Dec 13

Well, today I helped diffuse a botnet by destroying it's control method. Some of you may not know, but I happen to be a services operator on CAIRC, and I was noticing some strange connect lines, with users from all over with the nick: XP|USA|000|2394 that were all idling in a channel called #V3NOM. So I decided to join and see what was going on, and lo and behold, there were about 10 of them idling along, not responding to any message or private messages. I looked at their IPs and they were connecting from all over (Belgium, USA, Estonia, etc…) so I assumed that they were part of a botnet. I started by taking over the channel and setting the mode to +mutn (so they couldn't talk and see anyone else in the channel), just to neutralize any control mechanism, and I set a JAKILL (regex AKILL) which easily took them all out

This is my second botnet that I detected and stopped, though this one was larger than the other one. So hopefully I'm doing my part to help slow the growth of the "zombie armies". 

 EDIT: After talking with the other IRCops, it was decided to let them join, but join the channel with a bot like nick, hopefully gathering the passwords so we can remove/disarm the bots.

                Peace and chow,

                 Ranok 

Posted in IRC, Technical | No Comments »
Dec 6

I recently install Bitlbee on the comm image so that people who want to chat on IRC don't need to have a separate client open to chat with those who are less enlightened. All you need to to do is connect to the Bitlee server, and register your other IM accounts (Oscar/Jabber/MSN) and then it populates the 'control channel' with your buddies. Then it's a simple process of typing <BuddyName>: <msg> to send them a msg, or /msging them to chat with them in a separate window/tab. A very cool thing to play with overall.

 

                                            Peace and chow,

 

                                                 Ranok

Posted in Technical | No Comments »
Dec 1

Yesterday, I installed the latest version (5RC2) of the open source (YPL) groupware suite Zimbra. After messing with the /etc/hosts file (zimbra is not a fan of IPv6 entries) and tricking it into thinking my Ubuntu 7.10 was 6.10 (modifying /etc/lsb-release and /etc/debian-version) it installed quite easily. After getting it installed, I figured out that I had done it wrong, and I was unable to send/receive emails (my MX records were incorrect). Asside from that, I love it, it's feature-filled, easy to use, and very simple to manage through the web administration console. I like how it has a built in Jabber/Oscar/MSN client, and has a shared documents and calendar system, making it very easy to keep group projects organized. Overall, it's a very nice system, and after some more testing on a beefier machine (one of the blades) I hope to show it off to OIT as an alternative to Exchange, which is very miserable to use.

 

                                             Peace and chow,

 

                                                    Ranok
 

Posted in Technical | No Comments »
Nov 21

    Happy Thanksgiving! I hope everyone can enjoy a few days with family and friends. As per Todd's request, here is the package that lets you suspend and hibernate on my IBM T60 when no other method worked.

    Install 'uswsusp' and then run either s2disk to hibernate, or s2ram to suspend. Enjoy!

 

                             Peace and much chow,

                                       Ranok
 

Posted in For Fun, Technical | No Comments »
Nov 11

    I'm sure all of you have heard of some type of version control software (VCS), be it RCS, CVS or SVN. However, in recent times there have been a number of new VCS's out there, Bazaar, Mercurial, and Darcs. I've been playing around with darcs for the past few months, and I've come to find it very useful and easy to use. I generally do my development on a few different machines, and I need to keep track of which files I've updated, I never do anything very complex with branching and re-merging. Darcs is nice because it's a distributed VCS, meaning that there is no 'master' server, each developer gets their own working copy, and generates patches off of that. Once a developer has patches to be applied to another developer's repo, the patches can be sent via gpg-signed email, of scped to the other repo.

    My usesof this have been to keep my development synchronized between my different machines. It works like this. For each project I'd like to put under darcs' control, I cd into the directory and type 'darcs init'. From there, I can 'darcs add' files I want to be watched, and then 'darcs record' to commit everything into the repo. From there I can 'darcs pull' changes from another ssh, ftp or http accessible repo, applying those changes. If I want to move changes from one place to another, I can 'darcs push' them somewhere else over ssh.

