Pages

Tuesday, May 4, 2021

Fedora 33 : The new aureport tool.

The aureport Linux tool allows you to generate summary and columnar reports on the events recorded in log files.
You can see some simple examples with this tool:
[root@desk mythcat]# aureport --tty -ts today

TTY Report
===============================================
# date time event auid term sess comm data
===============================================
<no events of interest were found>

[root@desk mythcat]# aureport --start 12/31/2020 00:00:00 --end 04/05/2021 00:00:01

Summary Report
======================
Range of time in logs: 10/17/2020 22:30:47.765 - 04/04/2021 23:38:30.089
Selected time for report: 12/31/2020 00:00:00 - 04/05/2021 00:00:01
Number of changes in configuration: 76792
Number of changes to accounts, groups, or roles: 11
Number of logins: 10
Number of failed logins: 16
Number of authentications: 460
Number of failed authentications: 59
Number of users: 3
Number of terminals: 16
Number of host names: 3
Number of executables: 56
Number of commands: 76
Number of files: 0
Number of AVC's: 0
Number of MAC events: 0
Number of failed syscalls: 0
Number of anomaly events: 375
Number of responses to anomaly events: 0
Number of crypto events: 35
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 6104
Number of events: 112473

[root@desk mythcat]# aureport -x --summary

Executable Summary Report
=================================
total  file
=================================
128351  (null)
42192  /usr/lib/systemd/systemd
3348  /usr/bin/sudo
1733  /usr/bin/su
971  /snap/anbox/186/usr/bin/anbox
754  /usr/libexec/lxdm-session
702  /usr/lib/systemd/systemd-update-utmp
311  /opt/google/chrome/chrome
119  /usr/sbin/sshd
113  /usr/bin/login
104  /opt/teamviewer/tv_bin/teamviewerd
88  /usr/sbin/runuser
84  /usr/sbin/unix_chkpwd
69  /usr/sbin/auditd
55  /usr/sbin/atd
55  /usr/sbin/auditctl
37  /usr/lib/polkit-1/polkit-agent-helper-1
...
1  /home/mythcat/blender-2.83.12-linux64/blender
...

[root@desk mythcat]# aureport -x | less

Executable Report
====================================
# date time exe term host auid event
====================================
1. 10/17/2020 22:30:47 (null) (none) ? -1 392
2. 10/17/2020 22:30:54 /usr/lib/systemd/systemd ? ? -1 395
3. 10/17/2020 22:31:14 /usr/lib/systemd/systemd ? ? -1 401
4. 10/17/2020 22:31:17 /usr/lib/systemd/systemd ? ? -1 402
5. 10/17/2020 22:31:20 /usr/lib/systemd/systemd ? ? -1 403
6. 10/17/2020 22:31:33 /usr/lib/systemd/systemd ? ? -1 406
7. 10/17/2020 22:31:37 /usr/lib/systemd/systemd ? ? -1 413
8. 10/17/2020 22:31:57 /usr/lib/systemd/systemd ? ? -1 415
9. 10/17/2020 22:32:45 (null) (none) ? -1 421
...

[root@desk mythcat]# aureport -t

Log Time Range Report
=====================
/var/log/audit/audit.log.4: 10/17/2020 22:30:47.765 - 12/21/2020 15:07:09.820
/var/log/audit/audit.log.3: 12/21/2020 15:07:19.925 - 01/30/2021 12:35:50.328
/var/log/audit/audit.log.2: 01/30/2021 12:37:35.586 - 03/08/2021 08:43:18.974
/var/log/audit/audit.log.1: 03/08/2021 08:43:19.034 - 04/27/2021 22:13:39.212
/var/log/audit/audit.log: 04/27/2021 22:13:39.217 - 05/04/2021 21:30:01.648

[root@desk mythcat]# aureport --login --summary -i

Login Summary Report
============================
total  auid
============================
15  unset
10  mythcat
1  unknown(767779) 

Friday, April 30, 2021

Fedora 33 : Start using the Grunt tool.

