Devil505
Diego
eugeni
fabiolone
Giacomo
Ingo
Jonathan
kiddo
Linux-Planet
Linuxindetails
Scurz
shredder12
teguh
TForsman
theclimber
yohoGoogleCL brings Google services to the command line.
We currently support the following Google services:
Blogger
$ google blogger post –title “foo” “command line posting”
Calendar
$ google calendar add “Lunch with Jim at noon tomorrow”
Contacts
$ google contacts list name,email > contacts.csv
Docs
$ google docs edit –title “Shopping list”
Picasa
$ google picasa create –title “Cat Photos” ~/photos/cats/*.jpg
Youtube
$ google youtube post –category Education killer_robots.avi

Running Linux system inside a chroot environment allows a system admin to decrease an impact on a production server when the server gets compromised. Change root will change root directory to all current running processes and its children to a chroot jail. Testing of various package installations and server configuration in a chrooted environment can be another handy way how to utilize a chroot jail.
This tutorial will provide a reader with step by step guide on how to install Debian with ssh daemon inside chroot environment using debootstrap.
1. Install chroot environment
In the first step we will create a directory in which new chroot environment will reside. For convenience during the installation we also declare temporary bash shell variable CHROOT to hold a path to chroot environment.
# mkdir -p /mnt/chroot/squeeze
# CHROOT=/mnt/chroot/squeeze
When new chroot directory is ready we will use debootstrap to install new Debian system within chroot environment. Change the architecture and debian version according to your needs. The installation may take some time as debootstrap will use your specified mirror to download and install core packages. Choose the closest mirror as it will rapidly reduce the installation time.
# debootstrap –arch i386 squeeze \
$CHROOT
At the end of the installation you should seed output similar to the one below:
I: Configuring debian-archive-keyring…
I: Configuring apt…
I: Configuring libept0…
I: Configuring apt-utils…
I: Configuring aptitude…
I: Configuring tasksel-data…
I: Configuring tasksel…
I: Base system installed successfully.
Connect your host proc system with chroot environment by mounting within chroot directory. This allows chroot access a hardware of your host system.
# mount -t proc proc $CHROOT/proc
# mount -t devpts devpts $CHROOT/dev/pts
2. Configuration
Now, we are ready to login into chroot and do some basic configuration. To not let aour selfs confuse with host and chroot environment we first change a root’s PS1 variable to change a shell prompt to “CHROOT-squeeze:~#” . This step is optional but recommended: First login to chroot:
# chroot $CHROOT /bin/bash –login
execute a following command to permanently change root’s shell prompt and exit:
CHROOT-squeeze:~# echo ‘PS1=”CHROOT-squeeze:\w# “‘ >> ~/.bashrc
CHROOT-squeeze:~# exit
Next time you enter chroot environment you will have a new shell prompt:
# chroot $CHROOT /bin/bash –login
From this point on all commands which should be executes within chroot environment will have a prefix:
CHROOT-squeeze:~#
Next we will install and reconfigure locales.
CHROOT-squeeze:~# apt-get install locales
Now reconfigure your locales. For example if you are form Australia you add – en_AU ISO-8859-1 – en_AU.UTF-8 UTF-8 and choose : en_AU
# dpkg-reconfigure locales
3. Install chroot ssh daemon
Now we are ready to install any service within chroot environment. Let’s start with ssh as this will allow us to login to chroot using ssh connection from LAN or WAN.:
NOTE: installation of vim is optional
CHROOT-squeeze:~# apt-get install vim ssh
Configure chrooted ssh service to listen on different port than 22 as it is most likely already occupied by your host system.
3.1. Configure ssh
Edit a sshd_config file:
CHROOT-squeeze:~# vi /etc/ssh/sshd_config
and change line Port 22 to:
Port 2222
Restart a chroot sshd:
CHROOT-squeeze:~# /etc/init.d/ssh restart
Change a password for a chrooted root user:
CHROOT-squeeze:~# passwd
4. Login remotely to chroot
If all went well we now should be able to login to new chroot environment using ssh:
ssh root@localhost -p 2222
5. Fine tune chroot
chroot ssh daemon will not start automatically when you turn on your host operation system. Therefore, create a simple shell script to do that task:
/etc/init.d/chroot-squeeze :
#!/bin/bash
CHROOT=/mnt/chroot/squeeze # change
mount -t devpts devpts $CHROOT/dev/pts
mount -t proc proc $CHROOT/proc
chroot $CHROOT /etc/init.d/ssh start
and as a last step make a simbolic link to /etc/rc2.d/:
# ln -s /etc/init.d/chroot-squeeze /etc/rc2.d/S98chroot-squeeze
Now you should have a fully functional chroot environment. Feel free to explore and install additional services.

