Is UNIX secure than windows? There are so many flavors of Unix plus some custom build versions. These versions are build for its own purpose and not really for securing

Windows rules user desktops, as such the number of attacks targeted towards windows os are more. However for a determined attacker it can be quite easy to break the UNIX system once he has enumerated the target

Whats is RootKit

Modified and recompiled UNIX tools (rootkits) typically ps, netstat, passwd are available which are designed to hide any trace of intruder’s presence or existence. These can be exploited to monitor traffic, create back door, alter log files, change

Linux root kits countermeasure

chkrootkit is a tool to locally check the signs of rootkits, it check for the system binaries for rootkit modifications

AIDE (Advanced intrusion detection environment) is a replacement for tripwire, it creates a DB from regular expression that it finds from the config file, and once the DB is initialized it can be used to verify the integrity of files. The first AIDE database is snapshot of the system in its normal state and the yardstick by which all subsequent updates and changes will be measured

Hardening Linux

1. Install only the minimal required software and applications on the UNIX kernel
2. Patching the system
3. Restricting access with Iptables and Security-Enhanced Linux (SELinux)
4. Securing the file system permissions and S*ID binaries
5. Improving the login, user security, and password policies
6. Proper physical and boot security controls
7. Securing processes via network access controls
8. Increasing the logging and audit information
9. Configuring vendor supplied security software (IPS, firewall)
10. Making regular data backups to facilitate recovery in case of failures
11. Maintaining reliable power and cooling
12. Securing cabling
13. Deploying redundant hardware
14. Maintaining well trained and motivated employees to avoid intentional or unintentional sabotage to the device

Network security blogs

We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs were fixed since last year’s release of version 3.2, making this one of the more well-tested releases yet.

FOR DOWNLOAD

framework-3.3-linux-i686.run   35,434,869 bytes (34M)	Linux 32-bit installer including all dependencies.
framework-3.3-linux-x86_64.run   36,635,297 bytes (35M)	Linux 64-bit installer including all dependencies.
framework-3.3.tar.bz2   22,614,595 bytes (22M)	Unix tar format for installing on all other operating systems.

Dr.Web Security Suite for Unix Appliance and  Dr.Web® anti-virus for Linux (GUI based) is a group of modular solutions that can be installed on appliances running Unix-family (Linux/FreeBSD/Solaris(x86) operating systems. The solutions work as a corporate Internet-gateway – a proxy-server used to provide access to the Internet to intranet users.

Depending on your licensing scheme and the set of selected plugins solutions of Dr.Web Security Suite for Unix Appliance can perform the following tasks:
process incoming and outdoing mail and filter out viruses and spam;
scan http and ftp traffic for viruses;
detect and remove any malicious objects;
parse e-mails and analyze each component of a message;
filter e-mail according to white and black lists;
process correctly archived files of most known formats including multi-volume and self-extracting (SFX) archives;
notify recipients or other selected users on results of scanning using templates ensuring that provided information is easy to read
collect statistics regarding all activities of the system;
protect its own plug-ins against failures.
Benefits
Dr.Web means its own technologies and anti-virus laboratory
Dr.Web anti-virus technology has been developed since 1992 and is owned by Doctor Web.
here are few anti-virus vendors in the world with their own technologies for detecting and curing malware, a virus monitoring service and an analytical laboratory. It provides a rapid response to latest threats and allows solving any problems of customers in a few hours.

Large enterprise network experience
Dr.Web solutions for small and medium-sized companies and large corporate networks with dozens of thousands of computers have been developed and improved since 1992. The State Duma of Russia, its Defense and Foreign ministries FSB (Federal Security Service) and many other enterprises, educational institutions and research departments trust anti-virus solutions from Doctor Web.

Openness of the solutions
As usual, Doctor Web makes its contribution to development of open source anti-virus products. Solutions included in Dr.Web Security Suite for Unix Appliance have an unlimited potential for expanding their functionality. Virtually any user with a sufficient skill can implement a desired feature using the source code and the SDK supplied with the software.

Exceptional scalability
Dr.Web Security Suite for Unix Appliance can perfectly suite needs of a small company with just one e-mail server and meet the unlimited e-mail filtering requirements of transnational telecoms or Internet service providers, Its efficiency, flexibility of settings and capability of filtering huge volumes of e-mail traffic “on-the-fly” can comply even with highest demands.

