Kamis, 21 Januari 2010

How-To: UFW - Ucomplicated Firewall

I looked for a current how-to for UFW and when I did not see one I wanted to add one.

(important note: UFW is not the firewall. UFW just configures your iptables)

in most cases I recommend doing the following immediately:

Code:
sudo ufw default deny
sudo ufw enable
Then fine tuning can start:

Some basic commands are:

Turn on the firewall
Code:
sudo ufw enable
Turn off the firewall
Code:
sudo ufw disable


To add deny rules:
blocking a port
Code:
sudo ufw deny port

blocking an ip address
Code:
sudo ufw deny from
blocking a specific ip address and port
Code:
sudo ufw deny from  to port
advanced deny example for denying access from an ip address range 10.120.0.1 - 10.120.0.255 for SSH port 22
Code:
sudo ufw deny from 10.0.0.1/24 to any port 22


To add allow rules:
to allow an ip address
Code:
sudo ufw allow from
to allow a port
Code:
sudo ufw
allow a specific ip address and port
Code:
sudo ufw allow from  to any port
advanced allow example for allowing access from an ip address range 10.120.0.1 - 10.120.0.255 to port 22
Code:
sudo ufw allow from 10.0.0.0/24 to any port 22

To get the current status of your UFW rules
Code:
sudo ufw status
To remove a deny or allow rule
Code:
sudo ufw delete  from  to any port
(note: you basically match the syntax for the creation of the rule and add 'delete')

You need to be careful with setting up allow and deny rules that 'intersect' because the first rule matched is applied and the remaining are ignored.

SECNARIO:
you want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22

Code:
sudo ufw deny from 192.168.0.1 to any port 22
sudo ufw deny from 192.168.0.7 to any port 22
sudo ufw allow from 192.168.0.0/24 to any port 22
if you do the allow statement before either of the deny statements it will be matched first and the deny will not be evaluated.

you can check this by checking ufw status
Code:
sudo ufw status
To                         Action  From
--                         ------  ----
22:tcp                     DENY    192.168.0.1
22:udp                     DENY    192.168.0.1
22:tcp                     DENY    192.168.0.7
22:udp                     DENY    192.168.0.7
22:tcp                     ALLOW   192.168.0.0/24
22:udp                     ALLOW   192.168.0.0/24
the allow is at the bottom and will be the last command evaluated if it appeared above the deny rules the deny rules would not be evaluated.

I hope this helps you use ufw to secure your computer.
Diposting oleh di Tidak ada komentar:

Senin, 21 Desember 2009

Install Hamachi on Ubuntu 9.04

  1. To being we must install the ‘tun’ module to enable IP Tunneling support for the Linux kernel. Most do not have this setup by default.
    2. $ sudo modprobe tun
  2. Open the modules file and add ‘tun’ to the list
    3. $ sudo nano /etc/modules
  3. Your file should look similar to the example below.
    4. # /etc/modules: kernel modules to load at boot time.
    #
    # This file contains the names of kernel modules that should be loaded
    # at boot time, one per line. Lines beginning with "#" are ignored.

    lp
    rtc
    tun
  4. Save the file and exit out of nano (Ctrl-O to save & Ctrl-X to exit), lets move on and verify that a tunneling node has been created. (*If you have compiled your own kernel you likely need to recompile it with IP Tunneling support if you receive an error with modprobe. This is not covered in this guide. And if you are unsure, you most likely did not compile yourself and you would definitely remember doing so.)
    5. $ ls /dev/net/tun
  5. You should recieve a response like the example below
    6. /dev/net/tun
  6. If you received something along the lines of “No Such File or Directory” you may need to manually create the node in step 6. If you received the same response as I did, jump to step 7. 
    $ sudo mkdir /dev/net
    $ sudo mknod /dev/net/tun c 10 200

    Jump back to Step 4 and you should now receive the correct response.

