/usr/bin/VBoxHeadless

You should have the message below :

Sun VirtualBox Headless Interface 3.1.4
(C) 2008-2010 Sun Microsystems, Inc.
All rights reserved.

Usage:
-s, -startvm, –startvm <name|uuid>   Start given VM (required argument)
-v, -vrdp, –vrdp on|off|config       Enable (default) or disable the VRDP
server or don’t change the setting
-p, -vrdpport, –vrdpport <ports>     Comma-separated list of ports the VRDP
server can bind to. Use a dash between
two port numbers to specify a range
-a, -vrdpaddress, –vrdpaddress <ip>  Interface IP the VRDP will bind to
-c, -capture, –capture               Record the VM screen output to a file
-w, –width                           Frame width when recording
-h, –height                          Frame height when recording
-r, –bitrate                         Recording bit rate when recording
-f, –filename                        File name when recording.  The codec
used will be chosen based on the
file extension

I was looking for a way to easily share documents between machines, since WebDAV shares can be accessed by Windows, Linux or Mac machines out of the box, I choose WebDAV over SSL. I don’t use SSL for anything so WebDAV is served from DocumentRoot. I’ve been using it for a few days, so far it beats carrying USB sticks around.

Enable relevant Apache modules,

<code class=" apache">a2enmod ssl
a2enmod dav_fs
a2enmod <span class="keyword">dav</span>
</code>

Create SSL certificate,

<code class=" cpp"> mkdir /etc/apache2/ssl<br /> openssl req $@ -<span class="keyword">new</span> -x509 -days <span class="number">365</span> -nodes -out /etc/apache2/ssl/apache.pem \<br />     -keyout /etc/apache2/ssl/apache.pem<br /> chmod <span class="number">600</span> /etc/apache2/ssl/apache.pem<br /></code>

Create your WebDAV directory and create a password file,

<code class=" sql">mkdir /path/<span class="keyword">to</span>/webdav/<br />chown www-data /path/<span class="keyword">to</span>/webdav/<br />htpasswd -c /path/<span class="keyword">to</span>/passwd.dav <span class="keyword">user</span><br /></code>

Edit and add the following snippet to the configuration for the host you want to enable WebDAV,

<code class=" apache"> <span class="tag"><VirtualHost *:443></span><br />         <span class="keyword">ServerAdmin</span> <span class="keyword">user</span>@host.com<br />         <span class="keyword">DocumentRoot</span> /path/to/webdav<br /><br />         <span class="keyword">SSLEngine</span> <span class="literal">on</span><br />         <span class="keyword">SSLCertificateFile</span> /etc/apache2/ssl/apache.pem<br /><br />         <span class="tag"><Directory /path/to/webdav/></span><br />            <span class="keyword">DAV</span> <span class="literal">On</span><br />            <span class="keyword">AuthType</span> Basic<br />            <span class="keyword">AuthName</span> <span class="string">"webdav"</span><br />            <span class="keyword">AuthUserFile</span> /path/to/passwd.<span class="keyword">dav</span><br />            <span class="keyword">Require</span> valid-<span class="keyword">user</span><br />        <span class="tag"></Directory></span><br /><br />         <span class="keyword">ErrorLog</span>  /path/to/webdav/error.log<br />         <span class="keyword">CustomLog</span> /path/to/webdav/access.log combined<br /> <span class="tag"></VirtualHost></span><br /></code>

Reload Apache configuration,

<code>/etc/init.d/apache2 reload<br /><br />from <a target="_blank" href="http://nakkaya.com/2010/03/05/webdav-ssl-on-debian/">here</a><br /></code>

sameone thanks me for the post
Riak combines a decentralized key-value store, a flexible map/reduce engine, and a friendly HTTP/JSON query interface to provide a database ideally suited for Web applications.

and a perfect howto to install it here

google_protectAndRun(“ads_core.google_render_ad”, google_handleError, google_render_ad);google_protectAndRun(“ads_core.google_render_ad”, google_handleError, google_render_ad);

Here is an updated list of useful security auditing extensions :

