#!/bin/bash

by Tom Duffy

Okay, this is a subject that gets me going!  I am a bit obsessive about my network security and when WEP first became popular I began using it right away.  Then, as soon as I started hearing rumors about wireless sniffing, packet injection, and WEP cracking I immediately changed the way I look at wireless security.  Obviously, it is important to keep your network secure.  But at what cost?  Some of the security options out there are seriously more effort than they are worth!  Even setting up WPA on my home network was a hassle because I have 5 computers on the network.  Three are various Linux distros, 1 Mac PowerBook, and 1 Windows XP laptop.  I also have an Xbox 360 with a wireless adapter.  In order to get all of these devices connected with WPA, I had to jump through several hoops.  So what is a simple and safe way to secure my wireless network?  Well, in order to answer this, I decided to learn how to crack a WEP key and try to hack my network in various states with different security features.  Here are the results:

1.  64 Bit WEP Without MAC Filtering

This was scary…took me about 3 or 4 minutes to collect enough IV’s to crack the wep key.  If you don’t know what IV’s are, please read about cracking wep here.

2.  128 Bit WEP Without MAC Filtering

This one took a little bit more time, but once there was ARP requests from the router to my wireless adapter, the IV’s started pouring in.  Total crack time was 12 minutes.

3.  WPA Personal TKIP with a 6 character passphrase

Had to relearn the process a little for WPA, but once I got the hang of it this took me about 15 to 20 minutes.

4.  WPA Personal TKIP with a 20 character passphrase

I know that there are people who can crack this…but I simply couldn’t.

5.  WPA AES/TKIP With RADIUS

Couldn’t crack this either.

Okay, so my findings are that WEP is useless right?  Well, not entirely.  I found that by not broadcasting the ESSID and filtering MAC addresses, 128 Bit WEP was enough to make me feel kinda safe.  WPA Personal with a long passphrase was the best option for me.  This is because of the combination of ease of setup and good security.  The reason for the long passphrase is to avoid rainbow table cracking.

So what is the truth about WEP cracking?  Well, the truth is that there aren’t a whole lot of people out there who are any good at it.  A lot of people download BackTrack or another liveCD linux distro with wep cracking tools and they assume that the tools just crack wep for them.  The reality is that the tools that are used for WEP cracking are quite complex.  I personally am not concerned about someone trying to crack my wireless network.  However, I am concerned about my client’s networks.  Business networks should be as secure as possible.  Always.

So, if you just bought a new wireless router and are thinking that you’ve done the right thing by securing it with WEP, please reconsider, but let’s not get paranoid…there isn’t an army of hackers trying to crack your wep key.   I hope that this helps someone!

by Tom Duffy

I stumbled upon this awesome comic strip from www.utopiatheory.com.

by Tom Duffy

I have had a lot of experience trying to get clients to use secure passwords and the common problem that comes up is that secure passwords are often difficult to remember.  So, I came up with a simple solution to this.  Let’s get started:

First, we should pick our favorite song.  For the sake of this tutorial, I will use Stairway To Heaven by Led Zeppelin.  Now, pick a line from the song that is 6 or more words long.  I will use the line “And she’s buying a stairway to heaven”.

Next, take the first letter of each word in that line of the song.  Mine would be:

ASBASTH

Now, alternate between lower case and upper case:

aSbAsTh

Next we will choose a letter in this that can also be represented by a number.  Some examples of this would be to use a 5 instead of an S or a 1 instead of an I.  So, I will use a 5 instead of the capital S:

a5bAsTh

Next, we will add a character that is not alpha-numeric such as a $ or a # and add it to the beginning and end of the string.  I will use a $:

$a5bAsTh$

“$a5bAsTh$” is a very secure password.  A brute-force attack would take a LONG time to break this and a dictionary attack would simply fail.  The best part is that even though this password is very secure, all I have to remember is that line from the song with a “$” on either side of it and a “5″ instead of an “S”.  I recommend this to all of my clients now and it has convinced a lot of computer novices that they can have secure passwords without the worry of forgetting what they are!  I sure hope that this helps some people!

