vi4nn4network: dezembro 2014

quarta-feira, 31 de dezembro de 2014

HOW TO VERIFY ROOTKITS ON DEBIAN

For install: apt-get install rkhunter
For start check: rkhunter -c
For check logs: grep Warning /var/log/rkhunter.log
For start update: khunter --update

Describe of logs:

File created: searched for 169 files, found 135
Setting up libruby1.8 (1.8.7.358-7.1+deb7u1) ...
Setting up ruby1.8 (1.8.7.358-7.1+deb7u1) ...
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode
Setting up unhide.rb (13-1.1) ...
Processing triggers for menu ...
Processing triggers for rkhunter ...
[ Rootkit Hunter version 1.4.0 ]
File updated: searched for 169 files, found 135
root@debian-desktop:/home/andrevianna/Downloads# rkhunter -c
[ Rootkit Hunter version 1.4.0 ]

Checking system commands...

Performing 'strings' command checks
Checking 'strings' command [ OK ]

Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]

Performing file properties checks
Checking for prerequisites [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pgrep [ OK ]
/usr/bin/pkill [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/sha224sum [ OK ]
/usr/bin/sha256sum [ OK ]
/usr/bin/sha384sum [ OK ]
/usr/bin/sha512sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/unhide.rb [ Warning ]
/usr/bin/mawk [ OK ]
/usr/bin/lwp-request [ OK ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/w.procps [ OK ]
/sbin/depmod [ OK ]
/sbin/fsck [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/route [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/less [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ping [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/kmod [ OK ]
/bin/dash [ OK ]

[Press <ENTER> to continue]

Checking for rootkits...

Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
Fu Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Jynx Rootkit [ Not found ]
KBeast Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
'Spanish' Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]

Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]

Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]

Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]

[Press <ENTER> to continue]

Checking the network...

Performing checks on the network ports
Checking for backdoor ports [ None found ]
Checking for hidden ports [ Skipped ]

Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]

Checking the local host...

Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]

Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]

[Press <ENTER> to continue]

System checks summary
=====================

File properties checks...
Files checked: 135
Suspect files: 1

Rootkit checks...
Rootkits checked : 307
Possible rootkits: 0

Applications checks...
All checks skipped

The system checks took: 5 minutes and 39 seconds

All results have been written to the log file (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

root@debian-desktop:/home/user/Downloads# tail -f /var/log/rkhunter.log

[10:46:17] Rootkit checks...

[10:46:17] Rootkits checked : 307

[10:46:17] Possible rootkits: 0

[10:46:17]

[10:46:17] Applications checks...

[10:46:17] All checks skipped

[10:46:17]

[10:46:17] The system checks took: 5 minutes and 39 seconds

[10:46:17]

[10:46:17] Info: End date is Wed Dec 31 10:46:17 BRST 2014

Font: http://tutorfreebr.blogspot.com.br/2014/12/verificacao-de-rootkits-em-sistema.html

terça-feira, 30 de dezembro de 2014

HOW TO VERIFY THE SIZE OF FILES

DU -HS <filename>

HOW TO SHOW THE CONNECTED DEVICES

ls -l /dev/sd*

HOW TO CHECK DISTRO VERSION

uname -a

cat /etc/lsb-release

Cat /etc/*-release

cat /etc/issue.net; uname -ar

cat /etc/lsb-release 

Example returned:

DISTRIB_ID=Ubuntu

DISTRIB_RELEASE=10.10

DISTRIB_CODENAME=maverick

DISTRIB_DESCRIPTION="Ubuntu 10.10"

uname -ar 

Example returned:

36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux

HOW TO SEND MESSAGE BY MODEM GSM

Tested of modem in 15/04/14

Distro: ubuntu workstation 13.04 kernel 3.8.0-19

apt-get install usb-modeswitch-data

apt-get install usb-modeswitch

Conecte the Modem and old on some seconds until that the light stay blink.

Now let's go to verify if stay work the device:

First go find the device inside of system:

Put: lsusb

Verify if the device was listed...

See if the device it's OK

check if the information of MODEM GSM and how to install the drive

Put: dmesg

To see the configyuratin specifcy of this device

Put: dmesg | grep GSM

Verify if your device USB is runing

Type: ls /dev/ttyUSB*

This command will find the modem for know where ttyUSB him stay now also saty now and alson will subscribe the file wvdial.conf.

However him will subscribe the file with wrong information. by this way you must change some final informations

Put: wvdialconf /etc/wvdial.conf

Find where ttyUSB the modem stay...

Type: nano /etc/wvdial.conf

Stay the file exactly Deixe ele exatamente like that :

###############################################################################

[Dialer Defaults]

Init1 = ATZ

Init2 = ATQ0 V1 E1 S0=0 &C1 &D2

Modem Type = USB Modem

Modem =/dev/ttyUSB0

Baud = 921600

ISDN = 0

New PPPD = yes

DialCommand =ATDT

Check Def Route = on

FlowControl = Hardware(CRTSCTS)

Auto Reconnect = on

Auto DNS = off

Abort on Busy = off

Carrier Check = off

Abort on No Dialtone = off

Phone=*99***1#

Username=tim

Password=tim

###############################################################################

Obs:

OPERATORS TELECOM FROM BRAZIL:

Vivo:

 User and pass: vivo/vivo

fone: *99#

 APN: zap.vivo.com.br

Claro:

 User and pass: claro/claro

 Telefone: *99***1#

 APN: bandalarga.claro.com.br

TIM:

 User and pass: tim/tim

 fone: *99# (for 3g conections) or *99***1# (for old plans with EDGE)

 APN: tim.br

Vivo:

User and pass:vivo/vivo

fone: *99#

APN: zap.vivo.com.br

Claro:

Usuário e senha: claro/claro

fone: *99***1#

APN: bandalarga.claro.com.br

TIM:

User and pass:: tim/tim

Telefone: *99# (for 3g conections) or *99***1# (for old plans with EDGE)

APN: tim.br

 TIM: +552181138200

Claro: +555191115300

Vivo: +550101102010

Oi: +550310000010

Brt: +550160000060

From http://www.pauloalencar.com/index.php/dicas/php/140-sms-e-php

############################################################################

So, now we will put to work the dial wvdial

typ: wvdial

If every thing it's okay will appear some with IP and DNS.

You yet check you DNS configuration for to resolver !

Open another terminal for don't stop the modem functionality.

type: cat /etc/resolv.conf

Check the DNS number serves first and second if stay equals.

type:lsof -nPi | fgrep LISTEN

Check if is every thing okay.

Now just navigate!!! however hown this tutorial don't work so file do that:

apt-get install gammu

Inside /etc/ we have::

gammu gammu-config gammu-detect gammu-identify

type: gammu-identify

Visualyze the moden version of firmware and vendor manufactory

type: gammu-detect

check which moden portappear conected

type: gammu-config

Set the way of port that was found how connected, on option port for example:

Port /dev/ttyUSB0

Connection (at19200)

Model ()

Synchronize time (yes)

Log file (TESTE)

Log format (text)

Use locking ()

Gammu localisation ()

Save the file

Now for send sms execute this command:

Echo <put your message> | gammu sendsms <ddd+localnumber>

For to see the message received:

gammu getallsms

Font:

http://wammu.eu/docs/manual/gammu/

http://en.doc.centreon.com/HowToSendSMSWithGammu

http://www.dicas-l.com.br/arquivo/enviando_e_recebendo_sms_pelo_modem_3g.php#.U01XwcRDv4A

http://www.hardware.com.br/tutoriais/3g-linux/