RedHatVN Network » security

How to extract RPM or DEB packages

admin — Thu, 22 Apr 2010 10:08:13 +0000

RPM and DEB packages are both containers for other files. An RPM is some sort of cpio archive. On the other hand, a DEB file is a pure ar archive. So, it should be possible to unpack their contents using standard archiving tools, regardless of your distribution’s package format. Under normal conditions, you should use your distribution’s standard package manager, rpm or dpkg and their frontends, to manage those files. But, if you need to be more generic, here is how to do it.

RPM

For RPMs you need two command line utilities, rpm2cpio and cpio. Extracting the contents of the RPM package is an one-step process:
rpm2cpio mypackage.rpm | cpio -vid
If you just need to list the contents of the package without extracting them, use the following:
rpm2cpio mypackage.rpm | cpio -vt
The -v option is used in order to get verbose output to the stdout. If you don’t need it, you can safely omit this switch. For more information about the cpio options, please refer to the cpio(1) manual page.

DEB

DEB files are ar archives, which contain three files:

debian-binary
control.tar.gz
data.tar.gz

As you might have already guessed, the needed archived files exist in data.tar.gz. It is also obvious that unpacking this file is a two-step process.

First, extract the aforementioned three files from the DEB file (ar archive):
tar vx mypackage.deb
Then extract the contents of data.tar.gz using tar:
tar -xzvf data.tar.gz
Or, if you just need to get a listing of the files:
tar -tzvf data.tar.gz
Again the -v option in both ar and tar is used in order to get verbose output. It is safe not to use it. For more information, read the man pages: tar(1) and ar(1).

If anyone knows an one-step process to extract the contents of the data.tar.gz, I’d be very interested in it!

Update

tar p mypackage.deb data.tar.gz | tar zx

Create your own user-defined services Windows NT/2000/XP/2003

admin — Tue, 01 Jun 2010 04:11:22 +0000

The Windows NT/2000 Resource Kit provides two utilities that allow you to create a Windows user-defined service for Windows applications and some 16-bit applications (but not for batch files).

Whats needed for Windows NT/2000:
Instrsrv.exe installs and removes system services from Windows NT/2000
Srvany.exe allows any Windows application to run as a service.
You can download both files here srvany.zip

This zip includes three files. The two you need srvany.exe and instsrv.exe to install the services and also srvany.wri which documents everything you can do with the program.
Note: Make sure the Services Manager is closed while running the DOS commands.

You will need to put these files in a directory called reskit At a MS-DOS command prompt(Start | Run | “cmd.exe”), type the following command:
\reskit\INSTSRV.EXE “Service Name” \reskit\SRVANY.EXE
This creates the service in the Services manager and the registry keys to setup what program to run.

Next open regedit.exe Start | run | regedit.exe
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Next navigate to this registry key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service name

From the Edit menu, click Add Key and name it Parameters
Next from the Edit menu, click Add Value and type this information.
Value Name: Application
Data Type : REG_SZ
String : \

Now you can start your service from the Service Manager

With this same program you can remove the service also. Just run this command from command prompt.
\reskit\INSTSRV.EXE “Service Name” REMOVE

How to Recover Lost Data?

admin — Fri, 16 Apr 2010 09:12:01 +0000

We need data recovery tools on daily basis. Once we lose very sensitive data, we get desperate to retrieve them at any cost. Data recovery is very delicate job. The key is that once you lose your data in a particular hard drive, please, do not copy or install anything on it. Leave the drive intact. Otherwise, you wouldn’t be able to recover data. Just make an image at a different location of your hard drive where you lost your data and use the data recovery tool on the image to recover data. There are quite a few good open source data recovery tool available in the market and Scrounge NTF is one of them. We are going to take a quick look of the tool.

Scrounge NTF is a data recovery program for NTFS file systems. It reads each block of a hard disk and rebuilds the filesystem tree on another partition. You should have your partition information stored somewhere in advance. In order to use Scrounge-ntfs, you have to know start sector, end sector, cluster size (size of one block of data on a partition) and MFT ( Master File Table). If you don’t know the data, just type ‘scrounge-ntfs -l disk’. When you get back the data, type ‘scrounge-ntfs -m 6291456 -c 8 /dev/hdd 206848 566964224′.This command will recover the data and put it at your root directory. If you want the data in your particular directory, please, use the command 'scrounge-ntfs -m 6291456 -c 8 -o /root/recover /dev/hdd 206848 566964224′.

Install Avira Antivir on Linux

admin — Wed, 14 Apr 2010 13:28:38 +0000

The Avira company offers a number of different solutions. Scan through their product overview to find out which solution is best for you. But for this article we are looking at the Avira Antivir workstation solution for linux. In this article I will show you how to install and use this outstanding product.

Before you begin

There is one pre-requisite for installation. If you want to use the real-time scanner you have to have Dazuko installed. This is a fairly complex installation which requires either building your own kernel or compiling Dazuko against your kernel source. We will deal with this in a later article, so skip the AvGuard installation for now.

