Secure a server avoiding ARP Spoofing (ARP Poisoning)

Problem
We want to isolate our server in our local LAN, so any computer in our LAN couldn't connect to it meanwhile server MAC address is unknown.

Facts
Router IP: 192.168.1.1 MAC: 00:14:6c:4f:66:70
Server IP: 192.168.1.12 MAC: 00:0d:61:00:85:2f
Server OS: Debian 5.0

Server network configuration (/etc/network/interfaces)
We'll see two cases. In the first case we can configure the router ARP table, so in its ARP table exist Server IP and Server MAC. In the second case we can't configure router ARP table.

The first case is more secure, because we don't spread ARP Requests and Reply between router and server:

Case 1
Configure the router ARP table like that:
Server IP: 192.168.1.12 MAC: 00:0d:61:00:85:2f

Server network configuration:

auto lo eth0
iface lo inet loopback
iface eth0 inet static
        address 192.168.1.12
        netmask 255.255.255.0
        network 192.168.1.0
        # Disable the use of the ARP protocol on this interface.
        # So eth0 will not create ARP packets.
        # This hack works because ifup configure network like that:
        # ifconfig ${DEVICE} ${IPADDR} \
        # netmask ${NETMASK} broadcast \
        # ${BROADCAST} ${ARP:+arp}
        broadcast 192.168.1.255 -arp
        gateway 192.168.1.1

        # Trusted IP and ARP (In this case only the router)
        up arp -s 192.168.1.1 00:14:6c:4f:66:70

Case 2

auto lo eth0
iface lo inet loopback
iface eth0 inet static
        address 192.168.1.12
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

        up arptables -F
        up arptables -P INPUT DROP
        up arptables -P OUTPUT DROP
        up arptables -P FORWARD DROP
        # Trusted IP and ARP (In this case only the router)
        # Only ACCEPT connections from trusted gateway.
        up arptables -A INPUT -s 192.168.1.1 \
        --source-mac 00:14:6c:4f:66:70 -j ACCEPT
        # Send replies only to the trusted hosts.
        up arptables -A OUTPUT -d 192.168.1.1 \
        --destination-mac 00:14:6c:4f:66:70 -j ACCEPT
        # Add static entry into the ARP table to link your trusted host to its own MAC.
        up arp -s 192.168.1.1 00:14:6c:4f:66:70

Conclusion
The first configuration is more secure and we don't have to use arptables. However we have to configure statically router and server ARP tables. If in our LAN we trust another PC, we have to edit server configuration adding PC's MAC. In PC computer we have to add Server's MAC address statically too. Remember Server can't create ARP replies (we have disabled server ARP).

In the second configuration, we don't have to configure statically the router. Moreover, if we add a new trusted PC, we only have to edit Server configuration (add PC MAC in ARP table and append chaing in arptables). However we are spreading ARP Reply and Requests, so any computer can see them.


Sources:
http://www.experts-exchange.com/Networking/Linux_Networking/Q_21428737.html
https://bugzilla.redhat.com/show_bug.cgi?id=12111
http://abulmagd.blogspot.com/2008/08/arptables-and-arp-poisoningnetcut.html

autocd: invalid option name (bash)

It is posible to add some extra options to the bash like autocd option. This option allows us to change the actual directory without using cd command.

Without autocd 
pron@debian:~$ cd Desktop
pron@debian:~/Desktop$

With autocd
pron@debian:~$ Desktop
cd Desktop
pron@debian:~/Desktop$

To add this option to our bash:
$ shopt -s autocd
or
$ bash -O autocd (this last, we'll create new bash enviroment)

But in my Debian 5.0 /bin/bash version was 3.2.39 that didn't work autocd option. So when i tried to activate the autocd option i get this error:

$ shopt -s autocd
bash: shopt: autocd: invalid shell option name

The shopt command is a SHELL BUILTIN COMMAND. They are commands contained within the shell itself. I realized that my bash version did't support autocd option. So, i installed a new bash version (4.0.0) from GNU web page.

Once installed the new bash version, it's necessary to change your user default shell. My new version of shell was installed in /usr/local/bin/bash. So the first step was to edit (like root) /etc/shells to add the new shell location (/usr/local/bin/bash). After that, you could change your user bash using chsh command. It prompts for your user password, and then you type your shell location (in this case /usr/local/bin/bash). Finally, to set all changes, it was necessary to exit from you account. If you are in a gnome or KDE enviroment, logout from your user account and login again.

After done all this you can use the autocd option. To set it permanently, you can edit your ~/.bashr file and add 'shopt -s autocd' command.

Source:
http://www.linux-magazine.com/w3/issue/111/088-090_command.pdf
http://www.gnu.org/software/bash/manual/
http://linux.about.com/od/bgb_guide/a/gdebgb16t01.htm

Color highlight in Vim

First of all we'll edit or create ~/.vimrc file:

Code:" Set syntax highlighting to always on
syntax enable

" Set the background to dark and the colorscheme to murphy
set background=dark
colorscheme murphy

" Set automatic filetype detection to on
filetype on

From now, by default highlight would be enabled and the colorscheme we'll be "murphy". If we wanted to use another color highlight we can download it from this site:

http://www.cs.cmu.edu/%7Emaverick/VimColorSchemeTest/index-pl.html

After downloaded the file, save it in ~/.vim/colors/ directory.

Sources:
http://www.linuxquestions.org/questions/linux-software-2/color-highlight-in-vim-howyoudothat-565358/

Hide the windows command prompt

To execute a program in a hidden windows command prompt, we can create a JScript file (.js extension) and then execute it:

JScript code
var WindowStyle_Hidden = 0
var objShell = WScript.CreateObject("WScript.Shell")
var result = objShell.Run("cmd.exe /c putty.exe 192.168.1.14 -l tv", WindowStyle_Hidden)

In this case, this script we'll execute putty.exe in a hidden cmd prompt.

Source:
http://www.geekstogo.com/forum/Hide-command-prompt-windows-t56092.html

Renaming huge amount of files

There are a lot of scripts to renames files, but these are two choices:

for & sedfor F in * ; do mv “$F” `echo “$F” | sed ’s/{search_string}/{replace_string}/’ ` ; done

The other choice is to use the command 'mmv'. I never used it, but seems that it works.

Diff two directories

If we wanted to find the differences between 2 directories we can use this commands:

ls -R$ ls -R 'directory1' > ls_dir1
$ ls -R 'directory2' > ls_dir2

Then we will change each file directory names for the same name. This way we could get better diff file.

sed$ sed -e 's/directory1/diff_name/' ls_dir1 > ls_dir1_sed
$ sed -e 's/directory2/diff_name/' ls_dir2 > ls_dir2_sed

And finally we'll do the diff, to see the differences:

diff
$ diff ls_dir1_sed ls_dir2_sed | more

Sed: http://www.gentoo.org/doc/es/articles/l-sed2.xml

Extract audio tracks from video

To extract audio tracks from videos:

ffmpeg -i video.aviInput #0, avi, from 'video.avi':
  Duration: 00:55:21.8, start: 0.000000, bitrate: 1380 kb/s
  Stream #0.0: Video: mpeg4, yuv420p, 704x384, 25.00 fps(r)
  Stream #0.1: Audio: mp3, 48000 Hz, stereo, 160 kb/s
  Stream #0.2: Audio: mp3, 48000 Hz, stereo, 160 kb/s
Must supply at least one output file

With that command, we don't extract anything, but we can see the audio track amount.
We see, that the video has 2 audio tracks. To extract one:

ffmpeg -i video.avi -map 0.2 audio.mp3Input #0, avi, from 'video.avi':
  Duration: 00:55:21.8, start: 0.000000, bitrate: 1380 kb/s
  Stream #0.0: Video: mpeg4, yuv420p, 704x384, 25.00 fps(r)
  Stream #0.1: Audio: mp3, 48000 Hz, stereo, 160 kb/s
  Stream #0.2: Audio: mp3, 48000 Hz, stereo, 160 kb/s
Must supply at least one output file

We'll get the second audio track into audio.mp3 file.

In the case that we want to extract all audio's from all video's:

j=1;for i in *.avi;
do ffmpeg -i "$i" -map 0.2 /home/pron/SubWorkspace/Audio$j.mp3;
((j++));done;

For each avi file, we'll get an Audio?.mp3 file.

OpenOffice Tips

Starting Page Numbering on Page 2, and Other Ways to Mix Page Styles in a Document

This is very useful tip, due to you learn creating page styles for the index's pages and for the body. This way you separate different sections of your document.

http://openoffice.blogs.com/openoffice/2005/12/different_page_.html

Page numbering
Another useful tip. I got resolve a problem with the index table. Never use the Offset feature you can see in the page number field dialog! The ToC (Table of Contents) is based on the real page numbering, it doesn't take into account the offset feature. Moreover, your last page won't have any numbering if the correction is positive.

* Go to the first paragraph of the page to be renumbered, right click and select Paragraph.
* Go to the Text Flow tab, in the Breaks section, adjust the page number.

http://user.services.openoffice.org/en/forum/viewtopic.php?f=71&t=1221

Adding Captions
You can add captions (names) to images, tables and other objects in a document. The, you can create a index of table using this captions. For that, in the type combo box select Index of Tables, and in Categories select Captions.

http://wiki.services.openoffice.org/wiki/Documentation/OOo3_User_Guides/Writer_Guide/Adding_captions

Subtitle synchronizer

I have written a program to synchronize subtitle's file (srt format). But what i mean when i say synchronize? The reality is that the videos are recorded with differents fps (Frames per second). So if our film has been recorded in 24 fps, but the subtitle is created with a film with 25 fps, our subtitle we'll desynchronize each second. This happen because the film with 24 fps is reproducing faster (less frames in the same time). So to realize that our subtitles are desynchronized with the film, we'll see that the film is more desynchronized as long as time is passing.

The program needs to know when stars and ends the conversation in the video. So you have to look for in the video when is the first and last conversation. It would be more precise to see which are the first and last conversations in the subtitle file, and then you we'll find easier the star/end times in the video.

The way to use the program is the next:

./subsincro desynchronized_file.srt new_start_time new_end_time > synchronized_file.srt

For example:

Suppose that in my_serie.3x05.srt we have this:

1
00:00:18,268 --> 00:00:20,498
Let's keep those hammers working!

(...)

422
01:28:22,428 --> 01:28:26,057
How will you live, John?
- Day by day.

Then, we search this conversations in the video, and make a note of the real times in the video. Finally we execute the program with the new start/end time:

./subsincro my_serie.3x05.srt 00:00:05,520 01:24:31,120 > my_serie.3x05.syn.srt

Program code:

 /*
 Copyright 2010 djtalo85@gmail.com 
 Licensed under the Apache License, Version 2.0 (the "License"); 
 you may not use this file except in compliance with the License. 
 You may obtain a copy of the License at 
 
 http://www.apache.org/licenses/LICENSE-2.0 
 
 Unless required by applicable law or agreed to in writing, software 
 distributed under the License is distributed on an "AS IS" BASIS, 
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
 See the License for the specific language governing permissions and 
 limitations under the License. 
*/


/*****************************
SUBTITLES SYNCHRONIZER

usage: ./subsincro sub_file.str new_start_time new_end_time
example: ./subsincro Pron.3x01.srt 00:00:01,000 00:54:31,000

To create a new subtitle file, redirect the output.
example: ./subsincro Pron.3x01.srt 00:00:01,000 00:54:31,000 > Pron.3x01.new.srt

*****************************/


#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int new_start_time,new_end_time,old_start_time,old_end_time;
int aux_start_time,aux_end_time;
int gap=0, subIndex=1;
float time_desync;


char *timeToString(int time) {
 char *outTime;
 int hour,min,sec,ms;
 div_t d;

 outTime = (char *) malloc (13*sizeof(char));
 
 d=div(time,1000*60*60);
 hour = d.quot;
 time= d.rem;

 d=div(time,1000*60);
 min= d.quot;
 time = d.rem;
 
 d=div(time,1000);
 sec= d.quot;
 ms = d.rem; 

 sprintf(outTime,"%02i:%02i:%02i,%03i",hour,min,sec,ms);

 return outTime;
 

}
printTime(int time) {
 printf("%s",timeToString(time));
}

int strTimeToInt(char str[13]) {
 int hour,min,sec,ms,error;
 int time;
 char aux[4];

 strncpy(aux,str,2);
 aux[2]='\0';
 hour = atoi(aux);

 strncpy(aux,&str[3],2);
 aux[2]='\0';
 min = atoi(aux);

 strncpy(aux,&str[6],2);
 aux[2]='\0';
 sec = atoi(aux);

 strncpy(aux,&str[9],3);
 aux[3]='\0';
 ms = atoi(aux);

 time= ms + 1000*sec + 1000*60*min + 1000*60*60*hour;

 //printf("%i ",error);
 //printf("( %02i:%02i:%02i,%03i )",hour,min,sec,ms);
 
 return time;
}
getTime(char str[1024]) {
 char str_time[13];
 char end_time[13];

 sscanf(str,"%s --> %s",str_time,end_time);
 aux_start_time = strTimeToInt(str_time);
 aux_end_time = strTimeToInt(end_time);

}
update_time(char str[1024]) {
 getTime(str);
 
 /* Apply sync. */
 aux_start_time = abs((float)(aux_start_time * 100) / time_desync);
 aux_end_time = abs((float)(aux_end_time * 100) / time_desync);
 
 /* Apply pad */
 aux_start_time = aux_start_time - gap;
 aux_end_time = aux_end_time - gap;

 printTime(aux_start_time);
 printf(" --> ");
 printTime(aux_end_time);
 printf("%s",&str[29]);

}

isInteger(char str[1024]) {
 int i=0;
 while(i<(strlen(str)-2)) {
  if(str[i]>47 && str[i]<58) {
   i++;
  } else {
   
   return -1;
  }
 }
 if(i==0) {
  return -1;
 } else {
  return 0;
 }
}

main(int argc, char *argv[]) {
   char line[1024];
   FILE *f;
   int index,startIndex;
   int sync_start_time,sync_end_time;
 
   if (argc < 4) {

      fprintf(stderr,"Subsincro 0.3 by Pron\n\n");

      fprintf(stderr,"Usage: %s file.srt new_start_time new_end_time\n", argv[0]);

      fprintf(stderr,"Time format: hh:mm:ss,mmm\n\n");

      return 1;

   }

   if(strlen(argv[2])!=12 || strlen(argv[3])!=12) {
      fprintf(stderr,"Time argument format have to be 00:00:00,000\n");

      return 1;
   }

   new_start_time= strTimeToInt(argv[2]);
   new_end_time=strTimeToInt(argv[3]);


   if((f = fopen( argv[1], "r" ))==NULL) {
      fprintf(stderr,"File '%s' not exist\n",argv[1]);
      return 1;
   }
  
   while((fgets(line, 1024, f))!=NULL) {
 if(isInteger(line)==0) {
  index=atoi(line);
  fgets(line, 1024, f);
  getTime(line);
  if(subIndex==1) {
   startIndex=index;
   old_start_time = aux_start_time;
  }
  subIndex++;
 } 
   }
   old_end_time = aux_start_time;
  
   //time_desync = (old_end_time *100.0)/(old_end_time - ((old_end_time - old_start_time) - (new_end_time - new_start_time)));
   time_desync = (((float)old_end_time - (float)old_start_time) * 100.0) / ((float)new_end_time - (float)new_start_time);


   /* gap*/
   sync_start_time = ((float)(old_start_time * 100) / time_desync);
   sync_end_time = ((float)(old_end_time * 100) / time_desync);
   
   gap = sync_start_time - new_start_time;

   fprintf(stderr,"Desynchronization: %f\n",time_desync);


   fprintf(stderr,"Sub. Index\tOld Time\tSub. Synchronized\n",timeToString(gap));
   fprintf(stderr,"%i\t\t%s\t%s\n",startIndex,timeToString(old_start_time),timeToString(sync_start_time - gap));
   fprintf(stderr,"[...]\n");
   fprintf(stderr,"%i\t\t%s\t%s\n",index,timeToString(old_end_time),timeToString(sync_end_time - gap));
   fseek(f,0,0);
   subIndex=1;
   while((fgets(line, 1024, f))!=NULL) {
 if(isInteger(line)==0) {
  printf("%s",line);
  fgets(line, 1024, f);
  update_time(line);
  subIndex++;
 } else {
  printf("%s",line);
 }
   }
   fclose(f);
   return 0;
}
}

How to disable ASLR (Address Space Layout Randomization)

$ sysctl -w kernel.randomize_va_space=0

Installing Quake 4 in Linux

Quake 4 is the fourth title in the series of Quake first-person shooter computer games. Although the game is well known in Windows enviroments, it is possible to play this game in Linux without using Wine.

To start installing it, we have to download the installer from id Software's ftp server or from BitTorrent tracker.

To install it, we'll execute the binary file
$ sh quake4-linux-1.4.2.x86.run

Is not necessary to execute it as root. Like a normal user, the game will be installed in ~/quake4/ folder, and will create a game shortcut link in ~/bin/ called quake4. To add the ~/bin/ folder to the PATH enviroment variable, we'll add the next line to the ~/.bashrc file:

Editing enviroment variableexport PATH="~/bin:$PATH"

Now, we can execute 'quake4' command anywhere in the console, but we get this error:

Error********************
ERROR: Couldn't load scripts/main.script

********************
Sys_Error: Error during initialization
pure virtual method called
terminate called after throwing an instance of 'idException' 

This happens because we need the full game to copy some '.pk4' files to ~/quake4/q4base/ directory. So, if we don't have the full game, we can download it from The Pirate Bay or from a search in Torrentz. After downloading the game, if it is a iso file, we will mount it:

Mounting Quake4.iso and copying necessary filesmount -o loop Quake4.iso /mnt/cdrom
cp -r /mnt/cdrom/Setup/Data/q4base ~/quake4/q4base/

Now, that all files have been installed we can start playing, executing 'quake4' in the console. But, the game ask us to type the CD key. Although we insert a valid CD key, it is validated against internet servers. So, to avoid this we will edit the /etc/hosts file:

Editing /etc/hosts to add two dns names127.0.0.1       q4master.idsoftware.com
127.0.0.1       idnet.ua-corp.com

Now, if we execute the game and insert a valid CD key, the game will try to validate the key against our computer unsuccesfully. So now we can play the game. Another way to avoid this problem is switching off the net card. In any way, we cann't play in multiplayer mode, but play in history mode.

Create an image of Audio CD

The 'dd if=/dev/cdrom of=cdrom.iso' doesn't work to create an image of Audio CD, because Audio CD's doesn't have file system. So, the command we have to use is:

$ cdrdao -read-cd --datafile audiocd.bin audiocd.toc

In the audicd.bin will be the real Audio CD. The audiocd.toc (TOC = Table Of Content), describes what data is written to the CD-R. To write the Audio CD image we'll use the command:

$ cdrdao write audiocd.toc

If you want to copy cd the CD, using one command:

$ cdrdao copy --device /dev/cdrom

The image file with name "cddata.bin" will be created in the current working directory, but the image will be removed after it has been written.

Debian /etc/alternatives

'/etc/alternatives' shows, using symbolic links, which programs are executed as default. For example, '/usb/bin/java' may have different versions, but by default, we can select one of them.

To edit (select, update, remove) this, we'll use 'update-alternatives'.

For selecting which version of java we want to use:
$ update-alternatives --config java

For adding an alternative version of java:
$ update-alternatives --install java java /usr/java/jre1.6.0_11/bin/java 0

Dirty searches in MLDonkey

When you do a search in MLDonkey, and you get dirty reply like *.exe, *.zip ... or old searches, with big sources, it could be due to fake-servers.

If you didn't update the server list since too much time, maybe you will have fake-servers. Moreover when you boot mlnet, it used to load servers, but the problem is that you have old servers in the cache, so the server list is not updated.

You can search which are the fake-servers, or remove all servers from the server list and then add the good ones. The best way (for me) is to remove each server by one, and then shutdown mlnet server and boot it again.

In the downloads.ini file (more or less in the line 220), there is the web_infos option. There you can change from where to get the server.met file when mlnet is booted. However, if you type the command vwi in the MLDonkey web gui, you can see which files are loaded in the boot time. You can add more server.met files too.

After searching in the web, i have find some webs to download "good" server.met.

http://peerates.net/servers.php (MLDonkey default)
http://edk.peerates.net/

SLOC (Source Lines of Code)

Reading comments about Software Enginering, I have found a web based CocomoII (COnstructive COst MOdel II), which allows one to estimate the cost and effort when planning a new software development activity.

I have programmed a little bash program which counts the source lines of a forlder. It skips new lines and php comments (/* */) when counting.

Code
#!/bin/bash

# SLOC (Source Lines of Code)
# This application is used to count the source lines of code
# of a project
# usage: sloc /home/pron/myphpproject
# http://www.cms4site.ru/utility.php?utility=cocomoii

# awk usage
# http://www.liamdelahunty.com/tips/linux_ls_awk_totals.php
# sed usage
# http://www.gnulamp.com/sed.html
# http://www.grymoire.com/Unix/

# if $1 parameter is a folder,
# will show recursively the lines that have the files
# but will exclude lines that contents any special character:
# * : initially used to delete comments like /* or */
# ^$ : ^ means beginning of line and $ means end of line,
#      so it deletes lines when only appears '/n'

function count_lines {
 if [ -d $1 ]
 then
  for j in $1/*
  do
   if [ -f $j ]
   then
    sed -e '/\/\*/ d' -e '/\*\// d' -e '/^$/ d' $j | wc -l
   fi
   if [ -x $j ]
   then
    $0 $j
   fi
  done
 fi
}

count_lines $1 | awk '{ SUM +=$1 } END { print SUM} '