Dr.Web® anti-virus for Linux (GUI based)

Dr.Web Security Suite for Unix Appliance and  Dr.Web® anti-virus for Linux (GUI based) is a group of modular solutions that can be installed on appliances running Unix-family (Linux/FreeBSD/Solaris(x86) operating systems. The solutions work as a corporate Internet-gateway – a proxy-server used to provide access to the Internet to intranet users.

Depending on your licensing scheme and the set of selected plugins solutions of Dr.Web Security Suite for Unix Appliance can perform the following tasks:
process incoming and outdoing mail and filter out viruses and spam;
scan http and ftp traffic for viruses;
detect and remove any malicious objects;
parse e-mails and analyze each component of a message;
filter e-mail according to white and black lists;
process correctly archived files of most known formats including multi-volume and self-extracting (SFX) archives;
notify recipients or other selected users on results of scanning using templates ensuring that provided information is easy to read
collect statistics regarding all activities of the system;
protect its own plug-ins against failures.
Benefits
Dr.Web means its own technologies and anti-virus laboratory
Dr.Web anti-virus technology has been developed since 1992 and is owned by Doctor Web.
here are few anti-virus vendors in the world with their own technologies for detecting and curing malware, a virus monitoring service and an analytical laboratory. It provides a rapid response to latest threats and allows solving any problems of customers in a few hours.

Large enterprise network experience
Dr.Web solutions for small and medium-sized companies and large corporate networks with dozens of thousands of computers have been developed and improved since 1992. The State Duma of Russia, its Defense and Foreign ministries FSB (Federal Security Service) and many other enterprises, educational institutions and research departments trust anti-virus solutions from Doctor Web.

Openness of the solutions
As usual, Doctor Web makes its contribution to development of open source anti-virus products. Solutions included in Dr.Web Security Suite for Unix Appliance have an unlimited potential for expanding their functionality. Virtually any user with a sufficient skill can implement a desired feature using the source code and the SDK supplied with the software.

Exceptional scalability
Dr.Web Security Suite for Unix Appliance can perfectly suite needs of a small company with just one e-mail server and meet the unlimited e-mail filtering requirements of transnational telecoms or Internet service providers, Its efficiency, flexibility of settings and capability of filtering huge volumes of e-mail traffic “on-the-fly” can comply even with highest demands.

Optimal configuration
Configuration of servers with preinstalled Dr.Web Security Suite for Unix Appliance is the result of thorough optimization. Solutions match requirements of a customer perfectly. Flexible licensing system allows a company to pay only for functionality it is going to use. A server based on Dr.Web Security Suite for Unix Appliance is a high-performance solution at a best price.

Reliable protection
State-of-the art technologies ensure high-speed scan of traffic that doesn’t after Internet access speed and runs unnoticed by users. The solutions feature latest Dr.Web technologies that sheilf user machines from malware and spam. Automatic updating system allows maintaining a high level of security.

High productivity and stable operation
Multi-thread scan feature enables Dr.Web Security Suite for Unix Appliance processing simultaneously large amounts of data. Well-designed modular structure makes it impossible for an attacker to disable a solution. Well-known low system requirements of Dr.Web products allow running them on any server hardware.

Easy installation
Dr.Web Security Suite for Unix Appliance fully complies with the “plug and play” principle making installation and maintenance extremely easy even for an inexperienced user. The installation procedure was designed to exclude any possible configuration errors by staff and reduces time of deployment to several minutes. Installation of an appliance doesn’t affect configuration of computers in a corporate network.

Flexible configuration and easy administration
Dr.Web Security Suite for Unix Appliance allows implementing any protection scheme tailored to the security policy of your company. The solutions have flexible configuration system so virtually any required set of rules can be created by a system administrator. All actions related to the network security are logged. The logged data can be used to analyze network health and pinpoint vulnerabilities. The convenient user alert system that issues virus warnings and notifies a user upon loading of a web-page containing malicious code will assist you in conforming to the security policy of your company.

