- -A, --append chain rule-specification
- Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.
- -D, --delete chain rule-specification
- -D, --delete chain rulenum
- Delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.
- -I, --insert chain [rulenum] rule-specification
- Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.
- -R, --replace chain rulenum rule-specification
- Replace a rule in the selected chain. If the source and/or destination names resolve to multiple addresses, the command will fail. Rules are numbered starting at 1.
- -L, --list [chain]
- List all rules in the selected chain. If no chain is selected, all chains are listed. Like every other iptables
- command, it applies to the specified table (filter is the default), so NAT rules get listed by
iptables -t nat -n -LPlease note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given. The exact rules are suppressed until you useiptables -L -vexemple :
for drop packet to our ip :
iptables -D INPUT -s 127.0.0.1 -p icmp -j DROPfor allowing trafic to web or tcp :iptables -A INPUT -p tcp --dport 80 -j ACCEPT
for cheking our rules:iptables -Lfor flasing our rules:iptables -F
Saturday, November 12, 2011
Setting Linux Firewall
IPtbles is an administrator tool for filtering and configuring network. These options specify the desired action to perform. Only one of them can be specified on the command line unless otherwise stated below. For long versions of the command and option names, you need to use only enough letters to ensure that iptables can differentiate it from all other options.
Saturday, November 5, 2011
GetGo Download Manager
Free Complete Online Video, Music and File Download Manager with Download Support. This Free Downloader is an Essential Internet Tool for Increasing Download Speed, Resuming, Scheduling, and Organizing Downloads. Easy to use, customizable modern interface allows you to Download All of your favorite videos, program, games, and music with extreme acceleration. With auto-resuming feature, you never have to waste your frustrations on unfinished downloads due to network problems, or unexpected power outages.
Highlights
IE & Firefox Integrated
Seamlessly integrated with IE and Firefox web browsers, GetGo can run in the background without interrupting your web browsing experience while downloading.
Easy Batch Download
You can easily set up a Batch Download that not only downloads a large list of files using an URL pattern template, but also automatically renames downloaded files using a filename pattern template.
Extreme Download Acceleration
GetGo accelerates download speed by splitting files into many blocks and then downloading them concurrently, which can result an increase in download speed up to 500%!
Flexible Download Scheduler
With GetGo's flexible download scheduler, you can schedule your downloads to start on timer or a specific date, and to download for a specific amount of time before stopping.
Resume Broken Downloads
GetGo resumes broken or stopped downloads, such that you won't need to restart your downloads from the beginning again, saving your time and bandwidth.
Highlights
IE & Firefox Integrated
Seamlessly integrated with IE and Firefox web browsers, GetGo can run in the background without interrupting your web browsing experience while downloading.
Easy Batch Download
You can easily set up a Batch Download that not only downloads a large list of files using an URL pattern template, but also automatically renames downloaded files using a filename pattern template.
Extreme Download Acceleration
GetGo accelerates download speed by splitting files into many blocks and then downloading them concurrently, which can result an increase in download speed up to 500%!
Flexible Download Scheduler
With GetGo's flexible download scheduler, you can schedule your downloads to start on timer or a specific date, and to download for a specific amount of time before stopping.
Resume Broken Downloads
GetGo resumes broken or stopped downloads, such that you won't need to restart your downloads from the beginning again, saving your time and bandwidth.
Wednesday, November 2, 2011
Wine windows software emulator
Wine is a free software application that aims to allow computer programs written for Microsoft Windows to run on Unix-like operating systems. Wine also provides a software library, known as Winelib, against which developers can compile Windows applications to help port them to Unix-like systems.
Wine is both an emulator and a compatibility layer. It duplicates functions of a Windows computer by providing alternative implementations of the DLLsthat Windows programs call, and a process to substitute for the Windows NT kernel. This method of duplication differs from other methods that might also be considered emulation, where Windows programs run in a virtual machine. Wine is predominantly written using black-box testing reverse-engineering, to avoid copyright issues.