Optimal configuration
Configuration of servers with preinstalled Dr.Web Security Suite for Unix Appliance is the result of thorough optimization. Solutions match requirements of a customer perfectly. Flexible licensing system allows a company to pay only for functionality it is going to use. A server based on Dr.Web Security Suite for Unix Appliance is a high-performance solution at a best price.

Reliable protection
State-of-the art technologies ensure high-speed scan of traffic that doesn’t after Internet access speed and runs unnoticed by users. The solutions feature latest Dr.Web technologies that sheilf user machines from malware and spam. Automatic updating system allows maintaining a high level of security.

High productivity and stable operation
Multi-thread scan feature enables Dr.Web Security Suite for Unix Appliance processing simultaneously large amounts of data. Well-designed modular structure makes it impossible for an attacker to disable a solution. Well-known low system requirements of Dr.Web products allow running them on any server hardware.

Easy installation
Dr.Web Security Suite for Unix Appliance fully complies with the “plug and play” principle making installation and maintenance extremely easy even for an inexperienced user. The installation procedure was designed to exclude any possible configuration errors by staff and reduces time of deployment to several minutes. Installation of an appliance doesn’t affect configuration of computers in a corporate network.

Flexible configuration and easy administration
Dr.Web Security Suite for Unix Appliance allows implementing any protection scheme tailored to the security policy of your company. The solutions have flexible configuration system so virtually any required set of rules can be created by a system administrator. All actions related to the network security are logged. The logged data can be used to analyze network health and pinpoint vulnerabilities. The convenient user alert system that issues virus warnings and notifies a user upon loading of a web-page containing malicious code will assist you in conforming to the security policy of your company.

Frequent updating
An add-on to the Dr.Web virus database is released when new entries are added as often as several times per hour. Hot add-ons are released immediately after a new threat has been analyzed. The global virus monitoring network delivers latest samples of viruses from all over the world. Users retrieve updates from several servers located on different parts of the globe.

for downloads Dr.Web in linux , unix and mac OSx

1) linux

The product protects workstations running Linux.

Supported OSs
All Linux distributions with glibc-2.2 to 2.7 (32-bit only).

Licensed components
Console scanner for Unix.
GUI module for Linux.
Automatic updating utility.

Dr.Web Daemon (drwebd) is not included.

to download click here

2) unix

Dr.Web Mail Gateway (Unix)

The product protects mail-traffic directed through a proxy-server under Unix.

Supported OSs
Linux ( glibc 2.2 and higher).
FreeBSD 5.x, 6.x.
Solaris 10 (Intel only).

Licensed components
Dr.Web Daemon – anti-virus daemon that processes scan and curing requests.
Dr.Web Smtp-proxy module.
The basic part of the program, monitoring and external interaction utilities.
Automatic updating utility.
Console scanner Dr.Web for Unix.
SDK for development of extra plugins.

to download click here

Dr.Web for Unix mail servers (MailD-based)

The product protects traffic of mail servers under Unix.

Supported OS and mail systems
Linux (glibc 2.2 and higher), FreeBSD 5.x, 6.x, Solaris 10 (Intel only).
CommuniGate Pro, Courier MTA, Exim, Postfix, QMail, Sendmail, ZMailer.

Licensed components
Dr.Web Daemon – processes scanning and curing requests.
A set of anti-virus filters for Sendmail, Qmail, Postfix, Communigate Pro, Exim, Courier MTA, ZMailer.
The basic part of the product, the monitoring and external interaction utilities.
Automatic updating utility.
Console scanner Dr.Web for Unix.
SDK for development of extra plugins.

to download  click here

to get more info and downloads please visite  www.download.drweb.com

have fun

Dr.Web LiveCD is a software product that features a standard Dr.Web scanner.

Dr.Web LiveCD is an anti-virus emergency aid disk that would restore a system that became non-operational due to activities of malware and help copy important information to a removable data-storage device or to another computer. If a workstation or a server running Windows\Unix won’t boot from a hard drive, Dr.Web LiveCD will clean a system of suspicious and malicious files and will also try to cure infected objects

How does it work?

