Village Elder

I found some great comments to my article on passwords on the Computer Defence blog!   There is a neat idea using passwords based on URL's that I think would make very long passwords (40 characters or more) much easier to remember.  Check it out!

 There were also some references to some of my other posts being old news from 1995.  Yeah, it's true.  I recently added my about page which describes how I'm using this blog as a way to publish entries from my personal tech notes, that I've created over the last 10 years.  I'm trying to start with the ones that are most requested.  This approach will certainly lead to tips and how too's that may already be known my many.  

 Please feel free to take what you need, and skip what you already know.  Thanks to Computer Defence blog for giving my a good going over.  I'm new to the blogging scene and am humble in my blog foo.  

I was forwarded a great cartoon today.  It depicts a stick figure using the sudo command on another stick figure with an effect not unlike Obiwan telling that stormtrooper "These are not the droids you're looking for". I was so tickled by this cartoon that I had to try and share the humor with my wife.   Of course I had to start by explaining that sudo is a command used to elevate a UNIX user's privilege so that they can safely run commands as the dangerous root user without the risk of remaining root for fear of mucking up the system.  It didn't work, and I had to be content in chuckling to myself.

This reminded me of a little script that I used to use when I needed to use sudo repeatedly and didn't want to retype my password every 5 minutes, as is the default behavior of sudo.  I called the script 'frankensudo', perhaps because it keeps bringing sudo back to life.

#!/bin/bash

franken () {
        /usr/bin/sudo -v
        /bin/sleep 275
}
while true ; do
        franken
done

 I would invoke this script in the background with:

 ./frankensudo &

Of course, this is a bit sneaky and only slightly defeats the purpose of sudo.  After all you still need to type the word sudo to run a command.  You just won't have to re-authenticate.  

Sometimes you need to make your Linux box look like another at the switch layer (layer 2 btw). This might make your machine look like another to the networking gear, or if you don't want the manufacturer of your network card to be known to other devices on the network segment. The process is really easy if don't need the change to be persistant between reboots.

ifdown eth0

ifconfig eth0 hw ether 00:80:FF:FF:98:F5

ifup eth0

If you need to make the change persistent between reboots you can put these commands in the file:

/etc/rc.local

The commands in rc.local get run each time the system boots.

If you want to play with this you can use the command:

arp -a

This command works on both windows and linux, and will list all the MAC addresses your machine can see on the local network segment. If you want to determine what manufacturer made the network card associated with the MAC addresses you found, you can look them up with the nifty tools found here.

Here is how to retrieve documents on a webserver with only the telnet comand...

first telnet to port 80 on the desired server....

telnet www.xonk.org 80

At the prompt type the following command...

GET /index.html HTML/1.0 <ENTER>
<ENTER>

You need 2 newlines to make this work.  So the "<ENTER>"'s mean use the 
Enter key on the keyboard.  You can substitute the /index.html for
/index.htm or what ever html you are looking for.

Here is a cool way to test SMTP mail relay service.

Use the telnet program in unix or windows to connect to port 25(SMTP) on your
SMTP server.  Note that windows telnet from the command line will not echo what
you type so it is not recommended.

  telnet mail.yourdomain.com 25

You will be prompted with a SMTP server response something like this..

  Trying 64.26.21.198...
  Connected to mail.yourdomain.com.
  Escape character is '^]'.
  220 mail.yourdomain.com ESMTP Sendmail 8.9.3/8.9.3; Tue, 27 Aug 2002 16:20:32 -0500
 
Next you identify yourself with the ehlo "hello" command..

  ehlo myhost.mydomain.com

You should see a response like this..

  250-mail.yourdomain.com myhost.mydomain.com [203.32.9.6] pleased to meet you
  250-8BITMIME
  250-SIZE 10000000
  250-DSN
  250-ONEX
  250-ETRN
  250-XUSR
  250 HELP

Now start creating the mail message by entering the from address..  

  mail from: someone@mydomain.com

You will recieve a response like this..

  250 someone@mydomain.com... Sender ok

Now define the recipient's address..

  rcpt to: person@somewhere.com
If the mail server allows relay for the user you specified, you will recieve
a resonse like this..

  250 person@somewhere.com... Recipient ok

If the mail server does not allow relaying for the user specified, you will
an error like this..

  550 person@somewhere.com... Relaying denied
This is a good way to test a mail server for the open relay vulnerability. If
the mail server allows relay for all email addresses and is publicly
accessable it may be used by spammers to send unsolicited mail.

Now we start the data part of the message, type...

  data

Next you need to construct the body of the message and optionaly nice looking 
mail headers.  First the optional headers.  You can skip this step and still 
send mail. When you are finished with the body of the message, type a single
"." on an otherwise empty line.  This will signal the end of the message.

  To: John Thomas <person@somewhere.com>
  From: Jane Smith <someone@mydomain.com>
  Subject: Testing SMTP Mail Relay
  Dear John

  This is the body of the message.

  .

Now you will see a response like this..

  250 QAA07271 Message accepted for delivery
Finally, disconnect from the mail server by typing..

  quit

You will see..

  221 mail.yourdomain.com closing connection
  Connection closed by foreign host.
Optionaly you can continue to compose more messages.

Here is an end to end example...

user@host ~$ telnet 192.168.99.99 25
Trying 192.168.99.99...
Connected to mx.someotherplace.com (192.168.99.99).
Escape character is '^]'.
220 mx.someotherplace.com ESMTP CSEEMail (2.0)
ehlo myhost.org
250-mx.someotherplace.com
250-PIPELINING
250-SIZE 28672000
250-VRFY
250-ETRN
250 8BITMIME
mail from: user@someplace.com
250 Ok
rcpt to: user@someotherplace.org
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Howdy from me
here is the end to end test
.
250 Ok: queued as D3A30D80E1
quit
221 Bye
Connection closed by foreign host.
user@host ~$

File Sizes 

1024 Bytes
=
1 Kilobyte
or
1K
1024 Kilobytes
=
1 Megabyte
or
1M
1048576 Bytes*
=
1 Megabyte
or
1M
1073741824 Bytes
=
1 Gigabytes
or
1G

* Sometimes 1000000 Bytes is called a Meg, but this is only an aproximation

Add a default gateway

route add default gw 10.0.0.1

This will add a temporary route that will clear after reboot.  To set the
default gateway betwen reboots edit /etc/sysconfig/network with the following
line

GATEWAY=10.0.0.1

Add a static route

route add -net 192.168.100.0 netmask 255.255.255.0 eth0

This will route all traffic toward this subnet to the eth0 interface

Manually add a static non gateway route

route add -net 10.8.100.0 netmask 255.255.255.0 gw 10.0.16.140

you can add stuff to the file /etc/sysconfig/static-routes
to make stuff start on boot

The syntax is a bit different than the route command.  Check the file
/etc/sysconfig/network-scripts/ifup-route to see the syntax it's using.