Frequent updating
An add-on to the Dr.Web virus database is released when new entries are added as often as several times per hour. Hot add-ons are released immediately after a new threat has been analyzed. The global virus monitoring network delivers latest samples of viruses from all over the world. Users retrieve updates from several servers located on different parts of the globe.

Read the rest of this entry »

Install Guest Additions for a better VirtualBox experience

In my default setup of Windows XP, on my particular Ubuntu 9.04 box, the installation of Windows XP rendered a perfectly usable desktop with 32 bit colors in 800×600 resolution. This resolution, of course, is not ideal for some situations (such as Full Screen mode). In order to get a higher resolution, along with other features, you have to install Guest Additions. This is a simple process that can be done quickly and yields a much better user experience than the default. So…let’s get to the installation.

Figure 1

Before you attempt to do the installation of the guest additions you have to have your virtual machine up and running. Once that VM is running you will see three menu entries at the top of the window: Machine, Devices, and Help. You want to click on the Devices entry and then click the Install Guest Additions entry (see Figure 1).

What you will see is a warning message instructing you that the Guest Additions CD image could not be found. Fear not, this is normal. Click Yes in order to download the image and then Download to confirm. You will see a progress bar at the bottom left of your VM window.

When that download has finished you will be asked if you want to Mount the image. Click the Mount button to reveal the Sun xVM setup wizard. Click Next in the welcome screen which will take you to the license agreement window. Click the I Agree button (and read the license if you feel so inclined.)

Figure 2

What you are now doing is a fairly straightforward Windows application-like installation. The only “gotcha” during installation will be a warning that the software did not pass the Windows Logo testing. Ignore this warning and click Continue Anyway. Your screen will flicker for a second – don’t worry.

You will see this warning another time when it attempts to install software for the pointing devices.

After that warning the installation will complete and, in typical Windows fashion, you will be required to reboot your virtual machine. Do this. When the reboot completes you will find your virtual machine much easier to work with. Now:

• You no longer have to capture the mouse pointer.
• You can set your resolution to a much higher level.
• You can now copy and paste between guest and host operating systems.
• You can run Windows in seamless mode.

Seamless mode

Figure 3

Seamless mode is a very interesting trick. What this does is take the elements of Windows out of the VM window and layer them on top of your Linux desktop.

As you can see, in Figure 3, with seamless mode activated all Windows applications have their own window. So in this instance Internet Explorer appears to be running on Linux by itself. And the Windows task bar is resting nicely on top of the GNOME panel.

You toggle between seamless and non-seamless mode by pressing the Hot Key and the “L” key. The default Hot Key is the right Ctrl key.

Final thoughts

This is truly some exciting work. With the help of VirtualBox you can, effectively, have your cake and eat it too (as the saying goes.) Work with Windows applications inside of Linux without needing the help of Wine.

Install And Use Metasploit Framework 3.2 on Linux {Exclusive}

Metasploit is an application that is used to research the security in your network. The Administrators can test their networks that is made by them. What Their network is found the weakness or not. Many exploit type and payload Who can be used on Metasploit. You are able to use Metasploit on Linux operating system

1. Download metasploit here
2. copy metasploit file to root or home directory
3. open the terminal
   $ cd /
$ sudo su
# tar xzfv framework-3.2
# cd framework-3.2
4. in directory framework-3.2, there is 2 selection using metasploit
   • ./msfconsole using metasploit console mode
     # cd /
# cd framework-3.2
# ./msfconsole
   • ./msfweb using metasploit web mode
     
# cd /
# cd framework-3.2
# ./msfweb
Using metasploit on web mode, you have to open your mozilla and go to url http://127.0.0.1:55555/, if your status is offline, please select file | select Work Offline on your Mozilla Firefox.
   • have fun

10 More Hacking and Security Software Tools for Linux

I noticed that our list of hacking and security software tools for Linux was not enough so I figured out that I should add some more. But before anything else, thank you to those who commented the last time and shared their favorite hacking programs. –I’ve included some of those that you’ve mentioned on this new list for others to know about.

