Ramblings about Debian GNU/Linux
-
Security and Privacy on the Internet
Some interesting articles about using bittorrents.
How to Boost Your BitTorrent Speed and Privacy - http://lifehacker.com/286607/interme...-to-bittorrent
How to Completely Anonymize Your BitTorrent Traffic with BTGuard - http://lifehacker.com/5863380/how-to...c-with-btguard
How to Pirate Software Without Getting Caught - http://gizmodo.com/5905534/how-to-pi...getting-caught
How to Make Your VPN Even More Secure - http://lifehacker.com/5902397/how-to...en-more-secure
How To Anonymize and Encrypt Your BitTorrent Traffic - How-To Geek - http://www.howtogeek.com/76801/how-t...rrent-traffic/
How to Completely Mask & Anonymize Your BitTorrent Traffic Using Anomos http://null-byte.wonderhowto.com/blo...nomos-0131925/Posted 05-31-2012 at 07:26 PM by craigevil -
Howto get newer package versions for Debian Stable
For a complete example of the steps backporting your own package See https://www.linuxquestions.org/quest...1/#post4692359Posted 05-31-2012 at 05:17 PM by craigevil -
Howto get newer package versions for Debian Stable
To install sid packages in testing do:
Code:echo 'APT::Default-Release "testing";' >> /etc/apt/apt.conf, edit sources.list, copy your non-security testing lines and change one set to sid, then apt-get update. Use apt-get -t sid install foo; to install foo from sid rather than testing as usual. WARNING to SYNAPTIC users: Synaptic ignores Default-Release: set Preferences->Distribution
Or backport from sid following the steps in the main post.
To upgrade a package that was installed from source do:
Code:uupdate (in the <devscripts> package) upgrades a source code package from an upstream revision, or e.g. if the newest foo in debian is 1.2, and upstream is at 1.4: apt-get source foo; wget -nd http://foo.org/foo-1.4.tar.gz; cd foo-1.2; uupdate ../foo-1.4.tar.gz
Posted 05-25-2012 at 09:06 PM by craigevil -
Grokking Debian GNU/Linux
The Debian Administration Handbook
You can order it in book form or download in various electronic form. You can find the news here:
http://debian-handbook.info/2012/the...-is-available/
The download is a bit hard to find at first glance. You can find it here:
http://debian-handbook.info/get/now/
Also available as a html webpage:
http://static.debian-handbook.info/browse/stable/
And at least on sid as a Debian package:
$ apt-cache search debian-handbook
debian-handbook - reference book for Debian users and system administrators
Code:# apt-get install debian-handbook Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: debian-handbook 0 upgraded, 1 newly installed, 0 to remove and 19 not upgraded. Need to get 22.0 MB of archives. After this operation, 23.9 MB of additional disk space will be used.
Posted 05-11-2012 at 06:31 AM by craigevil -
Security and Privacy on the Internet
Be afraid be very very afraid:
House Passes Cybersecurity Measure CISPA
http://www.wired.com/threatlevel/201...-passes-cispa/Posted 04-26-2012 at 06:41 PM by craigevil -
Howto install Oracle Java on Debian
The only drawback to install Java this way is you need to check for updates manually.
Oracle released updates for Java6 and java7 today.
Java SE Downloads - http://www.oracle.com/technetwork/ja...sp-138363.html
Already updated Java on my system:
Java(TM) Plug-in 1.6.0_32
File: /usr/lib/jvm/j2re1.6-oracle/lib/i386/libnpjp2.so
$ apt-cache policy oracle-j2re1.6
oracle-j2re1.6:
Installed: 1.6.0+update32
Candidate: 1.6.0+update32Posted 04-26-2012 at 04:30 PM by craigevil -
Grokking Debian GNU/Linux
Howto get newer package versions for Debian Stable - https://www.linuxquestions.org/quest...-stable-34611/
HowTo Build a Package from Source the Smart Way : http://forums.debian.net/viewtopic.php?f=16&t=38976Posted 04-18-2012 at 01:53 PM by craigevil -
Grokking Debian GNU/Linux
UFW - Uncomplicated Firewall https://launchpad.net/ufw
Quote:Description-en: program for managing a Netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a Netfilter firewall easier. It provides a command line interface with syntax similar to OpenBSD's Packet Filter. It is particularly well-suited as a host-based firewall.
gufw. For those that run KDE like myself there isn't a package in the Debian repos.