1. Download the image of Dr.Web LiveCD.
2. Wirte the image to a CD or DVD. If you use Nero Burning ROM you need to do the following:
   • Insert a blank CD/DVD into your CD/DVD drive
   • Click on the “File” menu and select “Open”
   • Browse through the folders to the location of the image file and select it.
   • Press the “Burn” button and wait while the file is being written to the disk
3. Make sure that the CD/DVD drive or any other device with Dr.Web LiveCD is set as the first boot device.
4. As loading starts a dialogue window will prompt you to choose between the standard and safe mode.

   

5. Use arrow keys to select a desired mode and press [Enter]:
   • In order to use the scanner with the GUI choose Dr.Web LiveCD (Default)
   • If you’d like to start the scanner using the command line (console) select Dr.Web LiveCD (Safe Mode)
   • Choose Start Local HDD, if you want to boot from the hard drive instead of Dr.Web LiveCD
   • Select Testing Memory to launch the Memtest86+ utility
6. If Dr.Web LiveCD (Default) is selected, all available disk drives will be detected automatically. The operating system will also try to connect to the local network if available.

   

7. When the system is loaded, check disks or folders you want to scan and press Start

   

8. You can also contact the support service of Doctor Web if you need extra help. Fill out a support-request form on the web site of the company
9. The Midnight Commander file manager is used to work with files you need to copy to a safe location
10. If the operating system failed to configure access to your network, you can do it manually using Networks Configure Manager. Start->Settings->Networks Configure manager

    

For more information about Dr.Web LiveCD read the Dr.Web LiveCD user manual

Download Dr.Web LiveCD

In my default setup of Windows XP, on my particular Ubuntu 9.04 box, the installation of Windows XP rendered a perfectly usable desktop with 32 bit colors in 800×600 resolution. This resolution, of course, is not ideal for some situations (such as Full Screen mode). In order to get a higher resolution, along with other features, you have to install Guest Additions. This is a simple process that can be done quickly and yields a much better user experience than the default. So…let’s get to the installation.

Figure 1

Before you attempt to do the installation of the guest additions you have to have your virtual machine up and running. Once that VM is running you will see three menu entries at the top of the window: Machine, Devices, and Help. You want to click on the Devices entry and then click the Install Guest Additions entry (see Figure 1).

What you will see is a warning message instructing you that the Guest Additions CD image could not be found. Fear not, this is normal. Click Yes in order to download the image and then Download to confirm. You will see a progress bar at the bottom left of your VM window.

When that download has finished you will be asked if you want to Mount the image. Click the Mount button to reveal the Sun xVM setup wizard. Click Next in the welcome screen which will take you to the license agreement window. Click the I Agree button (and read the license if you feel so inclined.)

Figure 2

What you are now doing is a fairly straightforward Windows application-like installation. The only “gotcha” during installation will be a warning that the software did not pass the Windows Logo testing. Ignore this warning and click Continue Anyway. Your screen will flicker for a second – don’t worry.

You will see this warning another time when it attempts to install software for the pointing devices.

After that warning the installation will complete and, in typical Windows fashion, you will be required to reboot your virtual machine. Do this. When the reboot completes you will find your virtual machine much easier to work with. Now:

• You no longer have to capture the mouse pointer.
• You can set your resolution to a much higher level.
• You can now copy and paste between guest and host operating systems.
• You can run Windows in seamless mode.

Seamless mode

Figure 3

Seamless mode is a very interesting trick. What this does is take the elements of Windows out of the VM window and layer them on top of your Linux desktop.

As you can see, in Figure 3, with seamless mode activated all Windows applications have their own window. So in this instance Internet Explorer appears to be running on Linux by itself. And the Windows task bar is resting nicely on top of the GNOME panel.

You toggle between seamless and non-seamless mode by pressing the Hot Key and the “L” key. The default Hot Key is the right Ctrl key.

Final thoughts

This is truly some exciting work. With the help of VirtualBox you can, effectively, have your cake and eat it too (as the saying goes.) Work with Windows applications inside of Linux without needing the help of Wine.

