Virii suck, I just though I’d throw that out there. They cost the world billions of dollars a year and keep people like you and me up at night. I wish I had the final solution for you but I don’t, however, I do have a list of applications/tools/services that I use to keep my computers running virus and spyware free.
Desktop Antivirus / AntiSpyware
At work my company has standardized on NOD32 from ESET. I had never herd of the company until I started at my current position about a year and a half ago and now, I rarely use anything but NOD32. They have a couple of editions but I’m only familiar with ESET NOD32 AV v2.6 and v3.0. So far I have not had a single problem with virii or spyware (except for a few hacking/cracking tools that I use on occasion).
If I’m not using or recommending NOD32 for home / client computers I go with AVG. AVG AntiVirus 8.0, the newest version from AVG covers pretty much everything you would need from an AntiVirus / AntiSpyware software suite. They even have a free edition that can be found here for home computers that only need basic protection. If your on a budget, AVG Free Edition is for you. Again, so far, with my use of AVG Antivirus, I have not had a single problem.
Safe Internet Browsing
This is a huge deal when it comes to keeping your computer safe. Sometimes it doesn’t involve any software at all. Just some intelligence and PG13 level surfing (no porn or online gambling allowed!!). However, because of my ADHD and endless appetite for information, even I run across some potentially bad websites.
To combat this I use OpenDNS. I’ve done a blog post on them a while back. Search at the right if you are interested but I’ll cover a few points to OpenDNS here. First of all, OpenDNS is cool. Second, OpenDNS is free. Now that I got those two things out of the way, I’ll explain it a bit. OpenDNS is a free DNS service that you point your network DNS servers, clients, etc towards and you instantly get a bit better service. If you go to the website and create an account and then register your IP address there, you can have settings specified that would prevent people from surfing websites that fall within a specific category. Below is what I have mine set to.
The moderate setting includes blocking of Adaware, Alochol, Dating, Drugs, Gambling, Hate/Discrimination, Weapons, Tasteless, Lingerie/Bikini, Proxy/Anonymizer, Sexuality, Nudity, Pornography, and Phishing. The last one is especially cool because it uses the phishing database PhishTank, which is THE defacto standard in phishing databases…well at least I believe so.
Desktop and Network Firewalls
As much as I should use a desktop firewall, I don’t. It hinders my ability to do network scans, attach to different networks, open up shares on my computer remotely, test software, etc. But, do what I say and not what I do. If you have no reason not to use one…then do so. The built in Windows Firewall is fine but if you need to feel a little safer at night, I recommend ZoneAlarm. It has both high reviewes in the major computer magazines and is recommended by the security research group Gibson Research Corp.
My home network firewall is pfSense, a free open source, fully featured firewall that I have installed on an old workstation with two network interfaces. Visit the website for a full list of features. Other firewall’s that I would recommend would be the Cisco PIX or ASA, m0n0wall, and any Linux distribution running iptables. It’s not that these are the only secure options out there but rather I only have extensive experience in this small list.
SPAM Protection
This cannot be stressed enough… Never use an email address without a **GREAT** SPAM filter. For personal use, grab a free GMail account. For corporate use get a Barracuda SPAM firewall, use Postini or build your own SPAM filter based on SpamAssassin. For the DIY I recommend Maia Mailguard. The reason for this is quite simple, spyware and virii can be transmitted quite easily through email. If you are not protected, you are asking for trouble.
Defense in Depth
Although all of my recomendations, in my option, are good ones..not a single one of them guarantees that you will not get infected. Things like zero day attacks, trojans, virii, spyware, adaware, malware, etc are not always easily detected and therefore may hit a large number of computers over a short period of time without the security companies knowledge. However, with the use of all of them together, you now have the tools for a fighting chance and with any luck, you’ll be virus free.
Hopefully you’ll take my advice on one or more of the above topics and have a safer more enjoyable time on the internet.
Cron is an exceptionally useful tool in the Linux world where administrative tasks can easily be rolled up into shell, php, perl, and python scripts among other things. Per a website that I just came across, the word cron comes from the Greek word chronos which means time.
First, lets setup the environment. I use VI as my text editor on Linux and you can view my “60 second VI tutorial” on here as well. To ensure that VI will be our crontab (cron table) editor we will need to edit your “.profile” file for whatever user you are going to be logged in with (typically root).
vi /root/.profile
Add one of thefollowing lines above the second fi to match your preference.
export EDITOR=/usr/bin/vi #if you have just VI installed
export EDITOR=/usr/bin/vim.basic #if you have VIM installed
Ensure that you save it with :wq.