But we can use , UFW KControl Module KDE-Apps.org
http://kde-apps.org/content/show.php?content=137789
it has to be compiled, for the last step in place of make install, I used checkinstall which builds a .deb package.
Once installed it shows up in KDE's System Settings under Network, you will see a shield with the word Firewall under it.
Documentation for UFW:
UFW - https://help.ubuntu.com/community/UFW
UncomplicatedFirewall https://wiki.ubuntu.com/UncomplicatedFirewallPosted 04-09-2012 at 02:06 AM by craigevil -
Security and Privacy on the Internet
Interesting and helpful links:
How to secure your computer and surf fully Anonymous BLACK-HAT STYLE - http://www.cyberguerrilla.info/?p=3322
http://www.rawstory.com/rs/2012/04/0...ment-snooping/
http://theconversation.edu.au/an-inv...e-serious-5343
http://theconversation.edu.au/living...ly-online-5990
http://www.cyberguerrilla.org/?p=2503Posted 04-09-2012 at 01:54 AM by craigevil
Updated 04-21-2012 at 01:47 PM by craigevil -
Security and Privacy on the Internet
Use Torchat
Quote:Description-en: decentralized instant messenger built on top of the Tor Network
TorChat is a peer to peer instant messenger with a completely decentralized
design, built on top of Tor's location hidden services, providing strong
anonymity while being very easy to use
.
Top most relevant feature TorChat claims, above from text messaging and file
sending, rest on the difficulty someone would experiment trying to find out
where you are communicating from
.
In the condition someone might be observing you and sniff your internet traffic
connection, the person will find highly difficult to find out:
- Where your contacts are located
- To whom you are sending or receiving from
- What you send or receive, as everything is end-to-end encrypted
Homepage: http://code.google.com/p/torchatPosted 04-09-2012 at 01:32 AM by craigevil -
Security and Privacy on the Internet
Some interesting links:
Decentralized and Open DNS To Defeat Censorship - http://anoncentral.tumblr.com/post/2...eat-censorship
How to hide emails from government snooping | The Raw Story - http://www.rawstory.com/rs/2012/04/0...ment-snooping/
An invincible file-sharing platform? You can't be serious - https://theconversation.edu.au/an-in...e-serious-5343
Living in Orwell's world: how to disappear completely online - https://theconversation.edu.au/livin...ly-online-5990
Guide for IRC Chat Setup & Anonymous Interneting - http://www.cyberguerrilla.org/?p=2503
How to secure your computer and surf fully Anonymous BLACK-HAT STYLE - http://www.cyberguerrilla.info/?p=3322Posted 04-07-2012 at 03:13 PM by craigevil
Updated 04-21-2012 at 01:45 PM by craigevil -
Security and Privacy on the Internet
Some useful apps:
Tribler secure p2p client
Quote:Tribler is a social community that facilitates filesharing through a peer-to-peer (p2p) network. A p2p network is different from a centralised service, where every user downloads his files from one central server. With p2p, the user/downloader is also an uploader to another user. This way, there is no central computer required that provides every file to all users.
Quote:Secure video calls, conferencing, chat, desktop sharing, file transfer, support for your favorite OS, and IM network. All this, and more, in Jitsi - the most complete and advanced open source communicator.
Features
Security
Encrypted password storage
Password protection with a master password
Encrypted Instant Messaging with Off-the-Record Messaging (OTR)
Call encryption with SRTP and ZRTP for XMPP and SIP
Call encryption with SRTP and SDES for SIP
DNSSEC support
TLS support and certificate-based client authentication for SIP
Miscellaneous
On-line provisioning
Provisioning server discovery via DHCP and mDNS (Bonjour)
IPv6 fully supported by SIP and XMPP
Call history
Missed call notifications
Systray notifications (using Swing, Growl or libnotify)
Drag and drop support for file transfer
Integration with Microsoft Outlook and Apple Address Book
Support for LDAP directories
Support for Google Contacts
SIP specific
On-line contact list storage with XCAP
Secure signalling with TLS
DTMF (SIP INFO, RTP RFC 2833/4733, inband)
Message Waiting Indication (RFC 3842)
XMPP Specific
DTMF (RTP RFC 2833/4733, inband)Posted 04-05-2012 at 07:53 PM by craigevil -
Security and Privacy on the Internet
If you use Google apps and have an Android phoneiPhone or a BlackBerry you should setup 2-step verification.
