Category Archives: Security package for Ubuntu

Link

How to Login into Ubuntu 12.10 Using USB Flash Drive http://bit.ly/WtgNHI

How to configure Firestarter to use VPN services on Linux

VPN Linux In my experience Firestarter is a effective firewall and, on Linux, it starts automatically every time we boot up Ubuntu. But, when I decided to use a VPN tunnel through openvpn, I had some connection problems. In fact I was able to initialize my VPN services but, after a while, all the internet connections were mysteriously shut down.

The “problem” was Firestarter which cut off the connection as forbidden considering my inbound/outbound Policy.

To solve this matter you have to open a tunnel on Firestarter to allow VPN working:

1- open the configuration file my VPN provider gives to its users (generally its a text file containing all the configuration info used, in my case, by openvpn) and I searched for the IP address of the default starting connection used to authenticate the VPN services (e.g. 177.458.563.25). Save somewhere or memorize this VPN IP address.

2- open a Terminal and type:

sudo nautilus

3- using nautilus go to File System (it’s before home folder) and open etc–>firestarter and open the file user-pre using Gedit (or your preferred text editor)

4- the user-pre file is usually empty so don’t panic and write these lines into it:

iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport -sports isakmp,10000
iptables -A INPUT -j ACCEPT -i tun+
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport -dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o tun+

Now you have to substitute the xxx.xxx.xxx.xxx with the VPN IP address you have found at step 1 (in my example was 177.458.563.25).

5- Save the user-pre file and close Gedit and Nautilus

6- open a new Terminal and restart Firestarter typing:

sudo /etc/init.d/firestarter restart

That’all! Now your VPN works on your Linux computer and Firestarter has accepted a new Routed IP Tunnel into its allowed policies configuration.

Video – Mozilla Collusion privacy tracking add-on for Firefox

Leave a reply

How to permanently remove files in Ubuntu/linux and make them unrecoverable by NickMcDTV

5 Replies

How to shred (permanently delete) files from your Hard Disks on Ubuntu Linux

Leave a reply

In our last post we examined the possibility to recover deleted data from USB keys and disks. Today we want to focus your attention on the proper way to destroy sensitive data from your disks.

On Ubuntu you have the possibility to move any file to the Trash but, as we demonstrate in our last post, anyone has the possibility to recover them using a simple, basic GUI, program called PhotoRec.

If you want to be reasonably sure that none will be able to recover a file you decided to permanently delete you have to use the Shred command. Shred is native in Ubuntu Kernel and literally delete your files overwriting them repeatedly with arbitrary data. After you delete a file with Shred you can be sufficiently sure that recovering procedures will not succeed.

As usual we must warn you that technology is rapidly evolving and what could be considered sure today, tomorrow will be out of date! So, if you think you need to preserve your privacy in the best way, don’t forget to change the hard disks regularly and mechanically destroy your old ones. Sincerely we hope our readers haven’t this kind of need.

To start using Shred on Ubuntu you have to open a Terminal and type:

sudo shred –help

In this way you will visualize the grammar and all the possible options offered by this program.

The correct grammar to use Shred is:

shred [OPTIONS] FILE

or, if you want to shred a entire partition:

shred [OPTIONS] /dev/[HDA9]

The possible options are:

-f, –force    change permissions to allow writing if necessary
-n, –iterations=N overwrite N times instead of the default (3)
–random-source=FILE get random bytes from FILE
-s, –size=N   shred this many bytes (suffixes like K, M, G accepted)
-u, –remove   truncate and remove file after overwriting
-v, –verbose show progress
-x, –exact    do not round file sizes up to the next full block;
this is the default for non-regular files
-z, –zero     add a final overwrite with zeros to hide shredding
–help     display this help and exit
–version output version information and exit

In our experience, to operate in the fastest way, we decided to add Shred on the Nautilus Menu and have the command ready with a simple right click on the mouse.

For this reason you have to open a Terminal and type:

sudo apt-get install nautilus-actions

Then you launch the program following this path: System->Preference->Nautilus Actions Configuration.

Last, you have to configure Shred filling e.g. the following parameters:

Label: Shred
Tooltip: Shred utility to securely erase files
Icon: gtk-dialog-warning
Path: shred
Parameters: -f -u -v -z %M
Filenames: *
Mimetypes: */*
Appears if selection contains: Both
Be sure to check the box “Appears if selection has multiple files or folders“

To finish your configuration, do not forget to open again a Terminal and type:

nautilus -q

nautilus

How to Get Rid of the Root Password on Linux

3 Replies

If you are a Linux user, particularly Ubuntu, and are the only person that uses your computer, sometimes the fact that your operating system constantly requires for your password every time you log in, then at a certain moment you might want to decide to get rid of it. All you need to do is to follow the next steps carefully and you will be ready to go.