Information gathering

Whois and geo-location
ShowIP : Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft.
Shazou : The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing.
HostIP.info Geolocation : Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
Active Whois : Starting Active Whois to get details about any Web site owner and its host server.
Bibirmer Toolbar : An all-in-one extension. But auditors need to play with the toolbox. It includes ( WhoIs, DNS Report, Geolocation , Traceroute , Ping ). Very useful for information gathering phase

continue on:

http://www.security-database.com/toolswatch/Turning-Firefox-to-an-Ethical.html

To use the VFS modules, create a share similar to the one below. The important parameter is the vfs objects parameter where you can list one or more VFS modules by name. For example, to log all access to files and put deleted files in a recycle bin, see the smb.conf with VFS modules example:

Example 23.1. smb.conf with VFS modules

[audit]
comment = Audited /data directory
path = /data
vfs objects = audit recycle
writeable = yes
browseable = yes

The modules are used in the order in which they are specified. Let’s say that you want to both have a virus scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that it is the first to get run and may detect a virus immediately, before any action is performed on that file. vfs objects = vscan-clamav recycle

Samba will attempt to load modules from the /lib directory in the root directory of the Samba installation (usually /usr/lib/samba/vfs or /usr/local/samba/lib/vfs).

Some modules can be used twice for the same share. This can be done using a configuration similar to the one shown in the smb.conf with multiple VFS modules.

Example 23.2. smb.conf with multiple VFS modules

[test]
comment = VFS TEST
path = /data
writeable = yes
browseable = yes
vfs objects = example:example1 example example:test
example1: parameter = 1
example: parameter = 5
test: parameter = 7

Included Modules

audit

A simple module to audit file access to the syslog facility. The following operations are logged:

share

connect/disconnect

directory opens/create/remove

file open/close/rename/unlink/chmod

default_quota

This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server. The challenge is that linux filesystems only store quotas for users and groups, but no default quotas.

Samba returns NO_LIMIT as the default quotas by default and refuses to update them. With this module you can store the default quotas that are reported to a windows client, in the quota record of a user. By default the root user is taken because quota limits for root are typically not enforced.

This module takes 2 parametric entries in the smb.conf file. The default prefix for each is the “default_quota”. This can be overwrittem when you load the module in the vfs modules parameter like this:

vfs objects = default_quota:myprefix
The parametric entries that may be specified for the default_quotas module are:

myprefix:uid
This parameter takes a integer argument that specifies the uid of the quota record that will be used for storing the default user quotas.

The default value is 0 (for root user). An example of use is:

vfs objects = default_quota
default_quota: uid = 65534
The above demonstrates the case where the myprefix was omitted, thus the default prefix is the name of the module. When a myprefix parameter is specified the above can be re-written like this:

vfs objects = default_quota:myprefix
myprefix: uid = 65534
myprefix:uid nolimit
This parameter takes a boolean argument that specifies if the stored default quota values also be reported for the user record, or if the value NO_LIMIT should be reported to the windows client for the user specified by the prefix:uid parameter.

The default value is yes (which means to report NO_LIMIT). An example of use is shown here:

vfs objects = default_quota:myprefix
myprefix: uid nolimit = no
myprefix:gid
This parameter takes an integer argument, it’s just like the prefix>:uid but for group quotas. NOTE: group quotas are not supported from the windows explorer.

The default value is 0 (for root group). An example of use is shown here:

vfs objects = default_quota
default_quota: gid = 65534
myprefix:gid nolimit
This parameter takes a boolean argument, just like the prefix>:uid nolimit but for group quotas. NOTE: group quotas are not supported from the windows explorer.

The default value is yes (which means to report NO_LIMIT). An example of use is shown here:

vfs objects = default_quota
default_quota: uid nolimit = no
An example of use of multiple parametric specifications is shown here:

…
vfs objects = default_quota:quotasettings
quotasettings: uid nolimit = no
quotasettings: gid = 65534
quotasettings: gid nolimit = no
…

to delete file from trash
use this useful script (thanks to Duncan)

#!/usr/bin/perl -w
# v1.0
# Copyright (c) Duncan McNutt May 2008. Free for personal use.
# Please send enhancements & bug reports back to me duncan _at_ aranea net
# For commercial use, please contact me.
#
# This script will clean out samba 3.x vfs recycle trash/rubbish bins.
# It looks for all files with an access date older than a certain number of
# days and deletes them. Empty directories will be deleted as well.
#
# There is a lot of outdated information on the recycle feature of samba.
# For up to date documentation on the recycle feature, see:
# http://www.samba.org/samba/docs/man/manpages-3/vfs_recycle.8.html
#