How it works - https://support.google.com/accounts/...9588&ctx=topic
Quote:If you want to turn on 2-step verification and own a smartphone, we recommend you use the Google Authenticator app -- a mobile application available on Android devices, iPhones, and BlackBerry devices -- to generate verification codes. The application doesn't require an Internet connection, mobile service, or a data plan to generate verification codes.
Signing in using application-specific passwords - Accounts Help - https://support.google.com/accounts/...9586&ctx=topicPosted 03-27-2012 at 03:08 PM by craigevil -
Grokking Debian GNU/Linux
Ways to backup your Debian install:
FSArchiver - http://www.fsarchiver.org/Main_Page
Clonezilla - http://clonezilla.org/
BackupAndRecovery - http://wiki.debian.org/BackupAndRecoveryPosted 03-25-2012 at 09:27 AM by craigevil -
Security and Privacy on the Internet
Use moblock/Peerguardian
PeerGuardian - http://sourceforge.net/projects/peerguardian/
Quote:PeerGuardian helps protect your privacy by blocking many ranges of aggressive IPs while you use P2P.
Quote:moblock-deb provides packages related to IP blocking software, similar to PeerGuardian: In order to protect your privacy internet traffic is blocked based on large lists of IP address ranges. The packages are PeerGuardian Linux (pgl), and its precessors moblock, blockcontrol and mobloquer.
I-BlockList - http://www.iblocklist.com/
blocklist - https://sites.google.com/site/blocklist/
For help setting it up Ubuntu has a nice doc:
MoBlock - Community Ubuntu Documentation - https://help.ubuntu.com/community/MoBlock
Why is this so important you might ask:
Copyright Cops Team with ISPs to Crack Down on Music, Movie Pirates | PCWorld - https://www.pcworld.com/article/2352...e_pirates.html
Hack the Planet!!!!!!!!!!Posted 03-19-2012 at 01:19 PM by craigevil
Updated 03-19-2012 at 01:47 PM by craigevil -
Security and Privacy on the Internet
RetroShare - http://retroshare.sourceforge.net/
Quote:RetroShare is a Open Source cross-platform, private and secure decentralised communication platform.
It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication.
RetroShare provides filesharing, chat, messages, forums and channels
Quote:RetroShare is the next generation sharing network, which provides:
Reliable Identification and Authentication of your friends.
Plus an Introduction Scheme which connects you to the friends of your friends, and facilitates network growth.
Encrypted Communication, ensuring all shared information is known only to you and your peers.
A Communication Platform which can potentially support services such as Secure Email, File Sharing, Streaming, Video or Voice over IP, Photos, Wall and Messaging
A Decentralised Social Sharing Network designed **For the People** with no dependancies on any corporate system or central servers.
Quote:You want to chat and share files securely with your friends
Only your friends will be able to see and download files that you share.
RetroShare is serverless, which means - unlike other messengers, you don't* need to register, complete annoying registration forms and receive tons of ads. Sending a key to your friend by e-mail is enough to set up your own IM network. This also means no IM spam, because people you didn't invite absolutely cannot connect.
You can also use your favorite nick name either: no need to use cryptic names like "john.smith148@something.com" just because someone (whom you don't even know) snapped your favorite nick before you.
RetroShare is encrypted, meaning high privacy: nobody, including your
ISP, can see what files you're sharing.
You need secure instant messaging and files exchange for a small workgroup.
You need to chat securely and exchange files with other colleagues at work, but do not trust your data to a public chat network like Live or Google Chat ? Don't want a hassle of installing and maintaining your own chat server either ? Use RetroShare instead:
RetroShare is serverless , which means that no server, ever, gets to see your data. Any IM server, no matter how secure, poses a risk of data leak because of hacker's attack. Retroshare completely eliminates this security risk associated with the IM server, without any added costs.
RetroShare encrypts all connections, which means every bit of data is encrypted end-to-end. Unlike other products using self-made weak encryption, RetroShare uses a special version of industry standard Openssl library, trusted by banks and other organizations.
Absolutely no vendor lock-in: you own your RetroShare network. There is no 3rd party vendor whom you have to pay, or who may go out of business and force you to migrate to another product.
