Category Archives: Linux

listing the directory only

Published by:

I am happy because I knew Linux I uncovered all the possible command in the terminal mode. Small program but it can be deadly.
I am not going to discuss about how deadly it is but just want to share how to list directory in terminal mode.

To list a file we simply using :
#ls -l
#ls -la
#ls -lha

Everything will be displayed on the screen. But if we want to display the directory instead of files, this is how
#ls -ld */
#tree -dL 1

The command tree without any option will display all the directory structure available in the current position to below.

Happy linuxing.

 

Menghindari scanning nmap di Mikrotik

Published by:

Nmap adalah tools umum yang digunakan oleh administrator server untuk menscanning port yang terbuka di sebuah komputer atau server. Dengan demikian seorang administrator akan mengetahui port apa saja yang digunakan, yang bersifat umum maupun bersifat berbahaya.
Nmap sendiri bekerja dengan “menggunakan paket IP raw dalam cara yang canggih untuk menentukan host mana saja yang tersedia pada jaringan, layanan (nama aplikasi dan versi) apa yang diberikan, sistem operasi (dan versinya) apa yang digunakan, apa jenis firewall/filter paket yang digunakan, dan sejumlah karakteristik lainnya.”
Kadangkala server menjadi rentan terhadap serangan jika nmap berhasil mengenali informasi-informasi server tersebut. Untuk itu seorang administrator akan mencoba memblokir scanning dengan nmap ini.
Salah satu caranya yaitu dengan mengatur firewall dari si server. Saya belajar dari sebuah site tentang mikrotik, firewall apa yang harus digunakan pada server untuk mencegah scanning nmap.
Berikut adalah perintahnya

ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port scanners to list ” disabled=no

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan”

add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN scan”

add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST scan”

add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan”

add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”ALL/ALL scan”

add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP NULL scan”

add chain=input src-address-list=”port scanners” action=drop comment=”dropping port scanners” disabled=no

Dengan bahasa firewall iptables yang sama, maka dapat diterapkan pula pada server berbasis non mikrotik. Lengkapnya akan saya pelajari dulu.

Nah ini dia perintah iptablesnya

#!/bin/sh
#
# copyright (c) the KMyFirewall developers 2002-2005
# PLease reprt bugs to: Christian Hubinger
#
# This program is distributed under the terms of the GPL v2
#
# KMyFirewall v1.0.1
# This is an automatic generated file DO NOT EDIT
#

startFirewall() {

echo -n “Starting iptables (created by KMyFirewall)… ”
if [ “$verbose” = “1” ]; then
echo -n ”
Loading needed modules… ”
fi

$MOD ip_tables
$MOD ip_conntrack
$MOD ipt_LOG
$MOD ipt_limit
$MOD ipt_state
$MOD ip_conntrack_ftp
$MOD ip_conntrack_irc

$MOD iptable_filter
$MOD iptable_nat
$MOD iptable_mangle
if [ “$verbose” = “1” ]; then
echo “Done.”
fi

# Define all custom chains
if [ “$verbose” = “1” ]; then
echo -n “Create custom chains… ”
fi

if [ “$verbose” = “1” ]; then
echo ” Done.”
fi

# Rules:
if [ “$verbose” = “1” ]; then
echo “Settup Rules in Table FILTER:”
fi

# Define Rules for Chain: INPUT
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: INPUT”
fi

$IPT -t filter -A INPUT –match limit –limit 5/second –limit-burst 5 -p icmp –icmp-type echo-request -j ACCEPT || { status=”1″; echo ” Setting up Rule: ICMP FAILED! “; exit 1; }

$IPT -t filter -A INPUT –match limit –limit 1/second -p tcp –destination-port 22 -j LOG –log-prefix “Rule SSH_tcp: ”
$IPT -t filter -A INPUT –match limit –limit 1/second -p tcp –destination-port 22 -j ACCEPT || { status=”1″; echo ” Setting up Rule: SSH_tcp FAILED! “; exit 1; }

$IPT -t filter -A INPUT –match multiport –destination-ports 137,138,139 -j ACCEPT || { status=”1″; echo ” Setting up Rule: SMB_tcp FAILED! “; exit 1; }

$IPT -t filter -A INPUT –match state –state RELATED,ESTABLISHED -j ACCEPT || { status=”1″; echo ” Setting up Rule: CONNTRACK FAILED! “; exit 1; }

