UBUNTU: Save memory, Use Fluxbox

As i mention on my post before, I wanted to install fluxbox and save a liltle bit memory on my laptop as it take a lot of memory when I'm using gnome. What is fluxbox? It's actually one of lightweight window manager for Unix/BSD/linux available for free.

And it takes me about 5-7 hours to customize the theme, decoration, fonts, softwares and the menu which has to being customize by user himself/herself. And this is the final look of my desktop today.

The new application i have to download to minimize the usage of my laptop memory are:

• irssi (IRC client which runs well in any terminal)
• bitlbee (Messenger client/server which let you connect to YM,Gtalk by using irssi client)
• rvxt ( Terminal )

And i would like to credits Sifuh for helping me out in customization, piju for being such an annoying person which lead me to this act, Fenris for being ignorance, NetBSD for sharing his great wallpaper and slamdunk, for da advise.

UBUNTU: Ubuntu Malaysia Meetup Pictures

Here is the link to view the Ubuntu Malaysia Meetup's Pictures.

Meetup Picture in Uitm Shah Alam

Thanks for those who come to the meetup.. Maybe those who cant make it to this event may have chance again on our next Ubuntu Malaysia Meetup.

UBUNTU: Fluxbox in Ubuntu~!

I've been planning to try other Window Manager from day to day and finally I manage to get time to install and try Fluxbox on my Gutsy. Yeah It's pretty smooth and light compared to gnome and kde. Even Xfce is heavier than fluxbox wm.

I'm planning to give screenshot after I've finished my customization for my fluxbox such as menu, Desktop and etc. Anyway can't wait to make it 100% usable.

Thanks to piju for guiding me on Elightenment. I'll setup enlightenment after my fluxbox is running.

Problem found so far:

• Default installation via apt-get doesnt create your menu automatically. You need to write the menu script manually.
• Some other tutorial in the internet still using old menu script such as gaim. Need a few tweaks here and there.

That's all. Need to work~!

LIFE: 3 Days to go~

It's just been a very busy week for me. A lot of stuff need to be settle by the end of this week. Yeah, my internship program has a project right now. Unluckily I will not do project base on opensource/linux but mainly on Windows Server.

Well I need to do well on this project to gain high marks for my intern program. Microsoft Sharepoint? Has anyone got any idea about this? How can I make a portal which will suit my company workflow + payroll + document management and etc! Argh.. need to read more I think.

But the main thing is - Ubuntu Meetup just around the corner. It's 3 more days to go! Honestly there is a lot of things keep buzzing my thought. Hehe.. simple matters actually but really give a big impact to me.

I will do my best for this events. I really hope the Meetup will give a lot of infos to the participants.

DIY: Prolink H6300G Fan Added

It was a boring day, so i surf the net just to fill up my free time with sumthing useful. Luckily on the afternoon, I had a chance to chat with two of DIY"ers" friends on the irc. So one of them make me felt like it's a good time to start modify my router because the router's temp is quite hot when I let it run for 24/7.

So I start with open up the case, it's look clean and untouch! haha.. so I could say it's virginity will be rip out by me~! I'm going to rape my router! oyeh oyeh~!
So first things first, I need a fan. I take my old pc(very very old one) and take out the power supply. So I have one fan. Now I have to make the router upper case some hole so that the fan can blow some cool air into the router.

Finally, this is the best I can do right now. Due to lack of tools and experience, this is the best I can do. Here is the final product I have made:

the red circle is where the fan's will get the power.

This is the final progress~!

I'm glad cause I will not have any issue with heat anymore with my modified prolink H6300G. Thanks to mypapit and amet_ for the advise and tips.

P/S: the air ventilation is already provided by the prolink H6300G's casing. So no need to make any adjustment on the out-flow. Now it's working like a charm without any disconnection due to high-temperature.

UBUNTU: Setting up SNORT + BASE on Gutsy

Snort (Intrusion Detection System)
BASE (Basic Analysis and Security Engine)
MySQL (Used as database to store alerts and information)
Apache2 (As a web server to view BASE reports)
Gutsy Gibbon (Ubuntu release)

Here is the step to setup SNORT + BASE:

• Gain root access:
• sudo su -
• We need to make the dependencies ready in order to run snort and base on the system. To prepare the dependencies, please apt-get several things or just copy the code below to your terminal:
• apt-get install libpcre3-dev libpcap0.8-dev libmysqlclient15-dev mysql-client-5.0 mysql-server-5.0 bison flex apache2 libapache2-mod-php5 php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep
• Then you have to make a specific folder to gather every source code before we compile. So your system will look neat and you can keep the source code for further use.
• mkdir /snort
• mkdir /etc/snort
• mkdir /etc/snort/rules
• cd /snort
• Now we need to get every files needed to run SNORT and BASE(in this tutorial, we will manually compile each and every single application needed to run SNORT and BASE)
• wget http://www.snort.org/dl/current/snort-2.8.0.1.tar.gz