RetroShare Brings Anonymous File-Sharing To the Masses | WebProNews - http://www.webpronews.com/retroshare...masses-2012-03Posted 03-13-2012 at 07:33 PM by craigevil -
Security and Privacy on the Internet
Some security apps on Linux:
the ones with * I have used and/or have installed at present
Basic tools:
*checksecurity - basic system security checks
*lynis - security auditing tool for Unix based systems
*rkhunter - rootkit, backdoor, sniffer and exploit scanner
*chkrootkit - rootkit detector
*tripwire - file and directory integrity checker
*tiger - Report system security vulnerabilities
*bastille - Security hardening tool
*debsums - tool for verification of installed package files against MD5 checksums
*debsecan - Debian Security Analyzer
*tor - anonymizing overlay network for TCP
*torchat - decentralized instant messenger built on top of the Tor Network
Others:
unhide - Forensic tool to find hidden processes and ports
unhide.rb - Forensic tool to find processes hidden by rootkits
*aide - Advanced Intrusion Detection Environment
bsign - Corruption & intrusion detection using embedded hashes
systraq - monitor your system and warn when system files change
*snort - flexible Network Intrusion Detection System
*fwsnort - Snort-to-iptables rule translator
*psad - Port Scan Attack Detector
samhain - Data integrity and host intrusion alert system
*acct - The GNU Accounting utilities for process and login accounting
pmacct - promiscuous mode traffic accountant
iotop - simple top-like I/O monitor
nmap - The Network Mapper
pads - Passive Asset Detection System
tshark - network traffic analyzer - console version
*wireshark - network traffic analyzer - GTK+ version
clamassassin - email virus filter wrapper for ClamAV
*clamav - anti-virus utility for Unix - command-line interface
arpalert - monitor ARP changes in ethernet networks
arpwatch - Ethernet/FDDI station activity monitor
arpon - versatile anti ARP poisoning daemonPosted 03-05-2012 at 04:59 PM by craigevil
Updated 04-18-2012 at 04:23 PM by craigevil -
Security and Privacy on the Internet
Quote:Why DNSCrypt is so significant
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn't require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers.
DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user's online security and privacy.
Quote:Here are the correct steps:
gedit /etc/init.d/dnscrypt.sh
Paste:
### BEGIN INIT INFO
# Provides: dnscrypt
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: DNSCrypt for OpenDNS
# Description: Launch the dnscrypt to communicate with OpenDNS
### END INIT INFO
/usr/sbin/dnscrypt-proxy --daemonize
Save then:
cd /etc/init.d/
chmod +x dnscrypt.sh
update-rc.d dnscrypt.sh defaults
update-rc.d dnscrypt.sh enable
Configure your connection manager to use 127.0.0.1 as DNS and now it should work
You can download the .deb files from:
OpenDNS Community > Blog > Tales from the DNSCrypt: Linux Rising : http://blog.opendns.com/2012/02/16/t...-linux-rising/
Detailed post in the antiXfreeforums:
antiX-forum - Secure DNS with DNScrypt - http://antix.freeforums.org/post23679.html#p23679Posted 02-21-2012 at 01:56 AM by craigevil
Updated 03-02-2012 at 07:34 PM by craigevil -
Grokking Debian GNU/Linux
Setting Default browser - MozillaZine Knowledge Base : http://kb.mozillazine.org/Default_browser#Debian
Setting Default Applications Using the Debian alternatives system : http://www.debian-administration.org/articles/91Posted 02-19-2012 at 01:12 PM by craigevil -
Security and Privacy on the Internet
Seems the OptimizeGoogle extension for Firefox is being discontinued.
A couple of ways to still get the blocking functions:
googlePrivacy for Greasemonkey : http://userscripts.org/scripts/show/29078
Don't track me Google for Greasemonkey - https://userscripts.org/scripts/show/121923
GoogleSharing :: A Special Kind Of Proxy - http://www.googlesharing.net/
PrivacySuite :: Add-ons for Firefox - https://addons.mozilla.org/en-US/fir...te/?src=search and/or Ghostery
Do Not Track Plus
https://addons.mozilla.org/en-US/fir...donottrackplusPosted 02-14-2012 at 07:41 AM by craigevil
Updated 04-10-2012 at 07:49 PM by craigevil