$IPT -t filter -A INPUT -j LOG –log-prefix “KMF: ” || { status=”1″; echo ” Setting up Rule: Chain: INPUT Drop Logging FAILED! “; exit 1; }

$IPT -t filter -P INPUT DROP || { status=”1″; echo ” Setting up Rule: Chain: INPUT Default Target FAILED! “; exit 1; }

# Define Rules for Chain: OUTPUT
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: OUTPUT”
fi

$IPT -t filter -P OUTPUT ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: OUTPUT Default Target FAILED! “; exit 1; }

# Define Rules for Chain: FORWARD
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: FORWARD”
fi

$IPT -t filter -P FORWARD ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: FORWARD Default Target FAILED! “; exit 1; }

if [ “$verbose” = “1” ]; then
echo “Settup Rules in Table NAT:”
fi

# Define Rules for Chain: OUTPUT
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: OUTPUT”
fi

$IPT -t nat -P OUTPUT ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: OUTPUT Default Target FAILED! “; exit 1; }

# Define Rules for Chain: PREROUTING
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: PREROUTING”
fi

$IPT -t nat -P PREROUTING ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: PREROUTING Default Target FAILED! “; exit 1; }

# Define Rules for Chain: POSTROUTING
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: POSTROUTING”
fi

$IPT -t nat -P POSTROUTING ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: POSTROUTING Default Target FAILED! “; exit 1; }

if [ “$verbose” = “1” ]; then
echo “Settup Rules in Table MANGLE:”
fi

# Define Rules for Chain: INPUT
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: INPUT”
fi

$IPT -t mangle -P INPUT ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: INPUT Default Target FAILED! “; exit 1; }

# Define Rules for Chain: OUTPUT
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: OUTPUT”
fi

$IPT -t mangle -P OUTPUT ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: OUTPUT Default Target FAILED! “; exit 1; }

# Define Rules for Chain: FORWARD
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: FORWARD”
fi

$IPT -t mangle -P FORWARD ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: FORWARD Default Target FAILED! “; exit 1; }

# Define Rules for Chain: PREROUTING
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: PREROUTING”
fi

$IPT -t mangle -P PREROUTING ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: PREROUTING Default Target FAILED! “; exit 1; }

# Define Rules for Chain: POSTROUTING
if [ “$verbose” = “1” ]; then
echo “Create Rules for Chain: POSTROUTING”
fi

$IPT -t mangle -P POSTROUTING ACCEPT || { status=”1″; echo ” Setting up Rule: Chain: POSTROUTING Default Target FAILED! “; exit 1; }

if [ “$verbose” = “1” ]; then
echo -n “Enable IP Forwarding. ”
fi

echo 1 > /proc/sys/net/ipv4/ip_forward
if [ “$verbose” = “1” ]; then
echo “Done.”
fi

if [ “$verbose” = “1” ]; then
echo -n “Disable Reverse Path Filtering ”
fi

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
if [ “$verbose” = “1” ]; then
echo “Done.”
fi

if [ “$verbose” = “1” ]; then
echo -n “Disable log_martians (logging). ”
fi

for i in /proc/sys/net/ipv4/conf/*/log_martians ; do
echo 0 > $i
done
if [ “$verbose” = “1” ]; then
echo “Done.”
fi

if [ “$verbose” = “1” ]; then
echo -n “Enable Syn Cookies. ”
fi

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
if [ “$verbose” = “1” ]; then
echo “Done.”
fi

echo Done.
}

stopFirewall() {
echo -n “Clearing iptables (created by KMyFirewall)… ”

$IPT -t filter -F || status=”1″
$IPT -t filter -X || status=”1″
$IPT -t filter -P INPUT ACCEPT || status=”1″
$IPT -t filter -P OUTPUT ACCEPT || status=”1″
$IPT -t filter -P FORWARD ACCEPT || status=”1″

$IPT -t nat -F || status=”1″
$IPT -t nat -X || status=”1″
$IPT -t nat -P OUTPUT ACCEPT || status=”1″
$IPT -t nat -P PREROUTING ACCEPT || status=”1″
$IPT -t nat -P POSTROUTING ACCEPT || status=”1″

$IPT -t mangle -F || status=”1″
$IPT -t mangle -X || status=”1″
$IPT -t mangle -P INPUT ACCEPT || status=”1″
$IPT -t mangle -P OUTPUT ACCEPT || status=”1″
$IPT -t mangle -P OUTPUT ACCEPT || status=”1″
$IPT -t mangle -P PREROUTING ACCEPT || status=”1″
$IPT -t mangle -P POSTROUTING ACCEPT || status=”1″

echo “Done.”

