Fedora 42 : ... testing Advanced Intrusion Detection Environment (AIDE).

Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions.. See more on the official fedora documentation webpage.

NOTE : The documentation and translations on the official page are in progress due to ongoing development and resource management ...

I used the DNF tool to install:

[mythcat@fedora ~]$ sudo dnf install aide
... aide      x86_64      0.18.6-5.fc41        rawhide      

Make sure the AIDE database file exists and is accessible:

[mythcat@fedora ~]$ sudo ls -l /var/lib/aide/aide.db.gz

Ensure that the user running AIDE has the necessary permissions:

[mythcat@fedora ~]$ sudo ls -l /var/lib/aide/

Check the AIDE configuration file:

[mythcat@fedora ~]$ sudo cat /etc/aide.conf | grep DBDIR

Check if the AIDE service file exists:

[mythcat@fedora ~]$ sudo ls /usr/lib/systemd/system/ | grep aide

If the service exists then check the status:

[mythcat@fedora ~]$ sudo systemctl status aide
Unit aide.service could not be found.

If the service not exist then take some time to run first time ...

[mythcat@fedora ~]$ sudo /sbin/aide --init
...
End timestamp: 2024-10-26 14:10:00 +0300 (run time: 98m 41s)

You can check each time you want ...

[mythcat@fedora ~]$ sudo /sbin/aide --check

If you want and your Fedora linux need to use this tool, then you can use it like service:

sudo nano /usr/lib/systemd/system/aide.service

Fill with the basic service source code like any unit service :

[Unit]
   Description=Advanced Intrusion Detection Environment
   After=network.target

   [Service]
   Type=simple
   ExecStart=/sbin/aide --init
   ExecStop=/sbin/aide --check
   Restart=on-failure

   [Install]
   WantedBy=multi-user.target

This is a simple tutorial about how to start with AIDE tool ...

Fedora 42 : Still in the development without some features ...

An intrusion on my vodafone network , change my layout on windows.

Even the network provider say always is not from hardware or administration vodafone network ...

I tried to wrote a post on my graphics blogger on windows os , but I got something like this:

... ld ne frm 3 cmbire 224 ...

My nicknames comes like this: mhca caafe for mythcat and catafest ...

The tab and enter keys not works, also 1234 789 and num keys ... and more keys: s, t, w, y, o.

This post is wrote on Fedora 42 and works fine , but will be more good if this distro will have all features.

Some examples :

- Selinux still works but some enforced can change the default user permissions and privileges.

- Selinux works but you can use full features like : mls.

- the TPM device from this HP Laptop cannot be used with all features on Fedora.

In conclusion, this old laptop with Fedora and GNOME environment is more than 10 times faster human operations on the range of time, than the Asus laptop with the same 4GB RAM but with a different CPU Intel(R) Core(TM) i3-60060 @ 2.00 GHz 1.99 GHz and windows 10 pro.

Fedora 41 : python and Federated Message Bus in Fedora Linux Distro.

Federated Message Bus is a library built on ZeroMQ using the PyZMQ Python bindings. fedmsg aims to make it easy to connect services together using ZeroMQ publishers and subscribers.

You can use this python package named fedmsg to use this functionality ...

This is the source code :

import fedmsg
from fedmsg import *

import os
# Set the routing_nitpicky flag to True
os.environ['FEDMSG_ROUTING_NITPICKY'] = 'True'


config = fedmsg.config.load_config([],None)
config['mute'] = True
config['timeout'] = 0

for name, endpoint, topic, msg in fedmsg.tail_messages(**config):
    print ("name ", name)

This is the result :

[mythcat@fedora FedoraMessaging]$ python fedmsg_001.py
No routing policy defined for "org.fedoraproject.prod.copr.build.start" but routing_nitpicky is False so the message is being treated as authorized.
name  fedora-infrastructure
No routing policy defined for "org.fedoraproject.prod.copr.chroot.start" but routing_nitpicky is False so the message is being treated as authorized.
name  fedora-infrastructure
No routing policy defined for "org.fedoraproject.prod.github.check_run" but routing_nitpicky is False so the message is being treated as authorized.
name  fedora-infrastructure
No routing policy defined for "org.fedoraproject.prod.github.pull_request_review" but routing_nitpicky is False so the message is being treated as authorized.
name  fedora-infrastructure
No routing policy defined for "org.fedoraproject.prod.github.pull_request_review_comment" but routing_nitpicky is False so the message is being treated as authorized.
name  fedora-infrastructure ... 

