~sagar

Hey..if you are a bailiwick and trying to fortify your security chklist, make sure be updated with latest security news and watch weekly advisories. Here I found some updates in one place.

Debian, Fedora, FreeBSD, Mandriva, Red Hat, and Ubuntu released security advisories this week. Affected packages include BMV, GPdf, Xpdf, pdftohtml, tar, Heimdal, PostgreSQL, and irssi-text. Fedora distributed a kernel update addressing several security vulnerabilities in the kernel. No security advisories were issued by Gentoo.
Got interest? go ahead…

ALBERT EINSTEIN’S RIDDLE

ARE YOU IN THE TOP 2% OF INTELLIGENT PEOPLE IN THE WORLD? SOLVE THE RIDDLE AND FIND OUT.

There are no tricks, just pure logic, so good luck and don’t give up.

0 In a street there are five houses, painted five different colours.
1. In each house lives a person of different nationality
2. These five homeowners each drink a different kind of beverage, smoke different brand of cigar and keep a different pet.

THE Q: WHO OWNS THE FISH?

HINTS

0 The Brit lives in a red house.
1. The Swede keeps dogs as pets.
2. The Dane drinks tea.
3. The Green house is next to, and on the left of the White house.
4. The owner of the Green house drinks coffee.
5. The person who smokes Pall Mall rears birds.
6. The owner of the Yellow house smokes Dunhill.
7. The man living in the centre house drinks milk.
8. The Norwegian lives in the first house.
9. The man who smokes Blends lives next to the one who keeps cats.
10. The man who keeps horses lives next to the man who smokes Dunhill.
11. The man who smokes Blue Master drinks beer.
12. The German smokes Prince.
13. The Norwegian lives next to the blue house.
14. The man who smokes Blends has a neighbour who drinks water.

ALBERT EINSTEIN WROTE THIS RIDDLE EARLY DURING THE 19th CENTURY. HE SAID THAT 98% OF THE WORLD POPULATION WOULD NOT BE ABLE TO SOLVE IT.

Oho…then I should have a try on this brain**ck.

Hey…people do ya wanna try this out by yourself… go ahead, really impressive when
ya see yourself on the 2% and I did it.

….and for the 98%; here is the methodology I have taken.

0. I took a piece of paper and a pencil.
then I did mark a heading nation drink color pet fag later I know it’s a wrong move when I read The man living in the center house drinks milk.

so as easy I jot down…

1 2 3 4 5
nation

drink

color

pet

fag

1. Here the drink-3 is milk.
2. Next green/white house ?
The green house is on the left of the white house.
so 1 is not white and 5 is not green (this was my first flash)

The Norwegian lives in the first house.The Norwegian lives next to the blue house.
but ya still need the…

3/4 may be green
4/5 mabe white

Ahahaa…it says 4 is a sure shot for either green/white.

The green house’s owner drinks coffee.
we got 3 is milk… so 5 is white I mean 4 is green.

3. and now yellow/red.

The Norwegian lives next to the blue house.
The Brit lives in the red house.

Would ya like to have a try by yourself…or are ya trying it out with me….? Yokay !

So what ya have now….. all colors, two drinks and two nations…eha..?
The owner of the yellow house smokes Dunhill so who has gotta Horce …?

Lets ask for a drink and another drag…

4. The Dane drinks tea. so may be in either 2 or 5 (because
1-norwy, 3-brit, 4-coffee) The owner who smokes Bluemasters drinks beer, and this too may be in either 2/5 (because 1-dunhill, 3-milk, 4-coffee)

what ya have got…Tea or Beer? Yes “Water” for 1 (really a good twist and I gotta the pace) and Blends for 2 (The man who smokes Blends has a neighbor who drinks water) then I got only 5 to fit for “The owner who smokes Bluemasters drinks beer” and now Germen for 2 who smokes Prince and Pall Mall is for Brit. kewl…the riddle is getting breeze. Are ya with me…hmmm

5. The hint, The person who smokes Pall Mall rears birds helps for the NO-3

6. The Swede keeps dogs as pets; this is for number 5 (so the numbers 3&5 is out of the game and the NO: 2 too ) Hope ya getting me…?

7. NOw, do ya really need a thought between 1 and 4?
I should say ” The germen who drinks coffee, smokes prince and live in a green house owns THE FISH” (The man who smokes Blends lives next to the one who keeps cats)

Did I help you….to FISH your brain…? or you can refer here or here (I dont know what they are saying ! ) and I’m concluding… FISH YA… GERMEN NUT…!