Now without any more delay, here’s our latest compilation of hacking and security tools for Linux:

* Ettercap

Ettercap is a console-based network sniffer/interceptor/logger that is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Ettercap also has the ability to actively or passively find other poisoners on the LAN.

* Nikto

Nikto is a web server scanner that is known to perform comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. It performs generic and server type specific checks. It also captures and prints any cookies received.

* OpenSSH

OpenSSH is a Free and Open Source version of the SSH connectivity tools providing encrypted communication sessions over a computer network. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

* Aircrack-ng

Aircrack-ng is a wireless tool and password cracker. It is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs.

* Tripwire

Tripwire is a security and data integrity tool that is useful for monitoring and alerting on specific file change(s) on a range of systems. Used with system files on a regular basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.

* Metasploit Framework

Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit-building demo.

* THC Hydra

THC (The Hacker’s Choice) Hydra uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more.

* Dsniff

Dsniff is suite of powerful network auditing and penetration-testing tools and utilities that includes code to parse many different application protocols and extract interesting information. The information that can be obtained from this sniff application are: usernames and passwords, web pages being visited, contents of email, etc.

* RainbowCrack

RainbowCrack is a password hash cracker that makes use of a large-scale time-memory trade-off. It differs from “conventional” brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.

* rkhunter

rkhunter scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Set your hostname in Linux

If you are an administrator then you know what a hostname is. If you are not an administrator then you should know the hostname of a computer is the name which a network attached device is known. Unless you have manually changed your hostname, or set it up during installation, your hostname will most likely be “localhost.localdomain”.

Hostnames are most often used for administrative habits. In other words hostnames will show up in some scanning applications, can be used for name to IP address resolution, and much more. But to make this useful you will have to manually set your hostname on your Linux machine. This article will show you just how to do that.

Find your hostname

The most common means to find your host name is to open up a terminal window and enter the command:

hostname

If you have not set your hostname, more than likely you will see returned:

localhost.localdomain

A quick and easy way to spot if you have not changed your hostname is to check when you open up your terminal window. At your bash prompt you will see something like:

[jlwallen@localhost ~]$

As you can see a portion of the hostname (everything preceding the first “.”) will be used in your prompt. In the example you see above you see “localhost” which should tell you the hostname has not been changed.

Temporarily changing your hostname

You can temporarily change your hostname by issuing a single command. You have to issue this command either using sudo or as the root user. To make this change you will use the same command you used to find out your hostname, only you will include the new hostname to the command. Say you want to change your hostname to “willow”. To make this change temporarily issue the command:

hostname willow

Now issue the command hostname which should report back:

willow

This change will last until you reboot your machine.

Permanently changing your hostname

How you permanently change your hostname will depending upon which distribution you use. We’ll examine making this change on both a Ubuntu system and a Fedora system. First Ubuntu.

On a Ubuntu system there is a file called /etc/hostname. The contents of this file will have a single line containing the hostname of your machine. Open up this file in your favorite editor, delete the default hostname, add your desired hostname, and save the file. To make this chang take effect issue the command:

/etc/init.d/hostname.sh start

This hostname will remain intact upon reboot.

Now to change your hostname in Fedora. This is taken care of in the /etc/sysconfig/network file. The default contents of this file will look like:

NETWORKING=yes
HOSTNAME=localhost.localdomain

Erase the “localhost.localdomain” portion and change that to reflect the hostname you want. Once you have made this change save the file. Once you have made this change issue the following command (as the root user):

/etc/rc.d/rc.sysinit

For the change to take effect.

Final thoughts

With your hostname changed applications like Lanmap will now be easier to use because machines will have unique names. This change will also make administering your systems easier because you will have set machine hostnames to reflect either the user of the machine or the machines’ job.