Fedora 41 : Memstrack tool.

A runtime memory allocation tracer, like a hot spot analyzer for memory allocation, can help analyze overall memory usage, peak memory usage, kernel module memory usage, all combined with stacktrace. Userspace memory trace is planned and not yet implemented.

This tool works by tracing all page-level memory allocation events in kernel (currently supports using perf or ftrace), and actively integrate the events into a stack trace tree. It can also work with kernel's page owner log file and use as a memory usage viewer.

I tested this tool today and it is quite useful for development and monitoring the operating system, it seems to work very well, you can even see in the screenshot how ...

You can find this project on the GitHub repo.

Fedora 40 : sngrep tool.

The sngrep is a tool for displaying SIP calls message flows from terminal and supports live capture to display realtime SIP packets and can also be used as PCAP viewer.

[mythcat@fedora ~]# dnf copr enable irontec/sngrep
[mythcat@fedora ~]# dnf install sngrep
[mythcat@fedora ~]# exit
[mythcat@fedora ~]$ sudo sngrep  -d ens1 -O save.pcap port 8080 and udp

The result is this:

News : SELinux wizzard tool !

I found today in Fedora linux this tool for SELinux with a GUI that allows creating linux security policies.

I will write a little about this system because it is a very good solution.

When I started studying selinux, it was not very well implemented and it seems that the interest of users to be protected is higher.

As you well know, the starting points are network security and data protection and kernel-level intrusions into software.

For those who don't know, SELinux is a system that allows limiting defined resources and allowing other actions or not.

I tested the tool and I can say that it solves only the standard file creation part without the possibility of selecting the SELinux bools variables.

If the one who created this tool will continue to be a very good tool.

It's currently a wizzard interface, I'd call it a Node Editor to allow the assembly of different processing blocks (nodes) into combinations that feed data to each other along connections you specify to produce complex effects.

After completing the steps in the wizard, you will have some default files.

I used the name firefox because the security of the browser is very low at the moment.

Here are some images of this tool:

News : VirtualBox 7.0.14 released! from Oracle.

Oracle today released a 7.0 maintenance release which improves stability and fixes regressions. See the Changelog

I also use a version of Fedora running on VirtualBox for tests and rapid development.

Most use Linux on older hardware as a backup OS...

You can use Linux with specific non-default settings for good security of the operating system, but it does not make it invincible.

I don't know if VirtualBox solved the resize of the virtual partition - this was the last issue I encountered with this tool, but it is useful if you want to test something quickly.

Fedora 39 : Fixing common upgrade issues.

The most common issue is that the Linux system hangs due to disk space and upgrades.

Here's what you need to do:

Ensure you have root access by editing the boot sequence from the boot menu with the word single and entering the root password.

... start the network in the maintenance environment with the command:

# systemctl restart NetworkManager

Check if you can update with the DNF5 tool or DNF , see this webpage:

# dnf5 upgrade --refresh

If the update tool tells you that you have no space available, then you can clean up with:

# journalctl --disk-usage
# journalctl --vacuum-size=16M

The size of 16M is a relative size related to how the resource is allocated!

Another possibility would be to reallocate the space.

NOTE: If you are using a virtual disk with .vdi extension on Windows OS, then I don't have a solution.

Although virtualbox has an interface that would allow resizing the virtual disk, it didn't work for me.

