Sunday, February 22, 2009
HAM RADIO - New Technologies, Same Fundamental Principals
Thumbing through an FCC self-study guide I recognized similar test questions that appeared on the Amateur Radio Technician test I took in 2004. Questions covered were over electronics theory, radio wave propagation, FCC rules/regulations, and antenna design. Amazingly the information was just as relevant today as it was 20-40 years back.
I started reading an Amateur Radio Novice examination book and found the electronics theory sections to be very well written and easily understood. It was literally a sense of nostalgia reading dated material on the Novice license which is now obsolete. I found the illustrations and electronics explanations to be very enlightening. This is coming from someone who has read countless electronics books (GE, ARRL, IEEE, DOD, Naval, and Air Force manuals). I concluded that this book was written for readers with little to no electronics background. In other words, the material was presented in a way to educate inexperienced readers on electronic ideas - the likes of which they had never seen or heard of. I'm talking about foundational information.
Here's an interesting observation: one magazine booklet (CQ Magazine) had articles that were relevant to today's HAMS. For example, I read of a California HAM who received a permit to erect a 50 foot tower, but the city later recanted it after a majority of the community opposed the permit. Turning to today's headlines, last month's QST magazine (printed by the ARRL) ran an article covering a HAM who had received a tower erection permit that was later recanted after neighbors complained. The ARRL was planning to provide legal and financial services to fight the city.
Another article I read, and that hit closer to home, was on the playing of chess over the radio (73 Magazine). I had written about radio chess over on QRZ.COM and even supplied rules that I had collected from yet another HAM a few years back. It was refreshing to see that my ideas were shared by HAMS whom I consider to be pioneers of radio.
And for my final example, there was of course a two-page spread (CQ Magazine) detailing how a heroic HAM assisted in locating and medivacing a sick person from another country. This ties in with a recently well-publicised story of a mountain hiker who had fallen and broken his leg. Luckily the hiker was a HAM who had his QRP rig with him. He used Morse code to contact another HAM and request help. This other HAM was located in another state and relayed information between the injured HAM and the rescue teams.
I guess what I am trying to convey is that when you become a HAM it's like being inducted into a prestigious group filled with brilliant men, women, and even children who share in the same successes, frustrations, insights, and nostalgia of everything that is encompassed by HAM radio. This happens because the foundation of the group is based on rock-solid laws and theories in electronics. So while the equipment and components mature (or shrink for that matter) over time, the understanding and knowledge to use, make, and understand them will always stay the same.
Deion "Mule" Christopher
Saturday, January 31, 2009
Become a Linux Server Wizard Part 3
The next morning I remoted into my web server and checked the logs. A remote scanner found my port 22 responding, and there were hundreds of failed login attempts. This is a good point to stress the importance of VERY STRONG PASSWORDS!
The sshdfilter was not running as I suspected. It was one of those things that was on my to-do list, but oddly enough other projects kept jumping ahead of it.
This experience had me thinking up various ways of truly protecting my Linux system from unauthorized users. That's when I remembered an article I read a while back in a Linux magazine. The topic was how to secure a system with port knocking. The idea of port knocking was to have predefined ports turned off as an initial state. The client wishing to access a certain closed port would first send a single TCP or UDP packet to various other ports in a specific sequence. Correct "knocks" would open the needed port for access. When through, the client would send another set of "knocks" to close the port down. Port knocking essentially hides ports from scanners, since the ports are actually closed, yet are assessable to clients when needed.
After a quick Google search I found knockd. Its command page looked easy enough to figure out, so I decided to give it a try.
We will begin this project by resuming our work from the Linux System we have used in Parts 1 and 2 of 'Become a Linux Server Wizard':
- Type urpmi sshd knock to install openssh and the knockd port knocking package
- Type cp /etc/knockd.conf /etc/knockd.conf_original to save a copy of the original knockd config file in case we want to use it at a later date
- Type vi /etc/knockd.conf to edit the config file in vi
- Under the [options] heading you should type interface =
. I typed interface = eth1 because that is the network interface that my virtual Linux system uses. I believe that If my system had used eth0 the knockd dameon would have worked without the need for the interface line - Under [openSSH] you need to change the three sets of numbers on the sequence line. Leaving the number sets as they are would leave your system vulnerable to attack. I set my seq_timeout = line to 10. On the command = line you need to delete the iptables entry and then type /usr/sbin/sshd to bypass the whole iptables modifications. This command will start the sshd daemon for you to ssh into your system remotely
- Under [closeSSH] you need to change the three sets of numbers on the sequence line. Again you do not want to leave your system vulnerable to attack. I set this seq_timeout = line to 10 also. On the command = line you need to delete the iptables entry and then type /usr/bin/killall -9 sshd to once again bypass the iptables modifications. This will kill the sshd daemon to close the ssh port down
- Press the [Esc] key followed by the [ Shift + : + wq ] and press Enter to save your changes and exit the vi editor
- Type service sshd stop to ensure that sshd isn't running
- Type chkconfig sshd off to keep sshd from running at boot
- Type chkconfig --add knockd to run the knockd daemon as a service on boot
- Type chkconfig --level 2345 knockd on to change the runlevel of the knockd daemon
You are now done with setting up and configuring port knocking on your Linux system. The next step in the project is to install and use a client to "knock" on your predefined ports and then ssh into your system remotely.
