shelr is “adjective” awesome

Posted on April 18, 2012 and filed under Linux.

Check it out
The site speaks for itself i think

No comments.

Securing Splunk free

Posted on April 8, 2012 and filed under English,Linux.

Splunk is a fantastic tool, but it is also very expensive for personal use. (3000USD/Year for a 500MB/Day license)
Luckily they provide a free version, too bad it doesn’t support log in, so if you want to make Splunk available on the internet, everyone who knows your port can check out your logs, convenient, i know.

I wanted to make a little login screen so not everyone could get on and read what version all of my programs run on and what i commands i last did in .bash_history.

This is what i ended up with in apache

First you need to enable mod_proxy for apache if you haven’t already, then you can proceed to make a file called something and put it in /etc/apache2/sites-available/

It should contain a modified version of this (this one is mine, but i feel i learn best by example so maybe others do too):

<virtualhost *:80>
        ServerAdmin evotech@slashdir.com
        ServerAlias splunk.slashdir.com
        ProxyPass / http://127.0.0.1:8008/
        ProxyPassReverse / http://127.0.0.1:8008/
</virtualhost>

<proxy http://127.0.0.1:8008/*>
        Order deny,allow
        Deny from all
  Allow from all
        AuthName "splunk"
        AuthType Basic
        AuthUserFile /home/evotech/public_www/.htpasswd
        Require valid-user
</proxy>


*Server Alias also needs to be in your DNS so it points to your servers IP.
*Change ProxyPass / ProxyPassReverse / proxy port to your splunk port, by default this is 8000
*make your htpasswd file by running the command htpasswd -c .htpasswd username in console

After you have succesfully made the file, do a ln -s /etc/apache2/sites-available/yourfile /etc/apache2/sites-enabled/yourfile so apache sees the setup.

Restart apache service apache2 restart

And i added these rules to iptables to block everything but localhost(127.0.0.1) to access my splunk port (so you cannot access the original splunk setup, but must go through apache)

iptables -A INPUT -s 127.0.0.1 -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j DROP

When you are done, your site should behave like this
And your domain:splunkport should behave like this

If not, refer to your /var/log/apache2/error.log

Questions?

No comments.

I just got haxxed, by a nice hacker apparently

Posted on March 28, 2012 and filed under English,I got 99 problems and this is one of them,Linux,Ubuntu.

regards
-Note left on server
So this shit got put on my server today: PHPShell by PetriHacK – Version 2.6.6dev – August 28th 2003, and some 1000 missed SSH logins, this made me spend several hours hardening my system.

The code was uploaded through a unsecure uploader, and allowed the perp to get shell access through the php call system() with the www-data user. I have not bothered to create an accurate timeline of the incident, i could, but i wont.
Following packages has been installed

Suhosin hardens the php installation, still configuring it.
rkHunter helps search for possible exploits installed during the attack.
denyhosts stops the repeated failed ssh login attempts, fun sideffect you can(and want to) turn on is that it denys all access from that ip, to ftp, http etc etc

the following graph will explain the beauty of such a system:

I have also removed telnet for fun. The upload scripts are now password protected as well, and should not give execute to anything uploaded.

The perp could’ve downloaded most files off my server, also deleted anything that www-data had permissions on but i don’t think anything is broken, also, most files was not accessed lately so it is unlikely, so thank you for that dear haxx0r.

Lesson learned: Don’t be an idiot. secure your shit. random uploads should not have execute permissions and, denyhosts is pretty cool. it sends me mail.

Bonus: he defaced westman.no

No comments.

ASUS Transformer TF101 + Plex Media server issues solved

Posted on March 26, 2012 and filed under English.


I was experiencing really laggy video on my Transformer after i updated to ICS when streaming with the Plex app.
Did a lot of research and found this thread
After some fiddling with the settings i found two settings you have to change in order for this to work well.

From “Settings” -> “Advanced Settings”

  • Change secondary player from “Plex OpenGL PLayer” to “Plex Player”
  • Turn off “Enable Direct Streaming”

    • This solved all my issues.

    No comments.

    Tor project sucks my server dry

    Posted on March 26, 2012 and filed under English,Linux,Ubuntu.

    vnStat

    As we can see from this, i usually have about 1GB total in up and downstream, that is, untill i installed tor.

    Tor has settings that tell me that i can change the upstream / downstream rate, but theese settings does not seem to do anything (as we can see from the peak rates, peaking almost up to 500GB total in one day!!!)

    Tor is now not running any more.

    No comments.

    A nice .bashrc script

    Posted on March 15, 2012 and filed under English,Gosu,Linux.