# List of the shares with recycle bins goes here, use colons “:” to separate
# the different directories.
$recycledirs = “/home/exampledir:/home3/groupshare:/home/you-didnt-configure-this-yet”;

# If I have time I will write a smb.conf parsing script to get it from there,
# but don’t hold your breath.

# If you are paranoid (like me) and don’t trust scripts that delete things
# without testing them first, then set this to one for dry runs.
# This is a good idea the first time you run this script, you may have mistyped
# a directory above…
# This can be 0 for off and 1 for on.
$testing = 0;

# After how many day in the recycle bin should the files be removed?
# Most people seem to think a week is fine.
$maxage = 7;

# The next parameter needs to be set depending on how the recycle system
# handles the dating of the “deleted” files. Most administrators “touch”
# (update the timestamp) on the files to mark the date they were moved to the
# recycle bin. This allows you to use scripts such as this to delete them
# later based on thier age.
#
# There are two ways to mark the files that were moved to the recycle bin:
# “recycle:touch specifies whether a file’s access date should be updated when
# the file is moved to the repository.
# So if you use “recycle:touch = true” then use “atime” below
# “recycle:touch_mtime specifies whether a file’s last modified date should be
# updated when the file is moved to the repository.
# So if you use “recycle:touch_mtime = true” then use “mtime” below
#
# ATTENTION: you must set either the touch or the touch_mtime for each recycle
# entry in smb.conf for this script to work!!!
#
# As most of the tips in the internet use touch, atime is the default.
#$modifiedtime = “mtime”;
$modifiedtime = “atime”;

# Following is the name of the recycle bin, the default is “.recycle”
# This can be changed with the “recycle:repository = ” option in smb.conf
$recyclename = “.recycle”;

# Extra messages for each action is printed when “verbose” is on.
# 0 means be quite; 1 means print informative output, 2 means print everything
$verbose = 1;

# ——————————————————
# END OF CONFIG
# ——————————————————

@dirs = split(/:/, $recycledirs);
if ($testing) { $verbose = 2; }

foreach (@dirs) {
if (! -d $_ ) {
print “ERROR IN CONFIG OF $0 , this is not a directory: $_\n”;
next;
}
$dirpath = “$_/$recyclename”;
if (! -d $_ ) {
print “ERROR IN CONFIG OF $0 , this not a directory: $dirpath\n”;
next;
}
if ($verbose) { print “Processing directory: $dirpath\n”; }

# Delete all old files older than maxage.
#`find “$dirpath” -$modifiedtime +$maxage -delete`;
@a=`find “$dirpath” -$modifiedtime +$maxage`;
if ($verbose) { $count = 0; print “Deleting files: ” };
$count = 0;
foreach (@a) {
chomp($_);
if ($verbose) { $count++; ($verbose==2 ? print “$_ ” : print “.”) };
if (! $testing) {
unlink($_);
}
}
if ($verbose) { print “\nDeleted $count files.\n” };

# Delete the empty directories.
# The mindepth makes sure we do not delete the recycle directory itself.
# `find “$dirpath” -mindepth 1 -type d -empty -delete`;
@a=`find “$dirpath” -mindepth 1 -type d -empty | sort -r`;
foreach (@a) {
if ($verbose) { print “Deleting empty directory: $_” };
if (! $testing) {
chomp($_);
rmdir ($_);
}
}
}

i find a useful article on spippolazione http://spippolazione.net
“Thread View” does not work
ERROR: Bad or malformed request.
Query: THREAD ORDEREDSUBJECT ISO-8859-1 ALL
Server responded: Error in IMAP command UID: ORDEREDSUBJECT threading is currently not supported.

Solution

You need to log into Squirrelmail then click on “Options” then “DisplayPreferences” and make sure that “Enable Thread Sort by References Header” is set to “yes”.