Run a new terminal. This is essential, since, as you already know, every important command and feature of Ubuntu and Linux in general must be done in this way
Run the command ‘sudo visudo’. This will at first require the current root password, as every line starting with ‘sudo’ does.
Type the root password and hit return
A new document will now open in your terminal, which will require some editing. Specifically, a new line should be added in the end of this document. This line is ‘username ALL=NOPASSWORD:ALL’. As you can guess, this will make your operating system stop asking about your root password every time you log in, regardless of the user you use for this process.
Save the edited document and make sure the changes are active.
Restart your computer and check to see whether you can log in without your root password.

As you can see, getting rid of the root password is a rather easy process and sometimes it will save you a lot of time. However, make sure you only do this if you are the only person who uses your account on your operating system, because otherwise your security will be exposed.

This password removal tweak will also work for ‘sudo’ commands as well, making it even simpler for you as a Linux user.

Some Linux security tips for Rootkit Hunter

1 Reply

If you run Rootkit Hunter and you haven’t modified your stock Red Hat configuration of the SSH service (sshd), chances are it will find that you allow root logins. Rootkit Hunter considers these as possible security risks. However, to fix this, you can simply login as root, fire up a text editor, and edit the file

/etc/ssh/sshd_config

Make the following changes:
You’ll find a commented line like this:
#Protocol 2,1
Uncomment it and change it to:
Protocol 2
This will disallow logins using the older versions of the protocol

Look for the commented line
#PermitRootLogin yes
Uncomment the line and change it so it reads:
PermitRootLogin no
This will configure sshd NOT to allow root logins.

After this, be sure to restart sshd (assuming you run the service in the first place so:
Service sshd restart

By the way Rootkit scanner is scanning tool to ensure you for about 99.9% you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits.

Stay safe! Install Rootkit Hunter on Linux and FreeBSD

Leave a reply

Rootkit Hunter is a Unix-primarily based scanning tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of vital files with known good ones in online database, looking for default directories (of rootkits), improper permissions, hidden records data, suspicious strings in kernel modules and particular tests for Linux or FreeBSD. Most instances rootkits are self-hiding toolkits utilized by blackhats, crackers and script kiddies, to keep away from the attention of the system admin. If you’re unsure as to whether your system is compromised, you will get a second opinion from sources such as Linux-oriented forum. If your system is contaminated with a rootkit, cleaning it up will not be an option. Restoring can be not an option unless you might be expert, and have autonomous and an impartial means of verifying that the backup is clear, and does not include misconfigured or stale software. Never trust a potentially compromised machine! Basically a clean install of the OS is always advisable after backing up the system.

BleachBit: a free, powerful software to increase your privacy on Ubuntu and Windows

5 Replies

Since the first release many thins has been changed on BleachBit. I perfectly remind its first version that I uninstalled because I didn’t feel comfortable with the possible disaster I could do on my Ubuntu computer. Now BleachBit is very different: more powerful and easy to use! This software can be used on Linux (in my test I used Ubuntu 10.04 LTS) and Windows. To install it on Ubuntu you have to use Synaptics ( System —> Administration —> Synaptics) and search for bleachbit in the search bar. For the Windows installation please, download the .exe file and install it. After the installation on Ubuntu, open BleachBit going to Applications —> System Tools —> BleachBit. Now, you have a very understandable menu bar in the left side of your screen. If you click on the main sub-menus you can automatically read some information about what every option will delete on tour PC. Moreover, if the delete options you choose are potentially dangerous, a pop up mini alert will inform you about the risks. We recommend to use the Preview option before bleaching your PS. In this way you can have a final picture of what you are doing and how many bytes are you deleting. On the preference menu you can decide to overwrite files to hide contents or to run BleachBit every time you start your computer. Last but not least, BleachBit supports many languages that you can select from Edit —> Preferences —> Languages.

I2P a real versatile anonymizing network for Linux and Windows

Leave a reply

This week for our Freeware Page, we tested I2P a freeware which let you to surf internet without revealing your IP and encrypt your data. As described on the I2P Homepage, this freeware is a “anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties”. During out test we used bothXP and Ubuntu because I2P is a java file even is it seems to be a exe file and it could be used on all the Linux OS. On Windows XP it is very simple to use I2P but at the beginning it is really slow and for this reason we suggest to keep it run for about twelve hours because this freeware needs to build its own network and for this it takes some hours. When ready you have to setup all the software you want to filter through it. For this reason, we setted Firefox (Preferences-> Advanced -> Network -> Settings) Manual Proxy Configuration to HTTP Proxy as localhost, port 4444. Then we put a tick on “Use this proxy server for all protocols” and we finished indicating “No proxy for” as localhost, 127.0.0.1. After some seconds we discovered that our IP was now in the northern part of the France (far away from our real location). To setup I2P it is necessary to point Firefox on http://localhost:7657/index.jsp because, by default, I2P tries to launch Internet Explorer also when it works on Linux. After a week of tests we can say that I2P is a little bit slower than TOR but it can easily be integrated on your browser, mail client, chat and others programs. For our (limited) experience I2P is the most complete anonymizing network we know. To conclude, as already discussed also on this post none or nothing can create a perfectly anonymous software but I2P can help to better improve our privacy. Recommended!