Pages

Showing posts with label Fedora 25. Show all posts
Showing posts with label Fedora 25. Show all posts

Wednesday, June 7, 2017

DB Browser - tool for databases.

Also is a good tool for learning and test database queries.
About this tool the development team tells us:

DB Browser for SQLite is a high quality, visual, open-source tool to create, design, and edit database files compatible with SQLite. It is for users and developers wanting to create databases, search, and edit data. It uses a familiar spreadsheet-like interface, and you don't need to learn complicated SQL commands. 
  • Controls and wizards are available for users to: 
  • Create and compact database files 
  • Create, define, modify and delete tables 
  • Create, define and delete indexes 
  • Browse, edit, add and delete records Search records 
  • Import and export records as text 
  • Import and export tables from/to CSV files Import and export databases from/to SQL dump files 
  • Issue SQL queries and inspect the results 
  • Examine a log of all SQL commands issued by the application
Under Fedora distro, the package is named: SQLite browser.
To install it just use this:
$ sudo dnf install sqlitebrowser
You can use also with this OS: Windows, macOS X, OSX 10.8 (Mountain Lion) - 10.12 (Sierra), Linux (Arch Linux, Fedora and Ubuntu, and Derivatives).

Sunday, May 7, 2017

The JetBrains I.D.E. software .

I tested the JetBrains Rider, the emerging .NET I.D.E. from JetBrains in the past.
Is good and this is new into the I.D.E. area of development.
What is this software? 
The JetBrains Rider is a new .NET I.D.E. based on the IntelliJ platform and ReSharper.
First I take a look into my Fedora distro to see it is something about JetBrains:
[root@localhost mythcat]# dnf search jetbrains
Last metadata expiration check: 1:19:59 ago on Tue Feb 21 12:42:57 2017.
============================ N/S Matched: jetbrains ============================
jetbrains-annotations-javadoc.noarch : Javadoc for jetbrains-annotations
jetbrains-annotations.noarch : IntelliJ IDEA Annotations
I download the archive from the official website. I extract all files ...
[mythcat@localhost ~]$ cd Rider-171.3085.362/bin/
[mythcat@localhost bin]$ ll
total 7120
-rw-r--r--. 1 mythcat mythcat    2568 Feb 15 23:02 backend-log.xml
-rwxr-xr-x. 1 mythcat mythcat     217 Feb 15 23:02 format.sh
-rwxr-xr-x. 1 mythcat mythcat   23072 Feb 15 23:02 fsnotifier
-rwxr-xr-x. 1 mythcat mythcat   29648 Feb 15 23:02 fsnotifier64
-rwxr-xr-x. 1 mythcat mythcat   26453 Feb 15 23:02 fsnotifier-arm
-rw-r--r--. 1 mythcat mythcat   10491 Feb 15 23:02 idea.properties
-rwxr-xr-x. 1 mythcat mythcat     268 Feb 15 23:02 inspect.sh
-rw-r--r--. 1 mythcat mythcat 3449944 Feb 15 23:02 libyjpagent-linux64.so
-rw-r--r--. 1 mythcat mythcat 3679036 Feb 15 23:02 libyjpagent-linux.so
-rw-r--r--. 1 mythcat mythcat    4138 Feb 15 23:02 log.xml
-rwxr-xr-x. 1 mythcat mythcat     410 Feb 15 23:02 printenv.py
-rwxr-xr-x. 1 mythcat mythcat     590 Feb 15 23:02 restart.py
-rw-r--r--. 1 mythcat mythcat     359 Feb 15 23:02 rider64.vmoptions
-rw-r--r--. 1 mythcat mythcat    9222 Feb 15 23:02 rider.png
-rwxr-xr-x. 1 mythcat mythcat    6619 Feb 15 23:02 rider.sh
-rw-r--r--. 1 mythcat mythcat     367 Feb 15 23:02 rider.vmoptions
After that, I started with rider.sh script:
[mythcat@localhost bin]$ ./rider.sh 
[YourKit Java Profiler 2016.02-b43] Log file: /home/mythcat/.yjp/log/Rider10-17590.log
Feb 21, 2017 2:05:43 PM java.util.prefs.FileSystemPreferences$6 run
WARNING: Prefs file removed in background /home/mythcat/.java/.userPrefs/prefs.xml
Installation home directory: /home/mythcat/Rider-171.3085.362
System directory: /home/mythcat/.Rider10/system
Config directory: /home/mythcat/.Rider10/config
Log directory: /home/mythcat/.Rider10/system/log
Full cold solution load with caches took 22053 milliseconds.
The result of this command was great.
This software come with a good wizard interface.
The application has many ways to deal with your source code and settings for any user. The colors of this software are ergonomic for users. They are:
  • Memory: 4 GB or higher
  • Operating system:
    • Windows 10, 8.1, 8 or 7. 64-bit distributions only.
    • OS X 10.10+. 64-bit distributions only.
    • Linux. 64-bit distributions only.

Thursday, April 20, 2017

Fedora 25 and fix python modules.

This tutorial is a simple way to fix your python modules under Fedora distro.
I used Fedora 25 and python 2.7.13 version.
First try to use this command:
pip freeze --local | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 pip install -U
This command will try to update based by:
  • to skip "-e" package definitions;
  • the newer versions of pip allow you to list outdated python modules;
  • added -n1 to xargs, prevents stopping everything if updating one python module fails;
If you got this error about Python.h error:
...fatal error: Python.h...
Use this command to install the development library of Python:
[root@localhost mythcat]# dnf install python-devel.x86_64 python-devel.i686
Try to install also the devel libs for each error include.
Another example is this lib: opensslv.h
So install this:
[root@localhost mythcat]# dnf install openssl-devel.x86_64 
Last metadata expiration check: 1:58:33 ago on Thu Apr 20 18:52:10 2017.
Dependencies resolved.
================================================================================
 Package              Arch          Version                Repository      Size
================================================================================
Installing:
 openssl-devel        x86_64        1:1.0.2k-1.fc25        updates        1.5 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 1.5 M
Installed size: 3.1 M
Is this ok [y/N]: y
Downloading Packages:
openssl-devel-1.0.2k-1.fc25.x86_64.rpm          580 kB/s | 1.5 MB     00:02    
--------------------------------------------------------------------------------
Total                                           394 kB/s | 1.5 MB     00:03     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : openssl-devel-1:1.0.2k-1.fc25.x86_64                        1/1 
  Verifying   : openssl-devel-1:1.0.2k-1.fc25.x86_64                        1/1 

Installed:
  openssl-devel.x86_64 1:1.0.2k-1.fc25                                          

Complete!
Try to run again the first command:
pip freeze --local | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 pip install -U
See the first result of list outdated python modules:
[root@localhost mythcat]# pip list --outdated --format=freeze
CCColUtils==1.4
cryptography==1.5.3
evdev==0.6.1
fedmsg==0.18.2
ipykernel==4.5.2
M2Crypto==0.25.1
matplotlib==1.5.2rc2
mercurial==3.8.1
mysqlclient==1.3.7
psutil==4.3.0
pycryptopp==0.6.0.1206569328141510525648634803928199668821045408958
pyopencl==2015.2
pyOpenSSL==16.0.0
pyxattr==0.5.3
requests-kerberos==0.10.0
service-identity==14.0.0
Sphinx==1.5.3
SQLAlchemy==1.1.6
Tempita==0.5.1
tornado==4.4.2
Twisted==16.3.0
txZMQ==0.7.4
After this steps the result is this:
[root@localhost mythcat]# pip list --outdated --format=freeze
mysqlclient==1.3.7
pyopencl==2015.2
pyxattr==0.5.3
I will fix this next time.