The name Wine initially was an acronym for WINdows Emulator. Its meaning later shifted to the recursive backronym, Wine Is Not an Emulator in order to differentiate the software from other emulators. While the name sometimes appears in the forms WINE and wine, the project developers have agreed to standardize on the form Wine.
In a 2007 survey by desktoplinux.com of 38,500 Linux desktop users, 31.5% of respondents reported using Wine to run Windows applications. This plurality was larger than all x86 virtualization programs combined, as well as larger than the 27.9% who reported not running Windows applications.
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware is a surprisingly effective freeware antimalware tool. It's a relatively speedy malware remover, with the quick scan taking about 8 minutes even with other high-resource programs running. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and dangerous apps.
The app has some nice features rolled in, too. It supports multiple drive scanning including networked drives, context menu options including a scan-on-demand for individual files, and the FileAssassin option under the More Tools section for removing locked files. The interface is simple, but pleasant-looking and well-organized. Tabs live just below the oversized logo, with few options per tab to keep down the clutter. The installation process was fast enough, but interestingly offered up the well-kept changelog and an instant definition file update.
Do note that the real-time protection is restricted to the paid version, as is the scheduler for updates and scans. Overall, though, Malwarebytes Anti-Malware is a responsive malware remover that does what it should with a minimum of fuss.
reff:download.cnet.com
Iptables
Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a num‐ber of built-in chains and may also contain user-defined chains.
Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a `target', which may be a jump to a user-defined chain in the same table.
A firewall rule specifies criteria for a packet and a target. If the packet does not match, the next rule in the chain is the examined; if it does match, then the next rule is specified by the value of the target, which can be the name of a user-defined chain or one of the special values ACCEPT, DROP, QUEUE or RETURN.
ACCEPT means to let the packet through. DROP means to drop the packet on the floor. QUEUE means to pass the packet to userspace. (How the packet can be received by a userspace process differs by the particular queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the ip_queue queue handler. Kernels 2.6.14 and later additionally include the nfnetlink_queue queue handler. Packets with a target of QUEUE will be sent to queue number '0' in this case. Please also see the NFQUEUE target as described later in this man page.) RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain. If the end of a built-in chain is reached or a rule in a built-inchain with target RETURN is matched, the target specified by the chain policy determines the fate of the packet.
Example:
iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 --cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark 0xffff
iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 --cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark 0xffff
iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP
iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP
And the following commands to make all nodes see the same packets:
ip maddr add 01:00:5e:00:01:01 dev eth1
ip maddr add 01:00:5e:00:01:02 dev eth2
arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:01
arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 -j mangle --mangle-mac-d 00:zz:yy:xx:5a:27
arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:02
arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 -j mangle --mangle-mac-d 00:zz:yy:xx:5a:27
In the case of TCP connections, pickup facility has to be disabled to avoid marking TCP ACK packets coming in the reply direction as valid.
echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a `target', which may be a jump to a user-defined chain in the same table.
A firewall rule specifies criteria for a packet and a target. If the packet does not match, the next rule in the chain is the examined; if it does match, then the next rule is specified by the value of the target, which can be the name of a user-defined chain or one of the special values ACCEPT, DROP, QUEUE or RETURN.
ACCEPT means to let the packet through. DROP means to drop the packet on the floor. QUEUE means to pass the packet to userspace. (How the packet can be received by a userspace process differs by the particular queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the ip_queue queue handler. Kernels 2.6.14 and later additionally include the nfnetlink_queue queue handler. Packets with a target of QUEUE will be sent to queue number '0' in this case. Please also see the NFQUEUE target as described later in this man page.) RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain. If the end of a built-in chain is reached or a rule in a built-inchain with target RETURN is matched, the target specified by the chain policy determines the fate of the packet.