Well… I dont want to put any joke on my side, but I guess this is a good one and will - -help ya to think.

Yokay… whats ya hair color?

# .

…i’ve to look back when i heard a gong! i could only see a huge cobweb and its shining, just got wonder, whats the time it was…

I am confused; the name sounds innocent but what’s wrong with this month? I don’t mind its inconsistency…I think this preborn shortY should come as the last child of the year instead of lovely December… I just like the months December and January except its cold… I guess I am loosing the sunlight…so I am walking back.

Well…. I was choked for two days and I couldn’t go anywhere…and exactly one year before on the same month I was hospitalized for the similar kind of symptoms what I am up to now. I am happy this time because I am getting Kanji (I don’t want to give much explanation for Kanji, In short I say “Rice Soupâ€?) and Pickle too. I am not going to hospital so any medicine :)

Last year…Uff…here in a hospital, I asked her “Sister…? Today, I would like to have Kanji for my dinner and can you just arrange it for me.â€? She is from my State and replied “Oh Vipin, I don’t think that I could find it and no Kerala hotels out hereâ€? …good smiles!

I said…Okay, but….

In an hour, I was pretty happy with my dinner…She came with a bowl of hot Kanji and lemon pickle….

Later I came to know (she told me), she made it with a portion of her own dinner (well cooked rice) and served to me.

Has she done her blessed job? I forget her name but never the smile.

Hey ya unknown coward… you are Killed !!
….go away or I will replace you with a simple shell script…
Yes, I found a simple snip to do that without yelling it out :)

mongoose # ps -aux | grep [usrname] | awk ‘{print $2}’ | sort -g | xargs kill -9

This simple snip kill all the process invoked by the user in an order of last process, die first so the user too.

R-I-P

I am not a coder, just for giggles I found “The Evolution of a Programmer.� The Darwin of this code is here.

High School/Jr.High

10 PRINT “HELLO WORLD”
20 END

First Year in College

program Hello(input, output)
begin
writeln(’Hello World’)
end.

Senior Year in College

(defun hello
(print
(cons ‘Hello (list ‘World))))

New Professional

#include
void main(void)
{
char *message[] = {”Hello “, “World”};
int i;
for(i = 0; i < 2; ++i)
printf("%s", message[i]);
printf("\n");
}

–>

When The Open Source rules the world…there will not be any traditional nomenclature for the kingdom other than Hacker, Geek, Guru, Nerd… and its different status….

So do ya wanna be a hacker…. or wanna know how to become a hacker…? or ya gotta a Q..?

Q: How can I get the password for someone else’s account?
A: This is cracking. Go away, idiot.

esr [ Eric Steven Raymond ]
….if you had watch the movie, “Revolution OS” probably no chance to forget his facial expression when he narrates about the incident happened inside a lift
(mnky..mnky)…I’ll be your worst nightmare…

That was my first time I came across to know about him in a Linux meet where they played the movie and later on I have read some of his essays from The C&B [ The Cathedral and the Bazaar ] and its worth.

Over the surf…I found many interested things…some stuffs I have packed…and others get vanished… Here I found a speculation to know yourself [ …thats what we all trying to get through in our life…(winks) ] So I gave a try to know the output; never gonna go for a second try….

You Are Lightning

Beautiful yet dangerous People will stop and watch you when you appear Even though you’re capable of random violence You are best known for: your power Your dominant state: performing

You are an Atheist

When it comes to religion, you’re a non-believer (simple as that). You prefer to think about what’s known and proven. You don’t need religion to solve life’s problems. Instead, you tend to work things out with logic and philosophy.

Your Love Element Is Water

In love, you connect deeply and commit totally. For you, love is all about taking risks and moving into unknown territory. You attract others with courage and confidence. Your flirting style is defined by your flexibility and ability to adapt. Nurturing and shared learning are the cornerstones of your love life. And while you may jump in to love too quickly, you always come out the wiser for it. You connect best with: Metal Avoid: Earth You And another Water element: will pull each other down into a dark place

This was another workaround I have done to set-up a gateway between the internal and external network to access the internal resource from outside.

Yes, there is no change, it’s a dedicated Linux machine for the Gateway installed with RedHat Advanced Server-4.