Tuesday, April 18, 2017

The GUI for Clam antivirus - clamtk .

Today I will show you how to use a GUI for clam antivirus named clamtk.
The ClamTk is a graphical front-end for ClamAV using Perl and Gtk libraries.
[root@localhost mythcat]# dnf search clamtk
Last metadata expiration check: 1:24:49 ago on Tue Apr 18 17:01:00 2017.
============================= N/S Matched: clamtk ==============================
clamtk.noarch : Easy to use graphical user interface for Clam anti virus
First, you need to install it, see all packages need by this GUI:
[root@localhost mythcat]# dnf install clamtk.noarch 
Last metadata expiration check: 1:31:00 ago on Tue Apr 18 17:01:00 2017.
Dependencies resolved.
================================================================================
 Package                     Arch       Version               Repository   Size
================================================================================
Installing:
 clamtk                      noarch     5.24-1.fc25           updates     218 k
 perl-Cairo                  x86_64     1.106-3.fc25          fedora      125 k
 perl-File-Listing           noarch     6.04-13.fc25          fedora       17 k
 perl-Glib                   x86_64     1.321-2.fc25          fedora      364 k
 perl-Gtk2                   x86_64     1.2498-3.fc25         fedora      1.8 M
 perl-HTTP-Cookies           noarch     6.01-13.fc25          fedora       29 k
 perl-HTTP-Negotiate         noarch     6.01-13.fc25          fedora       21 k
 perl-JSON                   noarch     2.90-7.fc25           fedora       98 k
 perl-LWP-Protocol-https     noarch     6.07-1.fc25           updates      16 k
 perl-Locale-gettext         x86_64     1.07-4.fc25           fedora       26 k
 perl-NTLM                   noarch     1.09-13.fc25          fedora       23 k
 perl-Net-HTTP               noarch     6.13-1.fc25           updates      41 k
 perl-Pango                  x86_64     1.227-3.fc25          fedora      190 k
 perl-Test-Simple            noarch     1.302062-1.fc25       fedora      410 k
 perl-Text-CSV               noarch     1.91-4.fc25           updates     103 k
 perl-Time-Piece             x86_64     1.31-385.fc25         updates      88 k
 perl-WWW-RobotRules         noarch     6.02-14.fc25          fedora       22 k
 perl-libwww-perl            noarch     6.15-3.fc25           fedora      208 k

Transaction Summary
================================================================================
Install  18 Packages

Total download size: 3.7 M
Installed size: 10 M
Is this ok [y/N]: y
Downloading Packages:
(1/18): clamtk-5.24-1.fc25.noarch.rpm           517 kB/s | 218 kB     00:00    
(2/18): perl-Glib-1.321-2.fc25.x86_64.rpm       662 kB/s | 364 kB     00:00    
(3/18): perl-Locale-gettext-1.07-4.fc25.x86_64. 296 kB/s |  26 kB     00:00    
(4/18): perl-Gtk2-1.2498-3.fc25.x86_64.rpm      2.3 MB/s | 1.8 MB     00:00    
(5/18): perl-libwww-perl-6.15-3.fc25.noarch.rpm 1.4 MB/s | 208 kB     00:00    
(6/18): perl-JSON-2.90-7.fc25.noarch.rpm        181 kB/s |  98 kB     00:00    
(7/18): perl-Cairo-1.106-3.fc25.x86_64.rpm      439 kB/s | 125 kB     00:00    
(8/18): perl-Pango-1.227-3.fc25.x86_64.rpm      1.7 MB/s | 190 kB     00:00    
(9/18): perl-File-Listing-6.04-13.fc25.noarch.r 204 kB/s |  17 kB     00:00    
(10/18): perl-HTTP-Cookies-6.01-13.fc25.noarch. 375 kB/s |  29 kB     00:00    
(11/18): perl-HTTP-Negotiate-6.01-13.fc25.noarc 250 kB/s |  21 kB     00:00    
(12/18): perl-Test-Simple-1.302062-1.fc25.noarc 1.5 MB/s | 410 kB     00:00    
(13/18): perl-NTLM-1.09-13.fc25.noarch.rpm      160 kB/s |  23 kB     00:00    
(14/18): perl-WWW-RobotRules-6.02-14.fc25.noarc 168 kB/s |  22 kB     00:00    
(15/18): perl-Net-HTTP-6.13-1.fc25.noarch.rpm   315 kB/s |  41 kB     00:00    
(16/18): perl-Time-Piece-1.31-385.fc25.x86_64.r 638 kB/s |  88 kB     00:00    
(17/18): perl-LWP-Protocol-https-6.07-1.fc25.no  77 kB/s |  16 kB     00:00    
(18/18): perl-Text-CSV-1.91-4.fc25.noarch.rpm   297 kB/s | 103 kB     00:00    
--------------------------------------------------------------------------------
Total                                           1.3 MB/s | 3.7 MB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : perl-Glib-1.321-2.fc25.x86_64                              1/18 
  Installing  : perl-Net-HTTP-6.13-1.fc25.noarch                           2/18 
  Installing  : perl-Cairo-1.106-3.fc25.x86_64                             3/18 
  Installing  : perl-Pango-1.227-3.fc25.x86_64                             4/18 
  Installing  : perl-Time-Piece-1.31-385.fc25.x86_64                       5/18 
  Installing  : perl-Text-CSV-1.91-4.fc25.noarch                           6/18 
  Installing  : perl-WWW-RobotRules-6.02-14.fc25.noarch                    7/18 
  Installing  : perl-NTLM-1.09-13.fc25.noarch                              8/18 
  Installing  : perl-HTTP-Negotiate-6.01-13.fc25.noarch                    9/18 
  Installing  : perl-HTTP-Cookies-6.01-13.fc25.noarch                     10/18 
  Installing  : perl-File-Listing-6.04-13.fc25.noarch                     11/18 
  Installing  : perl-libwww-perl-6.15-3.fc25.noarch                       12/18 
  Installing  : perl-LWP-Protocol-https-6.07-1.fc25.noarch                13/18 
  Installing  : perl-Test-Simple-1.302062-1.fc25.noarch                   14/18 
  Installing  : perl-Gtk2-1.2498-3.fc25.x86_64                            15/18 
  Installing  : perl-Locale-gettext-1.07-4.fc25.x86_64                    16/18 
  Installing  : perl-JSON-2.90-7.fc25.noarch                              17/18 
  Installing  : clamtk-5.24-1.fc25.noarch                                 18/18 
  Verifying   : clamtk-5.24-1.fc25.noarch                                  1/18 
  Verifying   : perl-Glib-1.321-2.fc25.x86_64                              2/18 
  Verifying   : perl-Gtk2-1.2498-3.fc25.x86_64                             3/18 
  Verifying   : perl-JSON-2.90-7.fc25.noarch                               4/18 
  Verifying   : perl-Locale-gettext-1.07-4.fc25.x86_64                     5/18 
  Verifying   : perl-libwww-perl-6.15-3.fc25.noarch                        6/18 
  Verifying   : perl-Cairo-1.106-3.fc25.x86_64                             7/18 
  Verifying   : perl-Pango-1.227-3.fc25.x86_64                             8/18 
  Verifying   : perl-Test-Simple-1.302062-1.fc25.noarch                    9/18 
  Verifying   : perl-File-Listing-6.04-13.fc25.noarch                     10/18 
  Verifying   : perl-HTTP-Cookies-6.01-13.fc25.noarch                     11/18 
  Verifying   : perl-HTTP-Negotiate-6.01-13.fc25.noarch                   12/18 
  Verifying   : perl-NTLM-1.09-13.fc25.noarch                             13/18 
  Verifying   : perl-WWW-RobotRules-6.02-14.fc25.noarch                   14/18 
  Verifying   : perl-Net-HTTP-6.13-1.fc25.noarch                          15/18 
  Verifying   : perl-LWP-Protocol-https-6.07-1.fc25.noarch                16/18 
  Verifying   : perl-Text-CSV-1.91-4.fc25.noarch                          17/18 
  Verifying   : perl-Time-Piece-1.31-385.fc25.x86_64                      18/18 