- Download your proper OS port knocking client from: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
- In this instance I used a Windows Vista machine to test my port knocking, so I downloaded the Win32 client software.
- I clicked on the START button, typed CMD in the search line and hit Enter
- I used the CD command to traverse the folder structure to where the knock.exe file was located
- I typed knock.exe
3000 7100 7500 - I disconnected Putty and in the DOS window I typed knock.exe
7700 3500 7150 - I performed the last two steps again to verify that port knocking was working properly
Deion "Mule" Christopher
Sunday, January 18, 2009
Become a Linux Server Wizard Part 2
It took me a couple of days to work out a game plan for this owner. My goals were to have a system in place that would allow automatic account updates to PetFinder. The shelter needed an easy to learn GUI for employees at each branch to use (uniformity is a good thing with data management). The shelter needed a reliable database backend that allowed simultaneous database access for both the primary shelter and its branch offices. This project obviously needed redundancy with an automated backup scheme. Because animal shelters run on donations (money and equipment) they tend to rely on poor machines. By poor quailty I mean the workstations and server would be low-end systems with faulty hardware that the origninal owner replaced with a new unit.
Linux was the operating system of choice for cost reasons. Since I would be using Linux I figured MySQL was the database to use because it met the requirement of simultaneous client access.
I must confess that I already had a front-end in mind when I started planning the project. At my former job I researched Animal Control software for a police department. That research turned me onto Animal Shelter Manager which I knew would fit the GUI requirement.
The last requirement was a redundancy scheme. Again I was in luck with my choices of Linux for the operating system and MySQL for the database. With a couple of scripts I could easily perform a nightly backup of the database and store extra copies off site for further protection.
All that was left was to work out how to tie all of this together into a seamless package. I read most of the entries on the ASM forum and found that quite a lot people were having issues with setting their systems up for remote client access - so much so that on practically every thread there was one or more postings offering to host sites for a fee. My thought was if these money-hungry buggers were able to setup remote client access then by golly I would figure it out too!
Three days later I had a Linux server running MySQL and a fully functioning Animal Shelter Manager database with three remote users accessing the data.
Using the Linux System I created from my last posting (ProFTPd server), here's how I completed this project:
Log into your Linux system as root and Type urpmi mysql to install Mysql on your system
Type vi /etc/my.cnf at the command prompt to open my.cnf in vi for editing
Type /skip to search for the string skip networking. If it isn't on the first result then type n for the next instance of the word
Press the [Shift+I] keys or the Insert key on your keyboard, and with the cursor in front of the words skip networking, place a # sign (Shift+3 keys) in front of it. The # comments out the instruction
Press the [Shift+:] key to leave Editing mode, and then type wq then hit Enter to write your changes and exit out of vi
Type service mysqld restart to restart mysql with the new change you made to my.cnf (you are now allowing network access to MySQL)
Type mysql at command prompt to enter into MySQL> so you can enter SQL commands
Type SET PASSWORD FOR root@localhost=PASSWORD('rubberchicken'); to set a MySQL password for the root user - place your prefered password in place of rubberchicken (DON'T LOSE THIS PASSWORD! Resetting it is an option, but it's a darn lenghty process to do)
Type create database asm; to create a database for the Animal Shelter Manager data
Type quit; to exit the mysql command prompt
At this point you could type mysql -u root -p and type at the prompt the pssword you replaced rubberchicken with in the command above to test it out. You can type quit; to leave MySQL
Type mkdir /var/src to create a folder to store your tar files in.
Type cd /var/src to move into the new directory
Type urpmi lynx to install a text-only web browser. We will use this to download the ASM package to your system
Type lynx http://downloads.sourceforge.net/sheltermanager/sheltermanager-2.3.5_i386_linux.tar.gz
Hit D for download, press the down arrow to highlight Save to Disk, hit enter to save the file to disk, and hit enter again to save the file with its default file name.