Fedora 39 : Foot - the sway terminal.

Today, I will show how to use a fast, lightweight, and minimalistic Wayland terminal emulator named Foot.

You can install it easily with the DNF5 tool :

The project can be found on this codeberg repo.

On the sawy desktop environment, you can use Win+D keys just to type a command to start an application.

You can start easily by typing foot or you can type on an open terminal, see:

[mythcat@fedora ~]$ foot
warn: wayland.c:1509: fractional scaling not available
warn: wayland.c:1512: no server-side cursors available, falling back to client-side cursors
warn: fcft.c:583: failed to get full font name
warn: fcft.c:583: failed to get full font name

I used updatedb and locate commands to find the foot.ini file and change some settings like font size, and more :

Fedora 39 : Test with eDEX-UI.

eDEX-UI is a fullscreen, cross-platform terminal emulator and system monitor that looks and feels like a sci-fi computer interface.

This can be found on this GitHub project.

This is version for 64-bit Machines, you can download it with:

$ wget -c https://github.com/GitSquared/edex-ui/releases/download/v2.2.8/eDEX-UI-Linux-x86_64.AppImage

Change the file to be executable:

$ chmod +x eDEX-UI-Linux-x86_64.AppImage

Use this command:

$ ./eDEX-UI-Linux-x86_64.AppImage --appimage-extract

Go to this folder:

$ cd squashfs-root

Run the application:

$ ./AppRun

This is the result of running the application:

Fedora 39 : Install and fix error with dotnet and copr.

Copr is an easy-to-use automatic build system providing a package repository as its output.

Free/Open source software that is harder to include in Fedora (usually because it is developed in a way that makes it difficult to package while implementing the Fedora packaging guidelines) is temporarily provided in an extra COPR repository, see the official webpage.

I tried to install dotnet following a tutorial on Fedora Magazine:

# dnf copr enable @dotnet-sig/dotnet

I obviously received errors related to copr, because is not install and I used Fedora 39, since Fedora 39 is still Rawhide.

I try to install copr with dnf5:

# dnf5 install copr

I got some errors on python-request-2.28.2-2.fc39.noarch conflicts with new one requested by dnf5 and I remove this package and I let to install the new one.

I try again with same command:

# dnf5 install copr

The next command was:

$ sudo dnf copr enable @dotnet-sig/dotnet fedora-38-x86_64

This allow me to use fedora-38-x86_64 and warn me about copr.

Enabling a Copr repository. Please note that this repository is not part
of the main distribution, and quality may vary ...

The last one is to install .NET Core:

# dnf5 install dotnet

This install all packages for .NET Core with SDK version 6.0 .

I tested with a simple project:

$ dotnet new console -o mythcat_console
$ cd mythcat_console
$ dotnet run 
Hello, World!

This is the way that can use Fedora packages with copr.

Fedora 39 : Solve copy-paste in VirtualBox.

I'm using the Fedora 39 Linux distribution on an HP laptop and I also have it installed on a VirtualBox on my work computer. Today I will show you a way to solve copy paste between content on your computer and Fedora 39 on VirtualBox.

This requires Virtual Box to be set to bridge network as in the attached image.

The next step is to have the Cockpit tool installed, see instructions here.

Open the web address created by the Cockpit tool in your computer browser and go to the Terminal section. This way you will be able to transfer text content using your computer's browser and not the VirtualBox settings.

See the next image:

Fedora 39 : DNF5 error update.

Sometimes errors may occur when installing Fedora packages using the dnf or dnf5 utility. One of the reasons may result from the coincidence of the package installation process. If you know how to build packages, how to develop the Fedora team, and how many repositories you have set up in your Linux distribution, then such an error can be easily fixed. Here is the error:

First, install the dnf5 and dnf5-plugins with this command:

sudo dnf install dnf5 dnf5-plugins

One good way to fix error is to have defined settings in : /etc/dnf/dnf.conf in order to have a good installation flow and how to link packages to the interconnected job.

