Understanding subnetwork mask can be confusing if you’re not used to them. You may find “ipcalc” (from ipcalc package) useful to calculate a computer network’s mask.

First start by installing “ipcalc” from the repositories, depending on your distro:

sudo apt-get install ipcalc #for debian distros like ubuntu
yum install ipcalc #for fedora

then find the ip address for which you want to calculate the network for, and enter it along with “ipcalc” command

[root@Fedora11-vbox ~]# ipcalc -bmn 192.168.10.122/22
NETMASK=255.255.252.0
BROADCAST=192.168.11.255
NETWORK=192.168.8.0

So in this scenario, the subnetmask is (255.255.252.0), the broadcast address (192.168.11.255), which means that the last usable ip address for that network is (192.168.11.254), and last the network address (192.168.8.0); therefore, the first ip address for that range will be (192.168.8.1).

After you have created users accounts, and let those users loose on your somputer, there are different commands you can use to keep track of how they are using your computer. There are commands for checking such things as who is logged into your system and getting general information about the users with accounts on your system. Here are some of these commands.
last #list the most recent successful logins

root@ubuntu-box:~# last -a
smbuser  pts/2        Fri Sep 25 06:37   still logged in    windows-box
jorge    pts/1        Fri Sep 25 06:35   still logged in    windows-box
jorge    pts/1        Fri Sep 25 06:34 - 06:35  (00:00)     windows-box
 
wtmp begins Fri Sep 25 06:34:52 2009

lastb #List the most recent unsuccessful logins

root@ubuntu-vbox:~# lastb
smbuser  ssh:notty    windows-box      Fri Sep 25 05:36 - 05:36  (00:00)
jorge    :0                            Fri Sep 18 17:28 - 17:28  (00:00)
jorge    :0                            Fri Sep 18 17:28 - 17:28  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)

who -u #List who is currently logged in (long form) Read the rest of this entry »

Windows Vista contains a handy hint mechanism for helping you recall you password if you’ve forgotten it. But what about if you’ve completely forgotten both your password and the interpretation of the hint. In that situation your work and email will be locked inside your computer (Well, ok, probably your administrator could recover it for you or reset your password). Fortunately, Windows Vista still offers a solution to this problem. Note that this only work before you actually forget your password; in other words, you have to make the disk while you still have access to your computer. In this case Vista will be saving your password to a usb disk or cd that you will insert in case you forget your password. Should I mention that you should put this key in a save place! Although the key is not stored in clear text inside your cd or usb key, it can be read by someone with some serious know-how.
To create this disk: Read the rest of this entry »

Some times you need to keep a close watch on a machine that has been compromise; therefore, you might want to see the logs in real time. Well, ”tail” allows you to watch the logs in real time. Most systems related messages are logged to the “messages” log file, and security related messages are send to the “secure” log file. In the later you can find successful and unsucesful login attemps. So the “secure” log file is a good place to start when you are trying to identify whether someone has tried to break in to that box.

tail -f /var/log/secure

or

tail -f /var/log/messages

Now you can try login from a remote box or locally and watch the logs scroll down in real time. These are some logs file that might be of interest.

tail -f /var/log/secure  #security related messages
tail -f /var/log/messages  #system messages
tail -f /var/log/maillog  #mail server messages
tail -f /var/log/httpd/access_log  #web server messages

Moreover, the “grep” command can be quite useful for parsing through logs files. In this case, the grep command is use to search the “secure” log file for the string “jorge.” The -R switch is to specify the string, and the -n switch for displaying the line number.

[root@Fedora11-vbox ~]# grep -Rn smbuser /var/log/secure
81:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new group: name=smbuser, GID=501
82:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new user: name=smbuser, UID=501, GID=501, home=/home/smbuser, shell=/bin/bash
83:Sep 26 11:55:26 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser
85:Sep 26 12:00:37 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser

The “grep” command can also be used to search multiple files recursively. This command searches in the “/etc/httpd/conf” and “/etc/httpd/conf.d” directories for the string “VirtualHost.” Read the rest of this entry »

VNC is considered to be an insecure protocol. The password is sent using fairly weak encryption, and the rest of the session is not encrypted at all. For that reason, when using VNC over an untrusted network or internet, I recommend you tunnel it over SSH.

To forward VNC port 5900 on localhost to remote host port 5900

ssh -L 5900:localhost:5900 vncserver

If your ssh server is listening on other port like: 222

ssh -L 5900:localhost:5900 vncserver -p 222

The same procedure can be done on a window$ machine using putty Read the rest of this entry »

tar is a compression utility that allows you to compress files and backup up your system.
Here are some useful tar commands to backup and restore files.
if you want to backup the content of /home and /etc:

tar cvpf /mnt/backup/tarball_bakup /home /etc

Once you have a full backup of your system you could do incremental backups using the –newer option, which backs up everything that has changed since the specified date

tar cvpf /mnt/backup/tarball_backup --newer 19Aug09 /home /etc

when things go wrong and you want to restore the content of backup

tar xvpf /mnt/backup/tarball_backup home/user

Sometimes you accidentally deleted a file; therefore, you only need to restore a single file. Remember when restoring from a tar archive, there’s no absolute path, in other words, tar removes all the leading slash “/” so /home/user/file1 becomes home/user/file1. And you should be in the / “root” directory.

tar xvpf /mnt/backup/tarball_backup home/user/shell1.sh

What about if you don’t know the exact name of the file but only part of the file name

tar tvpf /mnt/backup/tarball_backup | grep shell*

or

tar tvpf /mnt/backup/tarball_backup | more

to page trhough the backup file.

Here’s a good shell script  that performs monthly, weekly, and daily backus to a tgz file. Read the rest of this entry »

These steps apply to both Linksys wireless access points (WAPs) and Linksys DD-WRT wireless routers. Of course, DD-WRT wireless routers have additional security precautions that need to be taken on the router and wireless side.

1-Change the password – With all Linksys routers and access points, it is extremely important to change the device’s default password. Login to your router and enter the default password. The version of the firmware or the router that you are using will determine where the Change Password button is located. Make sure you find it. This is the single most important step. Change the default password and choose a password that contains both numbers and letters. This will reduce the possibility of your password being guessed or hacked.
2-Change your SSID – The SSID is the shared network name that all devices run on a wireless network. The name is case sensitive and should be no longer than 32 characters. You can use any keyboard character you choose when renaming the SSID. The default SSID of the Linksys access point or wireless broadband router is set to Linksys. It is highly recommended that you change the SSID to a unique name other than the default. Read the rest of this entry »