Metasploit is an application that is used to research the security in your network. The Administrators can test their networks that is made by them. What Their network is found the weakness or not. Many exploit type and payload Who can be used on Metasploit. You are able to use Metasploit on Linux operating system

Short version:

1. Intrusion detection.
2. Automatic backup and restoration.
3. Daily script and OS updating.

Long version:
So here is a post that I’ve been thinking about for a while: apache security; what it is, how to do it and ways to optimize and automate it. I’ve chosen three pillars, if you will, that form the foundation of everything you really need to know about keeping your webserver secure in the time of huge malware threats, and hacked sites happening almost daily.

Pillar one: Detecting intruders before they cause damage. It isn’t rocket science, but there is a reason this subject is being taught at MIT and other high-scale universities all the time; its hard work to get right and it is never ending. Fortunately, the Unix system is based around logging events to the disk as they occur, ergo it’s safe to build a set of scripts to automatically scan and process system logs on your Linux based web server. The key to automating this is to just script something up that checks these files every half hour or so and email you the results, highlighting and breaches or issues that may come up. If an intruder violates your security policy, you can get to work quickly after receiving the email and punt them off your box, before they can do any real damage to your system. You can search Google (or your preferred search provider) for current intrusion detection systems for your distro, or you can build your own, if you’re so brave. I’ll post about how to set one up, and how to roll your own in a later post.

Pillar two: An automatic backup and restoration strategy is crucial to the health and uptime of your server. If you have the resources (read: disk space) it’s pretty handy to make a complete backup every three days, while only backing up the ‘diffs’ in between. Makes it super easy to recover from an attack or defaced homepage if you have the files at your disposal like this. Otherwise, you’re off to scraping a Google cache or the WayBack machine for your old posts. Worse case, you’re scraping a web-scraper for your posts that they store.. there is no worse feeling. As always, Google for solutions on this, or roll your own using rsync and Amazon S3.

Pillar three: Daily apt-get update stuff. Update your OS daily, regardless of what the arm-chair experts advise. There is simply no excuse for not logging in and typing a one-line command that could potentially save your entire box in the event that an attacker seeks to exploit a known vulnerability just to be cute. It’s one line, save yourself the trouble of recovering your site. If you’re really pressed for time, just create a cron job that updates everything and set it to run every 24 hours, or on boot up, whichever you prefer.
Well that’s it for this post, I’ll expand on the thoughts I presented above in later posts.

Open the /etc/rsyslog.conf file for syslog configuration in fedora Linux (some linux like CentOS has /etc/syslog.conf). It will show the something similar as given below:

Add a new line in this file, as follows:

You can also add multiple users with comma separated like

After doing the changes on syslog configuration file, restart the syslog service by following command.

Now you can get the live information directly on your terminal, if someone trying to do a password attack.

If you are an administrator then you know what a hostname is. If you are not an administrator then you should know the hostname of a computer is the name which a network attached device is known. Unless you have manually changed your hostname, or set it up during installation, your hostname will most likely be “localhost.localdomain”.

Hostnames are most often used for administrative habits. In other words hostnames will show up in some scanning applications, can be used for name to IP address resolution, and much more. But to make this useful you will have to manually set your hostname on your Linux machine. This article will show you just how to do that.

Find your hostname

The most common means to find your host name is to open up a terminal window and enter the command:

hostname

If you have not set your hostname, more than likely you will see returned:

localhost.localdomain

A quick and easy way to spot if you have not changed your hostname is to check when you open up your terminal window. At your bash prompt you will see something like:

[jlwallen@localhost ~]$

As you can see a portion of the hostname (everything preceding the first “.”) will be used in your prompt. In the example you see above you see “localhost” which should tell you the hostname has not been changed.

Temporarily changing your hostname

You can temporarily change your hostname by issuing a single command. You have to issue this command either using sudo or as the root user. To make this change you will use the same command you used to find out your hostname, only you will include the new hostname to the command. Say you want to change your hostname to “willow”. To make this change temporarily issue the command:

hostname willow

Now issue the command hostname which should report back:

willow

This change will last until you reboot your machine.

Permanently changing your hostname

How you permanently change your hostname will depending upon which distribution you use. We’ll examine making this change on both a Ubuntu system and a Fedora system. First Ubuntu.