Now that we have that out of the way, lets start scheduling tasks.
Since backups are traditionally something that you would want to automate or schedule, I’ll use it as my main example but first I’ll break down the cron scheduling syntax.
With the above example and the table of what each field does, you get can put together that at 0200 or 2:00 AM every day root will be running “tar czf /var/backup/www.tar.gz /var/www >>/dev/null 2>&1″ which is telling tar to tar up /var/www into /var/backup/www.tar.gz and /dev/null 2>&1 is a way to have the command put any output into a “trash can” if you will Alternately you can specify a log file for that output to go with “>> /var/log/cronforcommand.log 2>&1″. The * in a schedule means to omit that portion of the schedule.
That one was pretty basic so I’ll get a little more complicated now. Matter of fact, I’ll just skip the user and command to execute from now on and focus on the command structure for scheduling with cron
EXAMPLES:
Every Minute - * * * * *
Every 5 Minutes - 0,5,10,15,20,25,30,35,40,45,50,66 * * * *
Every 5 Minustes (Simple) - */5 * * * *
Every Hour - * */1 * * *
Every 2 hours - * */2 * * *
Every Day @2:00 AM - 0 2 * * *
Every Day @ 6:00 PM - 0 18 * * *
Every Sunday @ 3:15 AM - 15 3 * * 0
On Feburary 11 @ 10:00 PM - 0 22 11 2 *
That pretty much covers the majority of typical uses for cron. Obviously this is a very powerful tool and can do so much more but for this post, I think it’ll do. If I messed anything up , please let me know. Enjoy.
At work, I find it somewhat hard to stay on task. I like it when I get real material things that can help manage my time. One of they guys I work with sent me a link for this lecture by Randy Pausch. As he recently passed due to cancer, this speaks volumes for his character as he had approximately 3 months to live at the time of this talk. Please enjoy.
Seventy-five percent of the servers I have been working on over the last few months have been Linux. Mostly Ubuntu. This due to the fact that my company has allow me to start migrating over and building new servers on this platform. With that, we need secure ways to access the servers. On occasion I’ll use webmin but mostly just SSH and whatever website is running on it (management, applications, etc). Webmin takes care of itself with a self signed certificate and SSH creates its own keys. Pretty easy there. Now, for the website that is running on the box, out of the gate it’s unencrypted TCP/80 traffic running from an Apache 2 web server. This short tutorial will cover how to create a CSR with OpenSSL for use when getting a certificate from one of the CA’s. I won’t explain everything here but you may use Ubuntu’s https-help guide if you need more info found here.
First, let’s make sure we have the right packages installed.
It will prompt you for the passphrase and some other bits of information. The most important one is site name. This must match the name of your server. Something like mail.domain.com or www.domain.com would be appropriate here.
The CSR can now be uploaded to whatever CA you choose. I use GoDaddy because they are so cheap.
If you do not want to purchase a certificate you can create your own self signed cert with the following command.
Now that we have the cert created, let’s configure Apache to use it. Add the following 3 lines to your website configuration. The default one is located in /etc/apache2/sites-available/default.
SSLEngine on
SSLCertificateFile /etc/ssl/certs/dns.server.com.crt
SSLCertificateKeyFile /etc/ssl/private/dns.server.com.key
Save that config file and enable Apache to listen on 443 for HTTPS traffic. Add the following line to /etc/apache2/ports.conf
Listen 443
Restart your Apache2 process and you should have a fully functional SSL enabled website.
vi is neat. Most of the engineers I work with like nano or pico but I like vi. For some reason it makes me feel more like a geek when I’m using it. In fact, I’ve been using it so often lately that I have been trying to use vi command in notepad (obviously without success). This tutorial will cover only the basics but that should be enough to get you started. A much better tutorial is available here.
vi /etc/network/interfaces - opens /etc/network/interfaces in vi
i - insert
/ - search
G - [Shift] g - go to bottom of page
dd - delete the line
d <- or d -> - d [left or right arrow] delete 1 character in that direction
10G - 10 [Shift] g - move to line 10 (obviously number can be replaced)
10dd - delete 10 lines from cursor and below (again, number can be changed)
:q - quit (no changes may have been made)
:q! - quit (do not save changes)
:wq - write quite (save and quit)
:w - write (save)
Ok, now that you have mastered the basics of vi, please refer all other needs to the link provided above. Hope you like vi as much as I do.