Grunt is a tool that allows us to automatically run any set of tasks.
This tool solve minification and concatenation issues.
This tutorial is a simple intro with this tool.
[mythcat@desk ~]$ npm install
npm WARN saveError ENOENT: no such file or directory, open '/home/mythcat/package.json'
npm WARN enoent ENOENT: no such file or directory, open '/home/mythcat/package.json'
npm WARN mythcat No description
npm WARN mythcat No repository field.
npm WARN mythcat No README data
npm WARN mythcat No license field.

up to date in 1.017s
found 0 vulnerabilities
I install easy with npm tool:
[mythcat@desk ~]$ sudo npm install -g grunt-cli
[sudo] password for mythcat: 
/usr/local/bin/grunt -> /usr/local/lib/node_modules/grunt-cli/bin/grunt
+ grunt-cli@1.4.2
added 58 packages from 71 contributors in 8.981s


   ╭────────────────────────────────────────────────────────────────╮
   │                                                                │
   │      New major version of npm available! 6.13.4 → 7.11.2       │
   │   Changelog: https://github.com/npm/cli/releases/tag/v7.11.2   │
   │               Run npm install -g npm to update!                │
   │                                                                │
   ╰────────────────────────────────────────────────────────────────╯

Let's update it:
[mythcat@desk ~]$ sudo npm install -g npm 
Each time grunt is run, it looks for a locally installed Grunt using nodes required by the system.
A typical setup will involve adding two files to your project: package.json and the Gruntfile.
These are the Grunt plugins used :
  • Load Grunt Tasks (load-grunt-tasks) 
  • Time Grunt (time-grunt) 
  • PHPLint (grunt-phplint) 
  • JSHint (grunt-contrib-jshint) 
  • Uglify (grunt-contrib-uglify) 
  • Sass (grunt-sass) 
  • Watch (grunt-contrib-watch)
Let's start it with:
[root@desk wordpress]# npm init
This utility will walk you through creating a package.json file.
It only covers the most common items, and tries to guess sensible defaults.

See `npm help init` for definitive documentation on these fields
and exactly what they do.

Use `npm install pkg` afterwards to install a package and
save it as a dependency in the package.json file.

Press ^C at any time to quit.
package name: (wordpress) 
version: (1.0.0) 
description: 
entry point: (index.js) 
test command: 
git repository: 
keywords: 
author: 
license: (ISC) 
About to write to /usr/share/wordpress/package.json:

{
  "name": "wordpress",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC"
}


Is this OK? (yes) yes
[root@desk wordpress]# ls
index.php	    wp-comments-post.php  wp-includes	     wp-settings.php
package.json	    wp-config.php	  wp-links-opml.php  wp-signup.php
wp-activate.php     wp-config-sample.php  wp-load.php	     wp-trackback.php
wp-admin	    wp-content		  wp-login.php	     xmlrpc.php
wp-blog-header.php  wp-cron.php		  wp-mail.php
You can see I set the name of the package: wordpress
[root@desk wordpress]# npm install wordpress --save-dev

added 4 packages, and audited 5 packages in 4s

found 0 vulnerabilities 
The Grunt package will be the first thing to add to your project.
[root@desk wordpress]# npm install grunt --save-dev

added 101 packages, and audited 106 packages in 8s

7 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
The npm fund option provides more visibility to npm users on what dependencies are actively looking for ways to fund their work.
[root@desk wordpress]# npm fund
wordpress@1.0.0
├── https://github.com/sponsors/isaacs
│   └── glob@7.1.6, rimraf@3.0.2
├── https://github.com/sponsors/ljharb
│   └── resolve@1.20.0, is-core-module@2.3.0
├── https://github.com/sponsors/jonschlinkert
│   └── picomatch@2.2.3
└─┬ https://github.com/chalk/chalk?sponsor=1
  │ └── chalk@4.1.1
  └── https://github.com/chalk/ansi-styles?sponsor=1
      └── ansi-styles@4.3.0
You can set to false and run again the command:
[root@desk wordpress]# npm config set fund false --global
[root@desk wordpress]# npm config set fund false 
[root@desk wordpress]# npm install grunt --save-dev

up to date, audited 106 packages in 2s

found 0 vulnerabilities 
The easiest way to add Grunt and grunt_plugins from https://gruntjs.com/plugins is to use this command:
npm install grunt_plugins --save-dev
After each install, you can check the file package.json and see if is updated.
I install these packages:
[root@desk wordpress]# npm install grunt-contrib-uglify grunt-contrib-cssmin grunt-contrib-watch --save-dev

added 58 packages, and audited 164 packages in 8s

found 0 vulnerabilities 
Create a file called Gruntfile.js in the project root:
[root@desk wordpress]# touch Gruntfile.js
[root@desk wordpress]# vim Gruntfile.js 
Add this source code to the file.
module.exports = function(grunt) {