On a Ubuntu system there is a file called /etc/hostname. The contents of this file will have a single line containing the hostname of your machine. Open up this file in your favorite editor, delete the default hostname, add your desired hostname, and save the file. To make this chang take effect issue the command:

/etc/init.d/hostname.sh start

This hostname will remain intact upon reboot.

Now to change your hostname in Fedora. This is taken care of in the /etc/sysconfig/network file. The default contents of this file will look like:

NETWORKING=yes
HOSTNAME=localhost.localdomain

Erase the “localhost.localdomain” portion and change that to reflect the hostname you want. Once you have made this change save the file. Once you have made this change issue the following command (as the root user):

/etc/rc.d/rc.sysinit

For the change to take effect.

Final thoughts

With your hostname changed applications like Lanmap will now be easier to use because machines will have unique names. This change will also make administering your systems easier because you will have set machine hostnames to reflect either the user of the machine or the machines’ job.

This morning I needed a visual representation of my local Lan in order to find out what machines were associated with what IP addresses. For this task I used a tool that has come in handy on a number of occasions. That tool? Lanmap. Lanmap is a command-line only tool available for Ubuntu that will monitor your network and compose a 2D image of your network. This image will include information about your machines as well as packets sent and MAC addresses. The tool is incredibly handy to have around.

I will warn you: The creator of Lanmap has dropped this application in leiu of creating a much more robust Lanmap-2. Unfortunately Lanmap-2 is not complete so Lanmap one will have to be used until 2 is complete. Fortunately Lanmap is still in the Ubuntu repositories so installation is a snap. And once installed, Lanmap is equally as easy to use.

Installing Lanmap

As stated earlier, Lanmap is only available for Ubuntu (and Debian-based) systems. Most likely, if you use apt-get, you can install Lanmap. Of course you don’t have to install via command line, but if you want to just issue the command:

sudo apt-get install lanmap

This command will prompt you for a Y or N to install the requirements. Click “y” (no quotes) and hit enter. Lanmap will install quickly and you’ll be ready to map.

If you want to install via GUI tool open up your Add/Remove Software utility (found in the Applications menu in GNOME), do a search for “lanmap” (no quotes), select the resulting lanmap entry, and click Apply. Once you “okay” the dependencies the installation will be off and running.

Using Lanmap

Lanmap is a command line tool that generates an image. The structure of the command is:

lanmap -i INTERFACE -r INTERVAL -T IMAGE_TYPE DIRECTORY_TO_STORE_IMAGE

Here are the specifics:

• INTERFACE: The interface you want to use to listen to your network. Typically this will be in the form of eth0. You can use all without using the -i switch to listen on all interfaces.
• INTERVAL: This sets the interval (in seconds) between two consecutive graph generations (default being 60).
• IMAGE_TYPE: The type of image file you want to generate. The only supported types are: png, svg, and gif.
• DIRECTORY_TO_STORE_IMAGE: Where you want to store the image file.

So if  I want to scan my network with all interfaces and create a png image I would issue the command:

lanmap all -r 30 -T png ~/

Figure 1

The resulting map (I am currently writing on a far smaller network with machines that are not broadcasting their hostnames. You can see the IP addresses and MAC addresses of course (see Figure 1).

You can see one machine (at IP address 192.168.1.10) is broadcasting as “UBUNTU SERVER”, but outside of that, no hostnames are showing up. This is not really a problem at this size of a network. On a larger network I would hope more machines will show up with their hostnames. This, of course, will depend upon your network setup.

Final thoughts

I have used plenty of applications to create network maps that range from too many bells and whistles to too few features. Lanmap ventures close to the latter, but offers just enough features to make it not only useable but useful. Give Lanmap a try, I think you’ll find it as helpful a tool for your networking toolkit as I do.

There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables has the option to do it.

From the man page of iptables:

Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

You may want to insert this line in you firewall script.

iptables -A INPUT -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

This way the packets comming from the network element with the MAC address 00:11:2f:8f:f8:f8 will be denied.

That is if you want to block the incoming packets to the firewall, but the blocked machine may still be able to send packets across the firewall, so to block those packets, you may want to add also this line.

iptables -A FORWARD -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

Nmap is a wonderful tool specially for debugging, there are lots of times when you need to know if a port is open in a server, or maybe blocked by a firewall, or just to test your iptables rules.

