Random Linux

Install and run ClamAV

January 13, 2012 | Author: Chris

ClamAV is a popular malware scanner that can help to find malware on your accounts. You are able to find more information about that at the following link:

http://clamav.net

This software has many built in definitions that will find *most* of the malicious files under your accounts. It can find many shells, phishing sites and other malware. We won’t be able to cover all of the different options available in ClamAV in this article, but we will cover the parts that you will need to initially locate the malware so that it an be removed.

To install that, all you will need to do is run the following command.

If you are on a RedHat based OS, such as CentOS, you can install it with

yum install clamav

If you are using debian, you can use

apt-get install clamav

Once that is installed, you will want to run the freshclam command so that the definitions are updated to the most recent.

root@server [/home/user]# freshclam
ClamAV update process started at Thu Jan 12 04:41:48 2012
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 14300, sigs: 70715, f-level: 63, builder: guitar)
bytecode.cvd is up to date (version: 160, sigs: 38, f-level: 63, builder: edwin)

Then, you can use the clamscan command to run the scan. You will also want to use a couple of flags to only show the infected files, to search recursively, and to log your findings to a log file. The i limits the output to only infected files, the r flag means to recurse through the directoies and the l flag with a file name will log the scan to that file.

root@server [/home/user/public_html]# clamscan -ir -l log.txt

———– SCAN SUMMARY ———–
Known viruses: 1113857
Engine version: 0.97.3
Scanned directories: 139
Scanned files: 1602
Infected files: 0
Data scanned: 29.30 MB
Data read: 15.53 MB (ratio 1.89:1)
Time: 6.608 sec (0 m 6 s)

If a malicious file is found, it will show the path to the file and why it was flagged.

root@server [/home/user/public_html]# clamscan -ir -l log.txt
/home/user/public_html/thing.php: PHP.Shell-38 FOUND

———– SCAN SUMMARY ———–
Known viruses: 1113857
Engine version: 0.97.3
Scanned directories: 2412
Scanned files: 20511
Infected files: 1
Data scanned: 354.85 MB
Data read: 832.57 MB (ratio 0.43:1)
Time: 102.922 sec (1 m 42 s)

The output of the scan will also be logged to a file called log.txt if you run the command as it is in the example. You can then get the timestamps from that file and find the source, remove the file and patch the problem.

Fix iBooks after jailbreaking iOS 5.0.1

January 2, 2012 | Author: Chris

A lot of people have used the recent jailbreak tool RedSn0w to unlock their devices. Most have found that this is causing iBooks to no longer open or crash when opening after the jailbreak is done. Thanks Apple. Luckily, some tools have been created to fix this, however not everyone is getting the results they want with it. The issue with the tools looks to be that they are not fixing the permissions correctly when the iBooks files are moved to /var/stash. We found that with an extra step, you can get that working correctly.

First off, you will want to download SBSettings for the BigBoss repo. This repo have came installed with Cydia, so you shouldn’t need to add anything new. Once SBSettings is installed, your device should respring and take you back to the lockscreen.

Now, you will want to install iBooks by using the iBooks Fix for iOS 5 app found in the xsellize repo. To add this, you will need to go to Cydia > Sources > edit > add, then add http://cydia.xsellize.com/. You will get a warning and can just click ok. You can then search for iBooks fix for iOS 5 and install it. Once it has finished installing, it should respring once more.

Now, you should be back at your lockscreen once more. You will now want to go into the SBSettings app, then to System options, which is towards the bottom. Once you are there, just click the “fix user dir permissions.”. It will then fix the permissions of all your files. Your device should respring one more time.

Now, you should be able to open up and use iBooks without a problem. Let us know if this works for you in the comments!

Free Wifi tether with LG Vortex and Optimus One with out root

January 2, 2012 | Author: Johnny

This article may be considered way late in the game being that the LG Vortex was release November of 2010 and the Optimus One quite a bit before that, but for those of you who are not a keeping up with the jones’ kinda person, have wanted to use your phone for wifi access but don’t want to commit to the additional charge or rooting your phone the following walk through is for you.

This old bug came back to me when I was out and wanted to get online to make some updates but didn’t want to do it through a touch screen, I figured the bug that this relies on had long since been fixed but as of writing this I know it is definitely still present on the LG Vortex and have been given mixed responses on whether it is still present on the Optimus.

The bug is in how they handle the enabling and disabling of the wifi hotspot in the phones software. The issue is the wifi hotspot application has a few things that is does to let your carrier know that it’s on and to tell them when your using your phone as a hotspot or not. This is a feature you would normally have to have called or sign up for with them explicitly, but with the bug in quick settings this is all gone.

Ok, enough of the past and to the important part that you really want from all of this.

Step One: Goto your phones settings, select “Wireless & Network Settings”

Step Two: Select 3G Mobil Hotspot, Enable 3g Mobil Hotspot (It’s going to tell you that you need to have their service blah blah blah, you can just click ok, it will not be added to your bill automatically or any thing like that.) Once it is enabled you can click “3G Mobile Hotspot Settings” to configure your security password and HotSpot name. Once you have configured this information you can turn the hotspot back off. ( You can short change this entire process if you get a quick settings application but this should do for you just as well.

