Wednesday, April 29, 2009

Linux Security Tips and Tricks

This Post contains some security Tips and Tricks for Linux Operating System

BIOS Security
Always set a password on BIOS to disallow booting from floppy by changing the BIOS settings. This will block undesired people from trying to boot your Linux system with a special boot disk and will protect you from people trying to change BIOS feature like allowing boot from floppy drive or booting the server without password prompt.

Grub Security

One thing which could be a security hole is that the user can do too many things with GRUB, because GRUB allows one to modify its configuration and run arbitrary commands at run-time. For example, the user can even read /etc/passwd in the command-line interface by the command cat (see cat). So it is necessary to disable all the interactive operations.

Thus, GRUB provides a password feature, so that only administrators can start the interactive operations (i.e. editing menu entries and entering the command-line interface). To use this feature, you need to run the command password in your configuration file.

password --md5 PASSWORD

If this is specified, GRUB disallows any interactive control, until you press the key

and enter a correct password. The option --md5 tells GRUB that `PASSWORD' is in MD5 format. If it is omitted, GRUB assumes the `PASSWORD' is in clear text.

You can encrypt your password with the command md5crypt For example, run the grub shell (see Invoking the grub shell), and enter your password:

grub> md5crypt
Password: **********
Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb.

Then, cut and paste the encrypted password to your configuration file.

Also, you can specify an optional argument to password. See this example:

password PASSWORD /boot/grub/menu-admin.lst

In this case, GRUB will load /boot/grub/menu-admin.lst as a configuration file when you enter the valid password.

Another thing which may be dangerous is that any user can choose any menu entry. Usually, this wouldn't be problematic, but you might want to permit only administrators to run some of your menu entries, such as an entry for booting an insecure OS like DOS.

GRUB provides the command lock. This command always fails until you enter the valid password, so you can use it, like this:

title Boot DOS
rootnoverify (hd0,1)
chainload +1

You should insert lock right after title, because any user can execute commands in an entry until GRUB encounters lock.

You can also use the command password instead of lock. In this case the boot process will ask for the password and stop if it was entered incorrectly. Since the password takes its own PASSWORD argument this is useful if you want different passwords for different entries

LILO Security
Add the three parameters in "/etc/lilo.conf" file i.e. time-out, restricted and password. These options will ask for password if boot time options (such as "linux single") are passed to the boot loader.
Step 1
Edit the lilo.conf file (vi /etc/lilo.conf) and add or change the three options :
time-out=00 #change this line to 00
restricted #add this line
password= #add this line and put your password

Step 2
The "/etc/lilo.conf" file should be readable by only root because it contains unencrypted passwords.
[root@sahab-desktop /]# chmod 600 /etc/lilo.conf (will be no longer world readable).

Step 3
Update your configuration file "/etc/lilo.conf" for the change to take effect.
root@sahab-desktop /# /sbin/lilo -v (to update the lilo.conf file).

Step 4
One more security measure you can take to secure the "/etc/lilo.conf" file is to set it immutable, using the chattr command.
* To set the file immutable simply, use the command:
root@sahab-desktop /# chattr +i /etc/lilo.conf
This will prevent any changes (accidental or otherwise) to the "lilo.conf" file.

Disable all special accounts
You should delete all default users and group accounts that you don't use on your system like lp, sync, shutdown, halt, news, uucp, operator, games, gopher etc
To delete a user account :
root@sahab-desktop# userdel LP

To delete a group:
root@sahab-desktop# groupdel LP

Choose a Right password

The password Length: The minimum acceptable password length by default when you install your Linux system is 5. This is not enough and must be 8. To do this you have to edit the login.defs file (vi /etc/login.defs) and change the line that read:

    To read:

    The "login.defs" is the configuration file for the login program.
Enable shadow password support
You should enable the shadow password feature. You can use the "/usr/sbin/authconfig" utility to enable the shadow password feature on your system. If you want to convert the existing passwords and group on your system to shadow passwords and groups then you can use the commands pwconv, grpconv respectively.

The root account
The "root" account is the most privileged account on a Unix system. When the administrator forgot to logout from the system root prompt before leaving the system then the system should automatically logout from the shell. To do that, you must set the special variable of Linux named "TMOUT" to the time in seconds.
Edit your profile file "vi /etc/profile" and add the following line somewhere after the line that read
The value we enter for the variable "TMOUT=" is in second and represent 1 hours (60 * 60 =
3600 seconds). If you put this line in your "/etc/profile" file, then the automatic logout after one hour of inactivity will apply for all users on the system. You can set this variable in user's individual ".bashrc " file to automatically logout them after a certain time.
After this parameter has been set on your system, you must logout and login again (as root) for the change to take effect.

Disable all console-equivalent access for regular users
You should disable all console-equivalent access to programs like shutdown, reboot, and halt for regular users on your server.
To do this, run the following command:
root@sahab-desktop# rm -f /etc/security/console.apps/
Where is the name of the program to which you wish to disable console-equivalent access.

Disable & uninstall all unused services
You should disable and uninstall all services that you do not use so that you have one less thing to worry about. Look at your "/etc/inetd.conf" file and disable what you do not need by commenting them out (by adding a # at the beginning of the line), and then sending your inetd process a SIGHUP command to update it to the current "inetd.conf" file. To do this:
Step 1
Change the permissions on "/etc/inetd.conf" file to 600, so that only root can read or write to it.
root@sahab-desktop# chmod 600 /etc/inetd.conf

Step 2
ENSURE that the owner of the file "/etc/inetd.conf" is root.

Step 3
Edit the inetd.conf file (vi /etc/inetd.conf) and disable the services like:
ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc unless you plan to use it. If it's turned off it's much less of a risk.