See my example that fix this error:

Some packages may conflict in the repo and you can check with the dnf info fedora_repo_package command.

For example, you can use exclude=*.noarch in the [main] area.

Fedora 39 : Using a stick or hard disk created in Windows.

When attached to USB, Linux distribution cannot access it.

Install these packages with the DNF utility.

sudo dnf install ntfs-3g
sudo dnf install ntfsfix

Use these commands to create a folder where it will be mounted and test if it can be mounted and where it is viewed :

sudo mkdir /mnt/mydrive
sudo mount -t ntfs-3g /dev/sdb1 /mnt/mydrive
dmesg| grep usb 
sudo mount /dev/sdb /mnt/mydrive
df -h

Fix errors with this command

sudo umount /dev/sdb1
sudo ntfsfix /dev/sdb1

It resumes the operation of mounting it in the folder named /mnt/mydrive:

sudo mount -t ntfs-3g /dev/sdb1 /mnt/mydrive

This command will mount as a superuser but can be modified as a normal user.

Create a USB folder into your home folder as normal user.

You can use these commands to use your files like a normal user:

[mythcat@fedora ~]$ sudo mount -t ntfs-3g /dev/sdb1 ~/USB
[sudo] password for mythcat: 
...
[mythcat@fedora ~]$ sudo umount /dev/sdb1

Fedora 39 : The vifm file manager ...

My monitor broke a few days ago so i'm using an old laptop. Website posts will be less frequent.

You can use the vifm file manager in Fedora 39 easy.

Use the DNF command tool to install it.

[root@fedora mythcat]# dnf install vifm

See the result of this file manager:

Fedora 38 : LibreOffice with new features.

LibreOffice is a free and powerful office suite, and a successor to OpenOffice.org (commonly known as OpenOffice). Its clean interface and feature-rich tools help you unleash your creativity and enhance your productivity... see the official website.

I install easy with DNF tool on Fedora 38:

[root@fedora mythcat]# dnf install libreoffice.x86_64
Last metadata expiration check: 1:13:09 ago on Thu 02 Feb 2023 05:03:42 PM EET.
Dependencies resolved.
================================================================================
 Package                         Arch     Version               Repo       Size
================================================================================
Installing:
 libreoffice                     x86_64   1:7.5.0.2-2.fc38      rawhide    15 k
Installing dependencies:
 apache-commons-collections      noarch   3.2.2-29.fc38         rawhide   531 k
 apache-commons-lang3            noarch   3.12.0-7.fc38         rawhide   559 k
 firebird                        x86_64   4.0.2.2816-4.fc38     rawhide   5.1 M
 firebird-utils                  x86_64   4.0.2.2816-4.fc38     rawhide   2.1 M
 flute                           noarch   1.3.0-31.OOo31.fc38   rawhide    64 k
 javapackages-tools              noarch   6.1.0-7.fc38          rawhide    37 k
 libbase                         noarch   1.1.3-36.fc38         rawhide   130 k
 libfbclient2                    x86_64   4.0.2.2816-4.fc38     rawhide   860 k
 libfonts                        noarch   1.1.3-40.fc38         rawhide   177 k
 libformula                      noarch   1.1.3-37.fc38         rawhide   340 k
 libib-util                      x86_64   4.0.2.2816-4.fc38     rawhide    12 k
 liblayout                       noarch   0.2.10-30.fc38        rawhide   654 k
 libloader                       noarch   1.1.3-38.fc38         rawhide   130 k
 libreoffice-base                x86_64   1:7.5.0.2-2.fc38      rawhide   2.3 M
 libreoffice-draw                x86_64   1:7.5.0.2-2.fc38      rawhide    23 k
 libreoffice-math                x86_64   1:7.5.0.2-2.fc38      rawhide    20 k
 librepository                   noarch   1.1.3-37.fc38         rawhide    68 k
 libserializer                   noarch   1.1.2-36.fc38         rawhide    36 k
 ongres-scram                    noarch   2.1-8.fc38            rawhide    65 k
 ongres-scram-client             noarch   2.1-8.fc38            rawhide    24 k
 ongres-stringprep               noarch   1.1-6.fc38            rawhide    74 k
 pentaho-libxml                  noarch   1.1.3-36.fc38         rawhide   101 k
 pentaho-reporting-flow-engine   noarch   1:0.9.4-29.fc38       rawhide   285 k
 postgresql-jdbc                 noarch   42.5.1-2.fc38         rawhide   836 k
 sac                             noarch   1.3-41.fc38           rawhide    19 k
 velocity                        noarch   1.7-40.fc38           rawhide   386 k

