Friday, April 27, 2007

Ubuntu votes for people's favorite packages automatically

While ransacking the system files to look for logs and other things, I noticed that cron runs an application called "popularity-contest" every month.

user@ubuntu:/etc$ ls cron*
crontab

cron.d:
php5

cron.daily:
apt find man-db samba sysklogd
bsdmainutils logrotate mysql-server standard

cron.hourly:

cron.monthly:
standard

cron.weekly:
man-db popularity-contest sysklogd


I was curious as to what is "popularity-contest"! The name is interesting! So I ran this application from CLI, and it spitted out a list of packages in Terminal. A quick google search revealed the following:

The popularity-contest package sets up a cron job that will periodically anonymously submit to the Debian developers statistics about the most used Debian packages on this system.

This information helps Debian making decisions such as which packages should go on the first CD. It also lets Debian improve future versions of the distribution so that the most popular packages are the ones which are installed automatically for new users.

This is a nice and democratic way, but a little creepy for the unsuspecting and new users like me.

Thursday, April 26, 2007

Hack attempts at my server

I really love the ease of setting up a web server with Ubuntu - I set it up months back, and just forgot about it. Today morning I noticed some suspicious hard disk activity on my server, and I decided to check what's happening.

Someone might have been trying to hack into my box!!!

I got suspicious.

A common hacking technique in Linux involves dictionary based attacks on ssh (port 22), which is open on many servers for remote management. I have this port open too, because I love to connect to my server and administer it from my office etc. So, how do I know if someone is trying to hack my server by logging in via port 22?

Well, I read the SSH Daemon (sshd) log entries. By default, the sshd dumps its log in /var/log/auth.log . So I open that file in nano (command: nano /var/log/auth.log) and I see numerous failed login attempts through ssh. The log also contains their IP addresses, so I check their websites by entering their IP address in my browser. Many of such sites are actually running on commercial web servers, that have been hacked by exploiters. One such site is this:

203.86.101.123

This unsuspecting person has her website hacked, and there is an automated hacking tool installed there, which looks for more computers and hacks them. Thus, the hacker could soon control an army of hacked servers! This can be used very effectively for a DOS ("Denial of Service") attack on an enemy server to knock it down. I immediately wrote an email to this person to check the security of their server.

So, the SSH attack has been performed. Was it successful? The auth.log file will tell you if it accepted the password for a given user.

Also, you can use the last command to view the last few users who logged in (latest on the top) - this will also show the domain from which they logged in, the date and time, and also the length of time they stayed logged in. If you see any users logging in from any domains that you don't know of, they probably hacked your password! You might want to change the username and password (both) immediately, and please make a stronger password this time. Also check any suspicious modifications in the /etc/sudoers file (command: sudo nano /etc/sudoers), and check if any new users have been added to any groups (command: sudo groups root username)

A potential failure of this diagnostic process can be when the hacker clears the auth.log entries. I will explore more about this and update this post later.

Still, I am greatly amazed by the rock-solid security of Ubuntu - I just have the default system install and have not configured any firewall or anything, and my box is wide open to the internet, and still I'm not hacked! Extremely impressive!

Wednesday, April 25, 2007

How to change your home directory in linux/unix

How do you modify a user's home directory in Unix/Linux?

1. Login as a user with sudo privileges.
2. Enter this command:

sudo nano /etc/passwd
3. Nano text editor opens up. Locate the username you would like to change the home directory of (the last added user is in the end), and just enter whatever directory you would like. For example, the home directory for the user jack is set to /home/jack in this file:

jack:x:1000:1000:Jack,,,:/home/jack:/bin/bash

But I want him to use a home directory of /home/whatever. So I just change the above line to:

jack:x:1000:1000:Jack,,,:/home/whatever:/bin/bash

Now when the user jack logs in, his home directory would be /home/whatever.

Related post for changing home directory in Mac OS X can be found here.

Tuesday, April 24, 2007

How to add blogger RSS to yahoo 360

I have a yahoo 360 page, and was wondering if there is a way I can add RSS of this blog of mine to yahoo 360. Here is how I did it:

1. Open your blogger page.
2. Click the little orange RSS icon in the address bar, and it will display the full RSS.
blogger RSS in firefox
3. Copy the address URL of this RSS. The link will be like:
http://yourblog.blogspot.com/feeds/posts/default
4. Now open your yahoo 360
5. Click "My Page" link
6. Scroll down to the "feeds" section, click "Edit Feeds"
7. Paste the URL in one of the empty text-fields in the next page, and make sure the "can be seen by" is set to "public"
8. Click "Save".
Done!

Note: Following these steps gave me a nasty error message every time I clicked on the save button. But my blog is now showing up on my 360 despite the error message! Let me know if this worked for you. Thanks to Neetesh for assistance!

Wednesday, April 11, 2007

Funny: Pistachio Laptop Cooler

Image Hosted by ImageShack.us

My roommate's Sony Vaio was running exceptionally hot during one of his extended cyberchatting sessions. He's too lazy to go out and buy a laptop cooler, and can't afford to shut the machine down for a few minutes. So this is his innovative way to cool his laptop: Place it on a bowl of Pistachios. The pistachios are a very effective cooling agent for laptops - please call a computer researcher to confirm this :)

(As a side effect, the pistachios will last longer too)

Tuesday, April 10, 2007

Linux: The non-stop performer

I am hosting five websites from my home server using Linux. This "server" is a very old computer barely capable of running modern operating systems, but is running Apache web server on Ubuntu Linux successfully. I had configured this as a server many months back, and then just forgot about it. I never had any downtime problems so far (except once when I filled up the entire 1GB HDD by installing some updates leading to a kernel panic), and no crashes!

Yesterday, I just remembered I have a web-server which has been running all day and all night, and I became curious how many days it has been up. I checked, and here is what I saw:




The server was up for 91 days non-stop! I didn't have to worry about it at all! This is truly great, and I can now feel why the Linux community is so enthusiastic about their software!
Thank you Linus!