Linux Certification

‘When you are forwarding ports through a tunnel, either locally or remotely (i.e., with the -L or -R switches), you can modify the session real-time. The way that you do this is after you start the session, you press SHIFT + ` + c (The ` key also has a ~ in it, which is the actual keypress sent to the session). If it doesn’t work the first time, press ENTER a couple of times and try it again. Once you get the “ssh>” prompt, type “?” for the commands you can put in. Here’s an example session:

This week I want to share a configuration file that I’ve used for years and other people might find useful. My Linux setup at home, currently running Fedora, uses two cheap LCD screens from Hanns-G. The model name is HW191D, and while the image quality is fine, they’re a complete pain to get running in tandem using the DVI connectors. It isn’t inux to blame either, I’ve had the same problem getting them to work with OS X and Windows XP, and gave up with the over-protective Windows 7. The problem seems to be that the EDID data provided by the screens, when connected digitally, is inaccurate, giving the OS the false impression that they’re only capable of 1024×768 when they’re much happier at a native 1440×900.

There are few tools that can be used to compress LZMA (like P7ZIP archiver), but I chose [url=http://tukaani.org/lzma/[/url]LZMA Utils[/url] because it has a command line compatible with gzip and bzip2, so replacing them with LZMA is simple. The command is called lzma and produces .lzma files by default.

Comparison

First thing I used LZMA for was compressing my mail archive. The spam file (mail in mbox format) I chose is 528MB big and I will use maximum compression ratio. During compression the lzma process was 370MB big, that’s much bzip2 was below 7MB. It took almost 15 minutes to compress the file by lzma and less than 4 minutes by bzip2. Compression ration was very similar: output file is 373MB for bzip2 and 370MB for lzma. Decompression time is 1m12s for lzma and 1m48s for bzip2.

The exact specs of the wireless card, as listed by ‘lspci -v’ are:

0c:00.0 Network controller: Broadcom Corporation BCM94311MCG wlan mini-PCI (rev 01)
Subsystem: Dell Unknown device 0007
Flags: bus master, fast devsel, latency 0, IRQ 17
Memory at ecffc000 (32-bit, non-prefetchable) [size=16K]
Capabilities: [40] Power Management version 2
Capabilities: [58] Message Signalled Interrupts: Mask- 64bit- Queue=0/0 Enable-
Capabilities: [d0] Express Legacy Endpoint IRQ 0
Capabilities: [100] Advanced Error Reporting
Capabilities: [13c] Virtual Channel

That’s the bad boy that we’re going to get set up with wireless in this very article on an openSUSE 10.3 laptop. Let’s have a moment of silence.

While Conficker is not a new worm it has been getting much press lately. Even though Redmond released a patch late October it is estimated that 5 to 10 million PC have been infected. The industry has been aware of this worm for some time and has mounted a fairly impressive counter attack. Microsoft issued a 250K dollar bounty for developers of Conficker, major anti-virus vendors have added definitions for detection and removal of the worm, OpenDNS introduces a feature that aid sysadmins in detecting infected machines and today with the help of HoneyNet Project security researches discovered Conficker’s fingerprint which makes it possible for tool such as Nmap, Nessus to detect the worm remotely. This discovery come just in time as the latest variant of the worm “Conficker C” is programmed to lay dormant unlike the previous generations where identification of the worm was possible by monitoring outbound traffic.

If you are using a shared server, or just have a limited account on your company servers, you might not have access to your php configuration file php.ini (this is usually found under /etc/php.ini in rhel/centos and /etc/php5/apache2/php.ini in debian/ubuntu). Still, in many situations it might be needed to enable php errors in the browser so you can see what is the actual problem instead of an empty page (if the server has error reporting disabled as most production systems should have).

A mutation will cause Nikto to combine tests or attempt to guess values. These techniques may cause a tremendous amount of tests to be launched against the target. Use the reference number to specify the type, multiple may be combined.

1.

Test all files with all root directories. This takes each test and splits it into a list of files and directories. A scan list is then created by combining each file with each directory.
2.

Guess for password file names. Takes a list of common password file names (such as “passwd”, “pass”, “password”) and file extensions (”txt”, “pwd”, “bak”, etc.) and builds a list of files to check for.
3.

A mutation will cause Nikto to combine tests or attempt to guess values. These techniques may cause a tremendous amount of tests to be launched against the target. Use the reference number to specify the type, multiple may be combined.

1.

Test all files with all root directories. This takes each test and splits it into a list of files and directories. A scan list is then created by combining each file with each directory.
2.

Guess for password file names. Takes a list of common password file names (such as “passwd”, “pass”, “password”) and file extensions (”txt”, “pwd”, “bak”, etc.) and builds a list of files to check for.
3.

function pass_gen($len) { $pass = ”; srand((float) microtime() * 10000000); for ($i = 0; $i < $len; $i++) { $pass .= chr(rand(33, 126)); } return $pass; }

By default root account is locked under Ubuntu Linux. Therefore, you cannot login as root or use ’su -’ command to become a superuser. To run all administrative command use sudo command. sudo allows a permitted user to execute a command as the superuser or another user. Ubuntu setup your default account (the one created during installation) to run all administrative commands.

For example create a new user called bar, you need to type sudo command as follows:
$ sudo adduser bar
Password:

When sudo asks for a password, you need to supply YOUR OWN password. In other words a root password is not needed. Here are few more examples.