}

IPT=”/usr/sbin/iptables”
MOD=”/usr/sbin/modprobe”
status=”0″
verbose=”0″
action=”$1″
if [ “$1” = “-v” ]; then
verbose=”1″
fi

if [ “$1” = “–verbose” ]; then
verbose=”1″
fi

if [ “$verbose” = “1” ]; then
if [ “$2” = “” ]; then
echo “Usage: sh kmyfirewall.sh [-v|–verbose] { start | stop | restart }”
exit 1
fi
action=”$2″
fi

case $action in
start)
stopFirewall
startFirewall
;;
stop)
stopFirewall
;;
restart)
stopFirewall
startFirewall
;;
*)
echo “Invalid action!
Usage: sh kmyfirewall.sh [-v|–verbose] { start | stop | restart }”
;;
esac

if [ “$status” = “1” ]; then
exit 1
else
exit 0
fi

backup data with rsync and ssh

Published by:

I have computer1 as a data source and computer2 as a backup machine, computer1 and computer2 is also an example username on both machine. I want to create a backup function using rsycn and ssh without using password so it can run in cronjob automatically on the date I command to.

First let’s work in the computer1.
Create a public ssh key
#ssh-keygen -t rsa
Press enter if it asking for the place to put id-rsa
And Press enter twice to pass the passphrase. It means it will no ask for password.

Add the /home/computer1/.ssh/id-rsa.pub to computer2 .ssh/authorized-keys
Simply do this
#ssh-copy-id computer2@xxx.xxx.xxx.xxx
enter the password of the computer2

Let’s check computer2. It should be a file called authorized-keys on .ssh folder.
Back to computer1, now time for backup.
#rsync -avzp –exclude-from=myexclude -e ssh /mnt/mydir/file* computer@xxx.xxx.xxx.xxx:/mnt/backupdir/
-avzp means archive, verbose, compressed, show progress
–exclude-from=myexclude is the file that I create to pass some directory or types of file that I don’t want to backup.
The myexclude file is :
Myfirstdir
*.jpg
Myseconddir

Test the rsync command in the terminal first before we put it in the cron job.

To put it a cron, let’s do this
#crontab -e
0 5 /1 * * /home/computer1/rsync-command
Type :wq to save and exit.

The rsync-command is
rsync -avzp –exclude-from=myexclude -e ssh /mnt/mydir/file* computer@xxx.xxx.xxx.xxx:/mnt/backupdir/

It works for me.

Another option for rsync is -P means progress copy is displayed in our screen.
source : ubuntuforum

Chrome Plugin – Twerk

Published by:

Nah ternyata chrome mengenal plugin yang cukup banyak. Kemaren saya sudah mencoba plugin LINE. Jadi saya bisa akses LINE account dari pc melalui chrome. Kali ini plugin mengenai android run time application atau kita sebut saja android emulator. Namanya Twerk.

Twerk dapat di download di chrome app store.

twerk

http://cdn.makeuseof.com

Dan seperti itulah tampilannya. Hanya saja di pc saya, ketika menjalankan twerk, chrome membutuhkan satu lagi plugin. Yaitu ARC atau App Runtime for Chrome. Namun ketika saya coba install, ternyata gagal dengan pesan “download interrupt”. Dan ternyata file extension yang hendak di download sudah tidak ada.

Ya sudah tidak jadi deh jalanin Twerk

Chrome Plugin – Twerk

Published by:

Nah ternyata chrome mengenal plugin yang cukup banyak. Kemaren saya sudah mencoba plugin LINE. Jadi saya bisa akses LINE account dari pc melalui chrome. Kali ini plugin mengenai android run time application atau kita sebut saja android emulator. Namanya Twerk.

Twerk dapat di download di chrome app store.

twerk

http://cdn.makeuseof.com

Dan seperti itulah tampilannya. Hanya saja di pc saya, ketika menjalankan twerk, chrome membutuhkan satu lagi plugin. Yaitu ARC atau App Runtime for Chrome. Namun ketika saya coba install, ternyata gagal dengan pesan “download interrupt”. Dan ternyata file extension yang hendak di download sudah tidak ada.