    While this is not meant to be a tutorial, it's more showing how useful it is if you do your work over multiple machines and want to keep them synced up. If you are looking for more information, you can check out the darcs homepage

Posted in Technical | No Comments »
Nov 4

    Recently, my laptop has started to act a little quirky, AppArmor profile violations failed to log properly (showed up in dmesg, but not in /var/log/messages) and sometimes I can't fork off new processes (even to kill run away processes). I thought that there may be a bug in XFCE or Java, or somehow AppArmor was messing with things, but after submitting Ubuntu Bug #157952, and spending a few days working out the problem, I narrowed all my problems to a single root cause, Bastille Linux.

    For those of you know don't know, Bastille Linux is a GUI that steps you through configuring your system to be more secure (removing SUID bits on some files, adding per-user limits, etc…). I ran it on my system and things seemed to work out fine. I was wrong, things would intermittenily go wrong. Below are the problems I found, and how to fix them.

  1. Getting 'fork: Resource unavailable errors' -  Change your /etc/security/limits.conf so you can run more than 100 processes.
  2. AppArmor logprof never asks you about profile violations, even if they are happening. Make sure that the user klog can run the klogd daemon, otherwise it can't run properly.

Well, that's all for now, hope this helps you if you decide to use Bastille. 

 

                           Peace and chow,

 

                                Ranok
 

Posted in Technical | No Comments »
Oct 29

Well, I've been busy playing with Lisp, and I've created the beginnings of a full-featured blog, written entirely in Lisp using the Kpax web framework. Currently, it allows you to post and delete blog entries, you can also view individual blog entries. It's around 170 lines of (probably horrible) Lisp code including comments. I intend to continue development on it, and also write a kpax-cgi interface library, so you can write kpax applications and use them on standard Lisp CGI hosts (like Nearly Free Speech). You can see the blog in action here and you can download the code here.

 

                             Peace and chow,

                                 Ranok

Posted in Technical | No Comments »
Oct 25

After playing Tremulous for a few weeks, and administering two servers, I've gleaned some knowledge that other may find useful if they're running their own server. Here is basically a dump of what I've learned, in no order:

  • If you're trying to add new maps, download the .pk3 files and put them in the same directory as the other maps. You can then add the name of the map to maprotation.cfg, but make sure that you don't forget whatever comes after the name (i.e. procyon-beta3 rather than procyon). Also you need to make sure the variable sv_pure is set to 0.
  • If you want to enable cheating (/give funds x) you need to choose the map using the command /rcon <rconpassword> devmap <map-name>.
  • To make a team evolve, type /rcon <rconpassword> set g_<human|alien>stage <0-2> (regardless of whether there are cheats enabled or not).
  • When all the buildpoints go away, it's not a bug, it's sudden death mode kicking in, which can be disabled by setting g_suddendeathtime to 0
  • The dedicated variable tells the server whether or not to ping the master server so it'll show up when people list Internet servers. If you want to keep your server private (though people will be able to connect to it if they have the IP/hostname) set it to 1, otherwise 2.
  • To color your username, prefix your name with ^(0-9)
    1. 0 - Black
    2. 1– Red
    3. 2 - Green
    4. 3 - Yellow
    5. 4 - Blue
    6. 5 - Cyan
    7. 6 - Pink
    8. 7 - White
    9. 8 - Black
    10. 9 - Red

Hope this helped.

 

                 Peace and chow,

                           Ranok
 

Posted in For Fun, Technical | No Comments »
Oct 18

After getting frustrated with the dumbing down of Gnome to make it easier for the new user (but more frustrating for the more experienced one), I've left Gnome, and along with it, Compiz. I've moved to XFCE, and couldn't be happier, it loads quicker, looks cleaner, and works better with my GNUStep applications (GNUMail, Cyntiune, ProjectCenter). I've moved away from the more mainstream applications (Thunderbird, Openoffice, etc…) to the less known programs. I've done this for two reasons, one, they generally cater to to the more experienced users who know what they want, and how t make it that way, and I feel that I should be able to make a choice about the software that runs on my computer. Also, it lets me determine what I like about different programs.