Once this is finished you are ready to install Antivir.

Unpacking and installing

Hopefully you have already downloaded the source from the link above (see Avira Antivir workstation solution for Linux). Open up a terminal and change to the directory holding that file. The first step is to unpack the tar with the command:

tar xvzf antivir-workstation-pers.tar.gz
Once you’ve done that change into the new created directory. If you do a listing of this directory you will find an executable install script. This is the way to install. Issue the command sudo ./install and enter your sudo password.
Here are the steps you will have to walk through:
View the license (space bar to view, Enter for accepting).
Enter the path to your license key (the key will be hbedv.key that you need to purchase from the site). For evaluation purposes just hit Enter here.
Install the internet daemon. If you want to install the auto updater, hit enter.
Create a link for avupdater. (You will want this).
Would you like the update daemon to start automatically? (You will want this).
Do you want to install AvGuard (real-time scanner). For now we will skip this, until I have addressed the installation of Dazuko. The installation of Antivir can be rerun and AvGuarded added to it.
Configure AntiVir updater. Hit enter to configure.
Would you like to be notified about updates. This is up to you.
Would you like the updater to log to a custom file? You will want this.
Accept the default location for the updater log.
How often should AntiVir check for updates (the default is every 2 hours – you might change that to once a day (d).
What time should updates be done. The default is RANDOM.
Does this machine use a proxy server? y/n
Save configuration settings? Hit Enter.
Would you like to apply the configuration? Hit Enter.
Hit Enter to complete, but take note of the common commands listed.

Usage

Using AntiVir is actually quite simple. Here are some of the commands you will want to know:

Configure the updater: /usr/lib/AntiVir/configantivir
Start update daemon: /usr/lib/AntiVir/avupdater start
Stop update deamon: /usr/lib/AntiVir/avupdater stop
Update daemon status: /usr/lib/AntiVir/avupdater status
Running a manual, recursive scan: antivir -s –update –scan-mode=all

NOTE: With only a trial license, the –update argument (used to check for updated virus signatures) will not work. For more arguments to use with the antivir command issue the command antivir -h (as you will not find a man page for this command).

Final thoughts

Avira’s Antivir is a powerful tool for the fight against viruses. And just because you are using a Linux workstation, does not mean you should snub anti-virus solutions. You get files from people that you pass on to others (others who may not be using Linux as their workstation). You will want to make sure those files are virus-free.

How To Disable IPv6 in Red Hat Linux

admin — Thu, 08 Apr 2010 07:03:33 +0000

How To Disable IPv6 in Red Hat Linux

Since it may be a while before I’m ready to use the IPv6 on my systems, I’ve been disabling IPv6 on most servers so far. And since there’s a particularly elegant way of doing this in Red Hat Linux, I think it’s worth sharing.

How to confirm if IPv6 is running on your system

IPv6 is implemented as a kernel module, so you can use the lsmod command to confirm if it’s currently running on your Red Hat system:
$ lsmod | grep ip

ipv6 410913 36

If lsmod doesn’t return anything, it confirms that your system isn’t running IPv6.

Prevent IPv6 from getting started by modprobe

As you probably know, modprobe command is used for probing modules upon system boot. Probing simply means a module is loaded and an attempt is made to start it up. With any luck, the module starts successfully and its functionality becomes available to the Linux kernel.

For the boot stage, modprobe uses a special config file which helps you control its behavior: /etc/modprobe.conf. For now, let’s just concentrate on the IPv6 task at hand. To make sure modprobe doesn’t load the actual module next time your OS reboots, add the following line to the top of the /etc/modprobe.conf file (yes, you’re going to need root privileges for this):

install ipv6 /bin/true

WHY THIS WORKS: just to quickly explain the line above, here’s why we’re using the /bin/true command. install is rule of the modprobe config file which overrides the standard way of probing a module. Effectively, it tells modprobe to just run the specified command for starting a module. In the line above, we’re telling modprobe to use the /bin/true command for probing the ipv6 module. And as you remember, /bin/true is a command which doesn’t do anything but still returns a successful completion code – so in effect we’re doing nothing instead of loading the ipv6 module, and we’re looking good while doing this too.

Next, add the the following two lines to the same /etc/modprobe.conf file, and they will ensure that common aliases used for starting the IPv6 module are ignored by modprobe:

alias net-pf-10 off
alias ipv6 off

IMPORTANT: These change doesn’t immediately disable IPv6 on your system. Being a pretty important module, IPv6 isn’t easy to disable on a live system, and so the easiest is to always follow the changes above with a reboot.

Make sure your IPv6 firewall is disabled

The ip6tables service (/etc/init.d/ip6tables sciprt) is responsible for starting IPv6 firewall, and so you probably want to disable it:
# chkconfig ip6tables off
and then confirm that it won’t be started next time you reboot or switch to any runlevel:
# chkconfig --list ip6tables

ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off

That’s it, there really is nothing else to disabling IPv6. Let me know if you have any questions, otherwise I’ll talk to you soon!