Step 4
Send a HUP signal to your inetd process
root@sahab-desktop# killall -HUP inetd

Step 5
Set "/etc/inetd.conf" file immutable, using the chattr command so that nobody can modify that file
* To set the file immutable simply, execute the following command:
root@sahab-desktop# chattr +i /etc/inetd.conf
This will prevent any changes (accidental or otherwise) to the "inetd.conf" file. The only person that can set or clear this attribute is the super-user root. To modify the inetd.conf file you will need to unset the immutable flag:
* To unset the immutable simply, execute the following command:
root@sahab-desktop# chattr -i /etc/inetd.conf

By using TCP_WRAPPERS you can make your server secure against outside intrusion . The best policy is to deny all hosts by putting "ALL: ALL@ALL, PARANOID" in the "/etc/hosts.deny" file and then explicitly list trusted hosts who are allowed to your machine in the "/etc/hosts.allow" file. TCP_WRAPPERS is controlled from two files and the search stops at the first match.

Step 1
Edit the hosts.deny file (vi /etc/hosts.deny) and add the following lines:
# Deny access to everyone.
Which means all services, all locations is blocked, unless they are permitted access by entries in the allow file.

Step 2
Edit the hosts.allow file (vi /etc/hosts.allow) and add for example, the following line:
As an example:
For your client machine: is the IP address and the host name of one of your client allowed using ftp.

Step 3
The tcpdchk program is the tcpd wrapper configuration checker. It examines your tcp wrapper configuration and reports all potential and real problems it can find.

* After your configuration is done, run the program tcpdchk.
root@sahab-desktop# tcpdchk

Don't let system issue file to be displayed
You should not display your system issue file when people log in remotely . To do this, you can
change the telnet option in your "/etc/inetd.conf".
To do this change the line in "/etc/inetd.conf":

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
to look like:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -h
Adding the "-h" flag on the end will cause the daemon to not display any system information and just hit the user with a login: prompt. I will recommend to use sshd instead.

Change the "/etc/host.conf" file
The "/etc/host.conf" file specifies how names are resolved.
Edit the host.conf file (vi /etc/host.conf) and add the following lines:
# Lookup names via DNS first then fall back to /etc/hosts.
order bind,hosts
# We have machines with multiple IP addresses.
multi on
# Check for IP address spoofing.
nospoof on

The first option is to resolve the host name through DNS first and then hosts file.The multi option determines whether a host in the "/etc/hosts" file can have multiple IP addresses (multiple interface ethN).
The nospoof option indicates to take care of not permitting spoofing on this machine.

Immunize the "/etc/services" file
You must immunize the "/etc/services" file to prevent unauthorized deletion or addition of services.
* To immunize the "/etc/services" file, use the command:
root@sahab-desktop# chattr +i /etc/services

Disallow root login from different consoles
The "/etc/securetty" file allows you to specify which TTY devices the "root" user is allowed to login . Edit the "/etc/securetty" file to disable any tty that you do not need by commenting them out (# at the beginning of the line).

Blocking anyone to su to root
The su (Substitute User) command allows you to become other existing users on the system. If you don't want anyone to su to root or restrict "su" command to certain users then add the following two lines to the top of your "su" configuration file in the "/etc/pam.d/" directory.
Step 1
Edit the su file (vi /etc/pam.d/su) and add the following two lines to the top of the file:
auth sufficient /lib/security/ debug
auth required /lib/security/ group=wheel

Which means only members of the "wheel" group can su to root; it also includes logging. You can add the users to the group wheel so that only those users will be allowed to su as root.

Shell logging
The bash shell stores up to 500 old commands in the "~/.bash_history" file (where "~/" is your home directory) to make it easy for you to repeat long commands. Each user that has an account on the system will have this file "Bash_history" in their home directory. The bash shell should store less number of commands and delete it on logout of the user.
Step 1
The HISTFILESIZE and HISTSIZE lines in the "/etc/profile" file determine the size of old commands the "Bash_history" file for all users on your system can hold. I would highly recommend setting the HISTFILESIZE and HISTSIZE in "/etc/profile" file to a low value such as 30.
Edit the profile file (vi /etc/profile) and change the lines to:
Which mean, the "Bash_history" file in each users home directory can store 20 old commands
and no more.
Step 2
The administrator should also add into the "/etc/skel/Bash_logout" file the
"rm -f $HOME/Bash_history" line, so that each time a user logs out, its "Bash_history" file will be deleted.
Edit the Bash_logout file (vi /etc/skel/Bash_logout) and add the following line:
rm -f $HOME/Bash_history

Disable the Control-Alt-Delete keyboard shutdown command
To do this comment out the line (with a "#") listed below in your "/etc/inittab" file .
To do this, edit the inittab file (vi /etc/inittab) and change the line:
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
To read:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Now, for the change to take effect type in the following at a prompt:
[root@kapil /]# /sbin/init q

Fix the permissions under "/etc/rc.d/init.d" directory for script files
Fix the permissions of the script files that are responsible for starting and stopping all your normal processes that need to run at boot time. To do this:
root@sahab-desktop# chmod -R 700 /etc/rc.d/init.d/*
Which means only root is allowed to Read, Write, and Execute scripts files on this directory.

Hide your system information
By default, when you login to a Linux box, it tells you the Linux distribution name, version, kernel version, and the name of the server. This is sufficient information for a crackers to get information about your server. You should just prompt users with a "Login:" prompt.
Step 1
To do this, Edit the "/etc/rc.d/rc.local" file and Place "#" in front of the following lines as shown:

# This will overwrite /etc/issue at every boot. So, make any changes you
# want to make to /etc/issue here or you will lose them when you reboot.
#echo "" > /etc/issue
#echo "$R" >> /etc/issue
#echo "Kernel $(uname -r) on $a $(uname -m)" >> /etc/issue
#cp -f /etc/issue /etc/
#echo >> /etc/issue

Step 2
Then, remove the following files: "" and "issue" under "/etc" directory:
[root@kapil /]# rm -f /etc/issue
[root@kapil /]# rm -f /etc/

Disable unused SUID/SGID programs
A regular user will be able to run a program as root if it is set to SUID root. A system administrator should minimize the use of these SUID/GUID programs and disable the programs which are not needed.
Step 1
* To find all files with the `s' bits from root-owned programs, use the command:
root@sahab-desktop# find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls ­lg {} \;

* To disable the suid bits on selected programs above, type the following commands:
root@sahab-desktop# chmod a-s [program]

After following the above security guidelines, a system administrator can maintain a basic level of system security. Some of the above tasks are a continuous process. The system administrator has to continuously follow the above guidelines to keep system secure.

