All new UBUNTU 9.04 ....

Well , its not so new ... it has been about two months since the release of Ubuntu 9.04 aka Jaunty Jackalope ... being perhaps the easiest version of so called OS of Geeks , its even very easy for noob like me ... so i have been using this from past couple of years ... and i must say that i learned lot from it ...

Origianlly i involved in learning Ubuntu was because I found that , linux / unix is home of devil ... the dark forces are very strong in this side of computing ... ( :D starwars ?? ) ... and being easy to use , ubuntu still holds power of mighty linux ...

actually i wanted to install this at time when i had downloaded (which happens to be about 2 months before) , but due to volatile experiments with my HDD ... i wasn't able to use it for long time at that time ...

Here are couple of things that i liked in new version ...

New Themes ... now Ubuntu looks even more sexy then its previous versions without any makeup :D ..

Newer Kernel ... Under the surface, Jaunty sports the 2.6.28 Linux kernel, the latest stable release (2.6.29.1 is the latest stable kernel as of 7 April). While most of the new features in the kernel are of little consequence to most desktop users, changes most likely to affect the desktop include a more feature-rich wireless stack with support for a broader range of devices, which will be a welcome improvement among users who previously had to install wireless drivers manually.

New Gnome ... Ubuntu 9.04 comes with Gnome 2.26 desktop environment , which, unsurprisingly, is responsible for the lion’s share of new features useful to desktop users.

One thing that i liked the most is , now i don't need to install / patch my atheros wifi drivers with madwifi ... because they are available as built-in !!! just look at the screenshot ...




and another useful tool is , no more use of command line to remove unused packages from system !!!

Well , I'm not an expert to review anything ... these are just couple of features i like of reincarnation of my beloved OS ...

Njoy ...

MEWU - Scene 8 ... Change your Identity !!!

When we do "experiments" sometimes are need to hide ... or say more softly , change our MAC address. And for this , Ubuntu has very hand tool, called MAC Changer.

But first some words about MAC address... Media Access Control a.k.a. MAC is a unique identifier used to identify network adapters weather it is a Ethernet or WiFi or any Bluetooth , all networking hardware has unique ID , and with who's help those devices --- and so --- "USER" of that device can be identified. This method is used in very basic security schemes that includes mobile networks too !!!

Well, i don't wanna ask why would you ever think to change your MAC address but i know there are always "reasons" to change it for sometime. There are number of ways to change it ,

one method is ...

go to your termainal and write ,

sudo gedit /etc/network/interfaces

it will open interface file of network , it should look like ,

auto eth0
iface eth0 inet dhcp

then simply add a line after these two lines , and it will look like this ,

auto eth0
iface eth0 inet dhcp
hwaddress ether 01:02:03:04:05:06

where 01:02:03:04:05:06 is a FAKE MAC address...

sudo /etc/init.d/networking restart

and you will see your "all new" identity.

MEWU - Scene 7 ... IDS for my Network ....

Well , its been an age old question from the days when people started using computers on network ... is my network secure ?? ... ah , i don't think that in this world there is any system that can't be penetrated !! unless there is no way to communicate with system other then mouse and keyboard ,without internet or any network ... hell even without FDD or CDD !!! ... because in many cases when system get jeopardized , by the inside man ( and believe me ,there is no way to protect the system from that mole until information gets stolen ) !!! ... anyways .... as a preventive measure , network admins install grid of network activity sensors , with help of Intrusion Detection System a.k.a. IDS .... basic function of IDS is to detect unauthorized attempt to enter network or other kind of activity that is illegal according to what so ever network policy ... Snort is the most famous personal IDS ,system that is used for network monitoring purpose .... it is also IPS , intrusion prevention system , and it works with other softwares such as BASE, OSSIM to provide visual output with good interface ...

For my trial , i have used SNORT with BASE (for front end )and My-SQL (for storing data in to database for analysis) and APACHE2 server ....





Getting Prepared ......