  7. With our IP Tunnel node created, it is time to install Hamachi itself. First download the latest version. As of writing this guide, the latest version is 0.9.9.9-20
    8. $ wget http://files.hamachi.cc/linux/hamachi-0.9.9.9-20-lnx.tar.gz

    Expected output below

    --2009-07-31 20:28:25--  http://files.hamachi.cc/linux/hamachi-0.9.9.9-20-lnx.tar.gz
    Resolving files.hamachi.cc... 69.25.20.50
    Connecting to files.hamachi.cc|69.25.20.50|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 344866 (337K) [text/plain]
    Saving to: `hamachi-0.9.9.9-20-lnx.tar.gz'

    100%[====================================================================>] 344,866      448K/s   in 0.8s

    2009-07-31 20:28:26 (448 KB/s) - `hamachi-0.9.9.9-20-lnx.tar.gz' saved [344866/344866]
  8. Extract our newly downloaded archive
    9. $ tar zxvf hamachi-0.9.9.9-20-lnx.tar.gz

    Expected output below

    hamachi-0.9.9.9-20-lnx/
    hamachi-0.9.9.9-20-lnx/Makefile
    hamachi-0.9.9.9-20-lnx/LICENSE
    hamachi-0.9.9.9-20-lnx/README
    hamachi-0.9.9.9-20-lnx/LICENSE.tuncfg
    hamachi-0.9.9.9-20-lnx/LICENSE.openssh
    hamachi-0.9.9.9-20-lnx/LICENSE.openssl
    hamachi-0.9.9.9-20-lnx/hamachi
    hamachi-0.9.9.9-20-lnx/tuncfg/
    hamachi-0.9.9.9-20-lnx/tuncfg/Makefile
    hamachi-0.9.9.9-20-lnx/tuncfg/tuncfg.c
    hamachi-0.9.9.9-20-lnx/tuncfg/tuncfg
    hamachi-0.9.9.9-20-lnx/CHANGES
  9. Navigate into the extracted directory
    10. $ cd hamachi-0.9.9.9-20-lnx/
  10. Start the installation
    11. $ sudo make install

    Expected output below

    Copying hamachi into /usr/bin ..
    Creating hamachi-init symlink ..
    Compiling tuncfg ..
    Copying tuncfg into /sbin ..

    Hamachi is installed. See README for what to do next.
  11. Run the tunnel
    12. $ sudo tuncfg
  12. This should complete the install, we will now configure the user permission in order for it to run correctly. Create a ‘hamachi’ user group
    13. $ sudo groupadd hamachi
  13. Add youself as a user to the ‘hamachi’ group. Be sure to replace your user name where appropriate.
    14. $ sudo gpasswd -a YOURUSERNAME hamachi
  14. Add the root user to the ‘hamachi’ group
    15. $ sudo gpasswd -a root hamachi
  15. Set the correct permissions for the tuncfg socket
    16. $ sudo chmod 760 /var/run/tuncfg.sock
  16. Change the ownership of the socket file
    17. $ sudo chgrp hamachi /var/run/tuncfg.sock
  17. That should do it for the permissions, Now onto setting Hamachi up & configuring it to start as a system service.
    18. $ sudo hamachi-init -c /etc/hamachi

    Expected output

    Initializing Hamachi configuration (/etc/hamachi). Please wait ..

    generating 2048-bit RSA keypair .. ok
    making /etc/hamachi directory .. ok
    saving /etc/hamachi/client.pub .. ok
    saving /etc/hamachi/client.pri .. ok
    saving /etc/hamachi/state .. ok

    Authentication information has been created. Hamachi can now be started with
    'hamachi start' command and then brought online with 'hamachi login'.
  18. Start hamachi
    19. $ sudo hamachi -c /etc/hamachi start