Impressive…Let’s see a Windows machine stay up for that long!

by Tom Duffy

Lately, I have been getting a lot of traffic to my blog from StumbleUpon. This is great! Welcome fellow Stumblers! However, a few Stumblers have complained about my choice in titling my last blog entry with the word “Advanced” claiming that the information I was providing was more “Intermediate” than “Advanced”. Okay…I agree completely. The information I was providing was not very advanced. The reason I chose to name it “Advanced” was because of the massive influx of new Linux users who are not used to this sort of thing. To them, deactivating their NIC from the command line is “Advanced”.

This is all fine and well, but now I have this strange feeling in my gut. It’s a feeling that I used to get when I was dared to do something in elementary school. A feeling that I get when my knowledge or experience is challenged. So, now I feel I must redeem myself with a tutorial on what I would consider a much more “Advanced” Linux topic. So, without further adieu, I give you…xargs.

xargs - silly noob, commands are for piping.

Usually in a Linux or Unix environment, we run commands in order to get information in the form of an output. This output might be a list of strings for example. Then we read that information from the output in order to do something with it. Or we copy and paste part of the output into a new command. Wouldn’t it be easier to just use one command to do all of this for us? Wouldn’t it be easier to have a command’s output automatically used as a parameter for another command? Ladies and gentlemen, please welcome xargs. xargs allows you to execute some other commands on the output. For example, lets say that we want to find files in a directory that are symbolic links or are compressed. Then let’s say that we want search those symbolic links and compressed files for the word “foo”. And then let’s say that we want to have the output of all of this display nice and neat in the form of the ls command. Let’s try this:

file -Lz * | grep foo | cut -d":" -f1 | xargs ls -ltr

Let’s dissect this command string. The first, file -Lz *, finds files that are symbolic links or compressed. It passes the output to the next command, grep foo, which searches for the string “foo” in them and produces the output similar to this:

auth.log:              foo.techremedy.net
auth.log.1.GZ:      foo.techremedy.net (compress'd data 16 bits)

Since we are interested in the file names only, we applied the next command, cut -d”:” -f1, to show the first field only:

auth.log
auth.log.1.GZ

Now, we want to use the ls -l command and pass the above list as parameters, one at a time. The xargs command allowed you to to that. The last part, xargs ls -ltr, takes the output and executes the command ls -ltr against them, as if executing:

ls -ltr auth.log
ls -ltr auth.log.1.GZ

So, as you can see, xargs isn’t so much awesome on its own, but when used with other commands, it’s awesome factor increases significantly.

There is some good information out there about xargs. I recommend the man page. Just type man xargs and you can read it. One thing to point out is that white space, or blank spaces aren’t handled well by xargs at all. So, be sure to use the –null option or the -0 option to overcome this problem. I hope that this is helpful and “Advanced” enough for you fickle Linux folks out there. I will apologize for the unfortunate “Nitty Gritty Linux Hacking” part of the title on my last post. That was just uncalled for! :)

by Tom Duffy

There are so many Photoshop tutorials out there and many of them can be applied to Gimp if you spend some time, but there really aren’t many quality Gimp-Specific tutorials. The following is a tutorial on how to create cool looking Web 2.0 buttons with gimp.  Let’s Get Started!

First…

Open gimp and create a new document that is 200×100 with a transparent background.  Use 72dpi resolution for this document as it will be for the web.

Next choose the rectangle selection tool and create a box selection like so:

Now you will want to click the box next to “Rounded Corners” on your tool bar.  I used a rounded corner value of 15.0 for mine.  Play around with it to see what you like.  Here’s what your rounded selection should look like:

Now choose the paint bucket and fill the rounded rectangle with a bright obnoxious color such as #2f43ff.  Once the rounded rectangle is filled in it should look like this:

Now make a copy of the background layer by right clicking it and choosing “Duplicate Layer”.  Select the background copy and click on the gradient fill tool.  Select black as your foreground color and then choose the “Transparent To Foreground” gradient from the gradient menu.  Create a vertical gradient to your liking.  Mine Looks like this:

Now lower the layer opacity to 60%.  Here’s what it should look like now:

Now it is time to create a new layer and call it buttongloss1.  Now choose the rectangle selection tool again.  It should still have the same rounded corner settings.  Select the top inside portion of the button like so:

Now choose the gradient tool and pick white as your foreground color.  Now create a “Transparent to Foreground” gradient in the selection.  It should look like this:

As soon as we lower the opacity for this layer to about 35% it should look like this:

Next you will want to create a new layer and add dark to transparent gradients to your liking.  This is something that comes down to personal taste and how “3-D” you want it to look.  Just remember that “Transparent to Foreground” gradients coupled with adjusting the layer opacity is your best friend in Web 2.0!  Now create white text in font Sans Bold (in windows it would be Arial Bold).  Add your text and then add a drop shadow to the text.  The final result will look like this:

Well…I hope you enjoyed this tutorial.  If you have questions, please post them as comments and I will try to answer them.  Thanks for stopping by!

Tom

Cron

This file is an introduction to cron, it covers the basics of what cron does,
and how to use it. This was written by cogNiTioN <cognition@attrition.org>

What is cron?

Cron is the name of program that enables unix users to execute commands or
scripts (groups of commands) automatically at a specified time/date. It is
normally used for sys admin commands, like makewhatis, which builds a
search database for the man -k command, or for running a backup script,
but can be used for anything. A common use for it today is connecting to
the internet and downloading your email.

This file will look at Vixie Cron, a version of cron authored by Paul Vixie.

How to start Cron

Cron is a daemon, which means that it only needs to be started once, and will
lay dormant until it is required. A Web server is a daemon, it stays dormant
until it gets asked for a web page. The cron daemon, or crond, stays dormant
until a time specified in one of the config files, or crontabs.

On most Linux distributions crond is automatically installed and entered into
the start up scripts. To find out if it’s running do the following:

cog@pingu $ ps aux | grep crond
root 311 0.0 0.7 1284 112 ? S Dec24 0:00 crond
cog 8606 4.0 2.6 1148 388 tty2 S 12:47 0:00 grep crond

The top line shows that crond is running, the bottom line is the search
we just run.

If it’s not running then either you killed it since the last time you rebooted,
or it wasn’t started.

To start it, just add the line crond to one of your start up scripts. The
process automatically goes into the back ground, so you don’t have to force
it with &. Cron will be started next time you reboot. To run it without
rebooting, just type crond as root:

root@pingu # crond

With lots of daemons, (e.g. httpd and syslogd) they need to be restarted
after the config files have been changed so that the program has a chance
to reload them. Vixie Cron will automatically reload the files after they
have been edited with the crontab command. Some cron versions reload the
files every minute, and some require restarting, but Vixie Cron just loads
the files if they have changed.

Using cron

There are a few different ways to use cron (surprise, surprise).

In the /etc directory you will probably find some sub directories called
‘cron.hourly‘, ‘cron.daily‘, ‘cron.weekly‘ and ‘cron.monthly‘. If you place
a script into one of those directories it will be run either hourly, daily,
weekly or monthly, depending on the name of the directory.

If you want more flexibility than this, you can edit a crontab (the name
for cron’s config files). The main config file is normally /etc/crontab.
On a default RedHat install, the crontab will look something like this:

root@pingu # cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

The first part is almost self explanatory; it sets the variables for cron.

SHELL is the ’shell’ cron runs under. If unspecified, it will default to
the entry in the /etc/passwd file.

PATH contains the directories which will be in the search path for cron
e.g if you’ve got a program ‘foo’ in the directory /usr/cog/bin, it might
be worth adding /usr/cog/bin to the path, as it will stop you having to use
the full path to ‘foo’ every time you want to call it.

MAILTO is who gets mailed the output of each command. If a command cron is
running has output (e.g. status reports, or errors), cron will email the output
to whoever is specified in this variable. If no one if specified, then the
output will be mailed to the owner of the process that produced the output.

HOME is the home directory that is used for cron. If unspecified, it will
default to the entry in the /etc/passwd file.