Map your network with Lanmap

This morning I needed a visual representation of my local Lan in order to find out what machines were associated with what IP addresses. For this task I used a tool that has come in handy on a number of occasions. That tool? Lanmap. Lanmap is a command-line only tool available for Ubuntu that will monitor your network and compose a 2D image of your network. This image will include information about your machines as well as packets sent and MAC addresses. The tool is incredibly handy to have around.

I will warn you: The creator of Lanmap has dropped this application in leiu of creating a much more robust Lanmap-2. Unfortunately Lanmap-2 is not complete so Lanmap one will have to be used until 2 is complete. Fortunately Lanmap is still in the Ubuntu repositories so installation is a snap. And once installed, Lanmap is equally as easy to use.

Installing Lanmap

As stated earlier, Lanmap is only available for Ubuntu (and Debian-based) systems. Most likely, if you use apt-get, you can install Lanmap. Of course you don’t have to install via command line, but if you want to just issue the command:

sudo apt-get install lanmap

This command will prompt you for a Y or N to install the requirements. Click “y” (no quotes) and hit enter. Lanmap will install quickly and you’ll be ready to map.

If you want to install via GUI tool open up your Add/Remove Software utility (found in the Applications menu in GNOME), do a search for “lanmap” (no quotes), select the resulting lanmap entry, and click Apply. Once you “okay” the dependencies the installation will be off and running.

Using Lanmap

Lanmap is a command line tool that generates an image. The structure of the command is:

lanmap -i INTERFACE -r INTERVAL -T IMAGE_TYPE DIRECTORY_TO_STORE_IMAGE

Here are the specifics:

• INTERFACE: The interface you want to use to listen to your network. Typically this will be in the form of eth0. You can use all without using the -i switch to listen on all interfaces.
• INTERVAL: This sets the interval (in seconds) between two consecutive graph generations (default being 60).
• IMAGE_TYPE: The type of image file you want to generate. The only supported types are: png, svg, and gif.
• DIRECTORY_TO_STORE_IMAGE: Where you want to store the image file.

So if  I want to scan my network with all interfaces and create a png image I would issue the command:

lanmap all -r 30 -T png ~/

Figure 1

The resulting map (I am currently writing on a far smaller network with machines that are not broadcasting their hostnames. You can see the IP addresses and MAC addresses of course (see Figure 1).

You can see one machine (at IP address 192.168.1.10) is broadcasting as “UBUNTU SERVER”, but outside of that, no hostnames are showing up. This is not really a problem at this size of a network. On a larger network I would hope more machines will show up with their hostnames. This, of course, will depend upon your network setup.

Final thoughts

I have used plenty of applications to create network maps that range from too many bells and whistles to too few features. Lanmap ventures close to the latter, but offers just enough features to make it not only useable but useful. Give Lanmap a try, I think you’ll find it as helpful a tool for your networking toolkit as I do.

Firewall with iptables using mac address filtering in linux !

There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables has the option to do it.

From the man page of iptables:

Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

You may want to insert this line in you firewall script.

iptables -A INPUT -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

This way the packets comming from the network element with the MAC address 00:11:2f:8f:f8:f8 will be denied.

That is if you want to block the incoming packets to the firewall, but the blocked machine may still be able to send packets across the firewall, so to block those packets, you may want to add also this line.

iptables -A FORWARD -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

Nmap – How To : Scan Hosts Of Networks For Open Ports !

Nmap is a wonderful tool specially for debugging, there are lots of times when you need to know if a port is open in a server, or maybe blocked by a firewall, or just to test your iptables rules.

Here we will learn how to use it at the command line, and using its GUI front end, nmapFE and Knmap.

Introduction

Well, so what does nmap does?

From the man page:

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

As you can see it is a really useful Linux tool.

