08:32:04 PST] Device: (eth0) MAC: 0:24:21:66:9:5a Inet4: 192.168.1.101 Netmask: 255.255.255.0

 

[00/02/2011 – 08:32:04 PST] Device: (eth0) MAC: 0:24:21:66:9:5a Inet4: 192.168.1.101 Netmask: 255.255.255.0

[00/02/2011 – 08:32:04 PST] SARPI Start…

[00/02/2011 – 08:32:04 PST] SARPI protects these Arp Cache’s entries:

[00/02/2011 – 08:32:04 PST] 1)     192.168.1.1 ->  0:66:78:d6:92:c8

[00/02/2011 – 08:32:04 PST] SARPI Arp Cache refresh timeout: 1 minute.

[00/02/2011 – 08:32:04 PST] SARPI Realtime Protect actived!

 

 

 

-n 10 ~ Sets priority

-g ~ Works in logging mode

-u 1 ~ Sets sarpi timeout to 1 minute

-s ~ Manage arp cache statically

 

You can get ArpON with the apt-get command or visit here

 

 

Multiple network interfaces and ARP flux

 

$sysctl -a | grep net.ipv4.conf.*.arp

A Simple Fix That May Work

 

If all three network interfaces are on different IP networks (such as 10.x.x.x, 172.16.x.x, 192.168.x.x) then executing the following will work:

 

sysctl -w net.ipv4.conf.all.arp_filter=1

 

However, if they are all on the same IP network, which is the case here, then this won’t achieve the desired results.

A More Effective Solution

 

The following can be added to your /etc/sysctl.conf file once you’ve tested it.

 

sysctl -w net.ipv4.conf.all.arp_ignore=1

sysctl -w net.ipv4.conf.all.arp_announce=2

 

 

1/ Clearing ARP cache and table.

You need the “arp -d hostname’ repeatedly to accomplish this.

You could make a script. Is there an easier way ?

 

2/ Clearing the routing table

“route del ROUTEDESCRIPTOR” repeatedly.

 

3/changing the mac of my eth0 card and also changing it back to the original

See “man ethtool”, the -e -E options change the firmware setting. The

“ethtool ethN -s phyad 01:22:33:44:55” will temporarily change (till reboot or re-command).

 

4/ restarting the network and taking it down.

For a fixed config the RedHat “ifup ethN” and “ifdown ethN” will do. But als osee the

“ip” command and the older deprecated (but very common) “ifconfig” command.

 

5/ assigning static IP’s and masks and then restarting the network to make sure it worked

I’d use “ip”, but “ifconfig” is good too.

ip addr add 192.168.0.77/24 dev eth0

ip link set eth0 up

ip link set eth0 down

or

ifconfig eth0 192.168.0.9../24 up

ifconfig eth0 down

 

6/Firewall stuff

“man iptables” stuff. Search google.com/linux for “iptables howto”.

 

7/ ACL’s

/usr/bin/chacl

/usr/bin/getfacl

/usr/bin/setfacl

/usr/bin/chacl

/usr/bin/getfacl

/usr/bin/setfacl

see “man acl” and “man COMMAND” for the above. Totally POSIX AFAIK.

If you don’t have these then “su -; yum -y install acl”, but I think they are in the default distro.

Reply With Quote

 

“ip neighbor flush all” – clears the arp table(s).

2/ “ip route flush all” – clears the entire route table.

 

The lesson is that the “ip” command subsumes nearly all the arp/route/ifconfig command and should be used instead.

The following output is from executing this command on the HN.

 

$sysctl -a | grep net.ipv4.conf.*.arp

$cat /proc/net/arp

 

$ip route ls

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s