Installed:
  clamtk.noarch 5.24-1.fc25                                                     
  perl-Cairo.x86_64 1.106-3.fc25                                                
  perl-File-Listing.noarch 6.04-13.fc25                                         
  perl-Glib.x86_64 1.321-2.fc25                                                 
  perl-Gtk2.x86_64 1.2498-3.fc25                                                
  perl-HTTP-Cookies.noarch 6.01-13.fc25                                         
  perl-HTTP-Negotiate.noarch 6.01-13.fc25                                       
  perl-JSON.noarch 2.90-7.fc25                                                  
  perl-LWP-Protocol-https.noarch 6.07-1.fc25                                    
  perl-Locale-gettext.x86_64 1.07-4.fc25                                        
  perl-NTLM.noarch 1.09-13.fc25                                                 
  perl-Net-HTTP.noarch 6.13-1.fc25                                              
  perl-Pango.x86_64 1.227-3.fc25                                                
  perl-Test-Simple.noarch 1.302062-1.fc25                                       
  perl-Text-CSV.noarch 1.91-4.fc25                                              
  perl-Time-Piece.x86_64 1.31-385.fc25                                          
  perl-WWW-RobotRules.noarch 6.02-14.fc25                                       
  perl-libwww-perl.noarch 6.15-3.fc25                                           

Complete!
By using the mouse with a double-click you can make changes into anti-virus settings.
The first step when opening ClamTK GUI is to select "Update Assistant".
You can choose "I would like to update signatures myself".
You should go back to the home screen of ClamTK and click "Settings"
Also, you can use this GUI to scan, update and analysis your operating system.

Monday, April 17, 2017

Fedora 25 : The YARA tool for Linux security - part 001.

The YARA tool is a multi-platform program running on Windows, Linux and Mac OS X.
The YARA is designed to help malware researchers identify and classify malware samples.
It’s been called for security researchers and everyone else.
Yara provides an easy and effective way to write custom rules based on strings or byte sequences and allows you to make your own detection tools.
You can create descriptions of malware families based on textual or binary patterns or whatever you want to describe.
This descriptions or rules consists of a set of strings and a boolean expression which determine its logic.
The official website can be found here.
The First you need to install the yara tool under your Linux OS.
I used Fedora 25 distro.
[root@localhost mythcat]# dnf install yara
Last metadata expiration check: 0:49:37 ago on Sun Apr 16 22:23:14 2017.
Dependencies resolved.
================================================================================
 Package      Arch           Version              Repository               Size
================================================================================
Installing:
 yara         x86_64         3.5.0-7.fc25         updates-testing         191 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 191 k
Installed size: 861 k
Is this ok [y/N]: y
Downloading Packages:
yara-3.5.0-7.fc25.x86_64.rpm                    171 kB/s | 191 kB     00:01    
--------------------------------------------------------------------------------
Total                                            92 kB/s | 191 kB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : yara-3.5.0-7.fc25.x86_64                                    1/1 
  Verifying   : yara-3.5.0-7.fc25.x86_64                                    1/1 

Installed:
  yara.x86_64 3.5.0-7.fc25                                                      

Complete!
Let test it with the basic command:
[mythcat@localhost ~]$ yara
yara: wrong number of arguments
Usage: yara [OPTION]... RULES_FILE FILE | DIR | PID

Try `--help` for more options
[mythcat@localhost ~]$ yara --help
YARA 3.5.0, the pattern matching swiss army knife.
Usage: yara [OPTION]... RULES_FILE FILE | DIR | PID

Mandatory arguments to long options are mandatory for short options too.

  -t,  --tag=TAG                   print only rules tagged as TAG
  -i,  --identifier=IDENTIFIER     print only rules named IDENTIFIER
  -n,  --negate                    print only not satisfied rules (negate)
  -D,  --print-module-data         print module data
  -g,  --print-tags                print tags
  -m,  --print-meta                print metadata
  -s,  --print-strings             print matching strings
  -e,  --print-namespace           print rules' namespace
  -p,  --threads=NUMBER            use the specified NUMBER of threads to scan a directory
  -l,  --max-rules=NUMBER          abort scanning after matching a NUMBER of rules
  -d VAR=VALUE                     define external variable
  -x MODULE=FILE                   pass FILE's content as extra data to MODULE
  -a,  --timeout=SECONDS           abort scanning after the given number of SECONDS
  -k,  --stack-size=SLOTS          set maximum stack size (default=16384)
  -r,  --recursive                 recursively search directories
  -f,  --fast-scan                 fast matching mode
  -w,  --no-warnings               disable warnings
  -v,  --version                   show version information
  -h,  --help                      show this help and exit

Send bug reports and suggestions to: vmalvarez@virustotal.com .
When you use YARA you can use:
  • modules - like extensions to YARA’s core functionality; 
  • external variables; 
  • including files; 
The YARA use rules and this rules are: global rules, private rules, tags and metadata.
The base of the syntax of a YARA rule set is this:
rule RuleName  
{
    strings:
    $test_string1= "Testing"
    $test_string2= {C6 45 ?? ??}
    condition:
    $test_string1 or $test_string2
}
The words strings and Conditions are two important keywords: strings and condition. The rule work with strings and this strings are the unique values to search for, while condition specifies your detection criteria. Some example with con:
all of them       /* all strings in the rule */
any of them       /* any string in the rule */
all of ($a*)      /* all strings whose identifier starts by $a */
any of ($a,$b,$c) /* any of $a, $b or $c */
1 of ($*)         /* same that "any of them" */
You can include also the meta keyword, see:
rule RuleName  
{
   meta:
      author = "Catalin George Festila - rule 001 "
      description = "tell something to the computer"
   strings:
   $test_string1= "first step "
...
The metadata can be referenced using the arg –m option at the command line.
You can add comments to your YARA rules just as if it was a C source file because rules have a syntax that resembles the C language.

Saturday, April 15, 2017

The whiptail tool .

This command let you deal with many display dialog boxes from shell scripts.
The command is named whiptail and you can read and see simple examples with this command here.

Note: --infobox is almost useless in an xterm, because whiptail writes to the other screen xterm makes available but you can use the --msgbox

The tutorial of this day will show you how to put the text from a text file to the screen.
First, you need a text file with a size of your shell screen and this will be used by this command.
For example, I used this text from Wikipedia into my text file named greeting.txt, see content :

The Paschal Greeting, also known as the Easter Acclamation, is an Easter custom among Eastern Orthodox, Oriental Orthodox, and Eastern Catholic Christians. Instead of "hello" or its equivalent, one is to greet another person with "Christ is Risen!" or "The Lord is Risen!", and the response is "Truly, He is Risen," "Indeed, He is Risen," or "He is Risen Indeed" - compare Matthew 27:64, Matthew 28:6 7, Mark 16:6, Luke 24:6, Luke 24:34 In some cultures, such as in Russia and Serbia, it is also customary to exchange a triple kiss of peace on the alternating cheeks after the greeting. Similar responses are also used in the liturgies of other Christian churches, but not so much as general greetings.

