nixCraft » FreeBSD

Linux / FreeBSD: PDFCrack A Command Line Password Recovery Tool For PDF Files

nixCraft — Wed, 06 Jun 2012 07:33:50 +0000

I already written about howto remove a password from all PDF files under Ubuntu or any other Linux distribution in a batch mode. However, many user want a simple command to recover password from pdf files. This is useful if you forgotten your password for pdf file. It is also useful for data-archaeologists, computer forensics professionals, people who want to test their password-strength (pdf files generated by webpass) and many more.

30 Best Sources For Linux / *BSD / Unix Documentation On the Web

nixCraft — Wed, 21 Dec 2011 20:11:40 +0000

Man pages are written by sys-admin and developers for IT techs, and are intended more as a reference than as a how to. Man pages are very useful for people who are already familiar with Linux, Unix, and BSD operating systems. Use man pages when you just need to know the syntax for particular commands or configuration file, but they are not helpful for new Linux users. Man pages are not good for learning something new for the first time. Here are thirty best documentation sites on the web for learning Linux and Unix like operating systems.

FreeBSD 8.0 Review: Enterprise Ready Server Operating System

nixCraft — Thu, 26 Nov 2009 12:50:11 +0000

The FreeBSD Project is one of the oldest and successful project. FreeBSD is well known for its reliability, robustness, and performance.

A new version of the FreeBSD 8 is scheduled for release this week. A RC3 was made available for download few weeks ago for final round of testing before the official launch. nixCraft takes you for an in-depth look at the new features and major architectural changes in FreeBSD v8.0.

BIND 9 Dynamic Update DoS Security Update

nixCraft — Wed, 29 Jul 2009 15:47:12 +0000

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.

Top 20 OpenSSH Server Best Security Practices

nixCraft — Fri, 24 Jul 2009 21:49:43 +0000

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

20 Linux System Monitoring Tools Every SysAdmin Should Know

nixCraft — Sat, 27 Jun 2009 02:26:39 +0000

Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:

Finding out bottlenecks.
Disk (storage) bottlenecks.
CPU and memory bottlenecks.
Network bottlenecks.

Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

nixCraft — Sun, 21 Jun 2009 00:02:13 +0000

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.

FreeBSD 7.2 Review: Improved Virtualization

nixCraft — Sat, 02 May 2009 08:40:26 +0000

FreeBSD is just plain old good UNIX with rock solid networking stack. It is quite popular amongst hosting companies, ISPs, portals (such as Yahoo) and a few large financial institutions because of its reliability, robustness and performance.

A new version of the FreeBSD is scheduled for release next week (4-May-2009). A beta 2 was made available for download few weeks ago for final round of testing before the official launch.

Lighttpd Install mod_geoip For Country / City Level Geo Targeting

nixCraft — Sun, 29 Mar 2009 04:35:28 +0000

Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country.

Security Through Obscurity: MAC Address Filtering ( Layer 2 Filtering )

nixCraft — Tue, 17 Feb 2009 18:37:21 +0000

MAC Filtering (layer 2 address filtering) refers to a security access control methodology whereby the 48-bit address assigned to each network card is used to determine access to the network. Iptables, pf, and IPFW can block a certain MAC address on a network, just like an IP. One can deny or allow from MAC address like 00:1e:2a:47:42:8d using open source firewalls. MAC address filtering is often used to secure LAN or wireless network / devices. Is this technique effective?

How To Tail (View) Multiple Files on UNIX / Linux Console

nixCraft — Mon, 09 Feb 2009 19:28:32 +0000

tail is one of the best tool to view log files in a real time (tail -f /path/to/log.file). The program MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). This is one of those dream come true program for UNIX sys admin job. You can browse through several log files at once and do various operations like search for errors and much more.