• wget http://snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

• Now extract and compile the source codes:
• tar xvf snort-2.8.0.1.tar.gz ; cd snort-2.8.0.1 ; tar xvf /snort/snortrules-pr-2.4.tar.gz
• ./configure -enable-dynamicplugin --with-mysql
• make
• make install
• Now we need to make things on it's directory(working directory)
• mkdir /etc/snort /etc/snort/rules /var/log/snort
• cd /snort/snort-2.8.0.1/etc
• cp * /etc/snort/
• cd ../rules
• cp * /etc/snort/rules
• Now we need to edit the snort config to suit your network:
• nano /etc/snort/snort.conf
• changer the "var HOME_NET" any to "var HOME_NET 192.168.1.0/24" <-- maybe different ip's for your network.
• change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET"
  
• Next is to change the rules directory to "var RULE_PATH /etc/snort/rules"
• Last, you need to edit how the snort will dump the alert, we will use mysql for this tutorial. Scrolldown the config file and search for "output database" and uncomment the mysql line. You need to edit it to suit your database connection where is user = your username ; password = your user password ; dbname = your dbname ;
• save and quit.
• to keep the setting secure please change mod:
• chmod 600 /etc/snort/snort.conf
• Now we need to setup database to dump the data:
• mysql -u root -p and insert root password
• mysql> create database snort;
• grant all privileges on snort.* to 'snort@localhost' identified by 'snort_password';
• exit
• Now create the tables for the database we just created:
• mysql -D snort -u snort -p < /snort/snort-2.8.0.1/schemas/create_mysql
• use db password you set on the set above.
• Now we test snort:
• snort -c /etc/snort/snort.conf
• if everything running well without any error message, then press 'ctrl+c'
• if you got error, please uncomment lines 97,98 and 452 on "/etc/snort/rules/web-misc.rules". There was a known issue in the past.
• Now is the time to setup BASE:
• cd /snort
• wget http://easynews.dl.sourceforge.net/sourceforge/secureideas/base-1.3.9.tar.gz
• cd /var/www ; tar xvf /snort/base-1.3.9.tar.gz
• mv base-1.3.9 base
  
• chmod 757 base
  
• We will want to use couple of pear modules and make it activated:
• pear install Image_Color
• pear install Image_Canvas-alpha
• pear install Image_Graph-alpha
• NOW IT'S TIME TO SETUP BASE FROM YOR WEB BROWSER:
• open up browser and type this url :
• http://{your hostname}/base/index.php
• Click to continue the first page.
• There will be 5 steps to setup base:
1. Enter ADODB path to = /usr/share/php/adodb
2. insert information about your database that we've created on this tutorial.
3. Check the box if you want to make authentication available.
4. Click on Create BASE AG
5. once step 4 is finished, click "Now Continue to .... "
• Bookmark this page for your access on the future.
• Now to setup snort to run on startup:
• nano /etc/rc.local
• add this before "exit 0"
  
• /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -D
• Save and exit.
• Now reboot your box.
• after reboot complete check either snort is running or not by using ps aux command:
• ps aux | grep snort
• if you see a line with "/usr/local/snort -c bla bla bla" then it's mean the snort is running.
• We are done!

Access your alert by using web browser from anywhere by typing the url like "http://www.snortandbase.com/base-1.3.9" and login to view the alert. Please configure your rules to avoid false alarm. Use only rules needed to monitor your box.

Happy Ubuntu-ing~

UBUNTU: Meetup Tentative Update

I would like to announce that Ubuntu Malaysia has update the site and include the latest tentative about the meetup which will be held on the 24th February 2008.

The tentative can be access at the official website of Ubuntu Malaysia. But that's is not the final tentative as the tentative will be update from time-to-time if any changes occurs. For now the tentative is valid until further notice.

I really hope that this event will be a great success for the team members. Work harder and you'll get the satisfaction! No doubt~

UBUNTU: vmsplice exploit fix!

I was shocked when i receive an alert from kagesenshi at #myoss freenode.net regarding the kernel exploit which affected kernel 2.6.17 to 2.6.24. So I tried the exploit and in a split second, I got a root access without need to put any password nor sudo command.

What an exploit! actually the exploit do take advantage on splice code use by kernel to gain root access. Ubuntu dev team currently working to release a kernel patch as soon as possible, but either way you need to patch your current kernel before the official patch is release.

Here is the step to patch your kernel:

• Open up terminal:
• wget http://forums.ubuntu.com.my/forumfiles/disable-vmsplice-if-exploitable.c
• cc -o patch disable-vmsplice-if-exploitable.c
• ./patch
• And you're done patching.