    // Project configuration.
    grunt.initConfig({
        pkg: grunt.file.readJSON('package.json'),
        uglify: {
            options: {
                banner: '/*! <%= pkg.name %> <%= grunt.template.today("yyyy-mm-dd") %> */\n'
            },
            build: {
                src: 'src/js/scripts.js',
                dest: 'js/scripts.min.js'
            }
        },
        cssmin: {
            minify: {
                src: 'src/css/style.css',
                dest: 'css/style.min.css'
            }
        },
        watch: {
            uglify: {
                files: 'src/js/scripts.js',
                tasks: ['uglify']
            },
            cssmin: {
                files: 'src/css/style.css',
                tasks: ['cssmin']
            }
        }
    });

    // Load the plugin that provides the "uglify" task.
    grunt.loadNpmTasks('grunt-contrib-uglify');
    // Load the plugin that provides the "cssmin" task.
    grunt.loadNpmTasks('grunt-contrib-cssmin');
    // Load the plugin that provides the "watch" task.
    grunt.loadNpmTasks('grunt-contrib-watch');

    // Uglify task
    grunt.registerTask('scripts', ['uglify']);
    // CSSMin task
    grunt.registerTask('styles', ['cssmin']);
    // Default task(s).
    grunt.registerTask('default', ['uglify', 'cssmin', 'watch']);
    console.log('... runnning grunt');
    };
Because I create in the setting file some paths the next commands will create paths for these.
[root@desk wordpress]# mkdir src
[root@desk wordpress]# mkdir src/js
[root@desk wordpress]# mkdir src/css
[root@desk wordpress]# touch src/js/scripts.js
[root@desk wordpress]# touch src/css/style.css 
I can see the grunt version.
[mythcat@desk wordpress]$ grunt default -V
grunt-cli v1.4.2
grunt v1.4.0 
Now I can run the command grunt or with a specific task named default.
[root@desk wordpress]# grunt 
... runnning grunt
Running "uglify:build" (uglify) task
>> 1 file created 0 B → 29 B

Running "cssmin:minify" (cssmin) task
>> 1 file created. 92 B → 76 B

Running "watch" task
Waiting...
You can see the default task contains both uglify and the cssmin tasks.
If one module is not installed then you can see this type of message:
[root@desk wordpress]# grunt 
...Local Npm module "grunt-contrib-sass" not found. Is it installed?
Let's install it:
[root@desk wordpress]# npm install grunt-contrib-sass

added 17 packages, and audited 186 packages in 10s

found 0 vulnerabilities
I tried to make changes to the configuration file but it is very restrictive. Most attempts failed.

Tuesday, April 27, 2021

Fedora 33 : Test Days - test the kernel.