To use the whiptail command just use this into your shell:
[mythcat@localhost ~]$ whiptail --textbox  /dev/stdin  19 59  <<<"$(cat greeting.txt)"
The output of this command can be seen into next image:

Linux: tools to scan a Linux server for malware and rootkits.

This tools are: chkrootkit, rkhunter, fuser and ISPProtect. All of this tools can be install under Fedora 25 with dnf tool. First tool is chkrootkit is a classic rootkit scanner. It checks your server for suspicious rootkit processes and checks for a list of known rootkit files.
[root@localhost mythcat]# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
...
The Rootkit Hunter named rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.
[root@localhost mythcat]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
[root@localhost mythcat]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 136
[root@localhost mythcat]# rkhunter -c --enable all --disable none
[ Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/bash                                            [ OK ]
    /usr/bin/cat                                             [ OK ]
    /usr/bin/chattr                                          [ OK ]
    /usr/bin/chmod                                           [ OK ]
    /usr/bin/chown                                           [ OK ]
    /usr/bin/cp                                              [ OK ]
...
Another tool is fuser
[root@localhost mythcat]# fuser -vn tcp 5222
...
The output of this command let you to see the recall of anything on your machine that should be listening on tcp port 5222.
[root@localhost mythcat]# fuser -vn tcp 19635
...
This output indicates that there is a process named "foo" running with PID number and listening on port 19635. The last tool is ISPProtect. ISPProtect is a malware scanner for web servers, it scans for malware in website files and CMS systems like Wordpress, Joomla, Drupal

Tuesday, March 28, 2017

The journalctl command.

This is a good Linux command for Linux maintenance.
The first step is to read the documentation:
[root@localhost mythcat]# man journalctl
JOURNALCTL(1)                     journalctl                     JOURNALCTL(1)

NAME
       journalctl - Query the systemd journal

SYNOPSIS
       journalctl [OPTIONS...] [MATCHES...]

DESCRIPTION
       journalctl may be used to query the contents of the systemd(1) journal
       as written by systemd-journald.service(8).

       If called without parameters, it will show the full contents of the
       journal, starting with the oldest entry collected.

       If one or more match arguments are passed, the output is filtered
       accordingly. A match is in the format "FIELD=VALUE", e.g.
       "_SYSTEMD_UNIT=httpd.service", referring to the components of a
       structured journal entry. See systemd.journal-fields(7) for a list of
       well-known fields. If multiple matches are specified matching different
       fields, the log entries are filtered by both, i.e. the resulting output
       will show only entries matching all the specified matches of this kind.
       If two matches apply to the same field, then they are automatically
       matched as alternatives, i.e. the resulting output will show entries
       matching any of the specified matches for the same field. Finally, the
       character "+" may appear as a separate word between other terms on the
       command line. This causes all matches before and after to be combined
       in a disjunction (i.e. logical OR).
       ...
The self-maintenance method is to vacuum the logs.
This helps you with free space into your Linux OS.
For example, I got 3 Gigabytes of data in just 3 days.
# journalctl --vacuum-time=3d
Vacuuming done, freed 3.7G of archived journals on disk. To clean up this you can use the command into several ways:
  • by time
  • journalctl --vacuum-time=2d
  • retain only the past 500 MB
  • journalctl --vacuum-size=500M
As you know: The is an init system used in Linux distributions to bootstrap the user space and manage all processes subsequently. The journald daemon handles all of the messages produced by the kernel, initrd, services, etc. You can use the journalctl utility, which can be used to access and manipulate the data held within the journal. Let's start with some examples: How to see the configuration file for this process:
[root@localhost mythcat]# cat /etc/systemd/journald.conf
Also, you can see the status of this service:
[root@localhost mythcat]# systemctl status  systemd-journald
● systemd-journald.service - Journal Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static; vendor preset: disabled)
   Active: active (running) since Tue 2017-03-28 09:12:20 EEST; 1h 8min ago
     Docs: man:systemd-journald.service(8)
           man:journald.conf(5)
 Main PID: 803 (systemd-journal)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/systemd-journald.service
           └─803 /usr/lib/systemd/systemd-journald

Mar 28 09:12:20 localhost.localdomain systemd-journald[803]: Runtime journal (/run/log/journal/) is 8.0M,
max 371.5M, 363.5M free.
Mar 28 09:12:20 localhost.localdomain systemd-journald[803]: Journal started
Mar 28 09:12:22 localhost.localdomain systemd-journald[803]: System journal (/var/log/journal/) is 3.9G,
max 4.0G, 23.8M free.
Mar 28 09:12:23 localhost.localdomain systemd-journald[803]: Time spent on flushing to /var is 915.454ms
I hope this article will help you with Linux maintenance

Wednesday, March 15, 2017

Fedora 25: First test with clamav antivirus.

This is a short tutorial about how to use ClamAV antivirus on Fedora 25.
First, you need to install it with this commands:
[root@localhost mythcat]# dnf install clamav.x86_64 
...

[root@localhost mythcat]# dnf install clamav-update.x86_64
...
Make settings into your /etc/freshclam.conf file. I used awk tool to show you my settings from /etc/freshclam.conf:
[root@localhost mythcat]# awk -F: '/^[^#]/ { print $1 }' /etc/freshclam.conf | uniq 
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
LogRotate yes
DatabaseOwner clamupdate
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 5
ScriptedUpdates yes
DetectionStatsCountry country-code
SafeBrowsing yes
Update the ClamAV antivirus with :
[root@localhost mythcat]# /usr/bin/freshclam
ClamAV update process started at Wed Mar 15 13:42:07 2017
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
WARNING: getfile: daily-21724.cdiff not found on database.clamav.net (IP: 195.30.97.3)
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
Trying host database.clamav.net (212.7.0.71)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 212.7.0.71)
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 23205, sigs: 1789155, f-level: 63, builder: neo)
Downloading safebrowsing.cvd [100%]
safebrowsing.cvd updated (version: 45693, sigs: 2756150, f-level: 63, builder: google)
Downloading bytecode-279.cdiff [100%]
Downloading bytecode-280.cdiff [100%]
Downloading bytecode-281.cdiff [100%]
Downloading bytecode-282.cdiff [100%]
Downloading bytecode-283.cdiff [100%]
Downloading bytecode-284.cdiff [100%]
Downloading bytecode-285.cdiff [100%]
Downloading bytecode-286.cdiff [100%]
Downloading bytecode-287.cdiff [100%]
Downloading bytecode-288.cdiff [100%]
Downloading bytecode-289.cdiff [100%]
Downloading bytecode-290.cdiff [100%]
Downloading bytecode-291.cdiff [100%]
bytecode.cld updated (version: 291, sigs: 55, f-level: 63, builder: neo)
Database updated (8764150 signatures) from database.clamav.net (IP: 157.25.5.183)
Now you can run it on Fedora 25 folder with this.
[root@localhost mythcat]# clamscan 
/home/mythcat/.bash_logout: OK
/home/mythcat/.bash_profile: OK
...
----------- SCAN SUMMARY -----------
Known viruses: 8758441
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 54
Infected files: 0
Data scanned: 71.80 MB
Data read: 189.96 MB (ratio 0.38:1)
Time: 13.968 sec (0 m 13 s)
This tool comes with many options and features for Fedora workstations and server. Just read the documentation and make your changes. To check all files on the computer, but only display infected files and ring a bell when found:
clamscan -r --bell -i / 
To check files in the all users home directories:
clamscan -r /home 
If you got this error:
LibClamAV Warning: fmap_readpage: pread fail: ... 
Then this comes from sysfs and is a virtual file system provided by the Linux kernel and need to be excluded with this arg:
--exclude-dir="^/sys"
--exclude-dir=^/sys  --exclude-dir=^/dev --exclude-dir=^/proc 
My result of scan ( the file FOUND is not a virus) :
/home/mythcat/devil-linux-1.8.0-rc2-x86_64/install-on-usb.exe: Win.Trojan.Delfiles-17 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 9042471
Engine version: 0.99.2
Scanned directories: 98653
Scanned files: 570740
Infected files: 1
Data scanned: 29750.14 MB
Data read: 48591.70 MB (ratio 0.61:1)
Time: 3819.053 sec (63 m 39 s)

Tuesday, March 14, 2017

QEMU - Devil Linux on Fedora 25.