FDUPES

FDUPES is a program for identifying or deleting duplicate files residing within specified directories.
Current Version

The current version of fdupes is distributed as fdupes-1.40.tar.gz. No later version has been officially released. Users should get this version, as it’s presumably the most reliable. Developers should look at the development version below.
Development Version

Here you may download the latest development version of fdupes. This version is subject to change and should therefore be considered unstable. Generally speaking, if you wish to contribute code it is preferred that you start with this version.

http://netdial.caribe.net/~adrian2/programs/fdupes.html

Shore line firewall known as “Shorewall”, it is a very high level firewall and very easy to install and ocnfigure
How to install :-
sudo apt-get install shorewall

configuring shorewall startup service :-
nano /etc/default/shorewall

#Now simply change the line below from 0 to 1
startup = 0
to
startup = 1
#save, and exit.

Shorewall configuration files are stored in two separate places
/etc/shorewall stores all the program configuration files.
/usr/share/shorewall stores supporting files and action files.

Configuring shorewall :-
We need to copy all samples configuration file from /usr/share/doc/shorewall/default-config to /etc/shorewall
#cp /usr/share/doc/shorewall/default-config/* /etc/shorewall/
Now you have configuration files located at /etc/shorewall

Zones Configuration :-
First edit the zones file to specify the different network zones, these are just labels that you will use in the other files. Consider the Internet as one zone, and a private network as another zone. If you have this then the zones file would look like this:

$ nano /etc/shorewall/zones

# add 2 lines below into your zones file
net ipv4
loc ipv4

#save and exit

Interfaces Configuration :-
The next file to edit is the interfaces file to specify the interfaces on your machine. Here you will connect the zones that you defined in the previous step with an actual interface. The third field is the broadcast address for the network attached to the interface (“detect” will figure this out for you). Finally the last fields are options for the interface. The options listed below are a good starting point,

$ nano /etc/shorewall/interfaces

# add 2 lines below into interfaces file
net eth0 detect routefilter,norfc1918,logmartians,nosmurfs,tcpflags,blacklist
loc eth1 detect tcpflags

#save and exit
Policy Configuration :-
The next file defines your firewall default policy. The default policy is used if no other rules apply. Often you will set the default policy to REJECT or DROP as the default, and then configure specifically what ports/services are allowed in the next step, and any that you do not configure are by default rejected or dropped according to this policy. An example policy (based on the zones and interfaces we used above) would be:

$nano /etc/shorewall/policy

# add few lines below into policy files
fw net ACCEPT
fw loc ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
# save and exit

This policy says: by default accept any traffic originating from the machine (fw) to the internet and to the local network. Anything that comes in from the internet destined to either the machine or the local network should be dropped and logged to the syslog level “info”. The last line closes everything else off, and probably wont ever be touched. Note: DROP rules are dropped quietly, and REJECTs send something back letting the originator know they’ve been rejected.

Rules Configuration :-

The most important file is the rules. This is where you set what is allowed or not. Any new connection that comes into your firewall passes over these rules, if none of these apply, then the default policy will apply. Note: This is only for new connections, existing connections are automatically accepted. The comments in the file give you a good idea of how things work, but the following will provided an example that can give you a head-start:

$nano /etc/shorewall/rules

# add few lines below into rules file

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
ACCEPT net fw icmp 8
ACCEPT fw net icmp
ACCEPT net fw tcp ssh,www,https,smtp,pop3,pop3s,imap2,imaps,submission
ACCEPT net fw udp https
# ACCEPT net:10.1.1.1 fw tcp ssh
# save and exit

This example can be written in long-hand as, “Accept any pings (icmp) from the internet to the machine, accept any tcp connections from the internet that are on any of the ports referenced in /etc/services for the services
ssh(22),www(80),https(443), etc. Also accept from the internet the udp connections to https(443). While you are at it, accept only tcp connections from the IP 10.1.1.1 coming from the internet to the ssh port (22).

Final step is start shorewall firewall

$sudo /etc/init.d/shorewall start
password :

If there was a syntax error in your configuration you will get an error saying so and you should have a read of /var/log/shorewall-init.log to figure out why.

If everything does start up, you should make sure that you aren’t blocking something that you don’t mean to, you can do that by looking at your firewall logs.

Here is the result if someone try to attack the server
$tail -f /var/log/messages