Test Days are often focused on testing Changes planned for an upcoming Fedora release, but they also regularly test important areas of the Fedora distribution, like upgrades, internationalization, graphical drivers, desktop environments, kernel updates, and others., see the Test Days webpage.
In today's tutorial I will show you how to test the kernel, see the kernel test week webpage.
Fedora contains the following kernel packages:
kernel — Contains the kernel for single, multicore and multiprocessor systems.
kernel-debug — Contains a kernel with numerous debugging options enabled for kernel diagnosis, at the expense of reduced performance.
kernel-devel — Contains the kernel headers and makefiles sufficient to build modules against the kernel package.
kernel-debug-devel — Contains the development version of the kernel with numerous debugging options enabled for kernel diagnosis, at the expense of reduced performance.
kernel-headers — Includes the C header files that specify the interface between the Linux kernel and user-space libraries and programs. The header files define structures and constants that are needed for building most standard programs.
linux-firmware — Contains all of the firmware files that are required by various devices to operate.
perf — This package contains supporting scripts and documentation for the perf tool shipped in each kernel image subpackage.
kernel-abi-whitelists — Contains information pertaining to the Fedora kernel ABI, including a lists of kernel symbols that are needed by external Linux kernel modules and a dnf plug-in to aid enforcement.
kernel-tools — Contains tools for manipulating the Linux kernel and supporting documentation.
You can see all events from Test Days on this webpage.
First, you need to install koji tool:
[root@desk mythcat]# dnf install koji.
Last metadata expiration check: 1:42:23 ago on Tue 27 Apr 2021 07:08:25 PM EEST.
Package koji-1.24.0-1.fc33.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
The koji tool is the software that builds RPM packages for the Fedora project.
This command show all available kernel builds:
[root@desk mythcat]# koji list-builds --package=kernel --after="2021-04-09"
Build                                                    Built by          State
-------------------------------------------------------  ----------------  ----------------
kernel-5.11.13-100.fc32                                  jforbes           COMPLETE
kernel-5.11.13-200.fc33                                  jforbes           COMPLETE
kernel-5.11.13-300.fc34                                  jforbes           COMPLETE
kernel-5.11.14-100.fc32                                  jforbes           COMPLETE
kernel-5.11.14-200.fc33                                  jforbes           COMPLETE
kernel-5.11.14-300.fc34                                  jforbes           COMPLETE
kernel-5.11.15-100.fc32                                  jforbes           COMPLETE
kernel-5.11.15-200.fc33                                  jforbes           COMPLETE
kernel-5.11.15-300.fc34                                  jforbes           COMPLETE
kernel-5.11.16-100.fc32                                  jforbes           COMPLETE
kernel-5.11.16-200.fc33                                  jforbes           COMPLETE
kernel-5.11.16-300.fc34                                  jforbes           COMPLETE
kernel-5.12.0-0.rc7.189.eln110                           jforbes           COMPLETE
kernel-5.12.0-0.rc7.189.fc35                             jforbes           COMPLETE
kernel-5.12.0-0.rc7.20210416git7e25f40eab52.191.fc35     jforbes           COMPLETE
kernel-5.12.0-0.rc8.191.eln110                           jforbes           COMPLETE
kernel-5.12.0-0.rc8.191.fc35                             jforbes           COMPLETE
kernel-5.12.0-0.rc8.20210423git7af08140979a.193.eln110   jforbes           COMPLETE
kernel-5.12.0-0.rc8.20210423git7af08140979a.193.fc35     jforbes           COMPLETE
kernel-5.12.0-198.eln110                                 jforbes           CANCELED
kernel-5.12.0-198.fc35                                   jforbes           COMPLETE
I download the kernel:
[root@desk mythcat]# koji download-build --arch=x86_64 kernel-5.12.0-198.fc35
Downloading: kernel-debug-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 243.62 KiB / 243.62 KiB
Downloading: kernel-modules-internal-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 399.58 KiB / 399.58 KiB
Downloading: kernel-debug-modules-internal-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 422.61 KiB / 422.61 KiB
Downloading: kernel-debug-modules-extra-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 2.28 MiB / 2.28 MiB
Downloading: kernel-modules-extra-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 2.19 MiB / 2.19 MiB
Downloading: kernel-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 243.52 KiB / 243.52 KiB
Downloading: kernel-debug-core-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 35.78 MiB / 35.78 MiB
Downloading: kernel-modules-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 31.24 MiB / 31.24 MiB
Downloading: kernel-core-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 33.92 MiB / 33.92 MiB
Downloading: kernel-debug-modules-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 31.97 MiB / 31.97 MiB
Downloading: kernel-devel-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 14.51 MiB / 14.51 MiB
Downloading: kernel-debug-devel-5.12.0-198.fc35.x86_64.rpm
[====================================] 100% 14.62 MiB / 14.62 MiB
The last step is update your kernel and see if is working well:
[root@desk mythcat]# dnf update kernel-*.rpm
Last metadata expiration check: 2:01:14 ago on Tue 27 Apr 2021 07:08:25 PM EEST.
The same or higher version of kernel is already installed, cannot update it.
The same or higher version of kernel-core is already installed, cannot update it.
Package kernel-debug not installed, cannot update it.
...
Dependencies resolved.
========================================================================================================
 Package                                  Arch        Version                  Repository          Size
========================================================================================================
Installing:
 kernel                                   x86_64      5.12.0-198.fc35          @commandline       244 k
 kernel-core                              x86_64      5.12.0-198.fc35          @commandline        34 M
 kernel-devel                             x86_64      5.12.0-198.fc35          @commandline        15 M
 kernel-modules                           x86_64      5.12.0-198.fc35          @commandline        31 M
 kernel-modules-extra                     x86_64      5.12.0-198.fc35          @commandline       2.2 M
Installing dependencies:
 bison                                    x86_64      3.6.4-3.fc33             fedora             860 k
 flex                                     x86_64      2.6.4-5.fc33             fedora             311 k
Removing:
 kernel                                   x86_64      5.11.14-200.fc33         @updates             0  
 kernel-core                              x86_64      5.11.14-200.fc33         @updates            74 M
 kernel-devel                             x86_64      5.11.14-200.fc33         @updates            56 M
 kernel-modules                           x86_64      5.11.14-200.fc33         @updates            30 M
 kernel-modules-extra                     x86_64      5.11.14-200.fc33         @updates           1.9 M
Removing dependent packages:
 kmod-nvidia-5.11.14-200.fc33.x86_64      x86_64      3:465.24.02-1.fc33       @@commandline       44 M

