Firewall with iptables using mac address filtering in linux !

There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables has the option to do it.

From the man page of iptables:

Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

You may want to insert this line in you firewall script.

iptables -A INPUT -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

This way the packets comming from the network element with the MAC address 00:11:2f:8f:f8:f8 will be denied.

That is if you want to block the incoming packets to the firewall, but the blocked machine may still be able to send packets across the firewall, so to block those packets, you may want to add also this line.

iptables -A FORWARD -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

Nmap – How To : Scan Hosts Of Networks For Open Ports !

Nmap is a wonderful tool specially for debugging, there are lots of times when you need to know if a port is open in a server, or maybe blocked by a firewall, or just to test your iptables rules.

Here we will learn how to use it at the command line, and using its GUI front end, nmapFE and Knmap.

Introduction

Well, so what does nmap does?

From the man page:

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

As you can see it is a really useful Linux tool.

Command Line

How to use it

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS

TCP SYN scan

-O

Enable Operating System detection

sudo nmap -sU 127.0.0.1

-sU

UDP ports scan

sudo nmap -sS -O -p 20-25 127.0.0.1

-sS

TCP SYN scan

-p 20-25

Scan on ports 20 to 25

sudo nmap -sS -F 127.0.0.1

-sS

TCP SYN scan

-F

Fast (limited port) scan

you can check the long nmap man page

man nmap

Graphical interfaces

nmap Front End (nmapFE)

This is one of its front ends to install it run:

For Fedora / Centos

sudo yum install nmap nmap-frontend

For Debian / Ubuntu

sudo aptitude install nmapfe

On target you put the IP or IPs you want to scan, select the scan type, if you want TCP SYN, UDP, Connect scan, or other, the most used are SYN and UDP if you want to scan for UDP ports. Also select the scanned ports, you can scan the default ones, All, fast (only the ports in nmap-services file).

Select if you want to use the discovery option, if you want to ping and which type of ping you want to use to discover network nodes if you have specified an IP range to scan.

Useful if you want to send the output to a file.

Lots of other tools, if you want you can enable verbosity of debugging, and if you want IPv6 support.

KDE Nmap (knmap)

To install it

For Fedora download the rpm here

then run:

sudo rpm -ivh [downloaded package]

For Debian / Ubuntu

sudo aptitude install knmap

Its interface has divided the options in a very convenient way, in the common options you will see the target IPs, the port range and if you want it to resolve names.

Here you select if you want to scan all ports, perform a fast scan, IPv6 support, Operating System detection, verbose, and other options.

In compound options, you will find a lot more options to play with, you can select which interface to use, which IP, and even if you want to spoof your Mac address!

Ping and scan options is like the discover and the scan tabs of nmapFE together.

Conclusion

Nmap is a must have tool for network and security administrators, also the GUI front ends are good and easy ways to use them, and also to learn how to use them, because you can discover new applications, and with nmapFE you can see the command that is going to be executed, another good point for knmap is that it has the possibility to save profiles, with all the options you have enabled, so your next scan is easier.

JDownloader 0.7 Released With Faster GUI and FlashGot Integration And New Themes

JDownloader is an open source, platform independent and written completely in Java free tool that automates downloading from one click file hosters such as Rapidshare, Megaupload and etc. If you have premium accounts, you can configure JDownloader to use it. If not, JDownloader can also help you to download multiple rapidshare files automatically by reconnecting your Internet connection to change your IP address. Well this only works if you get dynamic IP address and not static ones. There are a lot more such as CAPTCHA recognition, auto extract or join files when it has finished downloading all parts, RAR password brute-force via dictionary list and etc, auto shutdown when finished downloading and etc…

Today I launched JDownloader and I got a notice that there is a major update. I updated it and noticed that the whole program’s GUI has changed to a much faster, nicer and easier to use interface.
//
//
I have to admit that the old interface is a little confusing and not so user friendly. The new layout tab helps a lot in making this program looks more tidy.

I was also very excited to learn that the new FlashGot now supports JDownloader! I have FlashGot installed on my Firefox browser and every time when I wanted to download files from RapidShare, I had to manually run JDownloader and let the clipboard monitor catch the links. But with FlashGot integration, I can just right click on the link and select “FlashGot Link” or “FlashGot Selection” if it is a text.

I wasn’t able to get FlashGot working with JDownloader at first. No matter what I did, JDownloader is always grayed out from the list of supported download managers. Then I downloaded the full version from JDownloader’s website, extract and ran it, this time I get a confirmation window asking me to install Firefox integration. I am very sure that didn’t come out when I upgraded from 0.6 to 0.7. After clicking OK, you can now select JDownloader from the Download Manager list.

I noticed that JDownloader is being developed very actively if compared to other downloaders such as CryptLoad. They’ve been talking about their version 2.0 for a long time but still nothing after so many months. JDownloader is FREE and it requires Java Runtime Environment to run. Supports Windows, Linux and Mac. Try it, I am sure you’ll love it.

[ Download JDownloader ]

//
//

Anti-virus Softwares for Linux

AMaVis : (e-mail Virus Scanner) It scans e-mail attachments for viruses using third-party virus scanners available for Linux. It Supports courier, exim, qmail, postfix, and sendmail. Built-in defense against Denial of Service (DoS) attacks

sudo apt-get install amavis-stats

Avast! : It is an anti-virus program from ALWIL Software based in Prague. This is a freeware for home users and non-commercial use only. It is a good software for virus protection, with built-in anti-spyware and anti-rootkit security. Work on all modern linux distributions. It scans archives like rar, tgz, zip, gzip, tar, iso, rpm etc.