    Expected output

    Starting Hamachi hamachi-lnx-0.9.9.9-20 .. ok
  19. Set your computer’s nickname
    20. $ sudo hamachi -c /etc/hamachi set-nick "COMPUTERNICKNAME"
  20. Login to the Hamachi network
    21. $ sudo hamachi -c /etc/hamachi login
  21. To join an existing network (optional) “NETWORKNAME” and “PASSKEY” should be replaced with your network name and network password
    22. $ sudo hamachi -c /etc/hamachi join NETWORKNAME PASSKEY
  22. To create a new network (optional) “NETWORKNAME” and “PASSKEY” should be replaced with your network name and network password
    23. $ sudo hamachi -c /etc/hamachi create NETWORKNAME PASSKEY
  23. If you joined an existing network you must tell hamachi to then “go-online”. Be sure to replace NETWORKNAME with your relevant network name.
    24. $ sudo hamachi -c /etc/hamachi go-online NETWORKNAME
  24. Check your hamachi status to verify everything is as it should be
    25. $ sudo hamachi -c /etc/hamachi

    Expected output

    Hamachi, a zero-config virtual private networking utility, ver 0.9.9.9-20

    version  : hamachi-lnx-0.9.9.9-20
    pid      : 5472
    status   : logged in
    nickname : JauntyVM
Diposting oleh di Tidak ada komentar:

Ubuntu Linux Install Sun Java Development Kit ( JDK ) and Java Runtime Environment ( JRE )

Q. How do I install Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) under Ubuntu Linux? It appears that there are multiple JRE installed by default under Ubuntu. How do I select and use Sun JRE only? Can you explain steps required to set the environment to run java programs or apps?

A. Ubuntu Linux 7.10 has following packages from Sun:
=> sun-java6-bin : Sun Java Runtime Environment (JRE) 6

=> sun-java6-demo : Sun Java Development Kit (JDK) 6 demos

=> sun-java6-jdk : Sun Java Development Kit (JDK) 6

=> sun-java6-jre : Sun Java Runtime Environment (JRE) 6

Install Sun Java 6

To install proprietary Java, you must have the Multiverse repository enabled. Click on System > Administration > Software Source > Select Multisource > Close
Adding the Universe and Multiverse Repositories

Open a shell prompt (terminal) and type the following to install JDK and JRE:


$ sudo apt-get install sun-java6-bin sun-java6-jre sun-java6-jdk

Setup the default Java version

Ubuntu Linux comes with update-java-alternatives utility to updates all alternatives belonging to one runtime or development kit for the Java language. To select, Sun's JVM as provided in Ubuntu 7.10, enter:


$ sudo update-java-alternatives -s java-6-sun

You also need to edit a file called /etc/jvm. This file defines the default system JVM search order. Each JVM should list their JAVA_HOME compatible directory in this file. The default system JVM is the first one available from top to bottom. Open /etc/jvm

$ sudo vi /etc/jvm

Make sure /usr/lib/jvm/java-6-sun is added to the top of JVM list

/usr/lib/jvm/java-6-sun

At the end your file should read as follows:
/usr/lib/jvm/java-6-sun
/usr/lib/jvm/java-gcj
/usr/lib/jvm/ia32-java-1.5.0-sun
/usr/lib/jvm/java-1.5.0-sun
/usr


Save and close the file.

Setup the environment variable

You also need to setup JAVA_HOME and PATH variable. Open your $HOME/.bash_profile or /etc/profile (system wide) configuration. Open your .bash_profile file:


$ vi $HOME/.bash_profile

Append following line:

export JAVA_HOME=/usr/lib/jvm/java-6-sun
export PATH=$PATH:$JAVA_HOME/bin

Save and close the file.

Test your new JDK

Type the following command to display version:


$ java -version


Output:

java version "1.6.0_03"
Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
Java HotSpot(TM) Server VM (build 1.6.0_03-b05, mixed mode)

Try HelloWorld.java - first java program

$ vi HelloWorld.java


Append code:

public class HelloWorld { public static void main(String[] args) { System.out.println("Hello, World!"); } }

Save and close the file. Compile HelloWorld.java and execute program by typing following two instructions:
$ javac HelloWorld.java
$ java HelloWorld

Output:

Hello, World!

Diposting oleh di Tidak ada komentar:

Sabtu, 22 Desember 2007

Situs Polisi Tucson 'Dikerjai' Hacker Indonesia

Sabtu, 22/12/2007 - 17:02 WIB
Situs Polisi Tucson 'Dikerjai' Hacker Indonesia
Bukan 'Hacker' Profesional Tapi 'Prankster' Profesional
Sarie - Okezone


ARIZONA - Situs kepolisian Tucson hampir mengalami kelumpuhan selama dua minggu setelah seorang hacker, yang disinyalir berasal dari Indonesia, berhasil meng-hack situs tersebut.

