SysAdminGear

RL Injection attacks typically mean the server for which the IP address of the attacker is bound is a compromised server.

What can we do?
Check the server for suspicious files in /tmp, /var/tmp, /dev/shm, /var/spool/samba, /var/spool/vbox, /var/spool/squid, and /var/spool/cron
You should use "ls -lab" for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not show.

Use:
# ps -efl or # ps -auwx
to find suspicious processes. Verify Apache processes.

Clam Anti-virus can also be used to find commonly used PHP and Perl-based hacks, including various php shells, on a server using the “--infected” and “--recursive” options.
Use clamscan command
Also check root kit detection tools:
http://www.chkrootkit.org/
http://www.rootkit.nl/
http:// http://www.ossec.net/en/rootcheck.html

Read our security articles.

You can find at this post all Exploits of March / 2008 are now available. Keep your server protected against exploits :)

All 203 exploits added to Packet Storm in March of 2008 are available here:

Download March 2008 Exploits

Source: PacketStorm

This is a List of Top Open Source Encryption Tools you can use.

1. AxCrypt
AxCrypt Description:
- Simply right-click on a file in Windows Explorer and you can encrypt it, and a double-click decrypts the data. It supports self-decrypting files .You can protect files in transit while still allowing e-mail recipients to view the information easily. You can use it on Windows.
How to use AxCrypt
How to Install AxCrypt
Download AxCrypt

2. Mac GNU Privacy Guard
Mac GNU Privacy Guard Description:
- Mac GnuPG ports GnuPG so that it can be used on a Mac and provides better privacy than PGP. Mac GnuPG supports multiple encryption standards and languages. You can use it on Mac OS X.
Download Mac GNU Privacy Guard

3.WinPT
WinPT Description:
- WinPT collects a number of different encryption tools into a single application. It's compatible with PGP and based on GnuPG. It can be used on Windows.
Download WinPT


PeaZip
PeaZip Description:
PeaZip creates, opens, and encrypts zip files and dozens of other compression formats. Additional features include split/join files (file span), wipe files (secure deletion), compare, checksum and hash files, system benchmark, and more. It is available for Windows and Linux
Download Peazip

MCrypt
MCrypt Description:
MCrypt lets developers add a wide range of encryption functions to their code without needing to be expert cryptographers. This is a developer tool not an encryption app for end-users. It can be used on: Windows, Linux, Unix.
Download MCrypt

Keyring for PalmOS
Keyring description:
With Keyring for PalmOS you can store secret data securely on your Palm-based handheld. Keyring provides secure triple-DES encryption and is available in a number of different languages. Keyring for PalmOS can be used only on PalmOS.
Keyring Download
Keyring Guide

You can utilize a GNU/Linux server s a Domain Controller for Windows Clients.
Is a good way ideea to save money on your network.

This article will help you to configure a Samba Server
Read full article

It contains the next topics:
- Introduction and Samba Configuration
- Samba Server Roles and Backends
- Users Groups and Computer Accounts
- Samba Shares
- Sharing Printers through Samba
- Additional Domain Controller Functions
- Relevant Samba Parameter Reference

At windows startup programs you can find tkbellexe..

tkbellexe is a process from RealOne Player that works as a Scheduler for RealOne Player. This is a non-essential process. You can disable it for more performance.

It should not be and virus / Trojan.

Setup netboot on RHEL5.1

Note: system-config-netboot is not included in RHEL 5
A possible solution is download the Fedora rpm or other and use that.

The Fedora rpm is easily available and can be installed.

Canonical Ltd, anunnouced Ubuntu 8.04 LTS Desktop Edition download for free.
Release of Ubuntu 8.04 LTS server ediction was also announced.

Download Ubunti Linux 8.04 CD / ISO Images:

- Direct download for i386 32 bit:
Mirror1
Mirror2
Mirror3
Mirror4
Mirror5

- 64 bit server and desktop edicitions:
Check here

Installing Ubuntu 8.04 Within Windows video tutorial:


Ubuntu Linux 8.04 video:

After kernel security patching or upgrade, Linux should be rebooted.

Ksplice is a GPL 2 Linux patch that provides Linux kernel security update and upgrades without reboot.

Tested on: kernel from 2.6.8 to actual version 2.6.25 and on Debain, Ubuntu, RHEl, Gentoo and other Linux distros.

Ksplice Download, Usage Examples and Documentation

Inf you are running cPanel and Webalizer stoped tou can use a cPanel script to fix it.

# cd /scripts
# ./fixwebalizer

This command will help you ti repair a Webalizer that has stopped updating.
Please note that old data will be deleted.

Linux can be used as a real time operating system ( RTOS ) for the most situations like:
- mobile telephones
- household appliance controllers
- industrial robots
- spacecraft
- industrial control and scientific research equipment
- etc.

You can find on Linux real time in the standard off-the-shelf 2.6 kernel. Reading this you will know some of the Linux architectures that support real-time characteristics and what it really means to be a real-time architecture.

This videos shows how to start and configure compiz fusion with all effects on mandriva 2008:
- cube
- windows
- transparency

Configure compiz fusion on Mandriva 2008 video:

This Video Tutorial shows how to add and update all the required urpmi packages on your mandriva 2008 .

Mandriva 2008 - urpmi update video:

This video is a very good Tutorial of how to backup users and system configuration on Linux Mandriva 2008.

