This week I went through my downloads folder, cleaning up erroneous files. In light of that I’ll share a quick tip on how to clean up the multiple copies of files that inevitably pile up. The issue is, when you save a file from firefox or Chrome, the next time you download the file, it just makes another copy with (1) or (2). I have a number of these on multiple systems, so hit the jump for a quick snippet, and explanation.
(Read on …)
This article was written by Adam Palmer, a Linux Consultant. It covers the first few steps in basic Linux forensic work – investigating unknown files. Linux provides a range of powerful tools to investigate files and filesystems.
First and foremost, before performing any kind of forensics work on Linux, it’s important to set up a usable environment. Even if you intend to perform ‘read only’ actions, and not run any binaries for example, buffer overflows and other exploit vectors have existed in the tools we’ll be using and so running them on maliciously crafted files could result in a system compromise.
If you intend to analyze files, I recommend using a sandboxed virtual machine with no networking access. The virtual machine should be destroyed and recreated as required. If you plan to analyze a hard disk, I recommend using a write blocker to ensure that nothing can physically be altered on the disk under investigation.
Using the `file’ utility, we can match the file’s header to a known database:
root@kali:~# file rack.png rack.png: PNG image data, 576 x 576, 8-bit/color RGBA, non-interlaced |
Using the `stat’ utility, we can find out permissions, as well as disk, inode and meta information on the file:
root@kali:~# stat rack.png File: `/opt/metasploit/apps/pro/ui/vendor/bundle/ruby/1.9.1/gems/rack-1.4.5/contrib/rack.png' Size: 23805 Blocks: 48 IO Block: 4096 regular file Device: 801h/2049d Inode: 6165 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2014-12-04 23:45:51.087400697 +0000 Modify: 2013-04-17 20:50:40.000000000 +0100 Change: 2013-04-27 18:10:38.317049114 +0100 Birth: - |
Let’s confirm the `file’ output. According to Wikipedia’s entry on PNGs, a PNG begins with an 8-byte signature: 89 50 4E 47 0D 0A 1A 0A. Let’s use `hexdump’ to confirm this:
root@kali:~# hexdump -C -n8 rack.png 00000000 89 50 4e 47 0d 0a 1a 0a |.PNG....| |
Note the arguments provided. -C will print the ASCII data alongside the hexdecimal output, whilst -n8 displays 8 bytes.
Using `strings’, we are able to locate any ASCII printable strings within a file:
root@kali:~# strings rack.png IHDR sRGB bKGD pHYs tIME [...] |
In this case, there’s little of interest to see, however let’s look at running `strings’ on an executable binary:
root@kali:~# strings /bin/ls [...] Try `%s --help' for more information. Usage: %s [OPTION]... [FILE]... List information about the FILEs (the current directory by default). Sort entries alphabetically if none of -cftuvSUX nor --sort is specified. Mandatory arguments to long options are mandatory for short options too. -a, --all do not ignore entries starting with . -A, --almost-all do not list implied . and .. [...] |
Interesting.. strings can be used to uncover hidden printable ASCII.
Using `ldd’, we can investigate any shared libraries that have been linked in:
root@kali:~# ldd /bin/ls linux-gate.so.1 => (0xb77a7000) libselinux.so.1 => /lib/i386-linux-gnu/libselinux.so.1 (0xb776c000) librt.so.1 => /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb7763000) libacl.so.1 => /lib/i386-linux-gnu/libacl.so.1 (0xb7758000) libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb75f5000) libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb75f1000) /lib/ld-linux.so.2 (0xb77a8000) libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xb75d8000) libattr.so.1 => /lib/i386-linux-gnu/libattr.so.1 (0xb75d2000) |
Using `strace’ we are able to trace system calls. If running an unknown binary, it is especially important to perform this step within a safe sandboxed environment. `strace’ sends its output to stderr, and so we’ll need to redirect that to stdout before being able to work with it using standard stream utilities such as `grep’. Let’s look at any open calls made when running `/bin/ls':
root@kali:~# strace -f /bin/ls 2>&1|grep "open" open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/i386-linux-gnu/libselinux.so.1", O_RDONLY) = 3 open("/lib/i386-linux-gnu/i686/cmov/librt.so.1", O_RDONLY) = 3 [...] |
The listed entries are required libraries being opened
Further steps in debugging binaries can be achieved through `ltrace’, `gdb’, `objdump’ and `ndisasm’. Some of these tools have a significant learning curve however enable detailed debugging of unknown binaries
In order to reduce the amount of crap stuff I have laying around, in addition to making a box of old hardware to donate, I’ve been going through old Linux CD’s. Deciding which ones to pitch was a harder task than I first thought, so I figured I’d take a methodical approach to it. The criteria was this:
Have I:
Used it recently?