Step Three: Download any hotspot quick set widget, I use “Hotspot Widget” just cause its small.

Step Four: Add the widget to one of your desktops

Step Five: Click the widget to turn it on, after if is lit green, connect to your phone with your computer, you should now be all set to go.

Last notes: It is possible that this has been patched in later release phones that do not use Android 2.2 Froyo, like I Said I did get mixed reports on functionality on Optimus One. If you get a page telling you to register or add wifi hotspot services to your plan then they patched it as that forwarder is in the phone software it self. If you get a blank page there is probably an issue with connection or the dns resolvers that are being accessed.

Iptables Firewall Basics

January 2, 2012 | Author: Johnny

This article is aimed at providing the basics to using iptables as a fire wall for your personal home or production server, we won’t be covering every thing here but what we will be covering will give you enough information to demystify their man pages and get you going.

Firstly, the firewall and how it behaves is base events depending on if packet traffic is incoming, out bounding, or passing through. Basically, any time some one is sending a packet to your server it is incoming, any time your server sends a packet to another computer it is out bounding and in the case where you server is acting as a gateway or proxy to another machine on your network it is forwarding. These events that are triggered in this process are INPUT, OUTPUT, and FORWARD respectively.

Now for each of these chains you may have rules that determine how this traffic will be handled and every time a packet is sent or received it checks the corresponding chain for what is called a rule. A rule can be comprise of many different flag being triggered based on a number of criteria such as the ip the traffic is coming from or going to, the port the connection is coming from/going to, you can even filter traffic based on any text that the packet may contain, known as string blocking.All rules are read by iptables top to bottom, so any rule that is matched will be how the traffic is handled, if no rule is triggered then the handling based on the over all chain will determine how the traffic is handled. Based on any of that criteria you are going to tell iptables what to do with the traffic, this is signified by telling it one of the following modes.

ACCEPT – Accepts the packet and sends it to its destination.

DENY/REJECT - Will stop the packet and send a response back to the machine that initiated contact telling it that it is not accepting connections from them.

DROP – Will drop the packet altogether and send no response to the machine that initiated contact.

RETURN – Accepts the packet and and sends it to the target where there the packet is handled how ever it decides to. Use of this function will not be discussed in this article.

QUEUE – Sends the packet into the system queue in user space where it will be processed, queuing will ultimately be determined by the kernel you are running and what it’s method of queuing is, this is beyond the scope of this article.

Let’s say we just want to block one ip from accessing the server, this can be done simply with the following.

iptables -A INPUT -s 111.222.333.444 -j DROP

In this example the we are telling iptables to append our rule to the INPUT chain, -s is the source address we are wanting to block and DROP is how we would like the packet to be handled. -j is how we pass the action that we would like to taken.

There might be times you only want to block access to a specific port or service on the server, in cases like this you can use the –destination-port flag, you can either use the service name or the port when using destination port, for example FTP or 21. In the following example we will also be providing the protocol that is being used to send the packets. At the base level of communication you will have TCP and UDP, ICMP, etc , since FTP establishes it’s primary connection with TCP we will use -p to set the protocol to TCP, you can leave that portion out which should block all protocol connections on port 21.

iptables -A INPUT -s 111.222.333.444 -p tcp –destination-port 21 -j DROP

If you would like to prevent all access to FTP except for specific IPs you can use the same command with out a source address to block all traffic.

iptables -A INPUT -p tcp –destination-port 21 -j DROP

now to let IPs you want to access FTP you would use the following.

iptables -I INPUT -s 222.333.444.555 -p tcp –destination-port 21 -j ACCEPT

and if you wanted all of your internal network to still be able to reach FTP you would use.

iptables -I INPUT -s 192.168.0.0/24 -p tcp –destination-port 21 -j ACCEPT

Now I know what your thinking to your self, “Whoa, hold on here a minute. Just a second ago we were using -A to append the rules to the end of the chain, where did this -i jazz come from and why are we using it.”. I suppose I should have covered that earlier on, as said earlier -A will append your rules to the end of your chain, -I is used to insert rules into a specific location into your chain. In the last examples we used -I with out any thing which will default to adding the rule to the top of the chain. In this case ipchains needs to know what traffic we will accept to the port first any traffic not matching that will be blocked, you can put the rule some where else by providing w rule number. Such as

iptables -I 3 INPUT -s 111.222.333.444 -j DROP

In addition to appending and inserting you can also replace, delete, and flush rules. Replace and Delete are used in same fashion that insert is, by providing the rule number you would like to replace, delete. Flush will flush all of the rules from a specified chain, if no chain is provided it will effectively flush the rules from all of your chains. Their usage is as follows.

iptables -R 3 INPUT -s 222.333.444 -j REJECT

With the delete flag you can simply provide the rule number you want to delete or you can write out the rule in full. *Note tracking down the rule number and removing it that way is easier then writing out the full rule because it will have to match exactly what is in the fire wall. To determine what rule number you are wanting to remove you can use -L to list all rules in the chain, you will follow it with either INPUT, OUTPUT, FORWARD.

iptable -L INPUT -v –line-numbers

Then use iptables to remove the rule.

iptables -D 4

Maybe for security reasons you would like your server to not communicate with other servers on common ports, one which can be commonly abused the SMTP.

iptables -A OUTPUT –dport 25 -j DROP

You can also keep your server from trying to communicate to a specific address using -d, or –destination

iptables -A OUTPUT -d 111.222.333.444 -j DROP

The following is a recap of the flags that we used and their usage.