FreeBSD 7.2RC Released

nixCraft — Sun, 25 Jan 2009 15:08:30 +0000

The second of two planned Release Candidates for the FreeBSD 7.2-RELEASE cycle is now available. ISO images for Tier-1 architectures are now available on most of the FreeBSD mirror sites. The freebsd-update(8) utility supports binary upgrades of i386 and amd64 systems running earlier FreeBSD releases. Systems running 7.0-RELEASE, 7.1-RELEASE, 7.2-BETA1, or 7.2-RC1 can upgrade as [...]

Courier IMAP SSL Server Certificate Installtion and Configuration

nixCraft — Tue, 20 Jan 2009 19:38:48 +0000

The Courier mail server is a mail transfer agent (MTA) server that provides ESMTP, IMAP, POP3, webmail, and mailing list services with individual components. But, it is best known for its IMAP / IMAPs and POP3 / POP3s (secure version) server component.

Courier can provides support for both regular UNIX operating system account (stored in /etc/passwd) and virtual mail account managed by third party backends such as OpenLDAP, MySQL and so on.

In this quick tutorial, you will learn about installing Courier IMAP SSL digital certificate.

Important: Openssl Security Update [CVE-2008-5077]

nixCraft — Thu, 08 Jan 2009 21:58:45 +0000

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.

BIND Named: Set a Zone Transfer IP Address For Master DNS Server

nixCraft — Thu, 08 Jan 2009 20:08:01 +0000

I've three nameserver load-balanced (LB) in three geo locations. Each LB has a front end public IP address and two backend IP address (one for BIND and another for zone transfer) are assigned to actual bind 9 server running Linux. So when a zone transfer initiates from slave server, all I get errors. A connection cannot be established, it tries again with the servers main ip or LB2 / LB3 ip. This is a problem because my servers are geo located and load balanced. However, there is a small workaround for this problem.

FreeBSD Turn On Process Accounting – Track System Resources Used By Users

nixCraft — Thu, 08 Jan 2009 10:00:08 +0000

I've already written about Linux process accounting under Linux ( see how to keep a detailed audit trail of what's being done on your Linux systems). You can easily setup process accounting under FreeBSD. This tutorial expalins how to enable and utilizing FreeBSD process accounting including many other useful options are explained to keep track of system resources used, and their allocation among users.

Download of the day: FreeBSD 7.1 CD / DVD ISO Images

nixCraft — Tue, 06 Jan 2009 19:00:06 +0000

The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 7.1-RELEASE. This is the second release from the 7-STABLE branch which improves on the functionality of FreeBSD 7.0 and introduces some new features.

BASH Shell: For Loop File Names With Spaces

nixCraft — Tue, 09 Dec 2008 19:18:29 +0000

BASH for loop works nicely under UNIX / Linux / Windows and OS X while working on set of files. However, if you try to process a for loop on file name with spaces in them you are going to have some problem. for loop uses $IFS variable to determine what the field separators are. By default $IFS is set to the space character. There are multiple solutions to this problem.

FreeBSD Kernel Critical Update: arc4random predictable sequence vulnerability

nixCraft — Tue, 25 Nov 2008 12:49:44 +0000

FreeBSD today released a core (kernel) patched to plug "arc4random predictable sequence vulnerability" security hole in its operating systems version 6.x and 7.x stable release. When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator. All security-related kernel subsystems that rely on a quality random number generator are subject to a wide range of possible attacks. This update has been rated as having important security impact.

Linux: Should You Use Twice the Amount of Ram as Swap Space?

nixCraft — Wed, 19 Nov 2008 08:50:49 +0000

Linux and other Unix-like operating systems use the term "swap" to describe both the act of moving memory pages between RAM and disk, and the region of a disk the pages are stored on. It is common to use a whole partition of a hard disk for swapping. However, with the 2.6 Linux kernel, swap files are just as fast as swap partitions. Now, many admins (both Windows and Linux/UNIX) follow an old rule of thumb that your swap partition should be twice the size of your main system RAM. Let us say I've 32GB RAM, should I set swap space to 64 GB? Is 64 GB of swap space really required? How big should your Linux / UNIX swap space be?