Ever used it?
Does it:
Have a download available?
Have a current community?
Contain customized content?
Have a special meaning?
Will:
I ever use it?
Someone else be able to use it?
Since most of these were burned disks, the only reason to keep something would be if it is not available anymore, has a special meaning, or I’ve used it a bunch and it contains customized content. Based on this, I’ve decided to pitch (in no particular order)
(Read on …)
It happened, I finally got around to writing a post. Ever since the demise of Google Reader it has been sort of a downward spiral for this blog, my last post almost a year ago. From being number 1 in the search engines for “Linux Blog” to somewhere down on page who knows where and what desperate folks click those links?
I’ve not lost interest in Linux (I’ve used it every day since before the conception of this blog), or writing in general, but perhaps I’ve lost interest or have a lack of time for writing about Linux. There isn’t much to write about that hasn’t already been covered or can’t be for lack of a better term (and because no one uses Bing) “Googled.” I’d ask, what do people want to read about, but I could probably google that, or write about what I think people want to hear about, but that would just be regurgitating content for the sake of it.
This blogs not dead, I’m just going to shift topics a bit and write about what interests me about Linux and tech in general, projects I’m working on or problems encountered and see where that takes it. If I take it back to the beginning and make it fun again perhaps I’ll write more.
Until next time:
“Sorry no catchy closing here”
off to delete the accumulated comment spam now.
I had an issue with my dual monitor setup where my primary monitor was my second, but only in X. Rearranging the monitors in Gnome preferences did nothing to solve the problem. While not exactly a shell script, here is a one-liner to change your primary monitor with xrandr.
#!/bin/bash xrandr --output DVI-0 --primary |
The above uses xrandr to set the primary to DVI-0. I put this in my ~/bin folder, chmod’d and set it to start when Gnome starts. Problem solved!
I never jumped on the Pi bandwagon, sure I thought it was cool but when I wanted one, there were supply demands and the want wore off. I recently purchased a Model B revision Two and have to say I’m very impressed. It is an awesome piece of hardware but what really makes the Raspberry Pi great is the community that has been built around them. There are many projects and tutorials based and plenty of hackers working on tweaking and expanding them. Here are a few of my favorite projects, incase you’ve been living under a rock for the past couple of years like me:
(Read on …)
If you’re a little paranoid like me, you often wonder what will happen if your laptop gets stolen. I’ve seen news articles and the like where an thief happened to steal a laptop and got caught because they stole the wrong persons laptop.
Today we have a one liner that will phone home when a user logs in. While this wont work if you have a password on your laptop, which is recommended, if you keep a dummy account called “User” or “Guest” with no password and the thief happens to log in, you could be in luck.
#!/bin/bash ssh -N -R2222:localhost:22 <user>@<yourhost> -p<port> -i /home/<user>/.ssh/id_rsa |
The simple SSH command opens up a remote port 2222 to the local port 22 which of course requires SSH to be running locally. It also uses the ssh identity file, for ano password ssh login, and the -N is for no shell. Set it up as an application that starts on login and if that account is set to auto connect to WiFi, it will connect as the user logs in. If you wanted to take it a step further you could combine it with autossh to continue trying to connect. It will also help if you have a static IP or DNS setup so that it will be able to connect if your device unfortunately goes missing.
So, for my birthday two years ago, I got a Logitech 1100 universal remote. I figured having recently having a birthday it was a good time to review the unit since I’ve been using it for a while. Besides, the last post about the Macbook has been on the blog for FAR too long.