Transaction Summary
================================================================================
Install  27 Packages

Total download size: 15 M
Installed size: 46 M
Is this ok [y/N]: y  
...

This software works good on my old laptop:

You can see a video from the official youtube channel with the new features:

Fedora 36 : Rootkit Hunter tool.

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD..., see wikipedia .

You can find it on this website.

On Fedora 36 you can search and install with the DNF tool.

[root@fedora mythcat]# dnf search rkhunter
Last metadata expiration check: 3:38:34 ago on Sat 06 Aug 2022 10:35:34 AM EEST.
======================== Name Exactly Matched: rkhunter ========================
rkhunter.noarch : A host-based tool to scan for rootkits, backdoors and local exploits
[root@fedora mythcat]# dnf install rkhunter.noarch
Last metadata expiration check: 3:39:00 ago on Sat 06 Aug 2022 10:35:34 AM EEST.

The first step is to upgrade it and then you can check the system.

[root@fedora mythcat]# rkhunter --propupd
[ Rootkit Hunter version 1.4.6 ]
File created: searched for 179 files, found 139

[root@fedora mythcat]# rkhunter --check
[ Rootkit Hunter version 1.4.6 ]

Checking system commands...

  Performing 'strings' command checks

...

The result can be found on the log file and you can set settings on the conf file type.

[root@fedora mythcat]# vi /var/log/rkhunter/rkhunter.log
[root@fedora mythcat]# vi /etc/rkhunter.conf

Fedora 36 : The zeek tool.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Use the DNF tool to add repo for zeek tool:

[root@fedora home]# dnf config-manager --add-repo https://download.opensuse.org/repositories/security:zeek/Fedora_36/security:zeek.repo

Adding repo from: https://download.opensuse.org/repositories/security:zeek/Fedora_36/security:zeek.repo

Use DNF tool to install

[root@fedora home]# dnf install zeek-lts
The Zeek Network Security Monitor. (Fedora_36)   18 kB/s |  77 kB     00:04    
Last metadata expiration check: 0:00:02 ago on Sat 11 Jun 2022 12:33:29 AM EEST.
Dependencies resolved.
================================================================================
 Package                    Arch     Version              Repository       Size
================================================================================
Installing:
 zeek-lts                   x86_64   4.0.7-1.1            security_zeek   7.9 k
Installing dependencies:
 libbroker-lts-devel        x86_64   4.0.7-1.1            security_zeek   1.3 M
 libpcap-devel              x86_64   14:1.10.1-3.fc36     fedora          141 k
 python3-GitPython          noarch   3.1.26-1.fc36        fedora          275 k
 python3-gitdb              noarch   4.0.9-2.fc36         fedora          107 k
 python3-semantic_version   noarch   2.8.4-9.fc36         fedora           39 k
 python3-smmap              noarch   5.0.0-1.fc36         fedora           46 k
 zeek-lts-btest             x86_64   4.0.7-1.1            security_zeek   326 k
 zeek-lts-core              x86_64   4.0.7-1.1            security_zeek   4.8 M
 zeek-lts-devel             x86_64   4.0.7-1.1            security_zeek   957 k
 zeek-lts-libcaf-devel      x86_64   4.0.7-1.1            security_zeek   1.6 M
 zeek-lts-zkg               x86_64   4.0.7-1.1            security_zeek    50 k
 zeekctl-lts                x86_64   4.0.7-1.1            security_zeek   1.8 M

Transaction Summary
================================================================================
Install  13 Packages

Total download size: 11 M
Installed size: 57 M
Is this ok [y/N]:y
Downloading Packages:
(1/13): python3-gitdb-4.0.9-2.fc36.noarch.rpm   232 kB/s | 107 kB     00:00    


Complete!

Create a script file named main.zeek:

event zeek_init()
        {
        print "Hello, World!";
        }

event zeek_done()
        {
        print "Goodbye, World!";
        }

... and run this file:

[mythcat@fedora ~]$ /opt/zeek/bin/zeek main.zeek
Hello, World!
Goodbye, World!

Fedora 36 : Inkscape 1.2 with Huion WH 1409 graphic tablet.

In this tutorial I will show you how to install and use the Huion WH 1409 graphics tablet with the new release of Inkscape 1.2 software.

You will need to use the DKMS feature of the kernel and the tablet-specific drivers.

Let's start with the following command to get the driver and show the files:

[root@fedora mythcat]# git clone https://github.com/DIGImend/digimend-kernel-drivers.git
Cloning into 'digimend-kernel-drivers'...
remote: Enumerating objects: 1475, done.
remote: Counting objects: 100% (26/26), done.
remote: Compressing objects: 100% (19/19), done.
remote: Total 1475 (delta 9), reused 15 (delta 7), pack-reused 1449
Receiving objects: 100% (1475/1475), 447.25 KiB | 1.66 MiB/s, done.
Resolving deltas: 100% (969/969), done.
[root@fedora mythcat]# cd digimend-kernel-drivers/
[root@fedora digimend-kernel-drivers]# dir
compat.h    dracut.conf        hid-uclogic-params.c  README.md
COPYING        hid-ids.h        hid-uclogic-params.h  udev.rules
debian        hid-kye.c        hid-uclogic-rdesc.c   usbhid
depmod.conf    hid-polostar.c        hid-uclogic-rdesc.h   xorg.conf
digimend-debug    hid-rebind        hid-viewsonic.c
dkms.conf    hid-uclogic-core.c  Makefile

Let's create it using the command

[root@fedora digimend-kernel-drivers]# make dkms_install
...

dkms add .
Creating symlink /var/lib/dkms/digimend/11/source -> /usr/src/digimend-11
dkms build digimend/11

Building module:
cleaning build area...
make -j1 KERNELRELEASE=5.17.9-300.fc36.x86_64 KVERSION=5.17.9-300.fc36.x86_64...
...

Let's check and reboot.

[root@fedora digimend-kernel-drivers]# dkms status
digimend/11, 5.17.9-300.fc36.x86_64, x86_64: installed (original_module exists)
[root@fedora digimend-kernel-drivers]# reboot

After rebooting the diver must be activated and you will see that Linux responds to the movement of the tablet pen.

[root@fedora mythcat]# modprobe -r hid-kye hid-uclogic hid-viewsonic

Install the latest version of inkscape 1.2 using the DNF utility.

Start the inkscape software:

[mythcat@fedora ~]$ inkscape
static bool Inkscape::UI::Dialog::DialogContainer::recreate_dialogs_from_state(InkscapeWindow*, const Glib::KeyFile*): Key
file does not have group “Windows”
Gdk-Message: 15:09:10.534: Error flushing display: Broken pipe

It seems that inkscape does not detect and set the tablet if you use the settings of this software, but you can use the tablet with this software even if you do not set it.

Fedora 36 : Use the ykman tool - part 001.

You can see a full tutorial about how can install this linux tool for yubikey device on this tutorial.

The next command will program a random 38 character long static password to slot 1 on the device:

# ykman otp static 1 --generate --length 38 --force --keyboard-layout US