NOTE: Ubuntu (and maybe debian) have a few things that the built in vi program have that seem a little strange. I usually install vim just to be safe. to do this run sudo apt-get install vim-full.
Please!! I’ve been using an old P4 1.6Ghz and 512Mb memory at home with Ubuntu loaded on it for some time now. I can’t seem to ever come up with enough cash to purchase this myself so I thought I would give ChipIn at try. It’s a new (I think) service that allows you to have a fund raiser of your own. Check it out and try it for yourself.
I’m looking at one of the higher end HP or Dell’s running Vista Ultimate with a dual monitor setup for home. I have dual monitors at work and it gets pretty hard to get all the work I want to get done at home when I only have a single 17″ flat panel. Pretty low tech if you ask me.
For those of you who do donate, thank you very much. I appreciate it. For those of you who don’t, I won’t hold any grudges.
Ok, one of the guys at the office started using twitter and kept prodding that I needed to use it to. Well, I don’t like doing things that aren’t easy and I don’t like wasting time on something pointless. I started searching around for “easy” ways to use Twitter and have discovered a few Firefox extensions, GMail chat add in via Twitter, and now a Wordpress plugin which I installed just before I started this blog post. You can find me on twitter @ http://www.twitter.com/clamasters.
Here is what has annoyed me to the point that I don’t like using it. Every time I do something on the website, that is Twitter.com, I get a stupid error saying that “Twitter is over capacity” and that I should try again later. That makes me so angry. Rarely do you ever see Facebook or Myspace to say that it’s too busy. Why should any other e-service be held to a different standard. I’m sure I’m just barking up a tree here and they are experiencing growing pains just like all the other social networks, but there has to be a balance. So far JUST THIS MORNING, I have gotten the above error 9 times!!! Ugh…
The original post for this is from the Ubuntu Geek website but I learned something new from it so I thought I would share my new favorite way to keep a package from being updated in Ubuntu. This goes for pretty much any of the newer releases of Ubuntu. I used to use dpkg to do this but now I like aptitude much better. It’s easier for me.
To put a package on hold use this command.
sudo aptitude hold snort-mysql
To remove the hold use this command.
sudo aptitude unhold snort-mysql
To keep your entire system (I think) from being updated simply use this command.
sudo aptitude hold
And to remove the hold use this command.
sudo aptitude unhold
Very easy isn’t it. Yep, that’s what I thought. I’ll be able to deploy appliances in the field now without worrying if an update is going to break something before I get a chance to fix the issue.
Recently I had a client who purchase a new laptop from Dell. It was a failry straight forward setup, nothing out of the ordinary. After we got the computer joined to the domain and the user’s profile setup, we started the file syncronization process for a number of directories that they needed to take offsite on a daily basis to be able to read/modify while out of the office and without internet connectivty. They had been using Microsoft’s offline file feature. Again, nothint out of the ordinary.
Well, this computer took up more than a few hours of my time as well as another associate of mine. The computer no matter what we did would not syncronize files during the logon process even thought the little checkbox was checked to do so. As it turns out, Dell has some sort of security suite that they are deploying with all the laptops now with the name of WavXDocMgr. This was the culprit of the syncronization issue. We took this out of MSCONFIG as a startup process and the problem was solved. As this was not the answer but rather a workaround, we have started talking with Dell but as of yet have not found a fix for the issue so I thought I would share.
I was installing dd-wrt on a Linksys wireless router for a client last week and noticed a neat feature that has been added in. I’m sure you’ve all been somewhere where the all the websites that you are surfing have some sort of advertising on them that the site specfically does not have configured. What I’m refering to it AD injection into your clients browsers . This could be a coffee shop with “free wifi” that turns itself into a sustainable “pay for myself” service. It’s quite neat. DD-WRT uses AnchorFree to inject these AD’s into the users browsers and allows you to tie in an account on the back end to make a little money for yourself. Pretty neat. I doubt I will ever use it but it’s nice to know easy to setup services like this are being deployed more and more with the help of the open source community.
Here is a link from AnchorFree’s website that explains a little more about the service.
Enjoy.