AVG Free : AVG Free for Linux is a commercial-grade antivirus software. It can be used on a single computer and is used for private, non-commercial use only. AVG Free has both command line and a graphical front end are available. It provides frequent updation and total professional security.

ClamAV : Clam AntiVirus designed especially for e-mail scanning on mail gateways.It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.Built-in support for document formats including MS Office and MacOffice files, PDF, HTML and RTF. It supports archives like rar, tgz, zip, gzip, tar, iso, rpm etc

sudo apt-get install clamav

gshutdown : Graphical Shutdown Utility in Ubuntu

gshutdown is a Graphical Shutdown Utility, you can set the shutdown /restart time graphically. Beginners can easily schedule shutdown time using this utility.

$ sudo apt-get install gshutdown

( or use synaptic package manager)

Howto : Password Protect Grub in Ubuntu/Debian Linux

Some recent posts showing that your linux box is not secure unless you installed a grub Password.
If you are an administrator of a highly sensitive server, you must do it.
To add a password for grub, first you must generate an md5 password hash using the grub-md5-crypt utility: grub-md5-crypt

The command will ask you to enter a password and offer a resulting hash value as shown below:

Password: (enter new password)
Retype password: (repeat password)
$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

Add the resulting hash value to the file /boot/grub/menu.lst in the following format:

password –md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

To require use of the password for entering single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

# lockalternative=true

Howto : Disable Pango To Get Faster Firefox

Today i find out that Ubuntu’s Firefox packages are compiled and packed with Pango support (You may want to read more about Pango here.) This is quite useless and problematic on Ubuntu so it is better to disable it to gain speed. I am talking about real speeds up to %30 – %40. There are a couple ways to disable it :

1- You can compile Firefox yourself
2- You can compile Firefox via ubuntuzilla
3- Or you can continue reading and finish this title in a couple of seconds

Open a terminal and edit your .bashrc file :

$gedit ~/.bashrc

at the end of that file add the following and save it :

export MOZ_DISABLE_PANGO=1

Restart your firefox ($pkill firefox) and see the difference.

Howto: Install KDE 4.3 on Kubuntu/Ubuntu Jaunty

KDE 4.3 was released 3 days ago, bringing integration with other technologies, such as PolicyKit, NetworkManager & Geolocation services, was another focus of this release. KRunner’s interface has been overhauled. A much more flexible system tray has been developed. Many new Plasmoids have been added, including the openDesktop.org Plasmoid – an initial take on the Social Desktop. Plasma also receives more keyboard shortcuts.

Unfortunately if you are on Ubuntu Jaunty (or Kubuntu), you will not officially get KDE 4.3. It will be featured in the upcoming Koala version scheduled in October. However you can get your hands on the latest KDE offering now on your 9.04 desktop. But let us take a quick look at some screenshots.

Upgrading to KDE 4.3

First you will need to add the repos to your sources.list file:
sudo sh -c "echo 'deb http://ppa.launchpad.net/kubuntu-ppa/backports/ubuntu jaunty main' >> /etc/apt/sources.list"
sudo sh -c "echo 'deb http://ppa.launchpad.net/kubuntu-ppa/staging/ubuntu jaunty main' >> /etc/apt/sources.list"

Add the GPG key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8AC93F7A

And upgrade:
sudo aptitude update && sudo aptitude dist-upgrade

Or if you don’t have KDE installed in the first place:

sudo aptitude install kubuntu-desktop

And they say that the command line is hard! Easy as 1-2-3!

Here is a quick video of KDE 4.3 in action, enjoy!

Speed Up Your Linux Application Loading Time with Preload !

Preload is an adaptive readahead daemon. It monitors applications that users run, and by analyzing this data, predicts what applications users might run, and fetches those binaries and their dependencies into memory for faster startup times. Parts of these programs will be cached to speed up their load time.

Installation :

For Ubuntu 7.04 – 9.04 Jaunty Jackalope:

sudo apt-get install preload

For Fedora 7,8,9,10,11 : under root

yum install preload

For Mandriva :

urpmi preload

For Open suse ( add packman repository first):

zypper install preload

Configuration file:

You can find the config file at :

/etc/preload.conf 

With The default values in the config file,preload work fine.

Monitoring :

To check up on what resources Preload is using:

sudo tail -f /var/log/preload.log

Preload can provide a great improvement in application startup time and increases the speed of your system while staying in the background.

Later in my next article, i will show you how to make advanced configuration of preload.

---

Links :

• http://sourceforge.net/projects/preload/
  

How-to Send an Email from the Terminal using sendEmail !

You can use sendEmail to send emails from the terminal, SendEmail is a lightweight, command line SMTP email client. If you have the need to send email from a command line, this free program is perfect: simple to use and feature rich.It was designed to be used in bash scripts, batch files, Perl programs and web sites, but is quite adaptable and will likely meet your requirements. SendEmail is written in Perl and is unique in that it requires NO MODULES.

To install sendEmail in Ubuntu:

sudo apt-get install sendEmail

Now to send email ,

sendEmail -f FROM -t TO -s SERVER -u SUBJECT -m MESSAGE

Example :

sendEmail -f testmail@test.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it -t user_name@test.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it -s smtp.myisp.com -u
"Hello boss" -m "Hello boss, this is just a test message"

To learn more about sendEmail use the man command :

man sendEmail

Links :

* http://caspian.dotconf.net/menu/Software/SendEmail/
* http://www.ubuntuforums.org