This article describes how you can monitor your Postfix mailserver with the tools Mailgraph and pflogsumm. Mailgraph creates daily, weekly, monthly, and yearly graphs of sent, received, bounced, and rejected emails and also of spam and viruses, if SpamAssassin and ClamAV are integrated into Postfix (e.g. using amavisd-new). These graphs can be accessed with a browser, whereas pflogsumm (“Postfix Log Entry Summarizer”) can be used to send reports of Postfix activity per email.
In the following I will describe how to install and configure Mailgraph and pflogsumm on Debian Lenny.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
In this tutorial my Linux system has the IP address 192.168.0.100 and hosts the web site http://www.example.com with the document root /var/www/www.example.com/web and a cgi-bin directory of /var/www/www.example.com/cgi-bin, and I will send the pflogsumm reports to the email address postmaster@example.com.

#!/usr/bin/env python
import ConfigParser
import os
import time
# On Debian, /etc/mysql/debian.cnf contains ‘root’ a like login and password.
config = ConfigParser.ConfigParser()
config.read(“/etc/mysql/debian.cnf”)
username = config.get(‘client’, ‘user’)
password = config.get(‘client’, ‘password’)
hostname = config.get(‘client’, ‘host’)
filestamp = time.strftime(‘%Y-%m-%d’)
# Get a list of databases with :
database_list_command=”mysql -u %s -p%s -h %s –silent -N -e ‘show databases’” % (username, password, hostname)
for database in os.popen(database_list_command).readlines():
database = database.strip()
if database == ‘information_schema’:
continue
filename = “/backups/mysql/%s-%s.sql” % (database, filestamp)
os.popen(“mysqldump -u %s -p%s -h %s -e –opt -c %s | gzip -c > %s.gz” % (username, password, hostname, database, filename))
you can use this to remove old backup
find /backups/mysql -mtime +5 -print | xargs -r rm

/usr/bin/VBoxHeadless
You should have the message below :
Sun VirtualBox Headless Interface 3.1.4
(C) 2008-2010 Sun Microsystems, Inc.
All rights reserved.
Usage:
-s, -startvm, –startvm <name|uuid> Start given VM (required argument)
-v, -vrdp, –vrdp on|off|config Enable (default) or disable the VRDP
server or don’t change the setting
-p, -vrdpport, –vrdpport <ports> Comma-separated list of ports the VRDP
server can bind to. Use a dash between
two port numbers to specify a range
-a, -vrdpaddress, –vrdpaddress <ip> Interface IP the VRDP will bind to
-c, -capture, –capture Record the VM screen output to a file
-w, –width Frame width when recording
-h, –height Frame height when recording
-r, –bitrate Recording bit rate when recording
-f, –filename File name when recording. The codec
used will be chosen based on the
file extension