The first thing I like to do is grab all the dependent packages that I can from Synaptic. From the Desktop go to System > Administration > Synaptic Package Manager. Enter your password and select Search.

Search for the following packages and install them:

* Libpcap0.8-dev
* libmysqlclient15-dev
* mysql-client-5.0
* mysql-server-5.0
* bison
* flex
* apache2
* libapache2-mod-php5
* php5-gd
* php5-mysql
* libphp-adodb
* php-pear


Gain Root Privileges ...

From the Desktop go to Applications > Accessories > Terminal and type:

$ sudo -i
$ Then your password.

We need to get one more package here,

# apt-get install libc6-dev g++ gcc


Gathering Resources ...

We want to create a temp directory to download and untar files. I'm going to use edge's structure here. In the terminal window type the following:

# cd /root
# mkdir snorttmp
# cd /root/snorttmp

Let's get snort. The latest version of snort at the time of writing is 2.8.3.

Open a web browser and navigate to http://www.snort.org/dl; right click on the most recent release and copy link location.

In the terminal type:

# wget http://www.snort.org/dl/current/snort-2.8.3.tar.gz

It's time to untar the Snort package and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3.tar.gz
# rm /root/snorttmp/snort-2.8.3.tar.gz


Get Snort Rules ...


Change directories into the new snort-2.8.3 folder.

# cd /root/snorttmp/snort-2.8.3

Open a web browser and navigate to http://www.snort.org/pub-bin/downloads.cgi.

Scroll down to the "Sourcefire VRT Certified Rules - The Official Snort Rule set (unregistered user release)" section. Right click on the most recent release and copy link location.

If you are a forum member you can get newer rules which are under the "registered user release".

In the terminal type:

# wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

Untar the Snort Rules and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz
# rm /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz


Getting PCRE ... Perl Compatible Regular Epressions ...


Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://www.pcre.org.

Click on the link for the newest release, right click on the newest tar.gz package and select copy link (at the time of writing this is pcre-7.8).

In the terminal type:

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz

Untar PCRE and remove the tar file.

# tar -xzvf /root/snorttmp/pcre-7.8.tar.gz
# rm /root/snorttmp/pcre-7.8.tar.gz


Getting BASE ... Basic Analysis and Security Engine ...

Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=103348.

Click on download then right click on the newest tar.gz package and select copy link (at the time of writing this is base-1.4.1).

In the terminal type:

# wget http://downloads.sourceforge.net/secureideas/base-1.4.1.tar.gz?modtime=1217804205&big_mirror=0

Untar BASE and remove the tar file.

# tar -xzvf /root/snorttmp/base-1.4.1.tar.gz
# rm /root/snorttmp/base-1.4.1.tar.gz


Getting ADOdb ... a database abstraction library for PHP ...


Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=42718.

Click on the download link for adodb-php5-only then right click on the adodb505.tgz package and select copy link (adodb505 is the most recent package at the time of writing).

In the terminal type:

# wget http://downloads.sourceforge.net/adodb/adodb505.tgz?modtime=1215766049&big_mirror=0

Untar ADOdb and remove the tar file.

# tar -xzvf /root/snorttmp/adodb505.tgz
# rm /root/snorttmp/adodb505.tgz

Do an ls to be sure you have all the packages.

# ls /root/snorttmp

Lets have Some Fun !!

a. PCRE install.

# cd /root/snorttmp/pcre-7.8
Here we will do a make/install

# ./configure
# make
# make install

b. Snort install.

# cd /root/snorttmp/snort-2.8.3
Here we will do a make/install

# ./configure -enable-dynamicplugin --with-mysql
# make
# make install

We need to create some folders in /etc for snort to function correctly and copy some files over to them.


# mkdir /etc/snort /etc/snort/rules /var/log/snort

Let's move some files.

# cd /root/snorttmp/snort-2.8.3/rules
# cp * /etc/snort/rules/

Let's get the /etc snort files also.

# cd /root/snorttmp/snort-2.8.3/etc
# cp * /etc/snort/

One more file.

# cp /usr/local/lib/libpcre.so.0 /usr/lib


Configuring Snort ...