But if in a way you would like to test your kernel before patching, here is the guide to exploit your own kernel:

• Open up terminal:
• wget http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
• cc -o exploits 27704.c
• ./exploits
• And you will have the root. If you not gaining any root access, it means that your kernel is not affected and no need to patch.
• ****UPDATE****
  

• You need to apply it on every session as the patch is run on the active session only. So to make it run on every session even after rebooting your box/desktop/laptop, you need to put it on your rc.local script. To do this:
• sudo mv exploits patch /usr/bin/
• sudo nano /etc/rc.local
• add the following line before "exit 0"
• /usr/bin/exploits sh /usr/bin/patch
  
• So it will run on every startup until the kernel update is release.

It's all from now. Any difficulties regarding the tutorial here please leave a comment.

UBUNTU: Snort + Base setup in progress

Hello, it's been a couple of days since my last post. I got no idea actually. As my last post did mention, "What a boring CNY(for sure it's boring when you dont have any penny to spend for the CNY)"

Now I'm on the process to setup snort+base on my experimental laptop project. Why do I need such thing to run on my old+cheap laptop? because it's accessible from the net through web server, ssh and ftp. Yes, I make a web server at my laptop. To be honest, there is anybody would like to own my laptop but I setup snort and base just to learn about network monitoring plus to get to know what is Intrusion Detection System.

Why do I used IDS(Intrusion Detection System) instead of IPS(Intrusion Prevention System)? The answer is simple, I read a lot of blogs including my favourite blog (Ayoi's Blog) about the different between IDS and IPS.. Well let's get to basic first, I'll learn about Detection process first before proceed to look forward onto Prevention.

My SNORT + BASE has been setup quite well, but a few things need to be configured before I can make a post about the HOW-TO. Mostly signature is the issue. Nevermind, I'll make a HOW-TO as soon as I got time/a peaceful time.

Thanks to Mr Fenris, Mr Papit, Mr Dolphin for helping me out on some issue. Thanks a lot guys!

SHOUTOUT: It's Boring!

It was a boring day for me on the Chinese New Year. Everyone kept the silent on the IRC and everywhere. So i decided to make a post about my boring day! hehe.

anyway, you are the unlucky one to read this post. At least i know that you are bored too. hehe.. I do something today.. repairing my wireless router + modem cause it cant dialing to streamyx anymore.

I open up the router casing using tools and try to figure out what cause the modem failure. Interestingly I can't find anything's wrong with the circuit. hehe.. Actually I know nothing about electronics's circuits. So it's like "tikus membaiki labu".

I try to dial to streamyx using the router to find anything strange about the router.. and suddenly I think it's fix itself.. keke.. it's work and get connected without any difficulties. What a joke. I was using tmnet modem to dial for about 3 months cause i thought the router's modem broke.

Arrgghhh.. what should I post? Damn it is boring....!

UBUNTU: Set it as Torrent Download Monster!

Aplikasi yang perlu digunakan:

• remote console(SSH)
• web server(apache)
• database(mySQL)
• P2P Client(Bittorrent)

Langkah-langkah nak setup:

• install ubuntu server ataupun ubuntu desktop, ikut kegunaan server. Jika server tersebut anda gunakan untuk membuat kerja, maka gunakan Ubuntu utk Desktop. Jika box tersebut ingin digunakan sebagai pelayan sahaja, maka install ubuntu server edition.
  

• Selesai installasi bagi Ubuntu(server/desktop), reboot box tersebut.
• Login kepada user yang telah anda tetapkan.
• buka terminal(kepada user yang install desktop version):
• sudo passwd root <--- menetapkan password utk root
• sudo nano /etc/apt/source.list
• (langkah ini perlu untuk membuang source dari CD. Komenkan bahagian CD dari source list dengan menambahkan # di permulaan barisan CD tersebut.)

• Update source anda dengan menggunakan command:
• sudo apt-get update
• kemudian upgrade semua pakej kepada keluaran/versi yang terkini sebelum memulakan proses meng"up"kan server torrentflux.

Okeh, lepas settle sume update/upgrade/dist-upgrade kita mulakan tugas utk membenarkan kita access kepada server secara remote/jarak jauh.
untuk menginstallkan menda ni.. Sila jalankan command di terminal:

• sudo apt-get install openssh-server

• kemudian padam komputer/server.

• sudo shutdown -h now

• Unplug semua monitor, keyboard, dan semua peralatan kecuali wayar power dan cable LAN.

• Pasangkan semula komputer/server tadi(tanpa monitor,mouse dan keyboard) dan tunggu beberapa minit supaya Box tadi sudah sedia untuk beraksi.

• Dengan menggunakan client SSH pilihan anda(Putty jika anda menggunakan windows/ Linux - Gunakan saja terminal), connect ke server tadi dengan ip yang telah anda tetapkan bagi box tadi.

