Linux: 20 Iptables Examples For New SysAdmins

Posted on in Categories Iptables, Linux, Linux distribution, Linux Embedded devices, Linux laptop last updated December 13, 2011

Linux comes with a host based firewall called Netfilter. According to the official project site:

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.

Quick Tip: Find Hidden Processes and Ports [ Linux / Unix / Windows ]

Posted on in Categories Linux, UNIX last updated November 24, 2011

Unhide is a little handy forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tools works under both Linux / Unix, and MS-Windows operating systems. From the man page:

It detects hidden processes using three techniques:

  1. The proc technique consists of comparing /proc with the output of /bin/ps.
  2. The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
  3. The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.

Linux Desktop Fun: Summon Swarms Of Penguins To Waddle About The Desktop

Posted on in Categories Linux, Linux desktop last updated July 12, 2011

XPenguins is a program for animating cute cartoons animals in your root window. By default it will be penguins they drop in from the top of the screen, walk along the tops of your windows, up the side of your windows, levitate, skateboard, and do other similarly exciting things. Now you can send an army of cute little penguins to invade the screen of someone else on your network.

Download of The Day: Paint Program For Young Children [ Linux / Apple OS X / MS-Windows ]

Posted on in Categories Download of the day, Linux, Linux desktop last updated June 25, 2011

Tux Paint is a simple graphics educational painting programs for young children. It is free, Open Source software, distributed under the terms of the GNU General Public License. The program can be installed all all versions of Microsoft Windows, Apple OS X v10.3+, Linux, BeOS, Haiku, FreeBSD and NetBSD operating systems. It combines an easy-to-use interface, fun sound effects, and an encouraging cartoon mascot who guides children as they use the program.

Linux Advanced Hardening With the Capability Bounding Set

Posted on in Categories Linux last updated February 22, 2011

The last time I wrote about basic “Linux Server Hardening Security” tips. In this post I will write about the /proc/sys/kernel/cap-bound file which act as a powerful Linux hardening tool. This file holds the value of the kernel capability bounding set (expressed as a signed decimal number). This set is ANDed against the capabilities permitted to a process during exec. You can make changes to this file (bit value of cap-bound) and you can restrict many capabilities of process and put restrictions on root related process too. Using capability you can enable or disable Linux kernel modules loading, firewall, routing, raw sockets, locking of memory segments, restrictions on changing file ownership, restrictions on read and search of files and directories, sending signals to processes owned by others, modification of immutable and append-only file attributes, use of chroot(), rebooting the system, conman sys admin tasks such as mount, quotas, swapping and much more.

7 Best Linux Distribution With No Proprietary Components

Posted on in Categories Linux last updated February 21, 2011

Linux is a free and open source operating system. However, Linux (and another open source operating system) can use and load device drivers without publicly available source code. These are vendor-compiled binary drivers without any source code and known as Binary Blobs. Die hard open source fans and Free Software Foundation (FSF) recommends completely removing all proprietary components including blobs. In this post, I will list seven best Linux distribution that meets the FSF’s strict guidelines and contains no proprietary components such as firmware and drivers.

Top 5 Linux DVD RIP Software

Posted on in Categories Linux last updated February 7, 2011

A DVD ripper software allows you to copying the content of a DVD to a hard disk drive. You transfer video on DVDs to different formats, or make a backup of DVD content, and to convert DVD video for playback on media players, streaming, and mobile phone. A few DVD rippers software can copy protected disks so that you can make discs unrestricted and region-free.

Linux Commands For Shared Library Management & Debugging Problem

Posted on in Categories Linux last updated January 6, 2011

If you are a developer, you will re-use code provided by others. Usually /lib, /lib64, /usr/local/lib, and other directories stores various shared libraries. You can write your own program using these shared libraries. As a sys admin you need to manage and install these shared libraries. Use the following commands for shared libraries management, security, and debugging problems.