We need to modify the snort.conf file to suite our needs.

Open /etc/snort/snort.conf with your favorite text editor (nano, vi, vim, gedit etc.).

# gedit /etc/snort/snort.conf

Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"

Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.

Save and quit.

Setting UP My-SQL Database ...

Log into the mysql server.

# mysql -u root -p

Sometimes there is no password set so just hit enter.

If you get a failed logon, try the above command again and enter YOUR_PASSWORD.

If there is no password you need to create a password for the root account.

Note: Once you are in mysql the # is now a mysql>

mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');


Create the snort database.

mysql> create database snort;
mysql> exit

We will use the snort schema for the layout of the database.

# mysql -D snort -u root -p < /root/snorttmp/snort-2.8.3/schemas/create_mysql We need to comment out a few lines in the web rules before we can test snort, I am unsure if this has been fixed in the subscriber version. Open up /etc/snort/rules/web-misc.rules with your favorite text editor. # gedit /etc/snort/rules/web-misc.rules Comment out line's 97, 98, and 452 with a "#" (no quotes).

Testing Snort ...

we need to be sure that our installation works fine ,so we do a test drive of snort ...

In the terminal type:

# snort -c /etc/snort/snort.conf

If everything went well you should see an ascii pig.

To end the test hit ctrl + c.

Setting up BASE and APACHE2 ...

We have already installed both Apache2 and BASE, all we have to do now is move some files and modify a config file.
Create a file called test.php in /var/www/ with your favorite text editor.

# gedit /var/www/test.php

write in it:

Save and close this file

We need to edit /etc/php5/apache2/php.ini file.

# gedit /etc/php5/apache2/php.ini

You need to add the following under "Dynamic Extensions".

extension=mysql.so
extension=gd.so

Restart Apache2.

# /etc/init.d/apache2 restart

Get the ip address of the machine you are working on.

# ifconfig -a

Open a web browser and go to http://YOUR.IP.ADDRESS/test.php.

If everything went well, you will have PHP information displayed. Moving more files...

We need to move ADOdb into the /var/www directory.

# mv /root/snorttmp/adodb505 /var/www/

Let's make a directory in www and move BASE.

# mkdir /var/www/web
# mv /root/snorttmp/base-1.4.1 /var/www/web/

We need to temporarily enable writing to the base-1.4.1 folder for setup.

# chmod 757 /var/www/web/base-1.4.1

We also need to modify a PHP setup file using your favorite text editor.

# vim /var/www/web/base-1.4.1/setup/setup1.php

Find the line that says "base_header" and change it to "header".

Save and exit.


We want the graphs in base to work so we need to install a few pear extensions.

# pear install Image_Color
# pear install Image_Canvas-alpha
# pear install Image_Graph-alpha



BASE Setup via the web....

Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.4.1/setup.

Click continue on the first page.


Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb505.


Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password = YOUR_PASSWORD


Step 3 of 5: If you want to use authentication enter a username and password here.


Step 4 of 5: Click on Create BASE AG.


Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.


Bookmark this page.

Change the permissions back on the /var/www/web/base-1.4.1 folder.

# chmod 775 /var/www/web/base-1.4.1


We are DONE !!!

To start Snort in the terminal type:

# snort -c /etc/snort/snort.conf -i eth0 -D

This starts snort using eth0 interface in a daemon mode.

To make sure it is running you can check with the following command:

# ps aux | grep snort

If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.



Finally , to see the snort in action , we can run BASE engine , by going that page we are using to run via apache server ...

phewww ... after following brain twisting procedures i was finally able to setup my personal IDS using SNORT ,which took me almost more then one and half hour ... i hope this walkthrough will work for you guys too ...

njoy ....

MEWU - Scene 6 ... Want to replace FireFox ??

Well , like you all know , FF is default browser in Ubuntu ... No doubt FF is da best in performance then any other browsers .... ( mostly !!! ) ... But still , its not "catchy" !!! .... yup , its very true ... There are many many other substitutes available for Ubuntu and linux itself .... but all are same dull like FF ... But there is one eye candy browser exists for linux which makes me think twice ... its one and only ... FLOCK ... the social browser !!!