Meskipun hari ini situs tersebut sudah online kembali, namun aksi hacker yang menamai dirinya 'Hmei7' itu cukup membuat panik seluruh personil institusi kemanan tersebut.

"Sampai saat ini kami belum menemukan adanya bahaya yang berarti terhadap kemanan file data milik kepolisian Tucson karena Hmei7 hanya mengincar database media rilis milik kami," kilah webmaster Departemen Kepolisian Tucson, Pat Johnson, seperti dikutip media online Tucson Citizen, Sabtu (22/12/2007).

Menurut Johnson, situs tersebut memiliki mesin pencarian untuk media rilis dan SQL Injection memungkinkan seseorang mengubah seluruh isi rilis tersebut sehingga orang akan membaca informasi yang tidak sesuai.

Johnson juga mengatakan bahwa Hmei7 berasal dari Indonesia dan telah berhasil 'mengerjai' ratusan situs pemerintah internasional.

Seolah menyepelekan, Johnson mengatakan bahwa aksi hacker tersebut tidak bisa dibilang sebagai profesional hacker karena ia tidak melihat adanya gangguan permanen pada situs tersebut. "Aksi ini hanya sebuah gangguan kecil. Saya lebih suka menyebutnya sebagai profesional prankster (pengolok)," tandasnya.

Hmei7 mampu menembug kode SQL Injection dengan melewati firewall kota dan kepolisian Tucson. Awalnya pihak kepolisian tidak menyadari hal tersebut sampai seseorang melaporkan persoalan ini.
Diposting oleh di 1 komentar:

Rabu, 14 November 2007

Nonton TV live 'n Gratis !!!

begutu banyak orang ngak mau terlepas dr "keterbatasan"
berawal dr keterbatasan lahirlah ....;))

to the point aja Bagi yang ga dapet sinyal untuk nonton stasiun Tv indo atau yang lagi ada di luar negeri kangen pengen liat acara dalam negeri yaitu Trans n Metro TV... bisa akses ke situs berikut.

Trans tv











Metro tv











stop salah satu yang nggak ingin di lihat dulu..
Klik kanan, pilih zoom - full screen biar lebih enak...

Trus kalo ada yang dapet link lain terutama film2 terbaru tolong di share ya... biar bisa nonton film gratis... hii
Diposting oleh di Tidak ada komentar:

Selasa, 06 November 2007

SMS gratis

Free SMS via PC with XL Instant Messenger

Selama ini banyak yang sudah mengenal free sms dari internet melalui situs2 produk Indosat, yakni mentari, IM3, dan star one. Namun dari website CDMA Indosat tersebut lady mendapatkan informasi bahwa produk2 tersebut tidak lama lagi hanya akan menggunakan satu domain yakni http://www.indosat.com. Kira2 masih bisa free sms lagi engga ya?

Nah, kabar baik bagi pelanggan Excelcomindo (XL). Beberapa hari yang lalu lady mendapat sms dari nomer layanan XL (818), yang memberikan informasi tentang adanya fitur free sms via PC ke ponsel, namanya XL Instant Messenger (XL_IM).



Namun baru sempat mencoba kemaren, dan sukses

Ternyata cara kerjanya mirip dengan YM to Mobile, bedanya kalo menggunakan YM, bila ingin bisa menerima pesan dari teman yang OL, sebelum sign out kita harus harus sign in ke nomer HP yang terdaftar di YM. Syarat untuk bisa menerima pesan selanjutnya, kita harus mereply setelah pesan keempat diterima.