Transaction Summary
========================================================================================================
Install  7 Packages
Remove   6 Packages

Total size: 83 M
Total download size: 1.1 M
Is this ok [y/N]: y
...
Installed:
  bison-3.6.4-3.fc33.x86_64                             flex-2.6.4-5.fc33.x86_64                       
  kernel-5.12.0-198.fc35.x86_64                         kernel-core-5.12.0-198.fc35.x86_64             
  kernel-devel-5.12.0-198.fc35.x86_64                   kernel-modules-5.12.0-198.fc35.x86_64          
  kernel-modules-extra-5.12.0-198.fc35.x86_64          
Removed:
  kernel-5.11.14-200.fc33.x86_64                                                                        
  kernel-core-5.11.14-200.fc33.x86_64                                                                   
  kernel-devel-5.11.14-200.fc33.x86_64                                                                  
  kernel-modules-5.11.14-200.fc33.x86_64                                                                
  kernel-modules-extra-5.11.14-200.fc33.x86_64                                                          
  kmod-nvidia-5.11.14-200.fc33.x86_64-3:465.24.02-1.fc33.x86_64                                         

Complete!
If you want to see kernel packages are installed, execute this command:
[root@desk mythcat]# dnf list installed "kernel-*"
Installed Packages
kernel-core.x86_64                                 5.11.15-200.fc33                        @updates     
kernel-core.x86_64                                 5.11.16-200.fc33                        @updates     
kernel-core.x86_64                                 5.12.0-198.fc35                         @@commandline
kernel-devel.x86_64                                5.11.15-200.fc33                        @updates     
kernel-devel.x86_64                                5.11.16-200.fc33                        @updates     
kernel-devel.x86_64                                5.12.0-198.fc35                         @@commandline
kernel-headers.x86_64                              5.11.16-200.fc33                        @updates     
kernel-modules.x86_64                              5.11.15-200.fc33                        @updates     
kernel-modules.x86_64                              5.11.16-200.fc33                        @updates     
kernel-modules.x86_64                              5.12.0-198.fc35                         @@commandline
kernel-modules-extra.x86_64                        5.11.15-200.fc33                        @updates     
kernel-modules-extra.x86_64                        5.11.16-200.fc33                        @updates     
kernel-modules-extra.x86_64                        5.12.0-198.fc35                         @@commandline
kernel-srpm-macros.noarch                          1.0-3.fc33                              @fedora    

Saturday, April 24, 2021

Fedora 33 : Installing Discord software in Fedora Linux.

Today I installed discord software on Fedora 33 Linux distro and it works very well.
As you know this is a software widely used by users.
Discord is a VoIP, instant messaging and digital distribution platform designed for creating communities. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communities called "servers".[note 1] Servers are a collection of persistent chat rooms and voice chat channels. Discord runs on Windows, macOS, Android, iOS, iPadOS, Linux, and in web browsers. As of July 21, 2019, the service has over 250 million users.[9] , see Wikipedia.
Installation is very simple using the DNF utility...
[root@desk mythcat]# dnf install discord.x86_64
Last metadata expiration check: 0:08:52 ago on Sat 24 Apr 2021 07:55:22 PM EEST.
Dependencies resolved.
================================================================================
 Package       Arch       Version           Repository                     Size
================================================================================
Installing:
 discord       x86_64     0.0.14-1.fc33     rpmfusion-nonfree-updates      54 M
Installing dependencies:
 libcxx        x86_64     11.0.0-1.fc33     updates                       252 k
 libcxxabi     x86_64     11.0.0-1.fc33     updates                        84 k