I think , people who are using internet , might be knowing already about this browser , actually its lot more then simple browser , just imagine netscape nevigator with look of chrome !!! .. ( err , i think netscape nevigator is almost obsolate now , but i still remember using that all in one browser which had ability to play a role of web browser to mail manager !!! .. it was late years of millenium , ahh beautiful old days ) ... gasp ... anyways , here we are talking about this new shiney browser ... with its help you can also do things like writing blogs offline and then upload em on supported services of flock ... i mean , all web 2.0 stuffs !!!





Unfortunately they haven't got any .DEB package for flock yet ... so there is not direct way to install it in Debian Systems like Ubuntu ... but there are "ways" for getting things done !!!

1. Download Flock 2 and select “Save File” to store it on your Desktop.
2. Open a terminal and run: sudo tar -C /opt -xzvf Desktop/flock-*.tar.gz
3. Create a link to the new browser within your PATH: sudo ln -s /opt/flock/flock /usr/bin/flock-browser
4. copy the following into a new file by command , sudo gedit /usr/share/applications/flock.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Flock
Comment=Flock Web Browser
Exec=flock-browser
Icon=/opt/flock/icons/mozicon128.png
StartupNotify=true
Terminal=false
Type=Application
Categories=Applications;Network

You should now have a new entry in your Applications menu called “Flock Web Browser” (your menu may need to refresh first). You can also launch the browser from the terminal using the command:

flock-browser

If Anytime there is a Flock Browser update you should be able to safely repeat steps 1 and 2 and you’re set.

Njoy ....

MEWU - Scene 5 ... Playing With Shark !?!?

Owww, its not that always hungry long saw toothed terrifying wild creature from that movie JAWS .... its just a network analysis tool, Wire Shark , but its just same powerful as jaws of shark !!!... it is widely used to understand how internet itself that is , hidden behind web browsers and messengers and lots of other web based applications ... it shows us the way how protocols are stacked up or what protcol messages are interexchanged between client and server , when we do any kind of network transactions ...

Wireshark has a rich feature set which includes the following:

• Deep Inspection of hundered of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text

To , install it in Ubuntu , search synaptic manager for "wireshark" , and select to install it ...
Or, type ,

sudp apt-get install wireshark

it will work fine too ... but to run wireshark you must be needed to have administrator privillages .. because without administrator privillage you will not be able to get any interface to capture packets .... so , to run it , you have to type at terminal ...

sudo wireshark

and it will work just fine ....



that is it , have a good play with shark ...

njoy ...

MEWU - Scene 4 ... GUI Firewall ..

Hmm, like all you know , Linux is comparatively safer then other dumb OSes ... ( do i need to name 'em ?? ) ... so linux is not required to have an AV products ... also , It has built-in Firewall , which is Ip-Tables ...which are basically rules written manually !!! , but its little difficult for "common guy" like me to write syntexes and codes .. ah it just makes me nervous ... so i prefer more GUI ... well you can say its "side-effect" on me due to overdoze of "window" medicine !! ... so this front-end software is very handy for me ... they call it .."fire starter" ... sort of ..

Well, Firestarter is basically just a front end ... it still uses Ip-tables as back end .. means , since Ip-tables are little geeky to use, Firestarter makes life eazy by providing Graphical interface of Ip-tables !!!




we can install in via , synaptic manger ... just search for "firestarter" and you get it !!!

or in terminal type ..

sudo apt-get install firestarter

it will work fine too ... at first time you will be needed to provide the name of interface for which you want this firewall to work ... i use wifi mainly so i had chosen, ATH0 ( i think, ath0 is for atheros cards only !!! ) ... and you are all set ... but again , this GUI doesn't load on startups ... ( don't mix gui with original firewalls ... because the Ip-tables itself gets loaded once n/w gets established but in deamon/background ) , so to start firestarter at startup you can do any way you like , but the way i preferred is through , system -> preferances -> sessions , in startups , ADD , choose name and description as you like , and for command , write ,

gksudo firestarter

so , next time when you will boot , it will ask for password when it will be loaded i think its more safer option then just setting such a way that it doesn't ask for password ( still you need to save your password somewhere to make firestarter start automatically !!! , because thist s/w itself needed to have root privillage ) ...

njoy ....