Ya sudah tidak jadi deh jalanin Twerk

how to check your cpu is 32 bit or 64 bit

Published by:

Apa itu sebenarnya 32bit dan 64bit? Dua hal ini akan sering kita jumpai jika kita berhubungan dengan sistem operasi. Bit yang dimaksud disini adalah jumlah aliran data (nilai 0 dan 1) yang dapat ditampung oleh sebuah prosesor. Prosesor 32bit dapat menampung 64 nilai dan 64bit menampung 256 nilai komputasi. Secara angka tentu prosesor 64bit berkekuatan 4 kali lebih besar.

Jika kita bicara kekinian sebenarnya system operasi mulai bergerak ke arah 64 bit. Maka dari itu ada baiknya kita mengetahui komputer yang kita sekarang sudah 64bit atau belum dan siap2 migrasi.

Cara pertama adalah menggunakan perintah di console atau terminal dengan mengetik

cat /proc/cpuinfo
carilah tulisan 64 sebagai tandanya

atau

uname -ar
untuk mengetahui linux yang terpasang sudah 64bit atau belum, ditandai dengan huruf x86_64

atau

grep flags /proc/cpuinfo

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm

dalam hal ini lihat hasilnya terdapat huruf lm artinya komputer kamu memang 64bit

Solus OS – fastest os ever?

Published by:

Home

Minimum spec : memory 1 Gb, 8 Gb HDD

I already so excited with this solus. The man behind the project said, it fasts. Does it?
I wanna try it, I download it. Put it in the virtual machine. And whola….
My notebook is 32 bit. The solus ask for 64…
So i just put it aside.

I can’t change my 32 bit ubuntu to 64 right now. I had once. But my printer driver won’t work in 64.

SARG – Squid Analysis Report

Published by:

Sarg adalah sebuah utility kecil untuk melihat squid report yang aslinya kalau kita lihat, ga jelas dan sulit dibaca. Squid report secara default ada di /var/log/squid3/access.log atau /var/log/squid/access.log untuk squid versi lama. Log tersebut mencatat semua aktifitas browsing yang melalui gateway komputer tersebut yang telah dipasangi proxy squid untuk memfilter tujuan browsing.

Untuk instalasinya sarg cukup mudah. Di Ubuntu cukup ketik perintah berikut
#sudo apt-get install sarg

Di Centos cukup dengan
# yum install –y gcc gd gd-devel make perl-GD wget httpd

Setelah itu kita cukup mengedit /etc/sarg/sarg.conf jika ingin merubah input dan output analisa
Cukup cari baris

access_log /var/log/squid/access.log

ini untuk menentukan lokasi access.log  seandainya menggunakan squid3 maka ganti squid dengan squid3 menjadi /var/log/squid3/access.log

lalu baris

output_dir /var/www/html/squid-reports

dengan catatan bahwa server tersebut memiliki service apache untuk membuat local web.

Nah kemudian hasilnya bisa diakses di

http://localhost/squid-reports

 

using bootstrap in easy way

Published by:

Bootstrap itu…. seperti gula dalam teh. Ketika dicampur ia menjadi manis. Lezat rasanya itu teh. Tapi ini bukan tentang teh. Tapi tentang bagaimana kita bisa membuat website kita atau apa pun yang menggunakan kode html / php dsm, bisa menjadi indah. Enak dilihat, nyaman dirasa, serta mantap ketika di clicks.

Bootstrap semacam baju pembungkus yang indah. Tapi buat saya, menggunakan bootstrap rasanya seperti menghapal ribuan jarum untuk digunakan menjahit baju. Pusing juga. Untunglah saya menemukan startbootstrap.com

Disini kita bisa mengcopy paste kode bootstrap yang previewnya bisa kita lihat terlebih dahulu.  Yang perlu kita lakukan tentu saja memodifikasinya. Tanpa perlu pengetahuan yang ngjelimet dan mumpuni di php/ html / bootstrap code, kita bisa menggunakan kode ini. Dan hasilnya sangat baik.

Cobalah.

installing zoneminder 1.29 in ubuntu 14.04 server x86_64

Published by:

first step

https://wiki.zoneminder.com/Ubuntu_Server_14.04_64-bit_with_Zoneminder_1.29.0_the_easy_way

second, moving the recording partition

https://wiki.zoneminder.com/Using_a_dedicated_Hard_Drive

third

see how the ip camera setting with zoneminder

fourth, set the filter for automatic deletion

http://zoneminder.readthedocs.org/en/latest/faq.html

fifth, set the timer when to record and stop

using crontab