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 54 M
Installed size: 173 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): libcxxabi-11.0.0-1.fc33.x86_64.rpm       273 kB/s |  84 kB     00:00    
(2/3): libcxx-11.0.0-1.fc33.x86_64.rpm          404 kB/s | 252 kB     00:00    
(3/3): discord-0.0.14-1.fc33.x86_64.rpm         9.5 MB/s |  54 MB     00:05    
--------------------------------------------------------------------------------
Total                                           8.5 MB/s |  54 MB     00:06     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : libcxxabi-11.0.0-1.fc33.x86_64                         1/3 
  Installing       : libcxx-11.0.0-1.fc33.x86_64                            2/3 
  Installing       : discord-0.0.14-1.fc33.x86_64                           3/3 
  Running scriptlet: discord-0.0.14-1.fc33.x86_64                           3/3 
  Verifying        : libcxx-11.0.0-1.fc33.x86_64                            1/3 
  Verifying        : libcxxabi-11.0.0-1.fc33.x86_64                         2/3 
  Verifying        : discord-0.0.14-1.fc33.x86_64                           3/3 

Installed:
  discord-0.0.14-1.fc33.x86_64             libcxx-11.0.0-1.fc33.x86_64          
  libcxxabi-11.0.0-1.fc33.x86_64          

Complete!

Tuesday, April 20, 2021

Fedora 33 : The YARA tool for Linux security - part 002.

YARA rules are a way of identifying malware or other issues by creating rules that look for certain characteristics.
This tool was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection.
It was developed with the idea to describe patterns that identify particular strains or entire families of malware.
Let's install it on Fedora 33 Linux distro.
[root@desk mythcat]# dnf search malware
Last metadata expiration check: 0:41:28 ago on Tue 20 Apr 2021 09:50:27 PM EEST.
=========================== Summary Matched: malware ===========================
yara.i686 : Pattern matching Swiss knife for malware researchers
yara.x86_64 : Pattern matching Swiss knife for malware researchers
[root@desk mythcat]# dnf install yara.x86_64
...
Installed:
  yara-4.0.2-2.fc33.x86_64                                                      

Complete!
You can see the help of this tool.
[mythcat@desk ~]$ yara -h
You can create your rules or use these default rules from GitHub.
I download it with git tool:
[mythcat@desk ~]$ git clone https://github.com/Yara-Rules/rules
This is a simple example for detect suspicious strings into bin folder with Linux commands:
[mythcat@desk ~]$ sudo yara rules/utils/suspicious_strings.yar /bin/
[sudo] password for mythcat: 
Misc_Suspicious_Strings /bin//bash
Misc_Suspicious_Strings /bin//sh
Misc_Suspicious_Strings /bin//brotli
Antivirus /bin//mkbundle
Misc_Suspicious_Strings /bin//openssl
Misc_Suspicious_Strings /bin//unzip
Misc_Suspicious_Strings /bin//zipinfo
Misc_Suspicious_Strings /bin//ps
VMWare_Detection /bin//lscpu
Qemu_Detection /bin//lscpu
VMWare_Detection /bin//lsblk
VMWare_Detection /bin//broadwayd
Qemu_Detection /bin//grub2-editenv
Misc_Suspicious_Strings /bin//abrt-retrace-client
Qemu_Detection /bin//grub2-mkstandalone
Qemu_Detection /bin//grub2-mkimage
Qemu_Detection /bin//grub2-mknetdir
...
YARA detection can be easily bypassed since YARA only does pattern/string/signature matching where a more effective method of detecting malware is available and this is a limitation of YARA.
You can see my previous old tutorial about YARA and Fedora 25.

Tuesday, April 13, 2021

Fedora 33 : First steps with manim.

Manim is an engine for precise programmatic animations, designed for creating explanatory math videos like 3Blue1Brown
The documentation can be found on this webpage
First, install with the DNF tool all packages:
[root@desk manim_Projects]# dnf install cairo-devel pango-devel ffmpeg python3-devel 
texlive-scheme-medium texlive-standalone.noarch texlive-collection-latexextra.noarch

Last metadata expiration check: 2:19:22 ago on Tue 13 Apr 2021 08:20:03 PM EEST.
Package cairo-devel-1.16.0-9.fc33.x86_64 is already installed.
Package pango-devel-1.48.4-1.fc33.x86_64 is already installed.
Package ffmpeg-4.3.2-2.fc33.x86_64 is already installed.
Package python3-devel-3.9.2-1.fc33.x86_64 is already installed.
Package texlive-scheme-medium-9:svn54074-35.fc33.noarch is already installed.
Package texlive-standalone-9:svn47136-35.fc33.noarch is already installed.
Package texlive-collection-latexextra-9:svn54851-35.fc33.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Use pip tool to install manim and manimlib.
[mythcat@desk manim_Projects]$ pip install manim
...
[mythcat@desk manim_Projects]$ pip install manimlib
...
You can use --user option argument. A default example from the doc area can be a good test.
from manim import * 

config.background_color = DARK_GRAY
class MovingFrame(Scene):
     def construct(self):
        # Write equations
        equation = MathTex("2x^2-5x+2", "=", "(x-2)(2x-1)")