MEWU - Scene 3 ... Playing with DOCK

Well , people who use MACs , must be loving its famous "dock" thing ... and i am sure that windows lovers must be feeling jealous for that dock in Macs , though they can enjoy same dock feature for windows too but still its not native application ... they need 3rd party softwares like "rocket dock" or "object dock" right ??

It's true for linux / Ubuntu too ... here they use software ... "Cairo Dock" which is perhaps the most common and most famous dock around ubuntiens !!! ... but it is not available by default in synaptic manager , we have to add 3rd party software string ...

deb http://repository.cairo-dock.org/ubuntu gutsy cairo-dock

and then , click on reload in synaptic manager ....and then seach "cairo" in it .. it will show cairo dock now ... but don't forget to choose both "cairo-dock" and "cairo-dock plugins" .... and apply .. and dinggggg , you are done .... if you prefer a bit harder way , then take a look at this official ubuntu help ...

launch it via , applications -> system tools -> cairo dock ...



But here comes one problem ... it will not launched automatically again when system is rebooted !!! ... to do it ... go to system -> preferances -> sessions , in it "startup programs" and just click on "add" , and write what ever you like for name and comment , but in command type "cairo-dock" ( ofcourse without quotes.. ) ... and it will be launched automatically with every reboot !!!


enjoy ....

MEWU - Scene 2 ... Need some Wine !!!

Well , like many other tools of Ubuntu ... Wine is one very useful application ... basically Wine is an emulator which simulates Windows environment ... In common man .. err .. and woman's language , with help of Wine you can run windows application in Ubuntu ... but i don't think its more advanced then VMware ... but still oki to work around with it for basic applications ...

to Install WINE ....

open synaptic manager and find for WINE ... and make for installation ...

or if you are lazy to find out .. then simply open terminal and ...type ..

sudo apt-get install wine


and it will install it ... then just like installing in windows environment ... double click on exe file that you want to install program .. and its installed ... you can access that installed program via Wine menu that is created in Applications menu ... for example here , i have installed Winamp in UBUNTU ..




njoy ....

MEWU - Scene 1 ... Listen Radio just like Winamp

Ok , this is the first scene of MEWU .. My Experiments With Ubuntu ...

people who use Winamp , must be familiar with this Shoutcast feature of it ... with its help we can listen 100s of internet radio of various categories ... but its very upsetting that those winamp guys yet haven't taken out their super famous software for Linux !!! , it really makes me upset ... but smart guys have alredy found ways to overcome it ... and the most common way is to install an internet radio tuner software and then combine it with player which can play that file !!!

Here, I use , Streamtuner , which i use to tune internet radio ... and another software VLC , the most popular player which can play almost any file !! , with their combination i can hear radio ... and perhaps more stations then winamp offers ... like shoutcast ( that we listen on winamp ) , Live365 and PunkCast and many others .....

How To Set the Things UP ....

to install stream tuner ... open terminal .. ( its same like command prompt ) ..

type ,

sudo apt-get install streamtuner



it will install stream tuner ...

and then .. to install VLC ...

sudo apt-get install vlc


after done with installation, open streamtuner ... in it go to .. edit -> preferences ...



and in preferences make changes as i have shown in image above , just put "vlc" in place of xmms , in ... listen to a .m3u file and listen to a stream .... and you are all set ...

now when you want to listen radio , just find station in stream tuner .. and say , tune it ... and it will automatically open it vlc !! ... i bet it will be fine more good experience then listening radio on winamp ... with some more settings you can even record that live stream !!!!! but keep it for some other day ..

till then ...

njoy .. ubuntu ....