Tuesday, April 28, 2009

Segmentation Fault Unable to Login the System - Ubuntu 8.10

Hi All

Yesterday I face a new issue with ubuntu.....

I have tried to add a printer via samba, that time I got some cupsys related error. Then I restart the service "cupsys" that time I go the error "Segmentation Fault". After that I restart the system.

In that moment I can't able to login using my username and password, it would just bounce to the Login screen again. I have add new user and try root user in command line terminal. there also same issue.

For resolve the issue I have reboot the system and login to the recovery mode and there select drop to root shell prompt. There I have give the command

root@sahab-desktop:~#login sahab
segmentation fault

There also I can't able to login to my username.

After that I have purge samab for resolving the issue

root@sahab-desktop:~#apt-get purge -y samba samba-common samba-client libpam-smbpass

Monday, April 27, 2009

Automatic login with ssh without a password - Linux

Install a ssh client

sudo apt-get install ssh

  1. Login to the ssh server with your client.

  2. Generate your key pair using the following command: (Don't use any passphrase)

    sahab@xxxx:~$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/sahab/.ssh/id_rsa):
    Created directory '/home/sahab/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/sahab/.ssh/id_rsa.
    Your public key has been saved in /home/sahab/.ssh/
    The key fingerprint is:
    2a:23:a3:f8:6c:af:3f:7e:12:b4:6a:80:98:c0:f3:ea sahab@gis
    The key's randomart image is:
    +--[ RSA 2048]----+
    | |
    | |
    |. |
    |.o . |
    |+.o. . S |
    |= .o . |
    | .+.o.. |
    |.++ooo. |
    |+E+=++ |
    sahab@xxx:~$ cd ~/.ssh
    sahab@xxx:~/.ssh$ cat >> authorized_keys
    sahab@xxx~/.ssh$ chmod 600 authorized_keys
  3. Log out of the server and go back to your local shell

    $ cd
    $ cd .ssh
  4. Copy the file id_rsa that was generated on the server into this directory. You can use sftp or scp for this.

sahab@sahab-desktop:~/.ssh$ sudo scp -r sahab@xxx:/home/sahab/.ssh/id_rsa

     $ cd .ssh
$ chmod 600 id_rsa

You should now be able to login via ssh without having to prompt for a password.

Sunday, April 26, 2009

Backup and restore your system - Linux

Most of you have probably used Windows before you started using Ubuntu. During that time you might have needed to backup and restore your system. For Windows you would need proprietary software for which you would have to reboot your machine and boot into a special environment in which you could perform the backing-up/restoring (programs like Norton Ghost).
During that time you might have wondered why it wasn't possible to just add the whole c:\ to a big zip-file. This is impossible because in Windows, there are lots of files you can't copy or overwrite while they are being used, and therefore you needed specialized software to handle this.

Well, I'm here to tell you that those things, just like rebooting, are Windows CrazyThings (tm). There's no need to use programs like Ghost to create backups of your Ubuntu system (or any Linux system, for that matter). In fact; using Ghost might be a very bad idea if you are using anything but ext2. Ext3, the default Ubuntu partition, is seen by Ghost as a damaged ext2 partition and does a very good job at screwing up your data.

1: Backing-up

"What should I use to backup my system then?" might you ask. Easy; the same thing you use to backup/compress everything else; TAR. Unlike Windows, Linux doesn't restrict root access to anything, so you can just throw every single file on a partition in a TAR file!

To do this, become root with
sudo su
and go to the root of your filesystem (we use this in our example, but you can go anywhere you want your backup to end up, including remote or removable drives.)
cd /
Now, below is the full command I would use to make a backup of my system:

tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys /
Now, lets explain this a little bit.
The 'tar' part is, obviously, the program we're going to use.

'cvpfz' are the options we give to tar, like 'create archive' (obviously),
'preserve permissions'(to keep the same permissions on everything the same), and 'gzip' to keep the size down.

Next, the name the archive is going to get. backup.tgz in our example.

Next comes the root of the directory we want to backup. Since we want to backup everything; /

Now come the directories we want to exclude. We don't want to backup everything since some dirs aren't very useful to include. Also make sure you don't include the file itself, or else you'll get weird results.
You might also not want to include the /mnt folder if you have other partitions mounted there or you'll end up backing those up too. Also make sure you don't have anything mounted in /media (i.e. don't have any cd's or removable media mounted). Either that or exclude /media.

EDIT : kvidell suggests below we also exclude the /dev directory. I have other evidence that says it is very unwise to do so though.

Well, if the command agrees with you, hit enter (or return, whatever) and sit back&relax. This might take a while.

Afterwards you'll have a file called backup.tgz in the root of your filessytem, which is probably pretty large. Now you can burn it to DVD or move it to another machine, whatever you like!

At the end of the process you might get a message along the lines of 'tar: Error exit delayed from previous errors' or something, but in most cases you can just ignore that.