QEMU (short for Quick Emulator) is a free and open-source hosted hypervisor that performs hardware virtualization QEMU is a hosted virtual machine monitor. You can install this software using dnf tool.
dnf install qemu.x86_64 
You can use any iso image from internet to run and test your distro linux. Just use this command:
I tested with Devil Linux iso without network ( the main reason was the settings of Devil Linux distro).
qemu-system-x86_64 -boot d -cdrom ~/devil-linux-1.8.0-rc2-x86_64/bootcd.iso --enable-kvm -m 2048
 -netdev user,id=user.0
Some args of qemu tool:
- qemu-system-x86_64 is the option for x86 architecture (64 bit);
- boot and -d set options for booting and debug;
- the -cdrom option set the iso file path and file;
- the --enable-kvm enable Kernel Virtual Machine;
- the -m 2048 set memory;
- the -netdev user,id=user.0 that tells us about qemu to use the user mode network stack which requires no administrator privilege to run;  
About QEMU VLAN.
QEMU networking uses a networking technology that is like VLAN. The QEMU forward packets to guest operating systems that are on the same VLAN. Examples with qemu-kvm options:
-net nic,model=virtio,vlan=0,macaddr=00:16:3e:00:01:01 
-net tap,vlan=0,script=/root/ifup-br0,downscript=/root/ifdown-br0 
-net nic,model=virtio,vlan=1,macaddr=00:16:3e:00:01:02 
-net tap,vlan=1,script=/root/ifup-br1,downscript=/root/ifdown-br1
- net nic command defines a network adapter in the guest operating system. - net tap command defines how QEMU configures the host. You can disabling networking entirely:
-net none

Wednesday, March 8, 2017

Fedora 25: Enable gnome notifications Fedmsg and Openweather.

This tutorial is about gnome environment and notifications.
If you want to see notifications about your work and account under Fedora distro or just to see the weather then you need to deal with this tools.
Take a look to your gnome version and shell version:
[mythcat@localhost ~]$ gnome-about --gnome-version 
Version: 2.32.0
Distributor: Red Hat, Inc
Build Date: 02/04/2016
[mythcat@localhost ~]$ gnome-shell --version 
GNOME Shell 3.22.3
Use the dnf install tool and get this packages:
gnome-weather.noarch : A weather application for GNOME
gnome-weather-tests.noarch : Tests for the gnome-weather package
gnome-shell-extension-openweather.noarch : Display weather information from many
gnome-shell-extension-apps-menu.noarch : Application menu for GNOME Shell
gnome-shell.x86_64 : Window management and application launching for GNOME
gnome-shell-extension-common.noarch : Files common to GNOME Shell Extensions
gnome-tweak-tool.noarch : A tool to customize advanced GNOME 3 options
Use this command to make settings:
[mythcat@localhost ~]$ gnome-tweak-tool
You will see a window with options for enable Fedmsg and Openweather notifications.
After select on option then just use right click to make settings for each extension.

Fedora 25: Install the ffmpeg tools .

Install from web the repos rpmfusion using root account:
# dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm
[root@localhost]# dnf install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
Now with enable the repo all rpmfusion list ffmpeg:
# yum --enablerepo=rpmfusion-* list ffmpeg
Redirecting to '/usr/bin/dnf --enablerepo=rpmfusion-* list ffmpeg' (see 'man yum2dnf')

RPM Fusion for Fedora 25 - Free - Test Updates 1.3 kB/s | 1.9 kB     00:01    
RPM Fusion for Fedora 25 - Nonfree - Updates S 4.8 kB/s | 7.0 kB     00:01    
RPM Fusion for Fedora 25 - Free - Updates Debu 185 kB/s | 331 kB     00:01    
RPM Fusion for Fedora 25 - Nonfree - Test Upda 1.7 kB/s | 2.7 kB     00:01    
RPM Fusion for Fedora Rawhide - Nonfree         91 kB/s | 157 kB     00:01    
RPM Fusion for Fedora Rawhide - Free - Debug   280 kB/s | 521 kB     00:01    
RPM Fusion for Fedora 25 - Free - Source        58 kB/s |  95 kB     00:01    
RPM Fusion for Fedora 25 - Free - Test Updates 9.7 kB/s |  16 kB     00:01    
RPM Fusion for Fedora 25 - Nonfree - Updates D 3.8 kB/s | 5.6 kB     00:01    
RPM Fusion for Fedora Rawhide - Nonfree - Sour  24 kB/s |  37 kB     00:01    
RPM Fusion for Fedora 25 - Free - Updates Sour 143 kB/s |  30 kB     00:00    
RPM Fusion for Fedora 25 - Nonfree             525 kB/s | 144 kB     00:00    
RPM Fusion for Fedora Rawhide - Free           1.1 MB/s | 531 kB     00:00    
RPM Fusion for Fedora 25 - Free - Test Updates  23 kB/s | 3.6 kB     00:00    
RPM Fusion for Fedora 25 - Nonfree - Updates    13 kB/s |  19 kB     00:01    
RPM Fusion for Fedora Rawhide - Free - Source   58 kB/s |  97 kB     00:01    
RPM Fusion for Fedora 25 - Free - Debug        879 kB/s | 380 kB     00:00    
RPM Fusion for Fedora 25 - Nonfree - Debug      41 kB/s |  69 kB     00:01    
RPM Fusion for Fedora 25 - Nonfree - Test Upda 1.7 kB/s | 2.6 kB     00:01    
RPM Fusion for Fedora 25 - Nonfree - Source     22 kB/s |  34 kB     00:01    
RPM Fusion for Fedora 25 - Nonfree - Test Upda 5.4 kB/s | 8.5 kB     00:01    
RPM Fusion for Fedora Rawhide - Nonfree - Debu 241 kB/s |  70 kB     00:00    
RPM Fusion for Fedora 25 - Free - Updates      154 kB/s | 254 kB     00:01    
RPM Fusion for Fedora 25 - Free                288 kB/s | 515 kB     00:01    
Available Packages
ffmpeg.src               3.2.4-1.fc26             rpmfusion-free-rawhide-source
ffmpeg.x86_64            3.2.4-1.fc26             rpmfusion-free-rawhide
Then install ffmpeg:
[root@localhost]# yum --enablerepo=rpmfusion-* install ffmpeg.x86_64
Redirecting to '/usr/bin/dnf --enablerepo=rpmfusion-* install ffmpeg.x86_64' (see 'man yum2dnf')