Example:
iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 --cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark 0xffff
iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 --cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark 0xffff
iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP
iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP
And the following commands to make all nodes see the same packets:
ip maddr add 01:00:5e:00:01:01 dev eth1
ip maddr add 01:00:5e:00:01:02 dev eth2
arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:01
arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 -j mangle --mangle-mac-d 00:zz:yy:xx:5a:27
arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:02
arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 -j mangle --mangle-mac-d 00:zz:yy:xx:5a:27
In the case of TCP connections, pickup facility has to be disabled to avoid marking TCP ACK packets coming in the reply direction as valid.
echo 0 > /proc/sys/net/netfilter/nf_conntrack_tcp_loose
Fix Metasploit Error After Update
If you are found this error :
root@bt:~# msfconsole
[-] Failed to connect to the database: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 7175?
{"adapter"=>"postgresql", "database"=>"msf3", "username"=>"msf3", "password"=>"259959f7", "host"=>"127.0.0.1", "port"=>7175, "pool"=>75, "timeout"=>5} ["/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `initialize'", "/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `new'", "/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `connect'", "/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:217:in `initialize'", "/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `new'", "/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `postgresql_connection'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:223:in `new_connection'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:245:in `checkout_new_connection'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:188:in `block (2 levels) in checkout'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in `loop'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in `block in checkout'", "/opt/framework/ruby/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:183:in `checkout'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:98:in `connection'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:326:in `retrieve_connection'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_specification.rb:123:in `retrieve_connection'", "/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_specification.rb:115:in `connection'", "/opt/framework/msf3/lib/active_record/base.rb:1271:in `columns'", "/opt/framework/msf3/lib/active_record/base.rb:1284:in `column_names'", "/opt/framework/msf3/lib/active_record/base.rb:1297:in `column_methods_hash'", "/opt/framework/msf3/lib/active_record/base.rb:1986:in `block in all_attributes_exists?'", "/opt/framework/msf3/lib/active_record/base.rb:1986:in `each'", "/opt/framework/msf3/lib/active_record/base.rb:1986:in `all?'", "/opt/framework/msf3/lib/active_record/base.rb:1986:in `all_attributes_exists?'", "/opt/framework/msf3/lib/active_record/base.rb:1842:in `method_missing'", "/opt/framework/msf3/lib/msf/core/model/workspace.rb:69:in `default'", "/opt/framework/msf3/lib/msf/core/db.rb:189:in `default_workspace'", "/opt/framework/msf3/lib/msf/core/db_manager.rb:161:in `connect'", "/opt/framework/msf3/lib/msf/ui/console/driver.rb:190:in `initialize'", "/opt/framework/msf3/msfconsole:130:in `new'", "/opt/framework/msf3/msfconsole:130:in `<main>'"]
don't panic, because that problem can be fixed with this case :
rm /opt/framework/postgresql/data/postmaster.pid
rm /opt/framework/postgresql/.s.PGSQL.7175
rm /opt/framework/postgresql/.s.PGSQL.7175.lock
/etc/init.d/framework-postgres start
After that, open msfconsole :
root@bt:~# msfconsole
NOTICE: CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"
Call trans opt: received. 2-19-98 13:24:18 REC:Loc
Trace program: running
wake up, Neo...
the matrix has you
follow the white rabbit.
knock, knock, Neo.
(`. ,-,
` `. ,;' /
`. ,'/ .'
`. X /.'
.-;--''--.._` ` (
.' / `
, ` ' Q '
, , `._ \
,.| ' `-.;_'
: . ` ; ` ` --,.._;
' ` , ) .'
`._ , ' /_
; ,''-,;' ``-
``-..__``--`
=[ metasploit v4.1.2-dev [core:4.1 api:1.0]
+ -- --=[ 755 exploits - 397 auxiliary - 109 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
=[ svn r14141 updated today (2011.11.02)
our metasploit has been fixed .
Good luck !!