Setting Up The Gateway

I will just brief the set-up before I start into the configuration part.
Well… The machine has two NIC and configured accordingly:

eth0: 192.168.1.1/24 connecting to internal network.
Gateway: 192.168.1.254

eth1: 10.1.0.1/28 Connected to a Layer-3 switch(WAN Connection) and then it terminate at the users end whom gonna access the internal resource.
Gateway: 10.1.0.3.
The resource is in 192.168.2.0/24 network. Note not on the same network.

Yes.. thats a Q..! Dude why don’t you set it up on the Layer-3 Switch ?

hmmm… I don’t have the access to the CPE and that is dealt by the Service Provider. (We should always keep an alternate way to run out of the heck….) and moreover its a temporary set-up for a short period of time.

Next step enable the IP_forwarding between the NIC.

camel # vi /etc/sysctl.conf
net.ipv4.ip_forward = 0 # change this 0 to 1

You have done with the IP_forwarding and now the beauty; restart the system to apply the change…

â€?hey…I don’t wanna restart my system…â€?

Oho..really, then please talk to the kernel.

To pass the information to the kernel on the fly without restarting
camel # echo “1″ > /proc/sys/net/ipv4/ip_forward
or more easily by updating the sysctl by
camel # /sbin/sysctl -p

And now keep talking to the kernel about the routing table.

camel # netstat -nr shows the current kernel routing table.

I configured in the following

camel # route del default
camel # route add -net 192.168.2.0/24 gw 192.168.1.254 #now kernel knows all the request to the destination192.168.2.0 network should go via192.168.1.254 and the rest will taken care by internal routing table.
camel # route add default gw 10.1.0.3 #anythin else should go via 10.1.0.3

Now the external people has the access only to the 192.168.2.0 network after they logged into the gateway and get authenticated, thats the Security Hardening part. Yes.. the rest of the hardening part is coming right away…

After setting up the Gateway, the next Q was how could I H4RD3N this machine ?

Hardening A Linux Machine…huhh… You can write a book for that. Securing a Linux system called hardening can be done using both manual methods and open source security solutions. So I ask some Q to
myself:

0. What am I supposed to do with the system.
It should act as a gateway to access my resources from outside (dedicated) networks.

1. Does it has any wild connection to meet up any unknown people.
No; so far it is not connected to the Internet

2. How about users.
I am going to provide a common usrname and passwd, yeah…but I don’t know them personaly.

3. Should I allow the users to play with the system and keep their files.
NO, not even the execute permission. Please, no junk/bulky files.

4. After all, how do I monitor this box.
iptraf [its just a breeze]
…so my hardening process focuses on the operating system than any extra powerful tools.

STEPS TAKEN TO HARDENED THE LINUX BOX (GATEWAY)

0. The message before get authenticated.
Access to this computer system is restricted to personnel of the
[your wish is my command]. All connections are logged.
By attempting connection without permission, you are in violation of law and ethics.

1.a Edited /etc/motd
ACCESS RESTRICTED TO AUTHORIZED USERS ONLY

1. No: of users to access the system
a) root
b) admin (enable sudo)
c) Let there be users :)
2. Iptables and TCP wrappers enabled ( Allow access to SSH and HTTPD)

/etc/hosts.deny
sshd:ALL EXCEPT 10. 192.168.
httpd:ALL EXCEPT 10. 192.168.

3. Disable remote ssh as root; only console access.
4. ssh service enabled only for usr xxx and local networks.

Changes done on /etc/ssh/sshd_config
Protocol 2 restriction [Protocol 2]
PermitRootLogin no
Banner /etc/warn.txt [The file which contains the message,
that displays before get authenticated]
RhostsAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no

5. Disable creating an executables, a device or a set-uid executables in /home directory

Changes done on /etc/fstab
LABEL=/home /home ext3 noexec,nodev,nosuid,usrquota 1 2
6. Set-up quota for usr xxx.
Soft limit 200MB and can be used 250MB maximum (grace period for 50 MB is 7 days)

7. Disable GCC for normal users; including Admin :) chmod 750

7-5-0 2 root root 94800 Feb 30 2004 /usr/bin/gcc

8. Disable all un-wanted service.

camel # chkconfig –list | grep on
camel # chkconfig –list | awk ‘/xinetd based services/,/”"/’
9. enable syslog service and configure iptraf
10. Keep updated with latest security news and watch weekly advisories were issued by vendors.
11. Rule of Thumb: click OO here
12. Reference - 0

UNIX System Hardening Checklist

SELinux
Unix Articles
Reference +1
Linux System Security: The Administrator’s Guide to Open Source Security Tools [ I own this book]