Type tar -xzf shetlermanager-2.3.5_i386_linux.tar.gz to untar and uncompress the downloaded file in the current folder (/var/src)
Type cd /var/src/asm/data/sql and press Enter to move into the sql folder
Type at the (NORMAL) command prompt mysql -u root -p asm '<'mysql.sql and press the Enter key. You must type in your MySQL password when prompted. This command will populate your previously created asm database with the necessary tables and fields from the mysql.sql file
Type mysql -u root -p and password when prompted, and then type grant all privileges on asm.* to 'ferdenand'@'%' identified by 'royal1'; and hit Enter to allow remote access to the asm database from this particular user. Be sure you replace ferdenand with whatever username you like and also chance royal1 to an appropriate password for that user. Repeat the grant statement with other users and passwords if you wish for branch offices. Also note that this username/password combo is only for remotely connecting to the asm database. the asm software that will be installed on the client machines will require unique username/password combos for access for each user at each shelter site.
Next step is to create the redundancy segment of the project. We are going to rely again on sourceforge for the answer:
Type cd /var/src to move into the new directory
Type lynx http://downloads.sourceforge.net/automysqlbackup/automysqlbackup.sh.2.5
Hit D for download, press the down arrow to highlight Save to Disk, hit Enter to save the file to disk, and hit Enter again to save the file with its default file name.
Type chmod +x automysqlbackup.sh.2.5 to make the file executable
Type mv automysqlbackup.sh.2.5 /etc/cron.daily where it will be ran automatically each day
Type vi /etc/cron.daily/automysqlbackup.sh.2.5 to edit the file
Edit (at least) the following lines:
USERNAME=root (The user must have at least select privileges to the databases)
PASSWORD=yourrootpassword
DBNAMES="asm"
BACKUPDIR="/mnt/automysqlbackup"
Save the changes and exit the editor
Type mkdir /mnt/automysqlbackup to create the archive folder for your daily, weekly, and monthly database backups
You are done, at least as far as the server installation portion goes. The next part of this project is to install the ShelterManager software on a remote machine. Here's what you need to do:
Download the ShelteManager software for your operating system (I will assume this will be on a Windows OS machine)Install the ShelterManager software
Double-click the Animal Shelter Icon on the desktop to start the program
Choose English at the first window (if that is your preference)
Choose MySQL as the database
Type the IP address of your Linux system in the host field
Type asm for the database name
Type ferdenand for the user and royal1 for the password
OK, at this point a lot of people have issues with not being able to connect to the remote MySQL server. Here is the sollution I found through trial & error:
Click Cancel on the database window. This will bypass the remote MySQL access and instead set you up to use localhost.
When the second window pops up asking you to log into Shelter Manager, simply close the window to get out of the software.
Do a search for a jdbc.properties file and edit it in notepad
Delete the entire JDBCURL line and replace it with the following:
JDBCURL=jdbc:mysql://yourLinuxSystemIPaddress/asm?user=ferdenand&password=royal1&characterEncoding=UTF8
Save the file and restart the ShelterManager software. Hopefully all will go well and you will receive a login screen.
Type user for the usernameType letmein for the password
As a final verification you can hover your mouse pointer over the middle icon in the bottom right corner of the window - the icon looks like two stacks of gold coins. A bubble should pop up showing mailto:MySQL@yourLinuxsystem.
Deion "Mule" Christopher
Saturday, January 17, 2009
Become a Linux Server Wizard
So tonight I was thinking about what to write about, or what could I do to help others with the Linux operating system. It struck me immediately. Why not demonstrate how to set up a Linux system on which a person can build a server, test it out, and add other servers to it!
My first attempt went pretty well, but you can be the judge. The Linux system I suggest doesn't have a GUI - everything is command line. The servers are installed in random order to eliminate any type of "cookie-cutter" configuration. However, we will be basing a lot of configurations off of such a "cookie-cutter" system (http://www.howtoforge.org/perfect-server-mandriva-2009.0-x86_64).
Our first project is to set up a Linux system and build an FTP server on it. I am using VMware on a Windows Vista system because I have no spare machines at the moment. This system, as I stated earlier, will have no GUI. We will do everything "command-style" to ensure a better understanding of the Linux system.
Let's begin!
1. Download mandriva-linux-free-2009-dual-arch.iso (Google for it)
2. Continue the installation, but follow the screenshots I am providing:
3. Uncheck all package group selections and hit next
4. Accept the default of "With basic documentation (recommended!)". Be sure you choose normal security or you will run into trouble later on as we progress through upcoming projects!