I wanted a remote that could control all my devices, add new devices at will and was easy to use. At first, my opinion was that this device is awesome, and thought of all the endless possibilities. In reality I haven’t got to use the device for all the cool stuff I imagined, but it does do a rather good job at what it was designed to do and what I set it up to do. The device its self is a touch screen (not the new multi-touch ones we’re used to) and has a few buttons. You set up activities through the software, select them from the touch screen where it then turns on the devices in the sequence you wish and gives you a touch remote and assigns the 8 physical buttons to whatever device you choose.
(Read on …)
I’m not really a huge consumer of hardware, but I today I got a Mac, more specifically a MacBook Air. It is my first brand new computer since I built my desktop which I probably never wrote about. I didn’t pay for it, as it was promotional item from training I signed up for. I had a choice of a Toshiba Ultrabook that never really closes, or the MacBook Air. After I thought about it, the choice was not too hard, I choose the one that would have the higher re-sale value, the better of the two OS’s, and probably better Linux support.
So far I’m impressed, it is a very elegant design, the internal hardware is meh but it does have a SSD which is the first I’ve owned. It would be nice to try and hook up an external monitor, but I’m not sinking any money into it, because I don’t really want to pay the standard $79 apple accessory fee, and am not sure if the thunderbolt port even converts to HDMI, and I’m sure as hell not going to buy a thunderbolt display. There is only two USB ports, which is rather pathetic, even my Netbook manages to squeeze 3, a VGA port and a media card reader in. As far as OSX, I’m not so happy with, it has a few nuances that will take some getting used to, such as the command key which changes the way I use the keyboard (command+t, command+w, etc.) There is probably a fix for that and I’ve already changed some settings to make it more familiar.
My DNS-323 NAS had to have some changes to the Samba config using funplug as it doesn’t connect with SECURITY=SHARE, it has to be SECURITY=USER, not sure why that is. I’m happy to report that my SDR experiments were just as hard with OSX as they were with Linux, I blame that to not really knowing much about radio theory. Other than that, installing XCode, Macports and writing this post I haven’t really had much time to play with it. I’ll stick out using OSX until the training is over, then I’ll look at another OS. Until then, it’ll be VM’s and SSH connections into the desktop PC, which while aging still has more horse power than the Air.
image source: http://www.flickr.com/photos/dansapples/7157645924/
Since I haven’t posted in a while I figured I would, and hopefully start a new trend of writing again. I started a new job last year and had my wife gave birth to our first born in November 2012, since then my time has been somewhat limited, balancing work, life and play. If you take a look at the archives, it is not the first time I’ve taken a multiple break from this Blog.
Well, it’s almost July and you know what that means right? Yep, Google will be shutting down Reader. Their decision never made sense to me since my Feedburner, another Google product statistics show that 90% of my subscriptions are through the Reader service, there are alternatives.
While most people have migrated to other services, those that haven’t should consider doing so, or at least export their feeds to subscribe at a later time.
There are great desktop applications available for most platforms, but I wanted an online reader to sync feeds across multiple machines and read from different locations without having to mark content as read multiple times. The most viable online alternatives to me were Feedly, and TheOldReader.com. The Old Reader won in the end after adding standalone authentication. The interface is familiar as it is pretty much a clone of Google Reader, even the same keyboard shortcuts work.
I hope that when you do find the new feed reader of your choice, you continue to subscribe to TheLinuxBlog, and although it may have been stagnant for a while, I have not abandoned it.
Guest Post From Davis Miller
Score! a HUGE victory for Linux gaming in 2013! Ryan Gordon confirmed via Twitter that “Dungeon Defenders is an Unreal Engine 3 game on Linux, and it’s the first thing I’ve shipped with SDL 2.0!” The launch of Humble Indie Bundle 7 is a tower defense and action oriented role playing game that was originally designed and released for the standard PC in 2011. Though it began as a development for Unreal Engine 3, it now has a native Linux port.
The reality of Linux gaming has been in question for years. Interested parties jump in, and then jump out. Plagued by technical and developmental problems, Linux gaming technology has taken nothing more than baby steps over the years. The recent strides leading up to the shipment of a Linux ported games have happened incredibly fast, with no signs of slowing in the near future. (Read on …)