Command Line

How to use it

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS

TCP SYN scan

-O

Enable Operating System detection

sudo nmap -sU 127.0.0.1

-sU

UDP ports scan

sudo nmap -sS -O -p 20-25 127.0.0.1

-sS

TCP SYN scan

-p 20-25

Scan on ports 20 to 25

sudo nmap -sS -F 127.0.0.1

-sS

TCP SYN scan

-F

Fast (limited port) scan

you can check the long nmap man page

man nmap

Graphical interfaces

nmap Front End (nmapFE)

This is one of its front ends to install it run:

For Fedora / Centos

sudo yum install nmap nmap-frontend

For Debian / Ubuntu

sudo aptitude install nmapfe

On target you put the IP or IPs you want to scan, select the scan type, if you want TCP SYN, UDP, Connect scan, or other, the most used are SYN and UDP if you want to scan for UDP ports. Also select the scanned ports, you can scan the default ones, All, fast (only the ports in nmap-services file).

Select if you want to use the discovery option, if you want to ping and which type of ping you want to use to discover network nodes if you have specified an IP range to scan.

Useful if you want to send the output to a file.

Lots of other tools, if you want you can enable verbosity of debugging, and if you want IPv6 support.

KDE Nmap (knmap)

To install it

For Fedora download the rpm here

then run:

sudo rpm -ivh [downloaded package]

For Debian / Ubuntu

sudo aptitude install knmap

Its interface has divided the options in a very convenient way, in the common options you will see the target IPs, the port range and if you want it to resolve names.

Here you select if you want to scan all ports, perform a fast scan, IPv6 support, Operating System detection, verbose, and other options.

In compound options, you will find a lot more options to play with, you can select which interface to use, which IP, and even if you want to spoof your Mac address!

Ping and scan options is like the discover and the scan tabs of nmapFE together.

Conclusion

Nmap is a must have tool for network and security administrators, also the GUI front ends are good and easy ways to use them, and also to learn how to use them, because you can discover new applications, and with nmapFE you can see the command that is going to be executed, another good point for knmap is that it has the possibility to save profiles, with all the options you have enabled, so your next scan is easier.

Anti-virus Softwares for Linux

AMaVis : (e-mail Virus Scanner) It scans e-mail attachments for viruses using third-party virus scanners available for Linux. It Supports courier, exim, qmail, postfix, and sendmail. Built-in defense against Denial of Service (DoS) attacks

sudo apt-get install amavis-stats

Avast! : It is an anti-virus program from ALWIL Software based in Prague. This is a freeware for home users and non-commercial use only. It is a good software for virus protection, with built-in anti-spyware and anti-rootkit security. Work on all modern linux distributions. It scans archives like rar, tgz, zip, gzip, tar, iso, rpm etc.

AVG Free : AVG Free for Linux is a commercial-grade antivirus software. It can be used on a single computer and is used for private, non-commercial use only. AVG Free has both command line and a graphical front end are available. It provides frequent updation and total professional security.

ClamAV : Clam AntiVirus designed especially for e-mail scanning on mail gateways.It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.Built-in support for document formats including MS Office and MacOffice files, PDF, HTML and RTF. It supports archives like rar, tgz, zip, gzip, tar, iso, rpm etc

sudo apt-get install clamav

Howto : Disable Pango To Get Faster Firefox

Today i find out that Ubuntu’s Firefox packages are compiled and packed with Pango support (You may want to read more about Pango here.) This is quite useless and problematic on Ubuntu so it is better to disable it to gain speed. I am talking about real speeds up to %30 – %40. There are a couple ways to disable it :

1- You can compile Firefox yourself
2- You can compile Firefox via ubuntuzilla
3- Or you can continue reading and finish this title in a couple of seconds

Open a terminal and edit your .bashrc file :

$gedit ~/.bashrc

at the end of that file add the following and save it :

export MOZ_DISABLE_PANGO=1

Restart your firefox ($pkill firefox) and see the difference.