Mandirva 2008 How to backup users and system configuration video:

Read more about Mandriva on Wikipedia

This video shows you how to setup your firewall on Mandriva 2008
Mandriva 2008 - Firewall Setup Video

This video shows Oracle VM installation

This video shows how to install Oracle on Linux.



Read more about Oracle on Wikipedia

Read more about Oracle in Wikipedia

DenyHosts Description:
DenyHosts is asecurity tool to prevent brute force attacks on SSH monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.

How to Install DenyHosts 2.0 on CENTOS video:


Read more about DenyHosts in Wikipedia

How to Create a VMWare Virtual Machine for CentOS Linux

This video shows the preparation of a Virtual machine in VMWare to install CentOS Linux, this Tprocedure is similar for other Operanting Systems.

Read more abou WMWare on Wikipedia

This is a Step by Step video showing you how to to Secure your wireless router (small / home routers) or network.

Lenovo U8 - Ideapad MID

- Intel's Atom chip inside
- Mobile Internet Device have an optical mouse
- supports 3G / EDGE
- Includes GPS
- annoying ambient bongo player

This is the Lenovo U8 - Ideapad MID video presentation:

In this video you can take a look at the new HP 2133 Mini-Note


This video compares the startup boot time time on Asus Eee PC and HP 2133 running Windows XP.

This video shows how to configure port forwarding on a PIX Firewall that is running NAT.

Show the video:

This video shows the updating of graphics card from the Dual SLI 8700mGT to the Dual SLI 8800mGTX on Dell XPS M1730.

Watch the video (part1):

Watch the video (part2):

This video shows a Hard Disk upgrade to 2x200GB Seagate Momentus 7200rpm drives qith by RAID 0 setup.

Watch the video:


Learn more about RAID on wiki

MRTG or The Multi Router Traffic Grapher can be used to monitor SNMP network devices and displays the traffic that has passed through each interface.

Log in to your server as root.

First you should create a folder to store mrtg graphs/html pages
# mkdir -p /var/www/html/mymrtg/

Use cfgmaker command to create mrtg configuration file
# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg.cfg public@localhost

Now you should create default index page for your MRTG configuration
# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg

Copy all tiny png files to your mrtg path
# cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/

Now test if MRTG is running fine:

(a) Run mrtg command from command line with your configuration file:

Run this command
# mrtg /etc/mrtg/mymrtg.cfg

You may get few warning message for first time, thats ok, ignore them.

Check the next url:

http://www.yourhost.com/mymrtg/
or
http://serverip/mymrtg/

Visit MRTG web site.

Cygwin inclued tools:
bc, bison, bzip, diffutils, fileutils, findutils, flex, gawk, grep, gsar, gzip, indent, jwhois, less, m, make, patch, recode, rman, sed, shellutils, tar, textutils, unrar, wget, which

Cygwin makes possible to port software running on POSIX systems such as Linux, BSD, and other Unix systems to Windows.

Sometime if you want to run wget for example under Windows without going through Cygwin.

Download Cygwin

Visit Cygwin Project page

Ramback is a new kernel patch. An experimental new design for linux virtual memory system turn a large amount of system RAM into a fast RAM disk with automatic sync to magnetic media.

Read more

Wackamole is a good software that helps you to make a cluster highly available.

Wackamole runs a service using multiple DNS RR records without the worry of one of the machines crashing.

Wackamole Description:
If the machine crashes, the virtual IP addresses it was responsible for will be managed by the remaining machines in the cluster. Wackamole works in a completely peer-to-peer mode within the cluster.

Download Wackamole

Wackamolem Website

I find it curious, Wikipedia's Sysadmin Definition

Big definition of sysadmin job :)

Pass-The-Hash Toolkit Description:
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in through Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows).

Font

Direct download links:

Download Pass-The-Hash Toolkit source code

Download Pass-The-Hash Toolkit Binaries

SQL injection digger is a command line program that looks for SQL injections and common errors in web sites.
Current version can perform the following operations:

- Look for SQL injections and common errors in web site URLs found by performing a google search.
- Look for SQL injections and common errors in a given URL or a file with URLs.
- Look for SQL injections and common errors in links from a web page.
-Crawl a web site/web page and do the above.

Also supports

- Load multiple triggers from file.
- Load multiple signature databases from files.
- HTTPS support.
- HTTP proxy support with authentication.
- Basic authentication.
- Specify user agent.
- Specify referer.
- HTTP Cookies loading from command line or a file.

Font

Download SQID

If you are in trouble with ordb.org and need to remove it from MS-Exchange Server Spam Filter

Search the feature for blacklist support within the global settings of your organization.

1. MS-Exchange System Manager
2. Global Settings
3. Message Delivery Properties
4. Connection Filtering tab
5. Remove relays.ordb.org

If you are in trouble with ORDB.ORG and need to remove it from Postfix Mail Server

- Open the postfix configuration
- Remove the following line:
reject_rbl_client relays.ordb.org,

Restart postfix:
# service postfix restart

"msmpeng.exe is a process belonging to Microsoft Windows Defender Antispyware which protects your computer against Internet-bound threats such as spyware and trojans which can be distributed through e-mail or attack directly to the computer allowing unauthorized access to your computer. This program is important for the stable and secure running of your computer and should not be terminated."

Font