Tuesday, November 1, 2011
Crossover, windows emulator for linux
crossover allow you to install many windows aplication in linux operating sistem.You can think of it as an emulator, but it's different, because there's no Windows OS license required. Your applications integrate seamlessly in OS X or Linux; just click and run. No rebooting, no switching to a virtual machine, and no Windows Operating System license required!
Adding new Windows software is easy. Just place your install CD in your machine, and CrossOver will recognize it and offer to install it. Once installed, CrossOver will configure your application to run on your computer. That's all there is to it.
CrossOver is capable of running a range of Windows software. To see if your favorite application is supported, please check ourCrossOver Compatibility Center, or search for them using the search box at the top of this page.
Adding new Windows software is easy. Just place your install CD in your machine, and CrossOver will recognize it and offer to install it. Once installed, CrossOver will configure your application to run on your computer. That's all there is to it.
CrossOver is capable of running a range of Windows software. To see if your favorite application is supported, please check ourCrossOver Compatibility Center, or search for them using the search box at the top of this page.
Gparted tool partition
Setting Gparted :
- Download the GParted Live zip file.
- If you already have a FAT16 or FAT32 partition on your USB flash drive then skip to the next step (3).
Otherwise prepare at least a 200 MB partition formatted with either a FAT16 or FAT32 file system.
If the USB flash drive or USB hard drive does not have any partition, you can use a partitioning tool (e.g. gparted, parted, fdisk, cfdisk or sfdisk) to create a partition with a size of 200 MB or more.
Here we assume your USB flash drive or USB hard drive is /dev/sdd (You have to comfirm your device name, since it's _NOT_ always /dev/sdd) on your GNU/Linux, so the partition table is like:# fdisk -l /dev/sdd Disk /dev/sdd: 12.8 GB, 12884901888 bytes 15 heads, 63 sectors/track, 26630 cylinders Units = cylinders of 945 * 512 = 483840 bytes Disk identifier: 0x000c2aa7 Device Boot Start End Blocks Id System /dev/sdd1 * 1 26630 12582643+ b W95 FAT32Then format the partition as FAT with a command such as "mkfs.vfat -F 32 /dev/sdd1"
WARNING! Executing the mkfs.vfat command on the wrong partition or device could cause your GNU/Linux not to boot. Be sure to confirm the command before you run it.# mkfs.vfat -F 32 /dev/sdd1 mkfs.vfat 2.11 (12 Mar 2005) - Insert your USB flash drive or USB hard drive into the USB port on your Linux machine and wait a few seconds. Next, run the command "dmesg" to query the device name of the USB flash drive or USB hard drive. Let's say, for example, that you find it is /dev/sdd1. In this example, we assume /dev/sdd1 has FAT filesystem, and it is automatically mounted in dir /media/usb/. If it's not automatically mounted, manually mount it with commands such as "mkdir -p /media/usb; mount /dev/sdd1 /media/usb/".
- Unzip all the files and copy them into your USB flash drive or USB hard drive. You can do this with a command such as: "unzip gparted-live-0.4.5-2.zip -d /media/usb/"). Keep the directory architecture, for example, file "COPYING" should be in the USB flash drive or USB hard drive's top directory (e.g. /media/usb/COPYING).
- To make your USB flash drive bootable, first change the working dir, e.g. "cd /media/usb/utils/linux", then run "bash makeboot.sh /dev/sdd1" (replace /dev/sdd1 with your USB flash drive device name), and follow the prompts.
WARNING! Executing makeboot.sh with the wrong device name could cause your GNU/Linux not to boot. Be sure to confirm the command before you run it.
NOTE: There is a known problem if you run makeboot.sh on Debian Etch, since the program utils/linux/syslinux does not work properly. Make sure you run it on newer GNU/Linux, such as Debian Lenny, Ubuntu 8.04, or Fedora 9
Tor (anonymity network)
Tor (short for The Onion Router) is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages and other communication forms", to the user. It is intended to protect users' personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored. "Onion routing" refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and ultimately the destination. This reduces the possibility of the original data being unscrambled or understood in transit. The software is a free-software and the network is free of charge to use.