-I NUM, inserts a rule into the chain at a provided rule number or at the top of the chain if no number is provided.
-A, appends a rule to the end of a given chain.
-D NUM, will deleted the rule at the given chain number.
-F CHAIN, will flush the given chain (INPUT,OUTPUT,FORWARD)
-s, is the source ip, or the ip that is trying to communicate with the server.
-d, is the destination ip address
–destination-port/–dport NUM, is the destination port which is being communicated to.

I hope this article is useful in some way to you, in the oncoming month we will be writing an article which covers more advanced usage and rules.

Check out our IP locator

December 15, 2011 | Author: Chris

New addition to the site! Find the country, city, state and ISP of any IP address. Check it out here:

RandomLinux.com IP lookup

Script to remove all drafts from WordPress

November 4, 2011 | Author: Chris

If you use a RSS feed aggregator for wordpress, you could end up with quite a few drafts that you will never use and need to remove. There are plugins for WordPress that will take care of this issue for you, however from my experience, they tend to be slow and can time out.

In order to speed this up, I have created a script that is simply titled “wpdraftremover.” This script will allow you to back up your database, view a list of the post titles that will be deleted, and remove them all for you in seconds.

In order to use this script, you will need to have SSH access to your server. Then, from the same folder as your wp-config.php file, you will want to run the following command:

bash <(GET randomlinux.com/wpdraftremover)

That will allow you to run the script without having to save the file. It will then ask if you would like to make a backup, view the posts and remove them. Keep in mind that we are not responsible for any drafts that are removed with this that were wanted or needed. Check the list before removing anything!

Any feedback is welcome! Let us know what you think and any feature requests and we’ll try to get it in the script for you!

Zip a file or folder in Linux

October 23, 2011 | Author: Chris

To zip particular files, you can use the following:

zip yourarchive.zip file1 file2 file3

To zip full directories recursively, you will add the -r flag.

zip -r nameofyourarchive.zip folder

That will zip everything everything that is in the folder that you choose, including any other folders that are inside of it.

Know of other ways to zip up files? Let us know in the comments!

Bash script to remove unused WordPress tags

October 11, 2011 | Author: Chris

If you use an autotagging plugin in WordPress and you remove some posts, you may have tags left over in your database that are no longer being used. Since I’ve had that problem and couldn’t find a plugin to do what I wanted, I decided to write a script to remove those. You can see the source of this at http://randomlinux.com/tagremover.

To use this, you will need to ssh into your server and run the following command in the same directory as your wp-config.php file.

wget http://randomlinux.com/tagremover && sh tagremover

That will run the file, show your unused tags and prompt you to delete them. Keep in mind that this has only been tested on a few sites, so your results are not guaranteed and I am not responsible for anything that happens. Be sure to take a backup of your database, just in case. Come to think of it, I’ll make it do that automatically in the next update

We would love feedback on the script, as well as anything that would be beneficial to you that could be added!

Configure history to show the time and date

October 11, 2011 | Author: Chris

Normally by default, your history will show just the number of the command that was run and the command.

root@server [~]# history | head
10 top
11 df -h
12 hostname -i

There are many times that you will want the time and date as well though, such as for server auditing and security reasons. To enable this, you will need to export HISTTIMEFORMAT.

root@server [~]# export HISTTIMEFORMAT=’%F %T ‘

This will enable the time stamps as well in your history. Now, when you run the history command, you will get something that looks like the following.

root@server [~]# history | head
10 2011-10-11 12:03:26 top
11 2011-10-11 12:03:29 df -h
12 2011-10-11 12:03:35 hostname -i

Let us know how you have your history set up in the comments!

Find out how much memory is used and available on your Linux computer

September 20, 2011 | Author: Chris

To see the amount of memory that is free on your computer, you can use the free command. This will show you the amount of memory that you have total, as well as how much is being used. Using the free command with no flags will show you the amount in bytes.

[~]# free
total used free shared buffers cached
Mem: 2097152 473032 1624120 0 0 0
-/+ buffers/cache: 473032 1624120
Swap: 0 0 0

Using the -m flag will show you the amount in MB.

[~]# free -m
total used free shared buffers cached
Mem: 2048 463 1584 0 0 0
-/+ buffers/cache: 463 1584
Swap: 0 0 0

Know of more ways to find your memory usage or other ways to use free? Let us know in the comments!