I was looking for a way to easily share documents between machines, since WebDAV shares can be accessed by Windows, Linux or Mac machines out of the box, I choose WebDAV over SSL. I don’t use SSL for anything so WebDAV is served from DocumentRoot. I’ve been using it for a few days, so far it beats carrying USB sticks around.
Enable relevant Apache modules,
<code class=" apache">a2enmod ssl a2enmod dav_fs a2enmod <span class="keyword">dav</span> </code>
Create SSL certificate,
<code class=" cpp"> mkdir /etc/apache2/ssl<br /> openssl req $@ -<span class="keyword">new</span> -x509 -days <span class="number">365</span> -nodes -out /etc/apache2/ssl/apache.pem \<br /> -keyout /etc/apache2/ssl/apache.pem<br /> chmod <span class="number">600</span> /etc/apache2/ssl/apache.pem<br /></code>
Create your WebDAV directory and create a password file,
<code class=" sql">mkdir /path/<span class="keyword">to</span>/webdav/<br />chown www-data /path/<span class="keyword">to</span>/webdav/<br />htpasswd -c /path/<span class="keyword">to</span>/passwd.dav <span class="keyword">user</span><br /></code>
Edit and add the following snippet to the configuration for the host you want to enable WebDAV,
<code class=" apache"> <span class="tag"><VirtualHost *:443></span><br /> <span class="keyword">ServerAdmin</span> <span class="keyword">user</span>@host.com<br /> <span class="keyword">DocumentRoot</span> /path/to/webdav<br /><br /> <span class="keyword">SSLEngine</span> <span class="literal">on</span><br /> <span class="keyword">SSLCertificateFile</span> /etc/apache2/ssl/apache.pem<br /><br /> <span class="tag"><Directory /path/to/webdav/></span><br /> <span class="keyword">DAV</span> <span class="literal">On</span><br /> <span class="keyword">AuthType</span> Basic<br /> <span class="keyword">AuthName</span> <span class="string">"webdav"</span><br /> <span class="keyword">AuthUserFile</span> /path/to/passwd.<span class="keyword">dav</span><br /> <span class="keyword">Require</span> valid-<span class="keyword">user</span><br /> <span class="tag"></Directory></span><br /><br /> <span class="keyword">ErrorLog</span> /path/to/webdav/error.log<br /> <span class="keyword">CustomLog</span> /path/to/webdav/access.log combined<br /> <span class="tag"></VirtualHost></span><br /></code>
Reload Apache configuration,
<code>/etc/init.d/apache2 reload<br /><br />from <a target="_blank" href="http://nakkaya.com/2010/03/05/webdav-ssl-on-debian/">here</a><br /></code>


sameone thanks me for the post
Riak combines a decentralized key-value store, a flexible map/reduce engine, and a friendly HTTP/JSON query interface to provide a database ideally suited for Web applications.
Schema-free document databases are in many ways a more natural fit for Web applications than the traditional RDBMS. With interfaces that are natural and convenient for rapid development, and a lack of object-relational mappers and other heavy middleware, applications can be both simpler and more powerful.
Developed with solid distributed systems fundamentals from the start, Riak scales out to meet your needs. It also scales down easily, making development and prototyping easy.
A truly fault-tolerant system, no aspect of Riak involves single points of failure. Since no machines are special or central, the user of Riak can decide exactly how fault-tolerant they would like their application to be.
you can find more here
and a perfect howto to install it here


from here
Install Apache radius module :
1 |
apt-get install libapache2-mod-auth-radius |
enable radius module for Apache :
1 |
a2enmod auth_radius |
open /etc/apache2/apache2.conf and add the following lines to end of file :
1 |
AddRadiusAuth IP_OF_RADIUS_SERVER:PORT SECRET 5 |
2 |
AddRadiusCookieValid 60 |
go to /var/www folder or the folder which you want to protect and create a .htaccess file inside it containing following lines :
1 |
AuthType Basic |
2 |
AuthName "AdminseHow Radius Authentication" |
3 |
AuthBasicAuthoritative Off |
4 |
AuthBasicProvider radius |
5 |
AuthRadiusAuthoritative on |
6 |
AuthRadiusActive On |
7 |
Require valid-user |
restart Apache :
1 |
/etc/init.d/apache2 restart |
for more info regarding the configuration options , you can read the following link :
http://freeradius.org/mod_auth_radius/
google_protectAndRun(“ads_core.google_render_ad”, google_handleError, google_render_ad);google_protectAndRun(“ads_core.google_render_ad”, google_handleError, google_render_ad);


Here is an updated list of useful security auditing extensions :
Information gathering
Whois and geo-location
ShowIP : Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft.
Shazou : The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing.
HostIP.info Geolocation : Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
Active Whois : Starting Active Whois to get details about any Web site owner and its host server.
Bibirmer Toolbar : An all-in-one extension. But auditors need to play with the toolbox. It includes ( WhoIs, DNS Report, Geolocation , Traceroute , Ping ). Very useful for information gathering phase
continue on:
http://www.security-database.com/toolswatch/Turning-Firefox-to-an-Ethical.html