Alternatively, you can use Bzip2 to compress your backup. This means higher compression but lower speed. If compression is important to you, just substitute
the 'z' in the command with 'j', and give the backup the right extension.
That would make the command look like this:

tar cvpjf backup.tar.bz2 --exclude=/proc --exclude=/lost+found --exclude=/backup.tar.bz2 --exclude=/mnt --exclude=/sys /
2: Restoring

Warning: Please, for goodness sake, be careful here. If you don't understand what you are doing here you might end up overwriting stuff that is important to you, so please take care!

Well, we'll just continue with our example from the previous chapter; the file backup.tgz in the root of the partition.

Once again, make sure you are root and that you and the backup file are in the root of the filesystem.

One of the beautiful things of Linux is that This'll work even on a running system; no need to screw around with boot-cd's or anything. Of course, if you've rendered your system unbootable you might have no choice but to use a live-cd, but the results are the same. You can even remove every single file of a Linux system while it is running with one command. I'm not giving you that command though!

Well, back on-topic.
This is the command that I would use:

 tar xvpfz backup.tgz -C /
Or if you used bz2;

 tar xvpfj backup.tar.bz2 -C /
WARNING: this will overwrite every single file on your partition with the one in the archive!

Just hit enter/return/your brother/whatever and watch the fireworks. Again, this might take a while. When it is done, you have a fully restored Ubuntu system! Just make sure that, before you do anything else, you re-create the directories you excluded:
mkdir proc
mkdir lost+found
mkdir mnt
mkdir sys
And when you reboot, everything should be the way it was when you made the backup!

2.1: GRUB restore
Now, if you want to move your system to a new harddisk or if you did something nasty to your GRUB (like, say, install Windows), You'll also need to reinstall GRUB.

For restoring the grub click here

Vi Editor How To

Using the vi editor

To insert new text

esc i ( You have to press 'escape' key then 'i')

To save file

esc : w (Press 'escape' key then 'colon' and finally 'w')

To save file with file name (save as)

esc :w "filename"

To quit the vi editor

esc :q

To quit without saving

esc :q!

To save and quit vi editor

esc :wq

To search for specified word in forward direction

esc /word (Press 'escape' key, type /word-to-find,)

To continue with search "n"

To search for specified word in backward direction

esc ?word (Press 'escape' key, type word-to-find)

To copy the line where cursor is located

esc yy

To paste the text just deleted or copied at the cursor

esc p

To delete entire line where cursor is located

esc dd

To delete word from cursor position

esc dw

To Find all occurrence of given word and Replace then globally without confirmation

 esc  :$s/word-to-find/word-to-replace/g

For. e.g. :$s/sahab/sahabcse/g

Here word "sahab" is replace with "sahabcse"

To Find all occurrence of given word and Replace then globally with confirmation

esc :$s/word-to-find/word-to-replace/cg

To run shell command like ls, cp or date etc within vi

esc :!shell-command

For e.g. :!pwd

Saturday, April 25, 2009

zimbra cluster configuration - Redhat

Zimbra Cluster notes.

To start the Red Hat Cluster Service on a member, type the following commands in this order. Remember to enter the command on each node before proceeding to the next command.

1. service ccsd start. This is the cluster configuration system daemon that synchronizes configuration between cluster nodes.

2. service cman start. This is the cluster heartbeat daemon. It returns when both nodes have established heartbeat with one another.

3. service fenced start. This is the cluster I/O fencing system that allows cluster nodes to reboot a failed node during failover.

4. service rgmanager start. This manages cluster services and resources. The service rgmanager start command returns immediately, but initializing the cluster and bringing up the Zimbra Collaboration Suite application for the cluster services on the active node may take some time. After all commands have been issued on both nodes, run clustat command on the active node, to verify that the cluster service has been started. When clustat shows all services are running on the active node, the cluster configuration is complete.

For the cluster service that is not running on the active node, run clusvcadm -d , as root on the active node.

[root@sahab-desktop]#clusvcadm -d

This disables the service by stopping all associated Zimbra processes, releasing the service IP address, and unmounting the service’s SAN volumes.

To enable a disabled service, run clusvcadm -e -m . This command can be run on any cluster node. It instructs the specified node to mount the SAN volumes of the service, bring up the serviceIP address, and start the Zimbra processes.

[root@sahab-desktop]#clusvcadm -e -m

Testing the Cluster Set up

To perform a quick test to see if failover works:

1. Log in to the remote power switch and turn off the active node.

2. Run tail -f /var/log/messages on the standby node. You will observe the cluster becomes aware of the failed node, I/O fence it, and bring up the failed service on the standby node.

For Installing zimbra please follow click here

Wednesday, April 22, 2009

Resolving a Fatal error: Call to undefined function mysql_connect() in ubuntu

Install php5-mysql and php5-cgi for fix this error.

Details Steps given below


When the page is loaded in the web browser, you receive the error, Fatal error: Call to undefined function mysql_connect().


  1. Verify that your installation of PHP has been compiled with mysql support. Create a test web page containing and load it in your browser. Search the page for MySQL. If you don't see it, you need to recompile PHP with MySQL support, or reinstall a PHP package that has it built-in.
  2. Verify that the line to load the extension in php.ini has been uncommented. In Linux, the line is and in Windows, the line is extension=php_mysql.dll. Uncomment the line by removing the semi-colon. You might also need to configure the extension_dir variable.
3. For installing php5-mysql

#sudo apt-get install php5-mysql
#sduo apt-get install php5-cgi

4. Then restart the mysql and apache

#sudo /etc/init.d/apache2 restart
#sudo /etc/init.d/mysql restart

Server constantly sending email Error - webmin

By using this scripts server constantly send email for resolving this issue

# crontab -u root -e
change the line :
0 * * * * /etc/webmin/bandwidth/

0 * * * * /etc/webmin/bandwidth/ >/dev/null 2>&1

and you don't get any more mossage from crontab.

Saturday, April 18, 2009

Change Ubuntu Log in Screen

Search and download a GNOME GDM login screen.
Cool Download Locations :-

Where to Install ?