    So far, the following applications I've found seem to be better (IMHO) than their mainstream counterparts:

  • GNUMail - Replaces Thunderbird, has some cool features that allow for mail to handled by external programs, and displays messages like GMail with threads.
  • ProjectCenter - Lets me use Objective-C and the GNUStep libraries, andis much less bloated than Eclipse.
  • Cythiune - Replaces your favorite media player, includes builtin support for MusicBrainz, which lets you correct the ID3 tags in your collection.

Well, there you have it, if you've found a lesser-known application that deserves it's share of the lime-light, please comment and share it with me.

 

              Peace and chow,

                          Ranok
 

Posted in Technical | No Comments »
Oct 8

Well, after playing around with Gutsy for a little while, I started looking into AppArmor, a software restriction tool. It's quite similar to SELinux, though easier to use (and faster according to their site). AppArmor lets you specify which files/folders an application can access while running, so if it is comprimised, it can only access files that it should (i.e. Apache looking at /etc/passwd). There are a few pre-made profiles for that can be installed by typing:

    sudo apt-get install apparmor-profiles

From there, you can view the status of AppArmor using the command:

    sudo apparmor_status

Which should return somethin like this: 

apparmor module is loaded.
15 profiles are loaded.
9 profiles are in enforce mode.
   /usr/sbin/ntpd
   …
   /usr/sbin/named
   /usr/sbin/avahi-daemon
6 profiles are in complain mode.
   /sbin/klogd
   ..
   /bin/ping
5 processes have profiles defined.
3 processes are in enforce mode :
   /usr/sbin/avahi-daemon (4958)
   /usr/sbin/cupsd (4595)
   /usr/sbin/avahi-daemon (4957)
2 processes are in complain mode.
   /sbin/klogd (4397)
   /sbin/syslogd (4345)
0 processes are unconfined but have a profile defined.

    The difference between enforce and complain is what AppArmor will do when a profile violation occurs. In complain mode, it will log the offense, but let it occur, in enforce mode, it will deny access to that file (and log it). To switch modes for a profile, use the aa-enforce <binname> and aa-complain <binname> commands as root.

     You should probably keep things set to complain mode until you use logprof to update the profiles. Speaking of which, logprof parses the logs for AppArmor violations and asks you what to do about them, allow them or deny. It will also let you widen access using globs, to make it more generic (rather than /proc/17238/foo /proc/*/foo). Once you are done, you are given the option to save your changes. Once you've used to program's full functionality (i.e. Firefox downloads and flash/applets), and finished the profile, you can switch it in into enforce mode. Congratulations! You've added another link onto your computer fence.

    What about adding more programs to be watched? Glad you asked for that there is genprof, simply run as root with the path to the executable you'd like to add, it will see what libraries it requires, and make a simple profile and put it in complain mode. Now rn the program, and use it how you normally would, making sure to test all the features that might access files. Now, go back to genprof, and hit 's', it will show you all the files it tried to access, just like logprof. After adjusting the profile, you are good to go. If you think you did a good job, you can set it into enforce mode, or keep it in complain mode for a while longer to make sure you got all the needed files.

 

    Congratulations! You're now an AppArmor pro! If you'd like more information, check out AppArmor Geeks or the Ubuntu Docs. As an interesting sidenote, I found that Firefox looks at /etc/passwd, though if I block it, it still works fine. While I'm sure there is a reason, as Firefox is open source, still makes you think.

 

                                               Peace and chow,

 

                                             ranok

Posted in Technical | No Comments »

« Previous Entries Next Entries »