Now for the more complicated second part of a crontab file.
An entry in cron is made up of a series of fields, much like the /etc/passwd
file is, but in the crontab they are separated by a space. There are normally
seven fields in one entry. The fields are:

minute hour dom month dow user cmd

minute This controls what minute of the hour the command will run on,
and is between ‘0′ and ‘59′
hour This controls what hour the command will run on, and is specified in
the 24 hour clock, values must be between 0 and 23 (0 is midnight)
dom This is the Day of Month, that you want the command run on, e.g. to
run a command on the 19th of each month, the dom would be 19.
month This is the month a specified command will run on, it may be specified
numerically (0-12), or as the name of the month (e.g. May)
dow This is the Day of Week that you want a command to be run on, it can
also be numeric (0-7) or as the name of the day (e.g. sun).
user This is the user who runs the command.
cmd This is the command that you want run. This field may contain
multiple words or spaces.

If you don’t wish to specify a value for a field, just place a * in the
field.

e.g.
01 * * * * root echo “This command is run at one min past every hour”
17 8 * * * root echo “This command is run daily at 8:17 am”
17 20 * * * root echo “This command is run daily at 8:17 pm”
00 4 * * 0 root echo “This command is run at 4 am every Sunday”
* 4 * * Sun root echo “So is this”
42 4 1 * * root echo “This command is run 4:42 am every 1st of the month”
01 * 19 07 * root echo “This command is run hourly on the 19th of July”

Notes:

Under dow 0 and 7 are both Sunday.

If both the dom and dow are specified, the command will be executed when
either of the events happen.
e.g.
* 12 16 * Mon root cmd
Will run cmd at midday every Monday and every 16th, and will produce the
same result as both of these entries put together would:
* 12 16 * * root cmd
* 12 * * Mon root cmd

Vixie Cron also accepts lists in the fields. Lists can be in the form, 1,2,3
(meaning 1 and 2 and 3) or 1-3 (also meaning 1 and 2 and 3).
e.g.
59 11 * * 1,2,3,4,5 root backup.sh
Will run backup.sh at 11:59 Monday, Tuesday, Wednesday, Thursday and Friday,
as will:
59 11 * * 1-5 root backup.sh

Cron also supports ’step’ values.
A value of */2 in the dom field would mean the command runs every two days
and likewise, */5 in the hours field would mean the command runs every
5 hours.
e.g.
* 12 10-16/2 * * root backup.sh
is the same as:
* 12 10,12,14,16 * * root backup.sh

*/15 9-17 * * * root connection.test
Will run connection.test every 15 mins between the hours or 9am and 5pm

Lists can also be combined with each other, or with steps:
* 12 1-15,17,20-25 * * root cmd
Will run cmd every midday between the 1st and the 15th as well as the 20th
and 25th (inclusive) and also on the 17th of every month.
* 12 10-16/2 * * root backup.sh
is the same as:
* 12 10,12,14,16 * * root backup.sh

When using the names of weekdays or months, it isn’t case sensitive, but only
the first three letters should be used, e.g. Mon, sun or Mar, jul.

Comments are allowed in crontabs, but they must be preceded with a ‘#’, and
must be on a line by them self.

Multiuser cron

As Unix is a multiuser OS, some of the apps have to be able to support
multiple users, cron is one of these. Each user can have their own crontab
file, which can be created/edited/removed by the command crontab. This
command creates an individual crontab file and although this is a text file,
as the /etc/crontab is, it shouldn’t be edited directly. The crontab file is
often stored in /var/spool/cron/crontabs/<user> (Unix/Slackware/*BSD),
/var/spool/cron/<user> (RedHat) or /var/cron/tabs/<user> (SuSE),
but might be kept elsewhere depending on what Un*x flavor you’re running.

To edit (or create) your crontab file, use the command crontab -e, and this
will load up the editor specified in the environment variables EDITOR or
VISUAL, to change the editor invoked on Bourne-compliant shells, try:
cog@pingu $ export EDITOR=vi
On C shells:
cog@pingu $ setenv EDITOR vi
You can of course substitute vi for the text editor of your choice.