5. urpmi drakxtools to ease administration of the server using the commandline
6. urpmi mlocate to ease administration when searching for files using the commandline7. updatdb to build index of files on system for the locate command to use
8. vi /etc/cron.daily/software_update to create a script to update and auto install updates daily
9. Type and save
- #!/bin/bash on the first line
- urpmi.update on the second line
- updatesurpmi --auto --update --auto-select on the third line
11. vi /etc/proftpd.conf to configure the ftp server
12. Change ServerName "Your Servers Name or whatever you want it to say"
13. Uncomment DefaultRoot ~
14. Add IdentLookups off
15. Add ServerIdent on "FTP Server Ready."
16. Comment out all of the Bar Use Site CHMOD by default entries
17. service proftpd restart
18. Use your prefered ftp program and connect to your new ftp server using the username and password that you used when installing the server
19. Create a new folder and copy a file into it
20. Traverse into the users home directory and verify the folder and file are there
21. Delete the folder and file
22. Disconnect your ftp program.
Deion "Mule" Christopher
Thursday, January 8, 2009
So Am I Infected Or Aren't I Infected?!
WHAT A BOGUS LOAD OF MISLEADING RUBBISH!
Seriously folks, how do people fall for this stuff? It took me a full hour to disinfect the machine of this "Spyware Guard" nonsense.
A NOTE: Geek Squad and hokey computer stores charge way too much to disinfect machines and oftentimes leaves infection remnants behind that leads to easier infections down the road. The worst of the worst "Computer Geeks" scare people into believing that the only true way to clean their uncleanable machine is to format/reinstall which adds more money to their pocket.
DON'T BE A VICTIM!!
Here's the steps I took to clean the machine. Most of these were best results through trial & error that I found by disinfecting other workstations from the likes of this and the ever-revised "Antivirus 2008 - XP - 2009" infections.
- Use a thumb drive to transfer onto the machine's C:\ drive a program called "COMBOFIX.EXE" from www.bleepingcomputer.com/combofix/how-to-use-combofix
- Rename the file to d.exe or similar. Don't bother trying to run the program - the infected machine's resources are being hogged and some of these nasties are smart enough to block the program from running at all
- Run "msconfig" - START > Run > msconfig and hit ENTER
- Click on the "Startup" tab and search for any entries for Spyware Guard or the like and untick its block to keep it from running at startup (this won't actually stop it from running. It gives you a slim window to do step 6 below - remember you ARE INFECTED!)
- Reboot the machine
- As SOON as you are able click on START > RUN and type as fast as you can C:\d.exe (or whatever you renamed COMBOFIX.EXE)
- If you are quick (and lucky) Combofix will start and after a long, long wait it will ask for permission to reboot because rootkits have been found
- Let Combofix reboot your machine and wait a long, very long time as files are deleted
- Once Combofix is completed you can move to step 10. If your desktop isn't showing you can reboot your machine or you can hit CTL+ALT+DEL and open Taskmanager. Click on FILE > New Task and type C:\Windows\explorer.exe to run
- YOU ARE STILL INFECTED - I repeat YOU ARE STILL INFECTED - Continue on
- Get on the Web and Google for MALWAREBYTES over at malwarebytes.org
- Download mbam.exe from the site. Install it and allow it to update and run
- Choose to do a thorough search and and allow it to remove the rest of the nastiness
- Delete your renamed Combofix.exe from the machine
Your machine is now clean...
Deion "Mule" Christopher
Sound in space?
A HAM can say that he or she knows about using radio telescopes because it is a topic we study before taking our FCC test. Knowing about something oftentimes means that one doesn't truly know how to do it. Thus, I am left with the understanding, but lack the application.
So what do I need to do to overcome this hurdle and to accomplish my HAM goal? Well, for starters I need to research the topic thoroughly. Then comes the feasibility of acquiring the material. Ultimately I have to step out of my comfort zone and attempt the darn project...
Deion "Mule" Christopher
Tuesday, January 6, 2009
Dare I Say I Tried It?
I now have a Twitter name; I don't have any Twitter buddies.
I am using my newly created Blog; I haven't even posted a new message yet (yet).
I now have a very weird persona inside Second Life; I did chat with a Vampires once - I stumbled onto her Vampire virtual game thingy-ma-jig.
So what's next for Mule? Will I delve deeper into that "Web2.0" world that I have been reading (just) blurbs about?
Right now all of this is making my head spin - I mean what exactly does Twitter and Second Life accomplish?!
Hey, at least a Blog lets you dump your thoughts and ideas somewhere to later be reread and laughed at...
Deion "Mule" Christopher