Don’t hide Unity launcher bar

I’ve been messing around with Ubuntu  11.10 for a couple of weeks and it’s being hard getting used to Unity. One of the things that annoys me the most is when the launcher bar appears suddenly before I can click on a link at the left side of a web page. Nevertheless, the launcher bar can be stuck to the left edge of the screen following these steps that you all might already know:

  • Start the CompizConfig Settings Manager.
  • Select  Ubuntu Unity Plugin under Desktop category.
  • On the tab Behaviour select the value Never for the Hide Launcher property.
Categories: Linux

Linux, MX Revolution and the Middle mouse button

2011/10/24 5 comments

For those who have a MX Revolution mouse and want to configure it correctly in Ubuntu, I recommend them to use a tool called revoco. It is not new and it seems a bit abandoned. Yet it’s the only tool that did exactly what I wanted.

By default, the wheel button of this mouse is set to change between the free spin mode and the click-to-click. However, I prefer it to be in auto spin mode and use the wheel button as the middle mouse button, so that I can paste selected text in Linux and close tabs.

First of all, you must set your mouse (and keyboard if you own a MX 5500 combo) as raw HID. Edit the file /lib/udev/rules.d/62-bluez-hid2hci.rules (the file name may change depending on the system, this is for Ubuntu 11.10) and replace the following text:

KERNEL==”hiddev*”, ATTRS{idVendor}==”046d”, ATTRS{idProduct}==”c70[345abce]|c71[34bc]”, \
RUN+=”hid2hci –method=logitech-hid –devpath=%p”

by

KERNEL==”hidraw*”, ATTRS{idVendor}==”046d”, ATTRS{idProduct}==”c70[345abce]|c71[34bc]”, \
RUN+=”hid2hci –method=logitech-hid –devpath=%p”

Download revoco’s last version from http://maemo.cloud-7.de/mx-revolution/. Untar it, compile it running make and move the compiled binary to /user/local/bin directory.

cd revoco-0.5
make
mv revoco /usr/local/bin

Finally, run the command to set your mouse in auto spin mode and you’ll have both, the desired scroll wheel mode and the correct middle button configuration.

revoco auto=[speed]

Set the speed you prefer to change between free spin and click-to-click mode. I think 10 is the best value.

Categories: Linux Tags: ,

Read .gz text files on the fly

Logging systems usually compress old logs into Gzip files. Uncompressing those files to check old logs can be a pain in the neck, specially if you don’t know which file contains the entries of a specific date. The zless command will help you a lot with this task. For example, to read Tomcat’s compressed logs you just have to execute:

zless catalina.out.1.gz

You will see the content of the compressed file as if you were using the less command.

Categories: Commands, Linux Tags: , , , ,

Rotate a single page in a PDF file

First, install pdftk:

apt-get install pdftk

To rotate the 19th page 180º:

pdftk input_file.pdf cat 1-18 19D 20-end output output_file.pdf

input_file.pdf: The path of the PDF file you want to modify.
cat 1-18 19D 20-end: Create a new PDF using these parts from the input file:

  • Pages from 1 to 18, let them as they are.
  • Rotate the 19th page 180º.
  • Pages from 20 to the end, let them as they are.

output_file.pdf: The path of the new PDF that will be created.

The rotation degrees are:

  • D: 180º.
  • L: 90º to the left.
  • R: 90º to the right.
Categories: PDF Tags:

ZmEu attacks: Some basic forensic

2011/02/25 16 comments

One day you may find a bunch of requests in a short period of time with unusual and suspicious user agent in your Apache web server’s logs. Something like Made by ZmEu @ WhiteHat Team – http://www.whitehat.ro or ZmEu and the requests may be made from Russia or China. Search and you’ll find that ZmEu is a bot that tries to find vulnerabilities in phpMyAdmin (usually looks for phpmyadmin/scripts/setup.php file) and other web applications. This is how logs looked like.

This one failed to find phpMyAdmin as it got an 404 HTTP error code:

75.127.68.106 [...] "GET //phpMyAdmin/ HTTP/1.1" 404 285 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"

This one succeeded, 200 HTTP code was returned when accessing http://domain.com/myadmin:

75.127.68.106 [...] "GET //myadmin/ HTTP/1.1" 200 8644 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"

The last one is a bit strange, as they are looking for /w00tw00t.at.blackhats.romanian.anti-sec:):

89.108.119.29 [...] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 315 "-" "ZmEu"

This are just 3 examples. If your server has suffer this attack, you’ll see a lot of similar rows coming from the same IP address in a very short period of time. If none of the GET requests returned a 200 code, probably you are safe. Else, your system may have been compromised, so you’d better look for suspicious things in any of the files/folders they found.