Your own personal crontab follows exactly the same format as the main
/etc/crontab file does, except that you need not specify the MAILTO
variable, as this entry defaults to the process owner, so you would be mailed
the output anyway, but if you so wish, this variable can be specified.
You also need not have the user field in the crontab entries. e.g.

min hr dom month dow cmd

Once you have written your crontab file, and exited the editor, then it will
check the syntax of the file, and give you a chance to fix any errors.

If you want to write your crontab without using the crontab command, you can
write it in a normal text file, using your editor of choice, and then use the
crontab command to replace your current crontab with the file you just wrote.
e.g. if you wrote a crontab called cogs.cron.file, you would use the cmd

cog@pingu $ crontab cogs.cron.file

to replace your existing crontab with the one in cogs.cron.file.

You can use

cog@pingu $ crontab -l

to list your current crontab, and

cog@pingu $ crontab -r

will remove (i.e. delete) your current crontab.

Privileged users can also change other user’s crontab with:

root@pingu # crontab -u

and then following it with either the name of a file to replace the
existing user’s crontab, or one of the -e, -l or -r options.

According to the documentation the crontab command can be confused by the
su command, so if you running a su‘ed shell, then it is recommended you
use the -u option anyway.

Controlling Access to cron

Cron has a built in feature of allowing you to specify who may, and who
may not use it. It does this by the use of /etc/cron.allow and /etc/cron.deny
files. These files work the same way as the allow/deny files for other
daemons do. To stop a user using cron, just put their name in cron.deny, to
allow a user put their name in the cron.allow. If you wanted to prevent all
users from using cron, you could add the line ALL to the cron.deny file:

root@pingu # echo ALL >>/etc/cron.deny

If you want user cog to be able to use cron, you would add the line cog
to the cron.allow file:

root@pingu # echo cog >>/etc/cron.allow

If there is neither a cron.allow nor a cron.deny file, then the use of cron
is unrestricted (i.e. every user can use it). If you were to put the name of
some users into the cron.allow file, without creating a cron.deny file, it
would have the same effect as creating a cron.deny file with ALL in it.
This means that any subsequent users that require cron access should be
put in to the cron.allow file.

Output from cron

As I’ve said before, the output from cron gets mailed to the owner of the
process, or the person specified in the MAILTO variable, but what if you
don’t want that? If you want to mail the output to someone else, you can
just pipe the output to the command mail.
e.g.

cmd | mail -s “Subject of mail” user

If you wish to mail the output to someone not located on the machine, in the
above example, substitute user for the email address of the person who
wishes to receive the output.

If you have a command that is run often, and you don’t want to be emailed
the output every time, you can redirect the output to a log file (or
/dev/null, if you really don’t want the output).
e,g

cmd >> log.file

Notice we’re using two > signs so that the output appends the log file and
doesn’t clobber previous output.
The above example only redirects the standard output, not the standard error,
if you want all output stored in the log file, this should do the trick:

cmd >> logfile 2>&1

You can then set up a cron job that mails you the contents of the file at
specified time intervals, using the cmd:

mail -s “logfile for cmd” <log.file

Now you should be able to use cron to automate things a bit more.
A future file going into more detail, explaining the differences between
the various different crons and with more worked examples, is planned.

by Tom Duffy

So far, almost every one of my blog posts has been about Linux.  That’s because I use Linux.  But a lot of people out there use Windows and there’s a vast amount of Windows open source software out there.  Want freedom for Windows?  Download WinLibre Here.  WinLibre is an application that gives you access to many open source applications for Windows all in one place.

For those of you who want more advanced open source solutions, check out www.sourceforge.net.  SourceForge is an all out armada of open source software for many different platforms including windows.  If you are a user who simply can’t escape using a Windows operating system, then at least there are open source options to replace many costly Windows based applications.  I mean, why pay for Microsoft Office when you can get OpenOffice for free?  Why use Windows Media Player when you can use MPlayer and have more options?  Why pay for Photoshop when you can use Gimp?  Why pay for DreamWeaver when you can use NVU?

I hope that you check out these open source alternatives to corporate proprietary software for your Windows Computer.

This was the first bash script that I ever wrote…pretty basic, but it is actually somewhat useful! Enjoy.