Last metadata expiration check: 0:00:26 ago on Tue Mar  7 23:40:51 2017.
Dependencies resolved.
===============================================================================
 Package      Arch   Version                      Repository              Size
===============================================================================
Installing:
 ffmpeg       x86_64 3.2.4-1.fc26                 rpmfusion-free-rawhide 1.5 M
 ffmpeg-libs  x86_64 3.2.4-1.fc26                 rpmfusion-free-rawhide 6.2 M
 fribidi      x86_64 0.19.7-2.fc24                fedora                  70 k
 lame-libs    x86_64 3.99.5-6.fc26                rpmfusion-free-rawhide 344 k
 libass       x86_64 0.13.4-1.fc25                fedora                  95 k
 libavdevice  x86_64 3.2.4-1.fc26                 rpmfusion-free-rawhide  83 k
 libmfx       x86_64 1.19-1.20170114gita5ba231.fc25
                                                  updates                 33 k
 libva        x86_64 1.7.3-3.fc25                 updates                 89 k
 ocl-icd      x86_64 2.2.11-1.fc25                updates                 46 k
 opencore-amr x86_64 0.1.3-4.fc24                 rpmfusion-free-rawhide 176 k
 schroedinger x86_64 1.0.11-10.fc24               fedora                 325 k
 vo-amrwbenc  x86_64 0.1.3-1.fc24                 rpmfusion-free-rawhide  76 k
 x264-libs    x86_64 0.148-15.20170121git97eaef2.fc26
                                                  rpmfusion-free-rawhide 574 k
 x265-libs    x86_64 2.2-1.fc26                   rpmfusion-free-rawhide 586 k
 xvidcore     x86_64 1.3.4-2.fc24                 rpmfusion-free-rawhide 262 k

Transaction Summary
===============================================================================
Install  15 Packages

Total download size: 10 M
Installed size: 28 M
Is this ok [y/N]: y
Downloading Packages:
(1/15): x265-libs-2.2-1.fc26.x86_64.rpm        780 kB/s | 586 kB     00:00    
(2/15): ffmpeg-3.2.4-1.fc26.x86_64.rpm         1.6 MB/s | 1.5 MB     00:00    
(3/15): libass-0.13.4-1.fc25.x86_64.rpm        294 kB/s |  95 kB     00:00    
(4/15): fribidi-0.19.7-2.fc24.x86_64.rpm       137 kB/s |  70 kB     00:00    
(5/15): libmfx-1.19-1.20170114gita5ba231.fc25. 418 kB/s |  33 kB     00:00    
(6/15): libva-1.7.3-3.fc25.x86_64.rpm          915 kB/s |  89 kB     00:00    
(7/15): schroedinger-1.0.11-10.fc24.x86_64.rpm 1.3 MB/s | 325 kB     00:00    
(8/15): ocl-icd-2.2.11-1.fc25.x86_64.rpm       401 kB/s |  46 kB     00:00    
(9/15): ffmpeg-libs-3.2.4-1.fc26.x86_64.rpm    3.8 MB/s | 6.2 MB     00:01    
(10/15): lame-libs-3.99.5-6.fc26.x86_64.rpm    2.1 MB/s | 344 kB     00:00    
(11/15): opencore-amr-0.1.3-4.fc24.x86_64.rpm  1.1 MB/s | 176 kB     00:00    
(12/15): vo-amrwbenc-0.1.3-1.fc24.x86_64.rpm   656 kB/s |  76 kB     00:00    
(13/15): xvidcore-1.3.4-2.fc24.x86_64.rpm      1.9 MB/s | 262 kB     00:00    
(14/15): x264-libs-0.148-15.20170121git97eaef2 2.7 MB/s | 574 kB     00:00    
(15/15): libavdevice-3.2.4-1.fc26.x86_64.rpm   694 kB/s |  83 kB     00:00    
-------------------------------------------------------------------------------
Total                                          2.2 MB/s |  10 MB     00:04     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : libva-1.7.3-3.fc25.x86_64                                 1/15 
  Installing  : libmfx-1.19-1.20170114gita5ba231.fc25.x86_64              2/15 
  Installing  : ocl-icd-2.2.11-1.fc25.x86_64                              3/15 
  Installing  : fribidi-0.19.7-2.fc24.x86_64                              4/15 
  Installing  : libass-0.13.4-1.fc25.x86_64                               5/15 
  Installing  : xvidcore-1.3.4-2.fc24.x86_64                              6/15 
  Installing  : x264-libs-0.148-15.20170121git97eaef2.fc26.x86_64         7/15 
  Installing  : vo-amrwbenc-0.1.3-1.fc24.x86_64                           8/15 
  Installing  : opencore-amr-0.1.3-4.fc24.x86_64                          9/15 
  Installing  : lame-libs-3.99.5-6.fc26.x86_64                           10/15 
  Installing  : schroedinger-1.0.11-10.fc24.x86_64                       11/15 
  Installing  : x265-libs-2.2-1.fc26.x86_64                              12/15 
  Installing  : ffmpeg-libs-3.2.4-1.fc26.x86_64                          13/15 
  Installing  : libavdevice-3.2.4-1.fc26.x86_64                          14/15 
  Installing  : ffmpeg-3.2.4-1.fc26.x86_64                               15/15 
  Verifying   : ffmpeg-3.2.4-1.fc26.x86_64                                1/15 
  Verifying   : ffmpeg-libs-3.2.4-1.fc26.x86_64                           2/15 
  Verifying   : x265-libs-2.2-1.fc26.x86_64                               3/15 
  Verifying   : fribidi-0.19.7-2.fc24.x86_64                              4/15 
  Verifying   : libass-0.13.4-1.fc25.x86_64                               5/15 
  Verifying   : schroedinger-1.0.11-10.fc24.x86_64                        6/15 
  Verifying   : libmfx-1.19-1.20170114gita5ba231.fc25.x86_64              7/15 
  Verifying   : libva-1.7.3-3.fc25.x86_64                                 8/15 
  Verifying   : ocl-icd-2.2.11-1.fc25.x86_64                              9/15 
  Verifying   : lame-libs-3.99.5-6.fc26.x86_64                           10/15 
  Verifying   : opencore-amr-0.1.3-4.fc24.x86_64                         11/15 
  Verifying   : vo-amrwbenc-0.1.3-1.fc24.x86_64                          12/15 
  Verifying   : x264-libs-0.148-15.20170121git97eaef2.fc26.x86_64        13/15 
  Verifying   : xvidcore-1.3.4-2.fc24.x86_64                             14/15 
  Verifying   : libavdevice-3.2.4-1.fc26.x86_64                          15/15 

Installed:
  ffmpeg.x86_64 3.2.4-1.fc26                                                   
  ffmpeg-libs.x86_64 3.2.4-1.fc26                                              
  fribidi.x86_64 0.19.7-2.fc24                                                 
  lame-libs.x86_64 3.99.5-6.fc26                                               
  libass.x86_64 0.13.4-1.fc25                                                  
  libavdevice.x86_64 3.2.4-1.fc26                                              
  libmfx.x86_64 1.19-1.20170114gita5ba231.fc25                                 
  libva.x86_64 1.7.3-3.fc25                                                    
  ocl-icd.x86_64 2.2.11-1.fc25                                                 
  opencore-amr.x86_64 0.1.3-4.fc24                                             
  schroedinger.x86_64 1.0.11-10.fc24                                           
  vo-amrwbenc.x86_64 0.1.3-1.fc24                                              
  x264-libs.x86_64 0.148-15.20170121git97eaef2.fc26                            
  x265-libs.x86_64 2.2-1.fc26                                                  
  xvidcore.x86_64 1.3.4-2.fc24                                                 

Complete!
[root@localhost]#
Just test te ffmpeg tools.

Tuesday, March 7, 2017

Try pentbox like honeypot tool with Fedora 25.

PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works. It is free, licensed under GNU/GPLv3.
First you need to install the ruby
[root@localhost pentbox]# dnf install ruby 
Last metadata expiration check: 1:55:17 ago on Tue Mar  7 20:16:17 2017.
Dependencies resolved.
================================================================================
 Package                   Arch        Version               Repository    Size
================================================================================
Installing:
 ruby                      x86_64      2.3.3-61.1.fc25       updates       76 k
 ruby-irb                  noarch      2.3.3-61.1.fc25       updates       94 k
 rubygem-bigdecimal        x86_64      1.2.8-61.1.fc25       updates       87 k
 rubygem-did_you_mean      x86_64      1.0.0-61.1.fc25       updates      219 k
 rubygem-io-console        x86_64      0.4.5-61.1.fc25       updates       57 k
...
  rubygems.noarch 2.5.2-61.1.fc25                                               
  rubypick.noarch 1.1.1-5.fc24                                                  

Complete!
You need also the svn. The subversion is a free/open source version control system.
[root@localhost pentbox]# dnf install svn
Last metadata expiration check: 1:59:41 ago on Tue Mar  7 20:16:17 2017.
Package subversion-1.9.5-1.fc25.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
Let get the pentbox.
svn co https://pentbox.svn.sourceforge.net/svnroot/pentbox/trunk/ pentbox
cd pentbox
svn update
./pentbox.rb
[root@localhost pentbox]# ./pentbox.rb

 PenTBox 1.5 
         __
        U00U|.'@@@@@@`.
        |__|(@@@@@@@@@@)
             (@@@@@@@@)
             `YY~~~~YY'
              ||    ||

--------- Menu          ruby2.3.3 @ x86_64-linux

1- Cryptography tools

2- Network tools

3- Web

4- License and contact

5- Exit

   -> 2

1- Net DoS Tester
2- TCP port scanner
3- Honeypot
4- Fuzzer
5- DNS and host gathering
6- MAC address geolocation (samy.pl)

0- Back

   -> 3

// Honeypot //

You must run PenTBox with root privileges.

 Select option.

1- Fast Auto Configuration
2- Manual Configuration [Advanced Users, more options]

   -> 1

  HONEYPOT ACTIVATED ON PORT 80 (2017-03-07 22:20:30 +0200)


Now, let's simulate one attack and see the result. Open your browser and put your_ip into address bar with port 80 and press enter key or go button:
your_ip:90
Take a look to your terminal and see the result. You can see something like that:

  INTRUSION ATTEMPT DETECTED! from your_ip:40482 (2017-03-07 22:22:07 +0200)
 -----------------------------
GET / HTTP/1.1
Host: your_ip
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
The your_ip will fill with your ip workstation. You can also make more settings with the pentbox tool.

Friday, March 3, 2017

The ScreenFetch tool with Fedora 25 .

ScreenFetch is a System Information Tool designed primarily for Bash Shell but function with other shell environment as well. The tool is smart enough to auto-detect the Linux distribution you are using and generate the ASCII logo of the distribution with certain valuable information to the right of logo. 
Let's see my ScreenFetch:

Fedora: telnet game - BatMUD.

This is a good game if you have a telnet and internet connection.
Just open your terminal, run the telnet command and type o to open this: batmud.bat.org 23.
The game has an official website.
The team tells us about this game:

What is BatMUD - scratching the surface 

One could go on and rant for hours and hours about the Game. If you're not familiar with BatMUD, don't worry - you won't even be after the first week of playing. The game's not easy, it was never intended to be. The first eyeful can be deceiving, especially as we live in the fully graphical world of commercially produced, hundred-million dollar budget behemoths. Our game, it's nothing like that; even though we tend to boast that it is more, and trust us - it is. A problem with the modern day games is that, eventually they become very dull or simply uninspiring. However, BatMUD's text-based approach it is different, somewhat to as reading a good book - it's all about your imagination. Hundreds of volunteer developers through the Decades have brought a special uniqueness to the Game, and new ones continue the Legacy to this day. We cater to almost everyone: the available options and playstyles are basically endless. It's Your Realm.

The java interface with my account, see:

Saturday, February 25, 2017

Install Adobe Flash Player 24 on Fedora 25

Is very simple , I use this commands today:
[root@localhost mythcat]
# rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
Retrieving http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
warning: /var/tmp/rpm-tmp.yTBgjV: Header V3 DSA/SHA1 Signature, key ID xxxxxxx: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:adobe-release-x86_64-1.0-1       ################################# [100%]
[root@localhost mythcat]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
[root@localhost mythcat]# dnf install flash-plugin alsa-plugins-pulseaudio libcurl
Adobe Systems Incorporated                       11 kB/s | 2.0 kB     00:00    
Package alsa-plugins-pulseaudio-1.1.1-1.fc25.x86_64 is already installed, skipping.
Package libcurl-7.51.0-4.fc25.x86_64 is already installed, skipping.
Dependencies resolved.
================================================================================
 Package         Arch      Version                  Repository             Size
================================================================================
Installing:
 flash-plugin    x86_64    24.0.0.221-release       adobe-linux-x86_64    9.2 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 9.2 M
Installed size: 22 M
Is this ok [y/N]: y
Downloading Packages:
flash-player-npapi-24.0.0.221-release.x86_64.rp 1.2 MB/s | 9.2 MB     00:07    
--------------------------------------------------------------------------------
Total                                           1.2 MB/s | 9.2 MB     00:07     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : flash-plugin-24.0.0.221-release.x86_64                      1/1 
  Verifying   : flash-plugin-24.0.0.221-release.x86_64                      1/1 

Installed:
  flash-plugin.x86_64 24.0.0.221-release                                        

Complete!
[root@localhost mythcat]# 

Tuesday, February 21, 2017

Fedora 25: The perf linux tool.

If you want a good tool to test your performance under Fedora 25 distro or linux then the perf tool is great.
You can read a full tutorial from perf wiki and that will give a good impression on this utility.
The main problem come when you need to understand why we have to use this utility in linux.
Intro A trivial use the top command will show you the necessary information about your Linux.
If you look closely you will notice that : load average: 0.09, 0.05, 0.01
The three numbers represent averages over progressively longer periods of time (one, five, and fifteen minute averages). This means for us: that lower numbers are better and the higher numbers represent a problem or an overloaded machine. Now about multicore and multiprocessor the rule is simple: the total number of cores is what matters, regardless of how many physical processors those cores are spread across. Let's use this command: First I will record some data about my CPU:
[mythcat@localhost ~]$ perf record -e cpu-clock -ag 
Error:
You may not have permission to collect system-wide stats.

Consider tweaking /proc/sys/kernel/perf_event_paranoid,
which controls use of the performance events system by
unprivileged users (without CAP_SYS_ADMIN).

The current value is 2:

  -1: Allow use of (almost) all events by all users
>= 0: Disallow raw tracepoint access by users without CAP_IOC_LOCK
>= 1: Disallow CPU event access by users without CAP_SYS_ADMIN
>= 2: Disallow kernel profiling by users without CAP_SYS_ADMIN
[mythcat@localhost ~]$ su 
Password: 
[root@localhost mythcat]# perf record -e cpu-clock -ag 
^C[ perf record: Woken up 17 times to write data ]
[ perf record: Captured and wrote 5.409 MB perf.data (38518 samples) ]

[root@localhost mythcat]# ls -l perf.data
-rw-------. 1 mythcat mythcat 5683180 Feb 21 13:24 perf.data
You can see the perf tool working with root account and result is owned by deafult user. Let's show this data using the default user - mythcat and perf tool:
[mythcat@localhost ~]$ perf report
The result of this command: You can use the full list events by using this command:
[mythcat@localhost ~]$ perf list 

List of pre-defined events (to be used in -e):

  branch-instructions OR branches                    [Hardware event]
  branch-misses                                      [Hardware event]
  bus-cycles                                         [Hardware event]
  cache-misses                                       [Hardware event]
  cache-references                                   [Hardware event]
  cpu-cycles OR cycles                               [Hardware event]
  instructions                                       [Hardware event]
  ref-cycles                                         [Hardware event]

  alignment-faults                                   [Software event]
  bpf-output                                         [Software event]
  context-switches OR cs                             [Software event]
  cpu-clock                                          [Software event]
  cpu-migrations OR migrations                       [Software event]
  dummy                                              [Software event]
  emulation-faults                                   [Software event]
  major-faults                                       [Software event]
  minor-faults                                       [Software event]
  page-faults OR faults                              [Software event]
  task-clock                                         [Software event]
Let's see one event from this list and that will told us how Fedora working:
[root@localhost mythcat]# perf top -e minor-faults -ns comm
Is use the comm (keys are available: pid, comm, dso, symbol, parent, cpu, socket, srcline, weight, local_weight) and the -ns args see the manual of perf command. The result of this command is: This is most simple way to see how is start and close some pids and how they interact in real-time with the operating system. Another way to deal with the perf command is how to analyze most scheduler properties from within 'perf sched' alone using the perf sched with the five sub-commands currently:

perf sched record            # low-overhead recording of arbitrary workloads
perf sched latency           # output per task latency metrics
perf sched map               # show summary/map of context-switching
perf sched trace             # output finegrained trace
perf sched replay            # replay a captured workload using simlated threads
Try this example to see the to capture a trace and then to check latencies (which analyzes the trace in perf.data record file).
perf sched record sleep 10     # record full system activity for 10 seconds
perf sched latency --sort max  # report latencies sorted by max 
You can also make a map of map of scheduling events by using this command:
[root@localhost mythcat]# perf sched record 
This tutorial show you just only 1% of ways of using the perf command.

Sunday, February 19, 2017

Fedora 25: running Geekbench.

You can test your CPU with this software and will see report online.
The official website told us about this tool:
Geekbench 4 measures your system's power and tells you whether your computer is ready to roar. How strong is your mobile device or desktop computer? How will it perform when push comes to crunch? These are the questions that Geekbench can answer.
You can use free or buy a license for this software and you can get it from here.
Let's see how is working and what is tested:
[mythcat@localhost Geekbench-4.0.4-Linux]$ ls
geekbench4  geekbench.plar  geekbench_x86_32  geekbench_x86_64
[mythcat@localhost Geekbench-4.0.4-Linux]$ ./geekbench4 
[0219/140337:INFO:src/base/archive_file.cpp(43)] Found archive at 
/home/mythcat/build.pulse/dist/Geekbench-4.0.4-Linux/geekbench.plar
Geekbench 4.0.4 Tryout : http://www.geekbench.com/

Geekbench 4 is in tryout mode.

Geekbench 4 requires an active Internet connection when in tryout mode, and 
automatically uploads test results to the Geekbench Browser. Other features 
are unavailable in tryout mode.

Buy a Geekbench 4 license to enable offline use and remove the limitations of 
tryout mode.

If you would like to purchase Geekbench you can do so online:

  https://store.primatelabs.com/v4

If you have already purchased Geekbench, enter your email address and license 
key from your email receipt with the following command line:

  ./geekbench4 -r email address="" license key=""

  Running Gathering system information
System Information
  Operating System        Linux 4.9.9-200.fc25.x86_64 x86_64
  Model                   Gigabyte Technology Co., Ltd. B85-HD3
  Motherboard             Gigabyte Technology Co., Ltd. B85-HD3
  Processor               Intel Core i5-4460 @ 3.40 GHz
                          1 Processor, 4 Cores, 4 Threads
  Processor ID            GenuineIntel Family 6 Model 60 Stepping 3
  L1 Instruction Cache    32.0 KB x 2
  L1 Data Cache           32.0 KB x 2
  L2 Cache                256 KB x 2
  L3 Cache                6.00 MB
  Memory                  7.26 GB 
  BIOS                    American Megatrends Inc. F2
  Compiler                Clang 3.8.0 (tags/RELEASE_380/final)

Single-Core
  Running AES
  Running LZMA
  Running JPEG
  Running Canny
  Running Lua
  Running Dijkstra
  Running SQLite
  Running HTML5 Parse
  Running HTML5 DOM
  Running Histogram Equalization
  Running PDF Rendering
  Running LLVM
  Running Camera
  Running SGEMM
  Running SFFT
  Running N-Body Physics
  Running Ray Tracing
  Running Rigid Body Physics
  Running HDR
  Running Gaussian Blur
  Running Speech Recognition
  Running Face Detection
  Running Memory Copy
  Running Memory Latency
  Running Memory Bandwidth

Multi-Core
  Running AES
  Running LZMA
  Running JPEG
  Running Canny
  Running Lua
  Running Dijkstra
  Running SQLite
  Running HTML5 Parse
  Running HTML5 DOM
  Running Histogram Equalization
  Running PDF Rendering
  Running LLVM
  Running Camera
  Running SGEMM
  Running SFFT
  Running N-Body Physics
  Running Ray Tracing
  Running Rigid Body Physics
  Running HDR
  Running Gaussian Blur
  Running Speech Recognition
  Running Face Detection
  Running Memory Copy
  Running Memory Latency
  Running Memory Bandwidth


Uploading results to the Geekbench Browser. This could take a minute or two 
depending on the speed of your internet connection.

Upload succeeded. Visit the following link and view your results online:

Friday, February 17, 2017

News: OpenSSL Security Advisory [16 Feb 2017]

According to this website:  www.openssl.org/news


OpenSSL Security Advisory [16 Feb 2017]
========================================

Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
====================================================

Severity: High

During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0e

This issue does not affect OpenSSL version 1.0.2.

This issue was reported to OpenSSL on 31st January 2017 by Joe Orton (Red Hat).
The fix was developed by Matt Caswell of the OpenSSL development team.

Note
====

Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20170216.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

Wednesday, February 15, 2017

Install old Skype package into Fedora 25.

This is old package of skype and can be download from this link: skype Fedora 16 - 32 bit.
The install process of skype using the dnf command:

[root@localhost Downloads]# dnf install skype-4.3.0.37-fedora.i586.rpm
Last metadata expiration check: 2:47:29 ago on Wed Feb 15 12:56:31 2017.
Dependencies resolved.
================================================================================
 Package              Arch   Version                              Repository
                                                                           Size
================================================================================
Installing:
 alsa-lib             i686   1.1.1-2.fc25                         fedora  411 k
 alsa-plugins-pulseaudio
                      i686   1.1.1-1.fc25                         fedora   45 k
 bzip2-libs           i686   1.0.6-21.fc25                        updates  44 k
 cairo                i686   1.14.8-1.fc25                        updates 750 k
 ...
 xz-libs              i686   5.2.2-2.fc24                         fedora   98 k
 zlib                 i686   1.2.8-10.fc24                        fedora   98 k

Transaction Summary
================================================================================
Install  104 Packages

Total size: 90 M
Total download size: 71 M
Installed size: 264 M
Is this ok [y/N]: y
...
  sni-qt.i686 0.2.6-7.fc24                                                     
  sqlite-libs.i686 3.14.2-1.fc25                                               
  systemd-libs.i686 231-12.fc25                                                
  tcp_wrappers-libs.i686 7.6-83.fc25                                           
  xz-libs.i686 5.2.2-2.fc24                                                    
  zlib.i686 1.2.8-10.fc24                                                      

Complete!

To run the skype just use the command skype under linux shell: