Linux Blog

Auto Clean-up Downloaded Files

Filed under: Shell Script Sundays — TheLinuxBlog.com at 11:37 am on Sunday, January 4, 2015

This week I went through my downloads folder, cleaning up erroneous files. In light of that I’ll share a quick tip on how to clean up the multiple copies of files that inevitably pile up. The issue is, when you save a file from firefox or Chrome, the next time you download the file, it just makes another copy with (1) or (2). I have a number of these on multiple systems, so hit the jump for a quick snippet, and explanation.
(Read on …)

Introduction to Investigating Unknown Files on Linux

Filed under: General Linux — TheLinuxBlog.com at 12:00 pm on Saturday, December 20, 2014

Introduction

This article was written by Adam Palmer, a Linux Consultant. It covers the first few steps in basic Linux forensic work – investigating unknown files. Linux provides a range of powerful tools to investigate files and filesystems.

Preparing an Environment

First and foremost, before performing any kind of forensics work on Linux, it’s important to set up a usable environment. Even if you intend to perform ‘read only’ actions, and not run any binaries for example, buffer overflows and other exploit vectors have existed in the tools we’ll be using and so running them on maliciously crafted files could result in a system compromise.
If you intend to analyze files, I recommend using a sandboxed virtual machine with no networking access. The virtual machine should be destroyed and recreated as required. If you plan to analyze a hard disk, I recommend using a write blocker to ensure that nothing can physically be altered on the disk under investigation.

Finding File Type & Status

Using the `file’ utility, we can match the file’s header to a known database:

root@kali:~# file rack.png
rack.png: PNG image data, 576 x 576, 8-bit/color RGBA, non-interlaced

Using the `stat’ utility, we can find out permissions, as well as disk, inode and meta information on the file:

root@kali:~# stat rack.png
  File: `/opt/metasploit/apps/pro/ui/vendor/bundle/ruby/1.9.1/gems/rack-1.4.5/contrib/rack.png'
  Size: 23805     	Blocks: 48         IO Block: 4096   regular file
Device: 801h/2049d	Inode: 6165        Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-12-04 23:45:51.087400697 +0000
Modify: 2013-04-17 20:50:40.000000000 +0100
Change: 2013-04-27 18:10:38.317049114 +0100
 Birth: -

Hexdump

Let’s confirm the `file’ output. According to Wikipedia’s entry on PNGs, a PNG begins with an 8-byte signature: 89 50 4E 47 0D 0A 1A 0A. Let’s use `hexdump’ to confirm this:

root@kali:~# hexdump -C -n8 rack.png 
00000000  89 50 4e 47 0d 0a 1a 0a                           |.PNG....|

Note the arguments provided. -C will print the ASCII data alongside the hexdecimal output, whilst -n8 displays 8 bytes.

Strings

Using `strings’, we are able to locate any ASCII printable strings within a file:

root@kali:~# strings rack.png
IHDR
sRGB
bKGD
	pHYs
tIME
[...]

In this case, there’s little of interest to see, however let’s look at running `strings’ on an executable binary:

root@kali:~# strings /bin/ls
[...]
Try `%s --help' for more information.
Usage: %s [OPTION]... [FILE]...
List information about the FILEs (the current directory by default).
Sort entries alphabetically if none of -cftuvSUX nor --sort is specified.
Mandatory arguments to long options are mandatory for short options too.
  -a, --all                  do not ignore entries starting with .
  -A, --almost-all           do not list implied . and ..
[...]

Interesting.. strings can be used to uncover hidden printable ASCII.

Linked Libraries

Using `ldd’, we can investigate any shared libraries that have been linked in:

root@kali:~# ldd /bin/ls
	linux-gate.so.1 =>  (0xb77a7000)
	libselinux.so.1 => /lib/i386-linux-gnu/libselinux.so.1 (0xb776c000)
	librt.so.1 => /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb7763000)
	libacl.so.1 => /lib/i386-linux-gnu/libacl.so.1 (0xb7758000)
	libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb75f5000)
	libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb75f1000)
	/lib/ld-linux.so.2 (0xb77a8000)
	libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xb75d8000)
	libattr.so.1 => /lib/i386-linux-gnu/libattr.so.1 (0xb75d2000)

Tracing system calls

Using `strace’ we are able to trace system calls. If running an unknown binary, it is especially important to perform this step within a safe sandboxed environment. `strace’ sends its output to stderr, and so we’ll need to redirect that to stdout before being able to work with it using standard stream utilities such as `grep’. Let’s look at any open calls made when running `/bin/ls':

root@kali:~# strace -f /bin/ls 2>&1|grep "open"
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/libselinux.so.1", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/librt.so.1", O_RDONLY) = 3
[...]

The listed entries are required libraries being opened

Further research

Further steps in debugging binaries can be achieved through `ltrace’, `gdb’, `objdump’ and `ndisasm’. Some of these tools have a significant learning curve however enable detailed debugging of unknown binaries

Media Purge

Filed under: General Linux,Linux Software — TheLinuxBlog.com at 8:23 pm on Tuesday, September 16, 2014

In order to reduce the amount of crap stuff I have laying around, in addition to making a box of old hardware to donate, I’ve been going through old Linux CD’s. Deciding which ones to pitch was a harder task than I first thought, so I figured I’d take a methodical approach to it. The criteria was this:

Have I:

Used it recently?
Ever used it?

Does it:

Have a download available?
Have a current community?
Contain customized content?
Have a special meaning?

Will:

I ever use it?
Someone else be able to use it?

Since most of these were burned disks, the only reason to keep something would be if it is not available anymore, has a special meaning, or I’ve used it a bunch and it contains customized content. Based on this, I’ve decided to pitch (in no particular order)
(Read on …)

TheLinuxBlog.com Wrote a Post. You wont believe what happens next.

Filed under: The Linux Blog News — TheLinuxBlog.com at 11:08 pm on Monday, September 8, 2014

It happened, I finally got around to writing a post. Ever since the demise of Google Reader it has been sort of a downward spiral for this blog, my last post almost a year ago. From being number 1 in the search engines for “Linux Blog” to somewhere down on page who knows where and what desperate folks click those links?

I’ve not lost interest in Linux (I’ve used it every day since before the conception of this blog), or writing in general, but perhaps I’ve lost interest or have a lack of time for writing about Linux. There isn’t much to write about that hasn’t already been covered or can’t be for lack of a better term (and because no one uses Bing) “Googled.” I’d ask, what do people want to read about, but I could probably google that, or write about what I think people want to hear about, but that would just be regurgitating content for the sake of it.

This blogs not dead, I’m just going to shift topics a bit and write about what interests me about Linux and tech in general, projects I’m working on or problems encountered and see where that takes it. If I take it back to the beginning and make it fun again perhaps I’ll write more.

Until next time:
“Sorry no catchy closing here”

off to delete the accumulated comment spam now.

xrandr – Set Primary Monitor

Filed under: Linux Hardware,Linux Software,Shell Script Sundays — Owen at 11:04 pm on Sunday, October 27, 2013

I had an issue with my dual monitor setup where my primary monitor was my second, but only in X. Rearranging the monitors in Gnome preferences did nothing to solve the problem. While not exactly a shell script, here is a one-liner to change your primary monitor with xrandr.

#!/bin/bash
xrandr --output DVI-0 --primary

The above uses xrandr to set the primary to DVI-0. I put this in my ~/bin folder, chmod’d and set it to start when Gnome starts. Problem solved!

Raspberry Pi – Awesome!

Filed under: General Linux,Linux Hardware — TheLinuxBlog.com at 3:17 pm on Thursday, October 24, 2013

Raspberry Pi

I never jumped on the Pi bandwagon, sure I thought it was cool but when I wanted one, there were supply demands and the want wore off. I recently purchased a Model B revision Two and have to say I’m very impressed. It is an awesome piece of hardware but what really makes the Raspberry Pi great is the community that has been built around them. There are many projects and tutorials based and plenty of hackers working on tweaking and expanding them. Here are a few of my favorite projects, incase you’ve been living under a rock for the past couple of years like me:
(Read on …)

Login Script to Phone Home

Filed under: Quick Linux Tutorials — TheLinuxBlog.com at 11:59 pm on Monday, October 7, 2013

If you’re a little paranoid like me, you often wonder what will happen if your laptop gets stolen. I’ve seen news articles and the like where an thief happened to steal a laptop and got caught because they stole the wrong persons laptop.


Today we have a one liner that will phone home when a user logs in. While this wont work if you have a password on your laptop, which is recommended, if you keep a dummy account called “User” or “Guest” with no password and the thief happens to log in, you could be in luck.

#!/bin/bash 
ssh -N -R2222:localhost:22 <user>@<yourhost> -p<port> -i /home/<user>/.ssh/id_rsa

The simple SSH command opens up a remote port 2222 to the local port 22 which of course requires SSH to be running locally. It also uses the ssh identity file, for ano password ssh login, and the -N is for no shell. Set it up as an application that starts on login and if that account is set to auto connect to WiFi, it will connect as the user logs in. If you wanted to take it a step further you could combine it with autossh to continue trying to connect. It will also help if you have a static IP or DNS setup so that it will be able to connect if your device unfortunately goes missing.

Logitech 1100 Review

Filed under: Linux Hardware — TheLinuxBlog.com at 6:30 pm on Monday, September 9, 2013

Logitech 1100So, for my birthday two years ago, I got a Logitech 1100 universal remote. I figured having recently having a birthday it was a good time to review the unit since I’ve been using it for a while. Besides, the last post about the Macbook has been on the blog for FAR too long.

I wanted a remote that could control all my devices, add new devices at will and was easy to use. At first, my opinion was that this device is awesome, and thought of all the endless possibilities. In reality I haven’t got to use the device for all the cool stuff I imagined, but it does do a rather good job at what it was designed to do and what I set it up to do. The device its self is a touch screen (not the new multi-touch ones we’re used to) and has a few buttons. You set up activities through the software, select them from the touch screen where it then turns on the devices in the sequence you wish and gives you a touch remote and assigns the 8 physical buttons to whatever device you choose.
(Read on …)

I got a Mac

Filed under: Linux Hardware,The Linux Blog News — TheLinuxBlog.com at 2:05 am on Tuesday, July 9, 2013

I’m not really a huge consumer of hardware, but I today I got a Mac, more specifically a MacBook Air. It is my first brand new computer since I built my desktop which I probably never wrote about. I didn’t pay for it, as it was promotional item from training I signed up for. I had a choice of a Toshiba Ultrabook that never really closes, or the MacBook Air. After I thought about it, the choice was not too hard, I choose the one that would have the higher re-sale value, the better of the two OS’s, and probably better Linux support.

So far I’m impressed, it is a very elegant design, the internal hardware is meh but it does have a SSD which is the first I’ve owned. It would be nice to try and hook up an external monitor, but I’m not sinking any money into it, because I don’t really want to pay the standard $79 apple accessory fee, and am not sure if the thunderbolt port even converts to HDMI, and I’m sure as hell not going to buy a thunderbolt display. There is only two USB ports, which is rather pathetic, even my Netbook manages to squeeze 3, a VGA port and a media card reader in. As far as OSX, I’m not so happy with, it has a few nuances that will take some getting used to, such as the command key which changes the way I use the keyboard (command+t, command+w, etc.) There is probably a fix for that and I’ve already changed some settings to make it more familiar.

My DNS-323 NAS had to have some changes to the Samba config using funplug as it doesn’t connect with SECURITY=SHARE, it has to be SECURITY=USER, not sure why that is. I’m happy to report that my SDR experiments were just as hard with OSX as they were with Linux, I blame that to not really knowing much about radio theory. Other than that, installing XCode, Macports and writing this post I haven’t really had much time to play with it. I’ll stick out using OSX until the training is over, then I’ll look at another OS. Until then, it’ll be VM’s and SSH connections into the desktop PC, which while aging still has more horse power than the Air.

image source: http://www.flickr.com/photos/dansapples/7157645924/

It is almost July!

Filed under: General Linux,The Linux Blog News — TheLinuxBlog.com at 11:54 pm on Tuesday, June 25, 2013

Since I haven’t posted in a while I figured I would, and hopefully start a new trend of writing again. I started a new job last year and had my wife gave birth to our first born in November 2012, since then my time has been somewhat limited, balancing work, life and play. If you take a look at the archives, it is not the first time I’ve taken a multiple break from this Blog.

Well, it’s almost July and you know what that means right? Yep, Google will be shutting down Reader. Their decision never made sense to me since my Feedburner, another Google product statistics show that 90% of my subscriptions are through the Reader service, there are alternatives.

While most people have migrated to other services, those that haven’t should consider doing so, or at least export their feeds to subscribe at a later time.

There are great desktop applications available for most platforms, but I wanted an online reader to sync feeds across multiple machines and read from different locations without having to mark content as read multiple times. The most viable online alternatives to me were Feedly, and TheOldReader.com. The Old Reader won in the end after adding standalone authentication. The interface is familiar as it is pretty much a clone of Google Reader, even the same keyboard shortcuts work.

I hope that when you do find the new feed reader of your choice, you continue to subscribe to TheLinuxBlog, and although it may have been stagnant for a while, I have not abandoned it.

The First Unreal Engine 3 Game Ships for Linux

Filed under: General Linux,Linux Software — TheLinuxBlog.com at 1:23 pm on Friday, January 25, 2013

Guest Post From Davis Miller

Score! a HUGE victory for Linux gaming in 2013! Ryan Gordon confirmed via Twitter that “Dungeon Defenders is an Unreal Engine 3 game on Linux, and it’s the first thing I’ve shipped with SDL 2.0!” The launch of Humble Indie Bundle 7 is a tower defense and action oriented role playing game that was originally designed and released for the standard PC in 2011. Though it began as a development for Unreal Engine 3, it now has a native Linux port.

unreal-engine

The reality of Linux gaming has been in question for years. Interested parties jump in, and then jump out. Plagued by technical and developmental problems, Linux gaming technology has taken nothing more than baby steps over the years. The recent strides leading up to the shipment of a Linux ported games have happened incredibly fast, with no signs of slowing in the near future. (Read on …)

« Previous PageNext Page »