Pada XL Instant Messenger, nomer2 yang akan di-sms dari PC haruslah udah terdaftar (via sms). XL Instant Messenger ini bisa untuk mengirim pesan ke ponsel ke berbagai negara, termasuk Filipina, AS, UK, Jepang, India, Guam, Saipan atau Thailand, tanpa biaya! Penerima pesan dapat langsung membalasnya ke PC tanpa harus men-download apapun. Sementara ujicoba saya hanya bisa sms ke nomer XL doang

Cara menggunakan XL Instant Messenger di ponsel

Untuk mendaftar "unified account" dengan menggunakan ponsel:
Untuk pengguna XL: Kirim REG ke 2828
Contoh: REG Elen

Membalas pesan XL Instant Messenger

Tidak perlu mengingat short code atau keyword apapun untuk membalas pesan XL Instant Messenger yang diterima di ponsel. Langsung membalas pesan yang diterima seperti membalas pesan SMS.

Mengirim Pesan

GRATIS kirim SMS dari PC, tetapi hanya untuk 20 SMS. Untuk menambah "SMS credits", teman harus membalas ke XL IM kita, setidaknya 1 kali. Ini merupakan fitur antispam. Meski ternyata limited, lumayan lah 20 sms Dikenakan tarif VAS yang sama (Rp 500/SMS) untuk pengiriman pesan ke XL Instant Messenger dari ponsel. Gpp deh, teman berkorban 500 perak buat reply, kan selanjutnya free Oya, selama promosi (s.d 30 Nopember 2007) reply ke PC adalah GRATIS.



Pengguna PC dan ponsel

1. Download XL IM di sini.
2. Login dengan menggunakan nomer ponsel dan password, maka teman2 akan menerima pesan seolah-olah dikirim dari ponsel.
Tidak ada pesan yang terlewat. Terus menerima pesan di manapun berada bahkan saat jauh dari PC. Dengan unified account, XL IM akan menjadi pelengkap untuk handphone.

Pengguna PC

Untuk membuat PC account, kunjungi registration.

1. Setelah download dan menginstall XL IM, Buatlah XL IM ID, undang semua teman pengguna PC dan ponsel, dan mulailah berkirim pesan.
2. Pesan pertama yang diterima ponsel merupakan langkah awal untuk membuat numberlist seperti halnya friendlist pada YM. Nomer yang akan di-sms haruslah udah terdaftar (dari ponsel)





Numberlist bisa diganti nama sesuai selera



Inilah hasil (sementara) list yang sudah jadi.



Menerima Pesan

- Dari PC ke Ponsel

Di Indonesia, menerima pesan dari XL Instant Messenger di ponsel adalah gratis!

ID pengirim sama dengan nama (nmr) yang tertera di phonebook


lihatlah nomer pengirim, prefiknya berubah menjadi 2828 yang merupakan angka contact center layanan XL IM


- Dari PC ke PC (update: 06/11/2007)

Mirip chatting dengan menggunakan Gtalk.




catatan:
- harap tdk heran dgn 'sebutan2' di ponsel maupun numberlist di atas, karena artikel ini hasil ujicoba ke nomer suami


adaptasi dari: http://www.xl.co.id/xl_im
Diposting oleh di Tidak ada komentar:

Selasa, 07 Agustus 2007

Islamic Manner

A Gift to share.. (Islamic Manner)
1. Bismillah (In The Name of Allah) when we begin doing someting good
2. Al-Hamdulillah (Praise be to Allah) for expressing Thanks and Gratefullness to Allah
3. Assalamu'alaikum (Peace be upon you) when we meet each other
4. Wa'alaikumsalam (Peace be upon you too): our reply for the greeting
5. Fi Amanillah (In the safe custody of Allah) when we are saying farewell to someone
6. Subahanallah (Glory be to Allah): areflect our appreciation and amazement of Allah's greatness
7. Masha Allah (As Allah may wish) reflecting our tottal surrender to devine will
8. Insha Allah (If Allah so wishes) if we resolves to do something and makes a promise
9. Innalillah (Verily to Allah do we belong) to affirm our total dependence upon Allah and that Allah is in charge of all tht happens
10. Astaghfirullah (I seek pardon and forgiveness from Allah) to express regret over a bad action
11. Jazakallah (May Allah reward you).....
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)