System ->Administration-> Login Window ->Local ->Add -> xxxx.tar.gz -> Install -> Click on new theme -> Close.

Wednesday, April 15, 2009

Disable virtual consoles (clt+Alt+F1 to F7)

You can easily access these virtual console using keyboard combination by simply hitting ctrl+Alt+F1 (tty1) upto sixth (Alt+F6) tty console. you can easily login to these console.

There is a quick and effective way to disable these console.

1) Open /etc/inittab file and look for the section

1:2345:respawn:/sbin/mingetty --noclear tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

As you can see above there are 6 lines (one for each virtual console), simpily placing "#" at the begning of the line will disable that particular console. Suppose I need to disable console no 4,5,6 so, in this case my inittab file will look like ..

1:2345:respawn:/sbin/mingetty --noclear tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6

virus for linux

*A Word on Computer Viruses

*Viruses are, by definition, malicious pieces of code that replicate
themselves. They can do this through a variety of methods, including
infecting other executable files or disseminating macros and other forms of
executable content.Viruses are most commonly spread by users sharing files,
particularly through email, and also other means. Viruses are well known to
have been causing problems to the Windows users.
But the question remains, Are there any Linux virus? And if yes, should I
worry??? The answer is yes to the first question and no to the second one.
Let me tell you my experience. On my dual boot home PC I primarily work on
Linux partition but ocassionally have to boot into the Windowspartition
(usually to do such works like checking a MS Word document's formatting, a
document that was originally made using Linux/ Writer and
saved as a MS Wordfile; this is another issue where a user is forced to use
such proprietary software, because a particular agency needs a document in a
proprietary format however).

Coming back to the original issue, I almost always find some new virus that
has infected the Windows partition. These viruses either creap in through
the e-mail or shared folders over the network and mainly through pen drive
now a days.
But I have never had a single incidence of a Linux virus attack in my Linux
box. Though, the fact remains, that viruses for Linux do exist but you can
count them on your finger tips. This article tries to enlist and explain
these known Linux viruses and some of the antivirus software available. *

Known Linux Viruses?*

- Linux.Bliss
- Linux.Diesel
- Linux.Gildo
- Linux.Kagob
- Linux.Nuxbee
- Linux.Satyr
- Linux.Vit.4096
- Linux.Winter
- Linux.Zipworm

1. Linux.Bliss* These are nonmemory resident parasitic viruses written in
GNU C. They infect Linux OS only - infected files may be executed, and the
virus may spread itself only under Linux. The viruses search for executable
Linux files (ELF internal format) and infect them. While infecting, the
viruses shift the file body down, write themselves to the beginning of the
file and append to the end of file the ID-text:

"Bliss.a": infected by bliss: 00010002:000045e4

"Bliss.b": infected by bliss: 00010004:000048ac

It seems that the former hex number in these lines is a virus version, and
the latter is the virus length - the virus lengths are 17892 and 18604

When an infected file is run, the "Bliss.a" virus searches for not more than
three non-infected files and infects them. "Bliss.b" infects more files (It
is not known how much). If there are not any infected files in the current
directory, the virus scans the system and infects the files in other
directories. After infecting, the viruses return control to the host
program, and it will work correctly.

Linux is an access-protected system; i.e., users and programs may access
only files that they have permission to. The same goes for a virus - it may
infect only the files and directories that are declared as "write-able" for
the current username. If the current username has total access (system
administrator), the virus will infect all the files on the computer.
*2. Linux.Diesel*
This is a relatively harmless, non-memory resident parasitic virus. It
searches for Linux executable files in system directories and
subdirectories, then writes itself to the middle of the file. Before
searching files, the virus reads its code from the host file. It moves the
original bytes to the end oNow you may ask "Why we don't have viruses to the
same proportion under Linux as we have for other proprietary OSes?" The
answer to this can be found he <
>f the file and
increases the size of the previous section. After finishing its work, the
virus restores the host and transfers control to it. The virus contains the
text string:
/ home root sbin bin opt
[ Diesel : Oil, Heavy Petroleum Fraction Used In Diesel Engines ]

*3. Linux.Gildo*
It is not a dangerous, memory resident parasitic virus. It was written in
the assembler language. It uses system calls (syscall) while working with
files. The virus infects ELF files. It writes itself to the middle of the

After starts the virus divides a main process and continues its work. The
resident part scans the directories from the root. The virus checks the
access right for each found file. If file has a write access the virus will
infect it. While infecting file the virus increases its code section size on
4096 bytes and writes its code to the free space. After that the virus
changes parameters for the ELF file upper sections and setups a new Entry
point for it. The virus displays the message on each start:

Gildo virus
email (for comments)

The virus contains the text strings:

hello, nice boys, I hope you will enjoy this program written with nasm. I
want to say thanks to all my programmers friend.Bye from Gildo. The Netwide
Assembler 0.98 .symtab .strtab .shstrtab .text .data .sbss .bss .comment

It also contains the debug strings from the compiler:

virus.asm parent parent_process ahah scan_dir c_stat others_permissions
user_permissions group_permissions c_permissions is_regular_file
c1_is_regular_file c2_is_regular_file is_directory c1_is_directory l_readdir
skip_l_readdir e_l_readdir error_stat error_opening_file e_scan_dir
infect_file open no_open_error file_length mmap c_mmap is_suitable
error_suitable c1_is_suitable read_ehdr c_ehdr is_suitable_space patch_ehdr
patch_e_entry patch_e_sh_offset patch_phdrs l_read_ph dont_patch_phtext
dont_patch_ph patch_shdrs l_read_sh dont_patch_shtext dont_patch_sh
find_current_entry_point write suit_error munmap mmap_error close open_error
__exit __bss_start main _edata _end
*4. Linux.Kagob* It is a harmless nonmemory resident parasitic Linux virus.
The virus itself is Linux executable module (ELF file). It searches for
other ELF files in the system, then infects them.

While infecting the virus moved victim file contents down, and writes itself
to file header. To release control to the host file the virus "disinfects"
it to a temporary file and executes it.

The virus does not manifest itself in any way. It body contains the
"copyright" text string:

Linux.Kaiowas by Gobleen Warrior//SMF
*5. Linux.Nuxbee*
This is a relatively harmless, non-memory resident parasitic Linux virus.
It searches for ELF files in the directory bin, then writes itself to the
middle of the file. The virus infects files if the current user has
administrator rights. It writes itself to the Entry point offset, encrypts
and saves original bytes at the end of a file.

To restore an original file, the virus reads and encrypts the original bytes
from the host file. It uses file mapping functions to infect files. All
system functions are summoned by INT 80h (Sys call). The virus contains the
following text string:

NuxBee by Bumblebee - The NeXt Frontier
*6. Linux.Satyr* This is a harmless non-memory resident parasitic Linux
virus. The virus is a Linux executable module (ELF file). It searches for
other ELF files in the system, and then infects them. The virus infects
files in the following directories:

current directory
parent directory
~/ (user root directory)
~/bin (user /bin directory)
~/sbin (user /sbin directory)
While infecting, the virus moves a victim's file contents down, and writes
itself to the file header. To release control to the host file, the virus
"disinfects" it to a temporary file and executes it.

The virus does not manifest itself in any way. Its body contains the
"copyright" text string:

unix.satyr version 1.0 (c)oded jan-2001 by Shitdown [MIONS],
*7. Linux.Vit.4096* This is a nonmemory resident parasitic virus. The virus
has the internal ELF format, replicates under Linux OS and infects Linux
executable files. Linux is a access-protected system; i.e., users and
programs may access only files that they have permission to. The same is
true for a virus - it may infect only the files and directories that are
declared as "write-able" for the current username. If the current username
has total access (system administrator), the virus will infect all the files
on a computer.

When an infected file is executed, the virus takes control, searches for
executable ELF files in the current directory and infects them into the
middle. While infecting, the virus analyzes the internal file formats (ELF
headers), locates the first code section, makes a "cave" by shifting this
and the following sections down by 4096 bytes, writes its code to this
"cave," modifies the file entry address and corrects necessary fields in the
ELF headers.

The virus looks for duplicate infection and prevents it, and, in addition,
the virus infects files quite accurately: in tests, not all infected files
were corrupted, and the virus was able to replicate itself from them.

While infecting, the virus uses the temporary VI324.TMP file. This file name
was the reason behind the selecting of the virus name(VIxxx.Txx).
*8. Linux.Winter* This is a harmless non-memory resident parasitic Linux
virus. It is extremely small in size for a Linux virus - just 341 bytes (in
the known virus version).

When an infected file is run, the virus gains control, searches for ELF
files (Linux executable files) in the current directory, then writes itself
to the middle of the file to the non-used "Notes section" if there is one
and it has enough size. While infecting, the virus overwrites "Notes" data
in the section, but the program runs properly after that.

The virus contains the text string:
LoTek by Wintermute

The virus has a routine that sets a host name (computer name) to
"Wintermute", but this routine never gains control.

*9. Linux.Zipworm* It is harmless Linux virus affecting ZIP archives.

When the virus is run, it looks for ZIP archives in current directory and
add its copies to there. While infecting the virus does not use any external
ZIP processing tool, but parses ZIP internal formats by itself. The virus
files in archives have one of five possible names:

Ten motives why linux sux!
Why Windows is superior to Linux!
Is Linux for you? Never!
Is Linux immune to virus? NO!

The virus also contains the "copyright" text:

elf zip worm vecna

*Available Antiviruses Against Linux Viruses?*

My personal experience says that you will never need an antivirus as the
incedence of virus attacks hardly exists in a Linux world. But just to be on
a safer side for the unseen to happen some day, latest version one of the
antivirus should be kept handy at all times. The following is a list of some
of the better known antivirus software for the Linux platform.

*Antivirus Name and Description
* *Interface
* *AMaViS Virus Scanner:* A Mail Virus Scanner scans e-mail attachments for
viruse. Console *AntiVir*: This is an anti-virus scanner for Linux. Console
*Clam Antivirus*: Basically made for UNIX. Console *Kaspersky Anti-Virus
for Linux Workstation*: This is a comprehensive anti-virus defense system
for Linux workstations. Console *McAfee VirusScan Validate*: This is one of
the most popular virus scanning packages available for any platform Console
*RAV AntiVirus Desktop for Linux*: Powerful and wisely designed to protect
your data from a Linux environment. X11 *SAVget*: SAVget is a bash script
that aims to be a clone of the Windows SGET utility. Console *TkAntivir*:
This is a graphical front end to the antivirus program H+BEDV AntiVir/X
written in Tcl/Tk. X11 *Vexira Antivirus For Linux Server*: This is a
complete antivirus system designed specifically for Linux servers. Console
*Vexira Antivirus for Linux Workstation*: This program provides antivirus
protection for Linux workstations. Console *Vexira MailArmor - Linux
antivirus for mail servers*: This is a high-speed Linux antivirus program
for mail servers. Console
Many of these are under GPL, some under subscription scheme and few
commercial ones.

*Use Linux Feel Free & Open.*

Monday, April 13, 2009

Ubuntu 9.04 Beta Release

Ubuntu releases are issued every six months and include the latest versions of popular open source software applications. The new version of ubuntu 9.04 is called as Jaunty Jackalope

For Download (Ubuntu Desktop and Server) (Ubuntu Education Edition) (Kubuntu) (Ubuntu Netbook Remix and Ubuntu MID) (Xubuntu) (UbuntuStudio) (Mythbuntu) (Ubuntu ARM)

gET iT i sAY - File Recovery Tools for Ext2/Ext3 filesystems

giis (gET iT i sAY) is a file recovery tool for Ext2/Ext3 filesystems. Once installed, current files and newly created files can be recovered. It allows users to recover all deleted files, recover files owned by a specific user, dump data from old file locations, and recover files of a specific type, such as text or PNG. A forensic analyzer is also provided to assist users during recovery.

* Recover files Deleted Date on specific date or deleted before/after specific date or even within specific date range.
* Recover files with their original access permission types and file owner and group details.
* User friendly configuration file which supports adding new directories even after installation.
* Recover deleted files of all users.
* Recover deleted files of a specific user.
* Recovery of files based on the File type (gif,mp3,jpeg)
* Recovers deleted hidden files or system files.
* Recovers Dropped mysql tables.
* Forensic analyzer is provided to assist data dump from the harddisk.
If original path of deleted file exists,Recovered files automatically restored back to their appropriate directories.
* Provides list of deleted files and it's restore path
* If contents are modified or overwritten , during recovery user has the option to compare to old file data with current disk data using giis dump option.
* Displays your current file detals
If file is modified ,it allows user to decide whether to retrieve latest version of deleted file or older version.
* Allows user to choose directories (other than /root and /home) that can be protected by giis.
* All newly created files and directory are added,as time limit specified in crontab.

Installing on Ubuntu

Download here
Install giis binary just follow the steps:
1) Change giis directory

cd giis_XX (Replace XX with appropriate version number for example giis_4.4)

2) Run the shell script named '',

For interactive installation use: sh 0
For non-interactive: sh 1

And after successful installation here is the detail explanation on how to use giis - here

Thursday, April 9, 2009

.htaccess password setup for webdirectory

.htaccess can be used to password-protect directories on your web site. All files and any subdirectories within a directory protected by htaccess will also be protected.

1) Create a file named .htaccess under the directory which you want to protect

# cd /var/www/project/
# pwd

Use your favourite editor to create a file called .htaccess

# touch .htaccess

2) Add the required lines to this .htaccess file
AuthUserFile /etc/apache/.htpasswd
AuthName "Auth required"
AuthType Basic
Require valid-user
It's good idea to place the password file at some secure place (/etc/apache) folder

3) Create the .htpasswd file and add the users/passwd
# cd /etc/apache
# htpasswd2 -c .htpasswd sahab
New password:
Re-type new password:
Adding password for user sahab
This will add the user "sahab" and password into the .htpasswd file, you can open and check the entry (you won't be able to read the password)

To delete the user entry: # htpasswd2 -D .htpasswd sahab
To add new user: # htpasswd2 .htpasswd user

4) Configure the apache configuration file (httpd.conf)
Alias /protect "/www/www/project/"

Options Indexes MultiViews FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all

When you set up .htaccess files it will be effective for the directory that they are placed in as well as any subdirectories. If you wanted to set up a directory so that it could execute CGI scripts you could use a .htaccess file to do that.

Here the most important part is the option "AuthConfig" for "AllowOverride", if for some reason you don't want to use the .htaccess file, just place the option "None" for "AllowOverride".

5) After doing all the required changes, restart the apache server.

Now, just browse to the directory path that you have protected and see if you are getting the username/password dialog, provide the correct values and see if you are allow to enter.

Below are the most common problems experienced by users attempting to setup htaccess.

1. Permissions on both .htaccess and .htpasswd - Both the .htaccess and .htpasswd files need to be world readable.
2. Fully qualified path to .htpasswd incorrect - The correct fully qualified path to a valid .htpasswd file must appear beside AuthUserFile in the .htaccess file.
3. The username doesn’t exist in .htpasswd

VMware Installation on Ubuntu

VMware software provides a completely virtualized set of hardware to the guest operating system. VMware software virtualizes the hardware for a video adapter, a network adapter, and hard disk adapters. The host provides pass-through drivers for guest USB, serial, and parallel devices. In this way, VMware virtual machines become highly portable between computers, because every host looks nearly identical to the guest. In practice, a systems administrator
can pause operations on a virtual machine guest, move or copy that guest to another physical computer, and there resume execution exactly at the point of suspension. Alternately, for enterprise servers, a feature called VMotion allows the migration of operational guest virtual machines between similar but separate hardware hosts sharing the same storage

Download VMware

* wget

While you begin downloading VMware, register here to get the free serial key.

Also, install the following package:

* sudo apt-get install kernel-package xinetd

Now, unpack the VMware pacakage:

* tar zxvf VMware-server-1.0.8-126538.tar.gz
* cd vmware-server-directory

Run the installation script:

* sudo ./

Now you will get a series of questions that you need to answer and finally it will install the VMserver on your Ubuntu box.

Ubuntu Themes

Linux Mint

Ubuntu Theme Linux Mint


Real Minimal

Ubuntu Theme Real Minimal


Root Green

Ubuntu Theme Root Green


Light Coffee

Ubuntu Theme Light Coffee


Slickness Black

Ubuntu Theme Slickness Black


Murrina Aero

Ubuntu Theme Murrina Aero



Ubuntu Theme Tigris



Ubuntu Theme Sofice


Blue Joy

Ubuntu Theme Blue Joy


Gaia Nova

Ubuntu Theme Gaia Nova


The rest of the list:

Firewall for Ubuntu - Gufw

iptables is already a very powerful tool by itself, but it's syntax can get awkward at times and hard to figure out, so Ubuntu developers
decided to make ufw ("The reason ufw was developed is that we wanted to create a server-level firewalling utility that was a little bit more for `human beings`."), which was to be simpler. Now, on the graphical side of things, Firestarer already existed. But why not make an even easier to use GUI for desktop
`human beings`, powered by ufw? This is where Gufw comes in
Gufw is an easy, intuitive, way to manage your Linux firewall. It supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports port(s), and many others! Gufw is powered by ufw , runs on Ubuntu, and anywhere else Python, GTK, and Ufw are available.

You can install it on ubuntu with this deb package: here

Ubuntu package Installation from source code

Make sure you have all the necessary development tools (i.e. libraries, compilers, headers):

sudo apt-get install build-essential

sudo apt-get install g++
sudo apt-get install linux-headers-`uname -r`

Note: "uname -r" lists the current kernel you are using

Extract the archive that contains the source files:tar xvf sourcefilesarchive.tar.gz

Build the package using the package's script (in this case the configure script), compile the package (make), and install the compiled package into your system (make install):

cd /path/to/extracted/sourcefiles
sudo make
sudo make install

If you get a "permission denied" error when trying to execute the binary, this means that the file is not marked as being executable. To fix this:sudo chmod +x filename

Tuesday, April 7, 2009

Zimbra Collaboration Suite Installation – Ubuntu 8.04 Server

Zimbra Collaboration Suite Installation

Hosts Table

Before you get to the install you also need to modify your /etc/hosts file:       localhost.localdomain   localhost

144.xx.xx.xx mail

For Finding the MX record detail of the domain

dig mx
ONLY IF this is working, it's now time to update your packages:
sudo bash (this will ask for your password, enter your administrator's pw, then you'll be at a root prompt)

apt-get upgrade
apt-get update
apt-get install libpcre3 libgmp3c2 libstdc++5 fetchmail

Installing ZCS

Download the appropriate package for your Ubuntu installation (32 or 64 bit Ubuntu 8.04 LTS), copy it into your choice directory.

tar -xzf zc*

and it'll create a whole directory /temp/zcs with lots of files inside it. Then:

cd /temp/zcs ./

It's not going to work the first time, but it'll give you a list of missing dependencies. Write down all the package names it says are missing.

Now re-run your Zimbra install and accept all the defaults except:

When it asks you for your domain, it's going to have your fully-qualified domain.

name ( rather than just the domain, and probably complain about not having an MX record.

Change the hostname to just and it'll find the names through nslookup.

The admin password, which is in menu item 3. You can set the admin password there.

If you are using apache on 80 port means It will show the port conflict issue. So we have to change the port of our zimbra client access. Eg)8001 Zimbra administration side default port number 7071.

Finally, when the install is done and it has given you the last "press Enter to finish" you are almost done.

Now reboot the system, and when it comes back up,give it a couple minutes to start the rest of the Zimbra processes. If your installation is successful, you can go to to get the administrative console, or

http://xxxxxx:8001to log in as a user.

yum local repository via HTTP

Yum local repository Set-up - DVD ISO via HTTP


  1. Copy Red Hat Enterprise Linux 5 DVD ISO RHEL5-Client-20070208.0-i386-DVD.iso from Red Hat Network and create a local repository on the local Repository server.

    #mkdir -p /var/www/html/cdrom/iso
    #mount -o loop /RHEL5-Client-20070208.0-i386-DVD.iso
    #cd /var/www/html/cdrom
    #createrepo .
    #yum clean all
    Created a file /etc/yum.repos.d/file.repo as follows:

    #cat /etc/yum.repos.d/file.repo
    [RHEL 5 Repository]

  2. Share with httpd:

    # vi /etc/httpd/conf/httpd.conf
    ServerAdmin root@
    DocumentRoot /var/www/html

    (Where is the local Repository server)

    # httpd -t
    # service httpd start

  3. Client side configuration:

    vi /etc/yum.repos.d/my.repo
    name= RHEL 5.1 Server Repository

  4. Verify from client:

    # yum list
    Loading "installonlyn" plugin
    Setting up repositories
    Reading repository metadata in from local files
    Available Packages
    Deployment_Guide-as-IN.noarch 5.0.0-19
    RH51-Server Deployment_Guide-bn-IN.noarch
    5.0.0-19 RH51-Server
    Deployment_Guide-de-DE.noarch 5.0.0-19
    RH51-Server Deployment_Guide-en-US.noarch
    5.0.0-19 RH51-Server
    Deployment_Guide-es-ES.noarch 5.0.0-19
    RH51-Server Deployment_Guide-fr-FR.noarch
    5.0.0-19 RH51-Server ========
    # yum update

    The package version used on the Repository server:

    httpd-2.2.3-11.el5yum-3.0.1-5.el5createrepo-0.4.4-2.fc6The package version used on the client side:

Thursday, April 2, 2009

Folder Share - Ubuntu

Folder Share

In Ubuntu Right click any folder and you’ll see the option to share it. When you do this the first time you’ll be prompted to install the service.

After it’s installed you’ll be asked to log out and back in.

When you are back in, you would think that you’ll just right click the folder and share it, but that isn’t the case.

Option 1

Using nautilus as root.

So press “alt + f2″ and enter “gksudo nautilus”.

You now started nautilus as root, in the left plane press “file system” press the home folder and you’ll see your usual folders.

Now you can right click them and share them.

Close the file browser now, don’t use the root file browser for normal tasks.

That’s it.

Now for the windows side, the easiest thing to do is create a desktop shortcut.

Right-click your desktop, press new and create a new shortcut.

The location you are going to enter is


If you are not sure what your host name is, simply open a terminal (applications, accessories, terminal) and you’ll see your hostname after the @ sign.

Now press the icon on your Windows desktop and you’ll be prompted for a username and password. Those are the same ones you log into Ubuntu with.

Option 2

Adding a User to samaba Share

#sudo newgrp sambashare

#sudo "username" samabsahare

Logout and Try for access the share

By using this Hardy I got some error, I have fixed using below method

- goto system>administration>users and groups

- Unlock

- click on Manage Groups

- select sambashare

- click Properties

- unselect and select your user

- click OK