Operation
Operation
Tor aims to conceal its users' identities and their network activity from surveillance and traffic analysis by separating identification and routing. It is an implementation of onion routing, which encrypts and then randomly bounces communications through a network of relays run by volunteers throughout the globe. These onion routers employ encryption in a multi-layered manner (hence the onion metaphor) to ensure perfect forward secrecy between relays, thereby providing users with anonymity in network location. That anonymity extends to the hosting of censorship-resistant content via Tor's anonymous hidden service feature. By keeping some of the entry relays secret (bridge relays), users can evade Internet censorship that relies upon blocking public Tor relays.
Because the internet address of the sender and the recipient are not both in cleartext at any hop along the way (and at middle relays neither piece of information is in cleartext), someone eavesdropping at any point along the communication channel cannot directly identify both ends. Furthermore, to the recipient it appears that the last Tor node (exit relay) is the originator of the communication rather than the sender.
Originating trafic
Users of a Tor network run an onion proxy on their machine. The Tor software periodically negotiates a virtual circuit through the Tor network, using multi-layer encryption, ensuring perfect forward secrecy. At the same time, the onion proxy software presents a SOCKS interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes the traffic through a Tor virtual circuit. The Polipo proxy server can speak the SOCKS 4 & SOCKS 5 protocols and therefore is recommended to be used together with the Tor anonymising network. Polipo is a web proxy that does HTTP 1.1 pipelining well, so it can enhance Tor's communication latency.
Once inside a Tor network, the traffic is sent from router to router, ultimately reaching an exit node at which point the cleartext packet is available and is forwarded on to its original destination. Viewed from the destination, the traffic appears to originate at the Tor exit node.
Tor's application independence sets it apart from most other anonymity networks: it works at the Transmission Control Protocol (TCP) stream level. Applications whose traffic is commonly anonymised using Tor include Internet Relay Chat (IRC), instant messaging and World Wide Web browsing. When browsing the Web, Tor is often coupled with Polipo or Privoxy proxy servers. Privoxy is a filteringproxy server that aims to add privacy at the application layer. Polipo can speak the SOCKS protocol and does HTTP 1.1 pipelining for enhancing latencies, therefore is now recommended to be used together with the Tor anonymising network by the torproject.org.
On older versions of Tor (resolved May–July 2010), as with many anonymous web surfing systems, direct Domain Name System (DNS) requests are usually still performed by many applications, without using a Tor proxy. This allows someone monitoring a user's connection to determine (for example) which WWW sites they are viewing using Tor, even though they cannot see the content being viewed. Using Privoxy or the command "torify" included with a Tor distribution is a possible solution to this problem.Additionally, applications using SOCKS5 – which supports name-based proxy requests – can route DNS requests through Tor, having lookups performed at the exit node and thus receiving the same anonymity as other Tor traffic.
As of Tor release 0.2.0.1-alpha, Tor includes its own DNS resolver which will dispatch queries over the mix network. This should close the DNS leak and can interact with Tor's address mapping facilities to provide the Tor hidden service (
.onion) access to non-SOCKS-aware applications.reff:ww.en.wikipedia.org
The power of "chroot"
A chroot is a way of isolating applications from the rest of your computer, by putting them in a jail. This is particularly useful if you are testing an application which could potentially alter important system files, or which may be insecure.
Creating a chroot
Creating a chroot
This section provides instructions on creating a basic chroot. For more advanced chroots.
- Install the dchroot and debootstrap packages.
- As an administrator (i.e. using sudo), create a new directory for the chroot. In this procedure, the directory /var/chroot will be used. To do this, type sudo mkdir /var/chroot into a command line.
- As an administrator, open /etc/schroot/schroot.conf in a text editor. Type cd /etc/schroot, followed bygksu gedit schroot.conf. This will allow you to edit the file.
- Add the following lines into schroot.conf and then save and close the file. Replace your_username with your username.