Even if you don’t have phpMyAdmin installed or if all the requests returned a 404 error you should block this kind of attacks not only for security reasons, but for system stability and good performance. You can start by doing this 3 things:

  1. Block all the suspicious IPs. This will not block the attacks, as attackers use different IPs each time. But I think it’s a good practice to block requests coming from zombies in case more malicious attacks, and maybe more dangerous than ZmEu, are coming from there in the future. You can use iptables to block these addresses:
    iptables -I INPUT -s 89.108.119.29 -j DROP
  2. Install ModSecurity. It is an open source web application firewall that will help you securing your Apache web server. With this Apache module you’ll be able to block almost any attack, although you will have to learn how to configure new rules if the default ones are not enough for you.
  3. Every attack of this kind creates a performance leak, as a 404 error page must be generated and served. You can create an antibot.phpfile with these lines:
    <?
    header("HTTP/1.1 403 Forbidden");
    ?>

    Then add these lines to your .htaccess file in the web root directory. If you don’t have one, just create it. Remember you must have mod_rewrite installed and loaded.

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^antibot.php
    RewriteCond %{HTTP_USER_AGENT} (.*)ZmEu(.*)
    RewriteRule .* http://www.yourdomain.com/antibot.php [R=301,L]

    This will reply with a 403 error to all the requests that contain the string ZmEu in the user agent. So if you only use this method, your server will be blocking only ZmEu attacks. If you also want to block other user agents just add another RewriteCond %{HTTP_USER_AGENT} botname_regexp line. When adding another condition, don’t forget to add [OR] at the end of the previous RewriteCond.

    Update: nyhm proposed these other rewrite rules in the comments. They’re more straightforward and they probably work better than the ones above.

    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} ^ZmEu [OR]
    RewriteCond %{HTTP_USER_AGENT} (.*)AnotherAgent(.*)
    RewriteRule .* – [F]

    Replace AnotherAgent by the user agent you want to bloc or remove the line and the previous [OR].

You may want to block these IPs in your server, as they’re known to be doing this kind of attacks:

75.127.68.106
78.111.81.180
112.95.145.153
89.108.119.29
77.222.43.19
89.208.136.210

External links:
http://www.modsecurity.org/
http://www.philriesch.com/articles/2010/07/getting-a-little-sick-of-zmeu/
http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess
 
Categories: Apache Tags: ,

Shutdown your computer, cleaners are lurking

It’s late and you are at work. Is time to take the bus and go home, but your computer is processing a huge amount of ultra-confidential data (of course, this only can be done on Linux :P). You’ll miss the bus if you don’t run now, but you don’t want to shut you computer down and lose a lot of time repeating all the process tomorrow.

The problem is that if you don’t shut down the computer, the cleaners, that are coming at 22:00 to clean the office armed with their brooms and cloths, could access all the data in your computer (as we all know, cleaners are actually high level hackers). So, what can you do?

Don’t worry, just run the next command and your PC will shut down one minute before they come into your office:

shutdown -h 21:59

If you know how long it will take to finish the process (let’s say 60 minutes), run this command instead:

shutdown -h +60

Finally, if you are too paranoid, you can halt your computer immediately by running this one:

shutdown -h now

Hey! And don’t forget to lock the door!

Categories: Commands, Linux Tags: , ,

Generate ADDRESSBOOK type QR Codes

Recently I had to design some business cards for a computer science research group. So I decided to add a small touch of innovation by using a QR code that stored all the contact info.

Plain text QR’s are good as they are, but they weren’t enough for my purposes, so after researching a bit around the issue I found out that barcode scanning apps are also able to identify QR’s that are encoded with the vCard notation, and thus store the information in addressbook fashion.

So the first thing I did was having a look at vCard 3.0 specification‘s notation. Actually there also are other addressbook syntaxes out there, but vCard is probably the one that offers most options.

Here’s what Julius Caesar’s contact info would look like if written in vCard syntax:

BEGIN:VCARD
VERSION:3.0
N:Caesar Augustus;Galus Julius;
FN:Galus Julius Caesar Augustus
TITLE:CEO/Emperor
TEL;TYPE=WORK;VOICE:+555 946017
TEL;TYPE=WORK;CELL:+555 678658
EMAIL;TYPE=WORK:caesar.rules@gmail.es
ADR;TYPE=INTL,POSTAL,WORK:;;Velitrae Ox Head avenue, 1;Rome;Augusta;14567;Italy
URL;TYPE=WORK:http://www.thosewhoareabouttodiesaluteyou.com
END:VCARD

After writing the vCard it’s time to generate a QR with the encoded information. To do so, you can use one of the many available online QR code generation tools, such as Google’s Chart API’s Wizard. This is what Julius Caesar’s ADDRESSBOOK type QR code would look like.


When you scan the QR code (using a smartphone’s camera via barcode scanning app) it will show all the contact info and automatically tell you if you want to do one of the following:

Add contact, Show map, Call number, Send email

If you save the contact you’ll see there’s a few bugs on retrieving the vCard info. The address is treated as a whole thing instead of splitting it by postal code, location …

The first phone number on the vCard is treated as it were the cellphone number nevertheless if you specify VOICE and not CELL.

So it’s a very promising way to add contacts but still has some full-support issues.