• jika tiada sebarang masalah, anda akan log masuk ke box tadi secara remote. Jika anda sudah masuk, sila install SWAT dan Samba.

• sudo apt-get install samba swat xinetd smbfs

• Skrang create samba password

• sudo smbpasswd -a

• Tambah configurasi SWAT pada xinet config dan save.

• sudo nano -w /etc/xinetd.s/swat

• # description: SAMBA SWAT
• service swat
• {
• disable = no
• socket_type = stream
• protocol = tcp
• #should use a more limited user here
• user = root
• wait = no
• server = /usr/sbin/swat
• }

• Reload Xinetd dengan konfigurasi baru.

• sudo dpkg-reconfigure xinetd

• untuk memastikan swat telah berjalan, sila jalan kan arahan ini pada terminal:

• sudo netstat -tap | grep swat

• Sekarang, buat folder untuk dikongsi dengan arahan berikut:

• sudo mkdir /share

• sudo mkdir /share/incoming

• sudo chmod 777 /share/incoming/

• Untuk membuat perkongsian samba, anda perlu buka web browser(Firefox/IE) dah taip di alamat URL: http://localhost:901/shares

• login sebagai root dan setkan:
  

• path /share/incoming

• valid user -

• read only - no

• dan commit changes

• Kemudian install phpmyadmin

• sudo apt-get install phpmyadmin

• masuk/login ke phpmyadmin dengan menggunakan web browser : http://localhost/phpmyadmin

• kemudian buat satu database baru bernama 'torrentflux' tanpa quote.

• skrang tiba masanya untuk install torrentflux.

• sudo apt-get install torrentflux

• abaikan mesej mengenai libphp-adodb

• configure database untuk torrentflux menggunakan dbconfig-common? yes

• setkan password

• Restart Apache? Yes

• untuk konfigurasi torrentflux, buka web browser dan taipkan di alamat URL: http://hostname/torrentflux/

• login sebagai user root box anda.

• tukar konfigurasi:

• path = /share/incoming

• dan "SAVE"

• Click "My Profile" dan update kan password jika perlu.

• Kemudian cipta satu akaun pengguna.

• skrang anda sudah mempunyai satu server yang bertujuan mendownload torrent.

• keluar dari browser.

• Buka semula browser, dan taip di Alamat URL : http://hostname/torrentflux

• dan login sebagai user biasa yang telah anda create tadi. Dan enjoy mendownload torrent!

Berikut merupakan langkah-langkah untuk membuat satu torrent serber yang akan mendownload torrent tanpa henti(of coz ia akan berhenti jika anda memadam kan switch power server tersebut).

UBUNTU: Which styles should be applied?

I'm wondering what is the best style to be applied at the Ubuntu Malaysia Forum?
There is a lot or pro and con for both styles. The old one is more beautiful and colorful than the one I just upload. But the old one is lack of utilities for the anonymous and hard to navigate(in the other words, it's link is small). No offense but that's the my personal opinion. The new style is more user-friendly and the navigation is clear to the user.

Plus the new styles does have user login at the top of the page. So that users don't have to scroll down to the bottom of the page to click login. Here is the screenshot of the old style:

And below is the latest style I've upload:

So, what do you all think? Your opinion is important for me to make the best decision.

UBUNTU: Installing Bro-IDS

Today is a public holiday for Kuala Lumpur. It's Wilayah's Day! but it's a bit boring when you dont have any plan to do. So I was a lil bored and currently in a mood of "try and error". So I google around and find a nice tutorial on how to install an IDS call Bro-IDS.

IDS is Intrusion Detetction System which is a common term used by sysadmin on their daily basis working hours. And I'm not one of them for sure. But I'd like to try what they call the basic fundamental of preventing network intrusion. I follow the tutorial here but can't compile the source. So i figure out some additional steps need to be done before compiling the source code.

So I come out with this how-to:

1. First of all you need to get all the dependencies ready before compiling bro-ids source code. To get ready you have to open up terminal and run apt-get :
2. sudo apt-get install libncurses5-dev g++ bison flex libmagic-dev libgeoip-dev libssl-dev
3. After finished installing dependencies, you have to download the source code. In this tutorial i'll use the stable release of Bro-IDS. You can download it here.
4. So, I'll assume that your source code is located at your desktop. Type "cd Desktop/" to go to the desktop folder.
5. Unzip the tarball by using this "tar zxvf bro-1.2-stable.tar.gz"
6. cd bro-1.2.1
7. ./configure
8. make
9. make install
10. make install-brolite

Walla... you're done installing the Bro IDS. Really you need to check the bro.cfg if you fail to run brolite. May be you make a mistake when configuring the bro.cfg while "make install-brolite" process. Happy trying!