Archive for February, 2009

Install squid di slackware

Posted: February 27, 2009 in Slackware

Benda yg selalu aku buat tapi memang payah nak ingat,

bukan setting tapi squid.conf punya setting.

download squid package:

wget http://mirrors.unixsol.org/linuxpackages//Slackware-12.0/Daemon/squid/squid-2.6.STABLE14-i486-1xav.tgz

tak pun clik sini ——> squid

dah tu install

# installpkg Squid-2.6.STABLE14-i486-1xav.tgz

Kemudian buat script bash:

# pico /etc/rc.d/rc.squid


——————————————– cut here ————————————

#!/bin/sh
echo -n ‘ squid ‘
case “$1″ in
start)
/usr/sbin/squid -D
;;
stop)
/usr/sbin/squid -k shutdown
;;
restart)
/usr/sbin/squid -k reconfigure
;;
*)
echo “Usage: `basename $0`
{start|stop|restart}”
;;
esac

——————————————— cut here ————————————

pas tu chmod kan

#chmod 755 /etc/rc.d/rc.squid

kalau nak senang letak dalam /etc/rc.d/rc.init2

#pico  /etc/rc.d/rc.inet2

tambah benda alah ni kat bawah sekali fule tuh

———————————— cut here ——————————————–

# Start SQUID (Squid proxy server):
if [ -x /etc/rc.d/rc.squid ]; then
. /etc/rc.d/rc.squid start
fi

——————————— cut here ————————————————

pah tu chmod kan folder squid tuh

# chown -R nobody:nogroup /var/lib/squid/

Create swap directories

# squid -z
2009/01/02 13:31:10| Creating Swap Directories

dah tu semua selesai buat plak

# mv squid.conf squid.conf-asal

#pico squid.conf

———————————- cut here ————————————————

http_port 312 transparent
cache_mem 128 MB
maximum_object_size 256 KB
minimum_object_size 4 KB
cache_dir diskd /cache 20000 16 256 Q1=72 Q2=64
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.100.0/24 <— network sendiri lah
acl lan src 10.35.20.0/24
http_access allow our_networks

——————————— cut here ————————————————

yg nih jangan lupa forward kan port 80 utk jumpa squid kito.

iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j DNAT –to 118.98.169.11:3128

yg ni jangan lupa plak idupkan squid tuh
# /etc/rc.d/rc.squid start

kalau follow tutorial nih memang menjadi kalau tak jadi pepandai lah tanya pak sedara aku.. MR.GOOGLE ;p

Ettercap in slackware / debian

Posted: February 27, 2009 in Debian, Slackware

Install ettercap in slackware

wget http://www.martins.eng.br/slackware/ettercap/ettercap-NG-0.7.3-i486-1afm.tgz

pkgtool

install ettercap

for debian

aptitude install ettercap

and using this command line

ettercap -T -ieth0

utk letak dalam log file 
ettercap -Tq -ieth0 -Lmylog

utk log dan target victim
ettercap -Tq -ieth1 -L mylog -M arp:remote /192.168.1.1-254/ 

ShoutCast Server

Posted: February 27, 2009 in Debian, Slackware

How to set up ShoutCast server in Linux using web interface

Step 1 : Install Linux First

I’am using SlackWare server. (Lighttpd + Php5 )

Step 2 : Download SHOUTcast Management Interface

Download Here :

wget http://internode.dl.sourceforge.net/sourceforge/smi/smi-0.3.1.tgz

Step 3 : untar file

tar -zxvf smi-0.3.1.tgz

untar in /var/www/smi

than create database

mysql -u root -p

password: ko punya lahhhhh!!!!

create database smi;

exit;

dah tu lepas abih buat database kena baiki fail config dia plak.

dalam /var/www/smi/include/config.php

tukar kan

$dbhost = “localhost”; //Database Host
$dbuser = “changeme”;  //Database User
$dbpass = “changeme”; //Database Password
$dbname = “smi”; //Database Username

$rootdir = “/var/www/smi”;
dah abis semua ko masuk sini plak.

cd install/

mysql -u root -p smi < create.sql

dah abis se mua  install database plak.

go to http://yourserver/smi/

login : admin

password : admin

pas tu pepandai lah ko tukar username and password tuh..

dah tu siap lah server shoutcast.

kendian ko create new server + port utk shoutcast.

benda alah nih dah menyenangkan aku dalam banyak hal jugak lah sebab nak monitor shoutcast dan reset manual aku punya server tuh tak ade org yg reti linux kat opis aku.

jadi bende alah nih dah menyelamatkan aku dari sakit kepala.

lupa satu lagi ko kena install MRTG kat server tuh

kalau pakai debian

aptitude install mrtg

in slackware

slapt-get –install mrtg

manual nanti lah aku senang sikit.

Install apache2 + php5 + mysql + ssl

Posted: February 25, 2009 in Debian

Benda yang selalu aku lupoooo nok buat…

Step 1 : install apache2 + php5

aptitude  install apache2 php5 libapache2-mod-php5 php5-gd

a2enmod rewrite

/etc/init.d/apache2 force-reload

Step 2 : install eAccelerator

apt-get install build-essential php5-dev

wget http://bart.eaccelerator.net/source/0.9.5.2/eaccelerator-0.9.5.2.tar.bz2

tar xvfj eaccelerator-0.9.5.2.tar.bz2

cd eaccelerator-0.9.5.2

phpize

./configure

make

make install

nano  /etc/php5/conf.d/eaccelerator.ini <——— masukkan code ini

extension=”eaccelerator.so”

eaccelerator.shm_size=”16″

eaccelerator.cache_dir=”/var/cache/eaccelerator”

eaccelerator.enable=”1″

eaccelerator.optimizer=”1″

eaccelerator.check_mtime=”1″

eaccelerator.debug=”0″

eaccelerator.filter=””

eaccelerator.shm_max=”0″

eaccelerator.shm_ttl=”0″

eaccelerator.shm_prune_period=”0″

eaccelerator.shm_only=”0″

eaccelerator.compress=”1″

eaccelerator.compress_level=”9″

pah tuh

mkdir -p /var/cache/eaccelerator

chmod 0777 /var/cache/eaccelerator

/etc/init.d/apache2 restart

Step 3 : install MySQL

aptitude install mysql-server mysql-client php5-mysql

Step 4 : install SSL

aptitude install openssl ssl-cert

aptitude install libapache2-mod-php5 php5-cli php5-common php5-cgi

a2enmod ssl

/etc/init.d/apache2 force-reload

openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout

chmod 600 /etc/apache2/ssl/apache.pem

pico /etc/apache2/sites-available/default

change :

NameVirtualHost *

to :

NameVirtualHost *:80

NameVirtualHost *:443

than put this line in <virtualhost>:

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLCertificateKeyFile /etc/apache2/ssl/apache.pem

than change port in apache2

pico /etc/apache2/ports.conf

Listen 443

/etc/init.d/apache2 reload


Step 5 : install cURL

aptitude  install php5-curl

/etc/init.d/apache2 reload

install joomla 1.0XX in linux

Posted: February 23, 2009 in Debian, Slackware

used this in .htaccess

#php

Php_value session.save_path /tmp
Php_value register_globals off
Php_value output_buffering off

and chmod to 777

chmod 777 administrator/backups/ administrator/components/ components/ administrator/modules/ administrator/templates/ cache/ images/ images/banners/ images/stories/ language/ mambots/ mambots/content/ mambots/editors/ mambots/editors-xtd/ mambots/search/ mambots/system/ media/ modules/ templates/

A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys. Any OpenSSL-based key generated on a Debian-based system since September 2006 by the openssl, ssh-keygen, or openvpn –keygen commands are vulnerable to this issue.

Debian and Ubuntu have already issued updates that correct the flaw and provide a blacklist of keys known to be weak. Unfortunately, exploits to take advantage of this flaw exist as well. Likewise, while the affected OpenSSL packages are only on Debian and Debian-derived distributions, it could affect other operating systems as well if those keys were generated on a Debian system. For instance, if your system provides SSH access to external users, and one of them created an SSH keypair using Debian or Ubuntu, then your system, or more particularly those user accounts, should be considered compromised, whether it is running Mandriva, Fedora, or even a BSD variant.

The Debian team has provided a tool that can be used to determine if any such weak keys exist on the system, and it can be run by anyone, regardless of whether they use Debian or not. To begin, download the dowkd.pl perl script and use it to test SSH keys of the host system:

$ cd ~/tmp
$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
$ gpg --keyserver subkeys.pgp.net --recv-keys 02D524BE
$ gpg --verify dowkd.pl.gz.asc
$ gunzip dowkd.pl.gz
$ perl dowkd.pl host localhost

This will download the dowkd.pl perl script and also import a Debian security team member’s key from subkeys.pgp.net. If the archive verifies okay with gpg, unarchive it, and then run the script in host-checking mode against the localhost.

If the script detects that the host key is weak, it will indicate such. Next, run the script against user keys on the system:

# perl dowkd.pl user

This check should be run as root in order to obtain access to every user’s keys. The script will check the keys and also the authorized_keys file and will alert you if the fingerprint to a remote host indicates a vulnerable key as well. If you wish to check a specific user, append the user name to the command:

# perl dowkd.pl user joe

If the script indicates that any keys are weak, they should be removed and regenerated immediately.

More information on exactly what types of keys and how to test them all is available at http://wiki.debian.org/SSLkeys.

Get the PDF version of this tip here.

tips :

to regenerate key for openssh

rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server

see http://wiki.debian.org/SSLkeys for details

SAMBA

Posted: February 19, 2009 in Debian

Copy from http://yusshalimee.blogspot.com/

untuk samba share.. paling mudah dan paling senang…

1) Mesti jadi ‘root’

2) apt-get install samba-common smbclient smbfs samba ( ni utk debian. lain distro ko install je janji dapat jalan )

3) create user

#adduser mamat

4) smbpasswd -a mamat ( masukkan password utk samba.. nak tukar passwd lain pun boleh.. )

5) pico /etc/samba/smbusers ( create file baru ) masukkan ni :-

mamat = “mamat”

kemudian save dan exit

6) pico /etc/samba/smb.conf

ok di sini ada 4 perkara korang kene buat

security = user map username = /etc/samba/smbusers

bawah share [homes] tukarkan writeable = yes

save dan exit

7) restart samba

beres… skrg ni user boleh akses ke home shared masing-masing dengan memasukkan password tersebut.. ok.. tq

err… macammana nak akses ke share tu? alamakkkkkkkkkkkkkkkk…… korang ni pun satu laaa.. pakai windows kan?heh.. kalau tak pakai windows memang korang tak tanye dah camtu.. pakai windows.. ko pegi kat my computer taip ni je

\\ip-server-ko

kalau dari linux… pakai mount -t smbfs -o username=mamat,password=apaapeje //server-ko /mnt/serveraku

bukak /mnt/serveraku utk tgk file… tq