[lucid] description=Ubuntu Lucid location=/var/chroot priority=3 users=your_username groups=sbuild root-groups=root
- Open a terminal and type:
sudo debootstrap --variant=buildd --arch i386 lucid /var/chroot/ http://mirror.url.com/ubuntu/
Note: You can replace lucid with the Ubuntu version of your choice.Note: You must change the above mirror.url.com with the URL of a valid archive mirror local to you. - A basic chroot should now have been created. Type sudo chroot /var/chroot to change to a root shell inside the chroot.
Setting-up the chroot
There are some basic steps you can take to set-up the chroot, providing facilities such as DNS resolution and access to /proc.
Note: Type these commands in a shell which is outside the chroot.
- Type the following to mount the /proc filesystem in the chroot (required for managing processes):
sudo mount -o bind /proc /var/chroot/proc
- Type the following to allow DNS resolution from within the chroot (required for Internet access):
sudo cp /etc/resolv.conf /var/chroot/etc/resolv.conf
Very few packages are installed by default in a chroot (even sudo isn't installed). Use apt-get install package_name to install packages.
See Debootstrap Chroot and Installing Mandriva Linux in a Chroot for more advanced set-up instructions.
Accessing graphical applications inside the chroot
You can run graphical applications within a chroot, but you need to provide an X server for them to run in first. The easiest way to do this is to set the display of the chroot system to be identical to the root display of your system's main X server.
In other words, in the chroot shell type
export DISPLAY=:0.0
Any X command you type will now get its own window as you're used to, but as it is running inside the chroot jail it will not be able to see your normal file system.
You don't have to enter the chroot shell to access its commands. Suppose you want to run Firefox in a chroot jail in order to avoid security problems with signed Java applets and other components which otherwise would have access to your personal files. You can do this by running the command
gksudo chroot /var/chroot firefox -DISPLAY=:0.0
This command can also be invoked from the menu, or a panel applet or desktop shortcut.
If you want the chroot to have its own display, you need to create this display with the Xnest command. Perform the following instructions outside the chroot:
- Install the xhost and xnest packages.
- Ensure that /proc is mounted and DNS resolution is set-up within the chroot (see above).
- Type the following into a Terminal:
Xnest -ac :1
- Open another Terminal and type the following to enter the chroot:
sudo chroot /var/chroot
- While in the chroot shell, type the following:
export DISPLAY=localhost:1
If you have problems starting graphical applications, type the above command again, but replace localhost with127.0.0.1
- Start a window manager inside the chroot. For example, install the metacity package and type:
metacity &
- Start a graphical application inside the chroot (making sure that you installed it in the chroot first). It should appear in the Xnest window.
You can install a complete Ubuntu desktop in the chroot by installing the ubuntu-desktop package. GNOME can be started from the command line by running the gnome-session command.
Kismet
Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although, aside from external drones, there's only one supported wireless hardware available as packet source.
Kismet is unlike most other wireless network detectors in that it works passively. This means that without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and associate them with each other.
Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.
Kismet has the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible fileformat. Kismet also captures PPI headers.
Kismet also has the ability to detect default or "not configured" networks, probe requests, and determine what levels of wireless encryptions is used on a given access point.
To find as many networks as possible, kismet supports channelhopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example 1-6-11-2-7-12-3-8-13-4-9-14-5-10). The advantage with this method is that it will capture more packets because adjacent channels overlap.
Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.
Kismet is unlike most other wireless network detectors in that it works passively. This means that without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and associate them with each other.
Kismet has the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible fileformat. Kismet also captures PPI headers.
Kismet also has the ability to detect default or "not configured" networks, probe requests, and determine what levels of wireless encryptions is used on a given access point.
To find as many networks as possible, kismet supports channelhopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example 1-6-11-2-7-12-3-8-13-4-9-14-5-10). The advantage with this method is that it will capture more packets because adjacent channels overlap.
Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.
Subscribe to:
Posts (Atom)