        # Create animation
        self.play(Write(equation))

        # Add moving frames
        framebox1 = SurroundingRectangle(equation[0], buff=.1)
        framebox2 = SurroundingRectangle(equation[2], buff=.1)

        # Create animations
        self.play(Create(framebox1))  # creating the frame

        self.wait()
        # replace frame 1 with frame 2
        self.play(ReplacementTransform(framebox1, framebox2))
    
        self.wait()
I run it well:
[mythcat@desk manim_Projects]$ /home/mythcat/.local/bin/manim -pl -ql -i follow_me_textxt.py 
This is the result:

Sunday, April 11, 2021

Fedora 34 : Testing the new Fedora 34 beta.

Approaching the release date for Fedora Linux 34, the development team has included a number of testing steps.
For each test stage, some events were set up in which users participate and test the new Fedora distribution. Here are these see events.
Here is a screenshot with the virtualization test step for the ISO file called Fedora 34: x86_64 DVD ISO Beta! from the official page:

Fedora 33 : Use hw-probe to collect hardware details .

This is a project to anonymously collect hardware details of Linux-powered computers over the world and help people collaboratively debug hardware-related issues, check for Linux compatibility and find drivers. 
Probe your computer in order to participate in the project and discover your hardware in detail. Share your probes with Linux developers to debug and fix problems with your computer. 

First, install the hw-probe package with the DNF Linux tool:
[root@desk mythcat]# dnf search hw-probe
Last metadata expiration check: 0:03:35 ago on Sun 11 Apr 2021 03:10:31 PM EEST.
======================== Name Exactly Matched: hw-probe ========================
hw-probe.noarch : Check operability of computer hardware and find drivers
[root@desk mythcat]# dnf install hw-probe.noarch
Last metadata expiration check: 0:03:52 ago on Sun 11 Apr 2021 03:10:31 PM EEST.
Dependencies resolved.
================================================================================
 Package             Architecture  Version                 Repository      Size
================================================================================
Installing:
 hw-probe            noarch        1.5-4.fc33              fedora          93 k
Installing dependencies:
 hdparm              x86_64        9.58-4.fc33             fedora          95 k
 hwinfo              x86_64        21.68-2.fc33            fedora          88 k
 hwinfo-libs         x86_64        21.68-2.fc33            fedora         872 k
 libx86emu           x86_64        3.1-2.fc33              fedora          69 k
 sysstat             x86_64        12.3.1-3.fc33           fedora         433 k
Installing weak dependencies:
 acpica-tools        x86_64        20200925-1.fc33         updates        960 k

Transaction Summary
================================================================================
Install  7 Packages

Total download size: 2.5 M
Installed size: 8.6 M
Is this ok [y/N]: y
...
This tool can be used easy:
[root@desk mythcat]# sudo -E hw-probe -all -upload
WARNING: 'edid-decode' package is not installed
Probe for hardware ... Ok
Reading logs ... Ok
Uploaded to DB, Thank you!

Probe URL: https://linux-hardware.org/?probe=7b4c090391
You can see my hardware on the link result.

Fedora 33 : Using the mutt software with Yahoo.

Mutt is a small but very powerful text-based mail client for Unix operating systems. In this tutorial, I configure mutt with yahoo to read mail account and send mails.
[root@desk mythcat]# dnf install mutt
Last metadata expiration check: 0:04:13 ago on Sat 10 Apr 2021 09:23:41 PM EEST.
Dependencies resolved.
================================================================================
 Package         Arch      Version                             Repository  Size
================================================================================
Installing:
 mutt            x86_64    5:2.0.5-1.fc33                      updates    1.9 M
Installing dependencies:
 tokyocabinet    x86_64    1.4.48-16.fc33                      fedora     506 k
 urlview         x86_64    0.9-28.20131022git08767a.fc33       fedora      31 k

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 2.4 M
Installed size: 8.6 M
Is this ok [y/N]: y
...
Installed:
  mutt-5:2.0.5-1.fc33.x86_64                                                    
  tokyocabinet-1.4.48-16.fc33.x86_64                                            
  urlview-0.9-28.20131022git08767a.fc33.x86_64                                  

Complete!
The mutt should be compiled with support for tls, you can see all of these with this command:
[root@desk ~]# mutt -v | grep tls
Configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' 
...ode>
Let's create all settings for the mutt software with vi editor:
[root@desk mythcat]# vi ~/.muttrc
set imap_user = "catafest@yahoo.com"
set imap_pass = "your-generate-app-password"
set smtp_url = "smtp://catafest@yahoo.com@smtp.mail.yahoo.com:587"
set smtp_pass = "your-generate-app-password"
set from = "catafest@yahoo.com"
set realname = "Catalin George Festila"
set folder = "imaps://catafest@yahoo.com@imap.mail.yahoo.com:993"
set spoolfile = "+INBOX"
set postponed="+[Yahoo]/Drafts"
set header_cache = "~/.mutt/cache/headers"
set message_cachedir = "~/.mutt/cache/bodies"
set certificate_file = "~/.mutt/certificates"
set move = no
set sort = 'threads'
set sort_aux = 'last-date-received'
set imap_check_subscribed
set ssl_force_tls = yes
set abort_nosubject = no
set mail_check = 60
set timeout = 10
set sort = "reverse-date-received"
set signature = "~/.mutt/signature"
set copy = no
set imap_keepalive = 900
Then use this command to run it:
[root@desk ~]# mutt
See the result:

Thursday, March 18, 2021

Fedora 33 : The balenaEtcher tool.

You can flash OS images to SD cards & USB drives, safely and easily with this balenaEtcher.
You can flash from a file, URL, or clone a drive.
I download the AppImage and I run it easily on Fedora with an ISO Linux image antiX for an old laptop.
[mythcat@desk ~]$ ./balenaEtcher-1.5.116-x64.AppImage 
ready-to-show: 1816.354ms
Checking for update
Update for version 1.5.116 is not available (latest version: 1.5.116, downgrade is disallowed).
...

Monday, March 8, 2021

Fedora 33 : Unity FPS Microgame.

Today I tested the FPS Microgame from learning area of Unity 3D with Fedora linux distro.
The project works great even my hardware is old.
This is an screenshot of the running process of the project.

Sunday, March 7, 2021

Fedora 33 : Electron based terminal named Hyper.

Hyper is an Electron-based terminal built on HTML/CSS/JS.
About Electron is an open-source software framework developed and maintained by GitHub.
The original Hyper renderer was based on the DOM, and now Hyper 3 use Electron from V1 to V3 and is tested with V4.
You can install multiple plugins and themes to make your work easier.
The install process is easy, just download the RPM package and use the DNF tool to install it:
[root@desk mythcat]# dnf install Downloads/hyper-3.0.2.x86_64.rpm 
Last metadata expiration check: 0:14:49 ago on Sun 07 Mar 2021 11:22:49 AM EET.
Dependencies resolved.
================================================================================
 Package        Architecture    Version             Repository             Size
================================================================================
Installing:
 hyper          x86_64          3.0.2-3440          @commandline           37 M

Transaction Summary
================================================================================
Install  1 Package

Total size: 37 M
Installed size: 141 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : hyper-3.0.2-3440.x86_64                                1/1 
  Running scriptlet: hyper-3.0.2-3440.x86_64                                1/1 
  Verifying        : hyper-3.0.2-3440.x86_64                                1/1 

Installed:
  hyper-3.0.2-3440.x86_64                                                       

Complete!
The Hyper terminal is installed on the LXDE main menu on the Other submenu.
You can find more information on the official webpage.
The next image is a screenshot from my Fedora 33 distro with Hyper terminal.

Sunday, February 28, 2021

Fedora 33 : Unity Platformer Microgame 2D.

This Microgame Template is a classic 2D platform game that you can mod and make your own. Check out the Creative Mods to tweak the project and add your own levels, while learning the basics of Unity. Viewing from the Learn tab in the Unity Hub? Click Download Project > Open Project to automatically open it in Unity. Viewing from the Unity Learn website? Simply go to the Learn tab in the Unity Hub and search for this Microgame, or manually import it via the Asset Store link below.
I download the Unity Editor and Unity Hub AppImage.
I run the UnityHub.AppImage and I set the path of Unity Editor into settings area.
I login with my Unity account and on learning area in UnityHub application I download the Platformer Microgame.
I select to follow the tutorial on Unity I.D.E. environment.
You can see in the next screenshot how this works: