Linux LOG files!

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

Today i was setting up iptables and keeping the logs file to separate files so that i can find the all alert,info easily. But writing a blog post quickly comes in my mind, in case,  any newbie want to have some basic idea about Linux logs(Trying to catch hacker? Not easy! hehe).   I am doing it on my Debian system( Later i will edit when i will do the same thing on other distro :)).
System logs are really important for storing System security, Security auditing, Debugging and other information in an specific files. These can be used for various security task , logging fake/real hackers, system issue etc.  Where the log files will be saved and what type of logs will be generated are specified in “/etc/rsyslog.conf” (Debian/Ubuntu). Here is my current configuration file :

#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
kern.warning /var/log/iptables.log

#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

##striped

We need configure all about the logs in this file. Usually Linux/Unix store the logs in directory “/var/log/” if it is not customized. In “/var/log” we can find all log files:

 http://pastebin.com/d0LfNFfg

Let me explain few of them:

apt                ==      Package installation and removing logs.
auth.log       ==      Authorization related logs.
debug           ==      Debugging Logs.
dmesg           ==      Dump of kernel message buffer
exim4             ==     exim4 mail server logs.
faillog            ==     Fail login attempts.
kern.log         ==    kernel level log
lastlog           ==     Last loging information.
messages      ==     Main log file.
mail.*             ==     Mail related info,alert,warning
mysql             ==     mysql log
pure-ftpd       ==     FTP logs.
syslog           ==      main log file.
 wtmp           ==      Login Records.

Well, For customization the logs we need need to know few things which should be indicated in rsyslog.conf file:

1. Facility (What?) 2. Level (info,warning,alert etc)

Facility are:

auth         == Security & Authorization.
authpriv  == Private Authorization message.
cron         == Cron Daemon.
user         == user process.
mail          == Mail related message.
ftp            == FTP related .
kern         == Kernel related messages.
lpr            == Printer logs
etc.

Level are(Depends how much you want to know):

alert    == Urgent.
crit      == Critical messages.
warning == Warning messages.
notice  == Suggest to verify!
info      == Informational Messages.
debugg== Debugging Purpose.

From the configuration file it is understandable that how the Facility and Level should be indicated. For example:

mail.info            -/var/log/mail.info

Here “mail”  is the Facility “info” is the level and

/var/log/mail.info”  is telling where to save.

 Now i am going to show some example:

 Let’s how the SSH logs look like, SSH logs usually saved in “/var/log/auth.log”:

root@logtest:/var/log# cat auth.log

root@logtest:/var/log#

Blank!

So i first try fail login attemp:

science@BAD-LUCK:~$ ssh root@192.168.78.130

root@192.168.78.130's password:

Permission denied, please try again.

root@192.168.78.130's password:

Now let’s see what is in auth.log:

root@logtest:/var/log# cat auth.log

Feb 27 10:59:44 scientific sshd[4285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=hacker.local user=root
Feb 27 10:59:46 scientific sshd[4285]: Failed password for root from 192.168.78.1 port 60904 ssh2
Feb 27 11:00:01 scientific CRON[4287]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 27 11:00:17 scientific CRON[4287]: pam_unix(cron:session): session closed for user root

It is clearly saying that "hacker"(computer name) tried to log with user root on port 22(ssh). In next line it is also saying the failed attempt was from192.168.78.1 .

I Again attempt to login to FTP server (ftp 192.168.78.1) . Then i saw the Authentication fail attempt also saved in auth.log:

Feb 27 11:23:08 scientific pure-ftpd: pam_unix(pure-ftpd:auth): check pass; user unknown
Feb 27 11:23:08 scientific pure-ftpd: pam_unix(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=aaaaaaaaaaaaa rhost=hacker.local

l

The logs can be saved in other place too if we indicate in rsyslog.conf . For example i have made my own log file to save iptables logs.

kern.warning  "/var/log/iptables.log"  #iptables communicate with kernel

If someone brute force any of the service such as ssh, ftp etc then all the fail attempt will be saved to auth.log(Be careful if you are trying to hack!:) always clean the logs file).

More:
http://en.wikipedia.org/wiki/Syslog
http://www.rsyslog.com/doc/manual.html

How to install kernel on debian !

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

Debian wheezy using 3.2.0-4-amd64 as default kernel which is old. For that reason today i installed the latest  kernel downloaded from kernel.org. If you are Curious that how you can install the new kernel easily then follow  instructions:

Note: Make sure you have enough space before keep going(More than 8gb)

First we download the kernel:

wget -c http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.7.8.tar.xz

Then download the sign file:

wget -c http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.7.8.tar.sign

Note: i used -c with for wget since i was resumed the download.

Now time of unxz tool:

unxz linux-3.7.8.tar.xz

To be safe i verified the signature by issuing following command:

gpg –verify linux-3.7.8.tar.sign linux-3.7.8.tar

So everything OK.

This time we need to extract the the tar file:

tar xvf  linux-3.7.8.tar ; cd linux-3.7.8

I want fresh installation , So i ran :

make menuconfig

And got error :

So i had to install libncurses5-dev: apt-get install libncurses5-dev Or install all required tools:

sudo apt-get install fakeroot build-essential kernel-package ncurses-bin ncurses-dev

 again run :

make menuconfig

And see if you need anything to change , When finished just use tab to select “Exit” or “Cancel”

At last :

When it will exit the windows , you will see output in your terminal :

root@scientific:/home/scientist/kernel/linux-3.7.8# make menuconfig
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/lxdialog/checklist.o
  HOSTCC  scripts/kconfig/lxdialog/inputbox.o
  HOSTCC  scripts/kconfig/lxdialog/menubox.o
  HOSTCC  scripts/kconfig/lxdialog/textbox.o
  HOSTCC  scripts/kconfig/lxdialog/util.o
  HOSTCC  scripts/kconfig/lxdialog/yesno.o
  HOSTCC  scripts/kconfig/mconf.o
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/mconf
scripts/kconfig/mconf Kconfig
#
# using defaults found in /boot/config-3.2.0-4-amd64
#
/boot/config-3.2.0-4-amd64:1564:warning: symbol value ‘m’ invalid for BMP085
/boot/config-3.2.0-4-amd64:2974:warning: symbol value ‘m’ invalid for POWER_SUPPLY
/boot/config-3.2.0-4-amd64:3209:warning: symbol value ‘m’ invalid for MFD_WM8400
/boot/config-3.2.0-4-amd64:4684:warning: symbol value ‘m’ invalid for COMEDI_MISC_DRIVERS
/boot/config-3.2.0-4-amd64:4691:warning: symbol value ‘m’ invalid for COMEDI_PCI_DRIVERS
/boot/config-3.2.0-4-amd64:4748:warning: symbol value ‘m’ invalid for COMEDI_PCMCIA_DRIVERS
/boot/config-3.2.0-4-amd64:4756:warning: symbol value ‘m’ invalid for COMEDI_USB_DRIVERS
#
# configuration written to .config
#

*** End of the configuration.
*** Execute ‘make’ to start the build or try ‘make help’.

Avoid everything , Just important indication is “configuration written to .config” 


  clean all unusual files(Generated automatically) following command:

make-kpkg clean
 
 
 
I simply want to build a Debian package(.deb extension) so that i can use default tool dpkg to install the new kernel:
 
 fakeroot make-kpkg -j6 --initrd --revision=3.7.8 --append-to-version=-amd64 kernel_image kernel_headers
 
 
Also calculating the compile time you can run:
 
 time fakeroot make-kpkg -j6 --initrd --revision=3.7.8 --append-to-version=-amd64 kernel_image kernel_headers
 
Note: j5 for parallel if we have multi processor  
When you ran this command, you will see in your terminal lots of output such as :
 [M]  fs/ext2/file.o
CC [M] fs/ext2/ialloc.o
CC [M] fs/ext2/inode.o
CC [M] fs/ext2/ioctl.o
CC [M] fs/ext2/namei.o
CC [M] fs/ext2/super.o
CC [M] fs/ext2/symlink.o
CC [M] fs/ext2/xattr.o
CC [M] fs/ext2/xattr_user.o
CC [M] fs/ext2/xattr_trusted.o
CC [M] fs/ext2/acl.o
CC [M] fs/ext2/xattr_security.o
LD [M] fs/ext2/ext2.o
LD fs/ext3/built-in.o
CC [M] fs/ext3/balloc.o
CC [M] fs/ext3/bitmap.o
CC [M] fs/ext3/dir.o
CC [M] fs/ext3/file.o
CC [M] fs/ext3/fsync.o

Simply it is compiling all the sources, programming functions, system call , devices driver etc.

Install the .deb package and reboot the system and select the new kernel to boot.

entific:/home/scientist# uname -r ; arch
3.7.8-amd64
x86_64

Caution: Be careful When compiling kernel . The system may not even boot. So First try it on your vm . I have no responsible if it damages anything .

There is more easy way to install kernel from debian backport. But installing this kernel perfectly worked for me!

****If you have any questions, feedback then please comment here!

Installing and Configuring SAMBA on Debian based Operating system

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

Wikipedia: Samba is a free softwarere-implementation of the SMB/CIFSnetworkingprotocol, originally developed by Andrew Tridgell. As of version 3, Samba provides fileand printservicesfor various Microsoft Windows clientsand can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory domain.
Installing and Configuring:
apt-get install samba

In the screenshot I can see that it is adding group “sambashare” with group ID 112. When installation finished I changed the directory to /etc/samba using cd Command.
Here is the smb.conf configuration I have pasted from my system:
root@scientific:/etc/samba# cat smb.conf
#

# Sample configuration file for the Samba suite for Debian GNU/Linux.

#

#

# This is the main Samba configuration file. You should read the

# smb.conf(5) manual page in order to understand the options listed

# here. Samba has a huge number of configurable options most of which

# are not shown in this example

#

# Some options that are often worth tuning have been included as

# commented-out examples in this file.

# – When such options are commented with “;”, the proposed setting

# differs from the default Samba behaviour

# – When commented with “#”, the proposed setting is the default

# behaviour of Samba but the option is considered important

# enough to be mentioned here

#

# NOTE: Whenever you modify this file you should run the command

# “testparm” to check that you have not made any basic syntactic

# errors.

# A well-established practice is to name the original file

# “smb.conf.master” and create the “real” config file with

# testparm -s smb.conf.master >smb.conf

# This minimizes the size of the really used smb.conf file

# which, according to the Samba Team, impacts performance

# However, use this with caution if your smb.conf file contains nested

# “include” statements. See Debian bug #483187 for a case

# where using a master file is not a good idea.

#


#======================= Global Settings =======================


[global]


## Browsing/Identification ###


# Change this to the workgroup/NT-domain name your Samba server will part of

workgroup = WORKGROUP


# server string is the equivalent of the NT Description field

server string = %h server


# Windows Internet Name Serving Support Section:

# WINS Support – Tells the NMBD component of Samba to enable its WINS Server

# wins support = no


# WINS Server – Tells the NMBD components of Samba to be a WINS Client

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

; wins server = w.x.y.z


# This will prevent nmbd to search for NetBIOS names through DNS.

dns proxy = no


# What naming service and in what order should we use to resolve host names

# to IP addresses

; name resolve order = lmhosts host wins bcast


#### Networking ####


# The specific set of interfaces / networks to bind to

# This can be either the interface name or an IP address/netmask;

# interface names are normally preferred

; interfaces = 127.0.0.0/8 eth0


# Only bind to the named interfaces and/or networks; you must use the

# ‘interfaces’ option above to use this.

# It is recommended that you enable this feature if your Samba machine is

# not protected by a firewall or is a firewall itself. However, this

# option cannot handle dynamic or non-broadcast interfaces correctly.

; bind interfaces only = yes




#### Debugging/Accounting ####


# This tells Samba to use a separate log file for each machine

# that connects

log file = /var/log/samba/log.%m


# Cap the size of the individual log files (in KiB).

max log size = 1000


# If you want Samba to only log through syslog then set the following

# parameter to ‘yes’.

# syslog only = no


# We want Samba to log a minimum amount of information to syslog. Everything

# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log

# through syslog you should set the following parameter to something higher.

syslog = 0


# Do something sensible when Samba crashes: mail the admin a backtrace

panic action = /usr/share/samba/panic-action %d



####### Authentication #######


# “security = user” is always a good idea. This will require a Unix account

# in this server for every user accessing the server. See

# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html

# in the samba-doc package for details.

# security = user


# You may wish to use password encryption. See the section on

# ‘encrypt passwords’ in the smb.conf(5) manpage before enabling.

encrypt passwords = true


# If you are using encrypted passwords, Samba will need to know what

# password database type you are using.

passdb backend = tdbsam


obey pam restrictions = yes


# This boolean parameter controls whether Samba attempts to sync the Unix

# password with the SMB password when the encrypted SMB password in the

# passdb is changed.

unix password sync = yes


# For Unix password sync to work on a Debian GNU/Linux system, the following

# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for

# sending the correct chat script for the passwd program in Debian Sarge).

passwd program = /usr/bin/passwd %u

passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .


# This boolean controls whether PAM will be used for password changes

# when requested by an SMB client instead of the program listed in

# ‘passwd program’. The default is ‘no’.

pam password change = yes


# This option controls how unsuccessful authentication attempts are mapped

# to anonymous connections

map to guest = bad user


########## Domains ###########


# Is this machine able to authenticate users. Both PDC and BDC

# must have this setting enabled. If you are the BDC you must

# change the ‘domain master’ setting to no

#

; domain logons = yes

#

# The following setting only takes effect if ‘domain logons’ is set

# It specifies the location of the user’s profile directory

# from the client point of view)

# The following required a [profiles] share to be setup on the

# samba server (see below)

; logon path = \%Nprofiles%U

# Another common choice is storing the profile in the user’s home directory

# (this is Samba’s default)

# logon path = \%N%Uprofile


# The following setting only takes effect if ‘domain logons’ is set

# It specifies the location of a user’s home directory (from the client

# point of view)

; logon drive = H:

# logon home = \%N%U


# The following setting only takes effect if ‘domain logons’ is set

# It specifies the script to run during logon. The script must be stored

# in the [netlogon] share

# NOTE: Must be store in ‘DOS’ file format convention

; logon script = logon.cmd


# This allows Unix users to be created on the domain controller via the SAMR

# RPC pipe. The example command creates a user account with a disabled Unix

# password; please adapt to your needs

; add user script = /usr/sbin/adduser –quiet –disabled-password –gecos “” %u


# This allows machine accounts to be created on the domain controller via the

# SAMR RPC pipe.

# The following assumes a “machines” group exists on the system

; add machine script = /usr/sbin/useradd -g machines -c “%u machine account” -d /var/lib/samba -s /bin/false %u


# This allows Unix groups to be created on the domain controller via the SAMR

# RPC pipe.

; add group script = /usr/sbin/addgroup –force-badname %g


########## Printing ##########


# If you want to automatically load your printer list rather

# than setting them up individually then you’ll need this

# load printers = yes


# lpr(ng) printing. You may wish to override the location of the

# printcap file

; printing = bsd

; printcap name = /etc/printcap


# CUPS printing. See also the cupsaddsmb(8) manpage in the

# cupsys-client package.

; printing = cups

; printcap name = cups


############ Misc ############


# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting

; include = /home/samba/etc/smb.conf.%m


# Most people will find that this option gives better performance.

# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html

# for details

# You may want to add the following on a Linux system:

# SO_RCVBUF=8192 SO_SNDBUF=8192

# socket options = TCP_NODELAY


# The following parameter is useful only if you have the linpopup package

# installed. The samba maintainer and the linpopup maintainer are

# working to ease installation and configuration of linpopup and samba.

; message command = /bin/sh -c ‘/usr/bin/linpopup “%f” “%m” %s; rm %s’ &


# Domain Master specifies Samba to be the Domain Master Browser. If this

# machine will be configured as a BDC (a secondary logon server), you

# must set this to ‘no’; otherwise, the default behavior is recommended.

# domain master = auto


# Some defaults for winbind (make sure you’re not using the ranges

# for something else.)

; idmap uid = 10000-20000

; idmap gid = 10000-20000

; template shell = /bin/bash


# The following was the default behaviour in sarge,

# but samba upstream reverted the default because it might induce

# performance issues in large organizations.

# See Debian bug #368251 for some of the consequences of *not*

# having this setting and smb.conf(5) for details.

; winbind enum groups = yes

; winbind enum users = yes


# Setup usershare options to enable non-root users to share folders

# with the net usershare command.


# Maximum number of usershare. 0 (default) means that usershare is disabled.

; usershare max shares = 100


# Allow users who’ve been granted usershare privileges to create

# public shares, not just authenticated ones

usershare allow guests = yes


#======================= Share Definitions =======================


[homes]

comment = Home Directories

browseable = no


# By default, the home directories are exported read-only. Change the

# next parameter to ‘no’ if you want to be able to write to them.

read only = yes


# File creation mask is set to 0700 for security reasons. If you want to

# create files with group=rw permissions, set next parameter to 0775.

create mask = 0700


# Directory creation mask is set to 0700 for security reasons. If you want to

# create dirs. with group=rw permissions, set next parameter to 0775.

directory mask = 0700


# By default, \serverusername shares can be connected to by anyone

# with access to the samba server.

# The following parameter makes sure that only “username” can connect

# to \serverusername

# This might need tweaking when using external authentication schemes

valid users = %S


# Un-comment the following and create the netlogon directory for Domain Logons

# (you need to configure Samba to act as a domain controller too.)

;[netlogon]

; comment = Network Logon Service

; path = /home/samba/netlogon

; guest ok = yes

; read only = yes


# Un-comment the following and create the profiles directory to store

# users profiles (see the “logon path” option above)

# (you need to configure Samba to act as a domain controller too.)

# The path below should be writable by all users so that their

# profile directory may be created the first time they log on

;[profiles]

; comment = Users profiles

; path = /home/samba/profiles

; guest ok = no

; browseable = no

; create mask = 0600

; directory mask = 0700


[printers]

comment = All Printers

browseable = no

path = /var/spool/samba

printable = yes

guest ok = no

read only = yes

create mask = 0700


# Windows clients look for this share name as a source of downloadable

# printer drivers

[print$]

comment = Printer Drivers

path = /var/lib/samba/printers

browseable = yes

read only = yes

guest ok = no

# Uncomment to allow remote administration of Windows print drivers.

# You may need to replace ‘lpadmin’ with the name of the group your

# admin users are members of.

# Please note that you also need to set appropriate Unix permissions

# to the drivers directory for these users to have write rights in it

; write list = root, @lpadmin


# A sample share for sharing your CD-ROM with others.

;[cdrom]

; comment = Samba server’s CD-ROM

; read only = yes

; locking = no

; path = /cdrom

; guest ok = yes


# The next two parameters show how to auto-mount a CD-ROM when the

# cdrom share is accesed. For this to work /etc/fstab must contain

# an entry like this:

#

# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0

#

# The CD-ROM gets unmounted automatically after the connection to the

#

# If you don’t want to use auto-mounting/unmounting make sure the CD

# is mounted on /cdrom

#

; preexec = /bin/mount /cdrom

; postexec = /bin/umount /cdrom
root@scientific:/etc/samba#
I am gonna Change the ####### Authentication ####### ….. I will just remove hash from
# security = user
Hopping everything is well. I will add share to an specific user :
adduser smbuser
addgroup smbuser smbshare //Remember already added sambashare group?
Now I run command:
service samba restart
Before testing we need to set password for smbuser:
smbpasswd -a smbuser
Seems everything is fine . Now time to check if it is working .
First time It did not work for me. So I had to edit few things:
###Not So Important, But I did ####
[homes]
comment = /home/smbuser/
browseable = yes
# By default, the home directories are exported read-only. Change the
# next parameter to ‘no’ if you want to be able to write to them.
read only = no #It was set to “YEST” , Test with “YES” Too
And few change made (With Security Risk):
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0775
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0775
Now let’s test:
1. Go to windows
2. Run explorer
3. type : \your_ipsmbuser ###smbuser==username
4. It will ask for username and password
5. Enter username and password and hit enter.
6. Done:
We must remember about samba security . It certainly will open two ports 445 and 139. Let’s run nmap command against the IP :

 :~$ nmap -v 192.168.78.140

Starting Nmap 6.00 ( http://nmap.org ) at 2013-02-16 02:28 EST
Initiating Ping Scan at 02:28
Scanning 192.168.78.140 [2 ports]
Completed Ping Scan at 02:28, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 02:28
Completed Parallel DNS resolution of 1 host. at 02:28, 0.00s elapsed
Initiating Connect Scan at 02:28
Scanning 192.168.78.140 [1000 ports]
Discovered open port 111/tcp on 192.168.78.140
Discovered open port 445/tcp on 192.168.78.140
Discovered open port 80/tcp on 192.168.78.140
Discovered open port 139/tcp on 192.168.78.140
Completed Connect Scan at 02:28, 0.03s elapsed (1000 total ports)
Nmap scan report for 192.168.78.140
Host is up (0.0013s latency).
Not shown: 996 closed ports
PORT    STATE SERVICE
80/tcp  open  http
111/tcp open  rpcbind
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Now it is time to think about samba security 🙂

–>

Installing vmware tools on Debian wheezy 7 !

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

If you are stuck with installing vmware tools on debian system then here the instruction and you can install vmware tools easily:

#i have installed Debian wheezy CD1. And i don’t see gcc and make tools already installed . So gonna install:

apt-get install gcc make

#We also need to install the kernel header:

apt-cache search linux-header 

#now installing linux-headers-3.2.0-4-amd64

apt-get install linux-headers-3.2.0-4-amd64

To be safety just run: apt-get update && apt-get install linux-headers-$(uname -r)

We are ready to go!

Now we right click on Debian system of vmware workstation(Left side) and click on “Install Vmware Tools”:

Note: I already installed the tools, so here you are seeing “Reinstall Vmware Tools” whereas it should be “Install Vmware Tools” .

It will pop-up to open in CD-ROM to mount it. Now just open the the location and copy to other location such as :

cd /media/vmware-tools; mkdir /home/scientific/vmtools

cp * /home/scientific/vmtools;tar xvf *

#time to install:

cd /home/scientific/vmware-tools-distrib 
perl *.pl

Now wait until and press Enter when it asks . When installation finished just reboot:

Hope it is helpful to someone !

vmware workstation 9 on Ubuntu 12.10

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

I tried to use Ubuntu 12.04 but seems it has a serious problem(Kernel) which freeze the Modern Laptop such as Dell xps 15 series. As a security related work we need to work for long time 1day-weeks without powering off the Laptop. Anyway, To solved the problem i installed the Ubuntu 12.10 which has kernel 3.5 and may have been fixed the issue . I tested it and it still no freezes whereas Ubuntu 12.04 freezes within 24 hours but Vmware Workstation get installed but there is a problem of kernel when you boot and start the vmware.

To solved this issue you you need to patch it which is found in vmware forum.

Do the following:

1. Download: http://communities.vmware.com/servlet/JiveServlet/download/2103172-94260/vmware9_kernel35_patch.tar.bz2

2. Extract: tar xvf vmware9_kernel35_patch.tar.bz2 .

3. root@best:~/Downloads# cd vmware9_kernel3.5_patch
root@best:~/Downloads/vmware9_kernel3.5_patch# ls
patch-modules_3.5.0.sh  vmware3.5.patch

4. nano patch-modules_3.5.0.sh &
rm /lib/modules/$(uname -r)/misc/vm*

5. You will see(Full bash shell) :  

#! /bin/bash
# VMWare Workstation/Player _host kernel modules_ patcher v0.6.2 by ©2010 Artem S. Tashkinov
# Updated for VMware 9 / VMplayer 5 on kernel 3.5
# Use at your own risk.

fpatch=vmware3.5.patch
vmreqver=9.0.0
plreqver=5.0.0


error()
{
    echo “$*. Exiting”
    exit
}

curdir=`pwd`
bdate=`date “+%F-%H:%M:%S”` || error “date utility didn’t quite work. Hm”
vmver=`vmware-installer -l 2>/dev/null | awk ‘/vmware-/{print $1substr($2,1,5)}’`
vmver=”${vmver#vmware-}”
basedir=/usr/lib/vmware/modules/source
ptoken=”$basedir/.patched”
bkupdir=”$basedir-$vmver-$bdate-backup”

unset product
[ -z “$vmver” ] && error “VMWare is not installed (properly) on this PC”
[ “$vmver” == “workstation$vmreqver” ] && product=”VMWare WorkStation”
[ “$vmver” == “player$plreqver” ] && product=”VMWare Player”
[ -z “$product” ] && error “Sorry, this script is only for VMWare WorkStation $vmreqver or VMWare Player $plreqver”


[ “`id -u`” != “0” ] && error “You must be root to run this script”
[ -f “$ptoken” ] && error “$ptoken found. You have already patched your sources”
[ ! -d “$basedir” ] && error “Source ‘$basedir’ directory not found, reinstall $product”
[ ! -f “$fpatch” ] && error “‘$fpatch’ not found. Please, copy it to the current ‘$curdir’ directory”

tmpdir=`mktemp -d` || exit 1
cp -an “$basedir” “$bkupdir” || exit 2

cd “$tmpdir” || exit 3
find “$basedir” -name “*.tar” -exec tar xf ‘{}’ ; || exit 4

patch -p1 < “$curdir/$fpatch” || exit 5
tar cf vmmon.tar vmmon-only || exit 6

cp -a *.tar “$basedir” || exit 20
rm -rf “$tmpdir” || exit 21
touch “$ptoken” || exit 22
cd “$curdir” || exit 23

vmware-modconfig –console –install-all

echo -e “n”
echo “All done, you can now run $product.”
echo “Modules sources backup can be found in the ‘$bkupdir’ directory”

Now delete the Unnecessary red colored code and re-execute. 

6.   reboot. 

Now Enjoy your visualization!

Perhaps they will release another version of workstation which will support those latest kernel(You may try).  

Update: Vmware 9.0.1-894247 Released and full support for Ubuntu 12.10 .