#!/bin/bash
#my first script

#The Welcoming
read -p "Enter Your Name: " name
clear;
echo "Hello " $name", what would you like me to do? "

sleep 1

#The Menu
echo "..........................."
echo "...........MENU............"
echo
echo "1 Display this months calandar"
echo "2 Display who is logged in"
echo "3 Show active connections"
echo "4 Exit"

read choice

while [[ $choice != 0 ]]
do
case $choice in
1)  clear;
cal;
;;
2)  clear;
who;
;;
3)  clear;
netstat -a;
;;
4)  clear;
echo "Thanks" $name"!"
exit;
;;
*)  clear;
echo "You have entered an invalid option!"
;;
esac
echo "..........................."
echo "...........MENU............"
echo
echo "1 Display this months calandar"
echo "2 Display who is logged in"
echo "3 Show active connections"
echo "4 Exit"
read choice
done

by Tom Duffy

Last week, I was one of those geeks that was constantly refreshing the homepage at www.ubuntu.com, wondering, “Is it up yet?”. Of course, I am refering to the latest LTS (Long Term Support) version of Ubuntu. Version 8.04 (codename “Hardy Heron”) has been anticipated by many in the Open Source and Linux worlds as the distro that could push Linux to the forefront of mainstream desktop computing. Well, when it was finally available, I opted to download a torrent of it since the Ubuntu servers were under heavy strain. The torrent downloaded in about an hour and I was ready to try it out. Here’s what I found:

Installation

When my system booted up for the first time with the Hardy Heron CD, I noticed an immediate change from my previous Gutsy Gibbon install. This was the language selection before choosing boot options. Cool! Well, Moving on from there, the next obvious difference is that the installer and the LiveCD are two seperate things now. (sort of anyway) I like that because booting the installer now takes less time than it did in Gutsy. Anyways, I got the installer up and running and began the process. Nothing new in the install process itself. I did notice that it seemed to take a little longer than Gutsy did. I was happy with the install though.

First Run

Well, after the install I removed the CD and rebooted. I was a little disapointed at how the only obvious changes at first were the wallpaper and some other basic graphical differences. It wasn’t until I started digging in and really using Hardy Heron that I started to notice how impressive this new LTS is! My absolute favorite change is that Ubuntu 8.04 comes with Gnome 2.22, which didn’t look any different to me at first. But under the hood is a list of new features and stability/security updates.

Some of the new features that Gnome 2.22 brings to Hardy Heron are Cheese webcam viewer, Metacity compositing, Google Calendar support in Evolution, and a new remote desktop viewer. Also, GVFS has replaced the old Gnome-VFS system with a completely re-worked backend allowing for applications to use any resource, such as SSH or a Samba share, in a uniform manner. GVFS provides a FUSE hook that allows applications that don’t even support GVFS to use the services provided by it.

After some more tinkering around I found some new applications that are included with Hardy Heron. My favorite of which is Transmission, a BitTorrent client with an interface not too far off from uTorrent. BitTorrent and BitTornado in Gutsy were annoying. Transmission is light weight, yet provides ample torrent management.

There is also a new CD Burning application called Brasero. Making a CD or DVD has never been rocket science, but Brasero truly makes it “idiot proof”.

I wasn’t too pleased that they included firefox 3 because it is still in beta testing. In my opinion, including beta software as important as a web browser in a release of an OS should be left to Microsoft. That said, I’m sure they’ll keep it updated.

Security

There are a ton of security updates for Hardy. The coolest of which is PolicyKit. PolicyKit allows administrators to control the access levels of individual users. Doesn’t sound so cool, right? Well, what’s neat about PolicyKit is that it allows access control for specific sections of software allowing for truly finetuned access control.

All in all I’m impressed that Hardy is living up to the hype. I will say again that I don’t like the use of beta software in a release of an OS, but thats just me I guess. I highly recommend checking Hardy Heron out. If you are currently a Windows user, the Ubuntu Developers included a nifty way for you to install Hardy as an application under your current windows install to try it out! Pretty cool! Please post your comments and let me know what your experience has been with Hardy Heron.

Tom Duffy