    Extracts the file and navigates into the folder

    extract () {
   if [ -f $1 ] ; then
       case $1 in
    *.tar.bz2)  tar xvjf $1 && cd $(basename "$1" .tar.bz2) ;;
    *.tar.gz)   tar xvzf $1 && cd $(basename "$1" .tar.gz) ;;
    *.tar.xz)   tar Jxvf $1 && cd $(basename "$1" .tar.xz) ;;
    *.bz2)      bunzip2 $1 && cd $(basename "$1" /bz2) ;;
    *.rar)      unrar x $1 && cd $(basename "$1" .rar) ;;
    *.gz)       gunzip $1 && cd $(basename "$1" .gz) ;;
    *.tar)      tar xvf $1 && cd $(basename "$1" .tar) ;;
    *.tbz2)     tar xvjf $1 && cd $(basename "$1" .tbz2) ;;
    *.tgz)      tar xvzf $1 && cd $(basename "$1" .tgz) ;;
    *.zip)      unzip $1 && cd $(basename "$1" .zip) ;;
    *.Z)        uncompress $1 && cd $(basename "$1" .Z) ;;
    *.7z)       7z x $1 && cd $(basename "$1" .7z) ;;
    *)      echo "don't know how to extract '$1'..." ;;
       esac
   else
       echo "'$1' is not a valid file!"
   fi
}

    1 comment.

    Dem hackers

    Posted on March 6, 2012 and filed under English,I got 99 problems and this is one of them.

    Hi,

    We are looking for new advertisement platforms and we are interested in your site slashdir.com.
    Is it possible to place banner on your site on a fee basis?

    Best regards,
    Samuel Charles

    Simple enough request, only that, i don’t have any visitors on this site. did a quick google for the topic and voilah! led me to this blog http://sexyfocusedambitious.com

    Thanks buddy for informing me.

    I replied to this request with this: One million dollars!

    No comments.

    Git / gitosis / gitolite

    Posted on March 4, 2012 and filed under English,Linux,Ubuntu.

    Today i went on a journey to get git working on my server.

    I researched a bit and found out that git was just an apt-get away, and gitosis was the “goto” thing for user and repo administration.

    This went fairly fluent, git worked, gitosis worked, but when i tried to search for ways to make git deploy websites, i quickly ran into some unexplored waters.

    Turns out, gitosis is deprecated, no longer updated, you should instead use gitolite, a more advance, more feature rich repo administration tool.

    Since i didn’t want to be stuck in yesterday, i decided i might as well just update now and save me the pain of upgrading later when i couldn’t use gitosis anymore, gitolite seemed like it had some neat features too.

    I remeoved everything gitosis and installed gitolite, but during the build, i got a message that my git version was outdated, weird, it worked fine with gitosis. Oh well, do a git --version and compare it to gits webpage, it turns out it’s a bit old. after trying to build git from source (which i gave up) i simply added the git repos with sudo add-apt-repository ppa:git-core/ppa

    HOWEVER, this command was not found, but google told me it was fixable by running sudo apt-get install python-software-properties which i did. and it worked.

    Now gitolite install went painless, and it works :) Not sure what i will use it for yet, but that comes later. Maybe someone need code hosting.

    sidenote: http://www.stgraber.org/category/pastebinit/ is fantastic. if you get an error where configobj is not found, then you need to install that python module, on debian this is apt-get install python-configobj

    Have a nice day

    No comments.

    Pappa holder meg opptatt

    Posted on February 28, 2012 and filed under Gosu,Linux,Norwegian,Web.

    I dag sendte pappa meg en mail.

    Kanskje du kan legge inn dette på telefonen min en dag? J http://www.atlefren.net/post/2010/07/gpx-kartverket/

    Pappa

    *Hva J betyr har jeg ikke satt meg inn i.

    For pappa så er det ikke så stor forskjell på webserver og telefon, så jeg hadde ikke hjerte til å rette på han, det ville også ha stilt meg i et dårligere lys. Jeg prøver å bli oppfattet som en mindre irriterende person tross alt.

    Ettersom personen i linken så godt som har fiksa alt sa jeg jo ja til dette da pappa er nylig blitt app-pådriver for opplands-regionen med lokkende avisoverskrifter som Trener med apper.
    Ettersom han er kjendis må vi jo holde images vedlike på å holde han på “the bleeding edge” med kartscript fra 2010.

    Eneste problemet er at det er treigt og mye tull er hardkoda inn i index.html, i tilegg tror jeg ikke pappa er spesielt interresert i å ftpe seg inn for å legge .gpx filer i documentroot, så her må lages php uploader.

    Support for life, ingen andre å skylde på enn meg selv, men hva gjør man ikke for familien.

    Anyway, er jo verdt å sjekke det ut, her er min version
    map.slashdir.com

    1 comment.

    Lars Eriks hide script

    Posted on February 18, 2012 and filed under Gosu.

    A friend of mine (Lars Erik) made a pretty cool script

    I put it on my wiki, takin a bit of credit myself since i write a line or two :P

    Anyway, it’s here

    No comments.