Here we will learn how to use it at the command line, and using its GUI front end, nmapFE and Knmap.

Introduction

Well, so what does nmap does?

From the man page:

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

As you can see it is a really useful Linux tool.

Command Line

How to use it

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS

TCP SYN scan

-O

Enable Operating System detection

sudo nmap -sU 127.0.0.1

-sU

UDP ports scan

sudo nmap -sS -O -p 20-25 127.0.0.1

-sS

TCP SYN scan

-p 20-25

Scan on ports 20 to 25

sudo nmap -sS -F 127.0.0.1

-sS

TCP SYN scan

-F

Fast (limited port) scan

you can check the long nmap man page

man nmap

Graphical interfaces

nmap Front End (nmapFE)

This is one of its front ends to install it run:

For Fedora / Centos

sudo yum install nmap nmap-frontend

For Debian / Ubuntu

sudo aptitude install nmapfe

On target you put the IP or IPs you want to scan, select the scan type, if you want TCP SYN, UDP, Connect scan, or other, the most used are SYN and UDP if you want to scan for UDP ports. Also select the scanned ports, you can scan the default ones, All, fast (only the ports in nmap-services file).

Select if you want to use the discovery option, if you want to ping and which type of ping you want to use to discover network nodes if you have specified an IP range to scan.

Useful if you want to send the output to a file.

Lots of other tools, if you want you can enable verbosity of debugging, and if you want IPv6 support.

KDE Nmap (knmap)

To install it

For Fedora download the rpm here

then run:

sudo rpm -ivh [downloaded package]

For Debian / Ubuntu

sudo aptitude install knmap

Its interface has divided the options in a very convenient way, in the common options you will see the target IPs, the port range and if you want it to resolve names.

Here you select if you want to scan all ports, perform a fast scan, IPv6 support, Operating System detection, verbose, and other options.

In compound options, you will find a lot more options to play with, you can select which interface to use, which IP, and even if you want to spoof your Mac address!

Ping and scan options is like the discover and the scan tabs of nmapFE together.

Conclusion

Nmap is a must have tool for network and security administrators, also the GUI front ends are good and easy ways to use them, and also to learn how to use them, because you can discover new applications, and with nmapFE you can see the command that is going to be executed, another good point for knmap is that it has the possibility to save profiles, with all the options you have enabled, so your next scan is easier.

AMaVis : (e-mail Virus Scanner) It scans e-mail attachments for viruses using third-party virus scanners available for Linux. It Supports courier, exim, qmail, postfix, and sendmail. Built-in defense against Denial of Service (DoS) attacks

sudo apt-get install amavis-stats

Avast! : It is an anti-virus program from ALWIL Software based in Prague. This is a freeware for home users and non-commercial use only. It is a good software for virus protection, with built-in anti-spyware and anti-rootkit security. Work on all modern linux distributions. It scans archives like rar, tgz, zip, gzip, tar, iso, rpm etc.

AVG Free : AVG Free for Linux is a commercial-grade antivirus software. It can be used on a single computer and is used for private, non-commercial use only. AVG Free has both command line and a graphical front end are available. It provides frequent updation and total professional security.

ClamAV : Clam AntiVirus designed especially for e-mail scanning on mail gateways.It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.Built-in support for document formats including MS Office and MacOffice files, PDF, HTML and RTF. It supports archives like rar, tgz, zip, gzip, tar, iso, rpm etc

sudo apt-get install clamav

Some recent posts showing that your linux box is not secure unless you installed a grub Password.
If you are an administrator of a highly sensitive server, you must do it.
To add a password for grub, first you must generate an md5 password hash using the grub-md5-crypt utility: grub-md5-crypt

The command will ask you to enter a password and offer a resulting hash value as shown below:

Password: (enter new password)
Retype password: (repeat password)
$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

Add the resulting hash value to the file /boot/grub/menu.lst in the following format:

password –md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

To require use of the password for entering single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

# lockalternative=true

Today i find out that Ubuntu’s Firefox packages are compiled and packed with Pango support (You may want to read more about Pango here.) This is quite useless and problematic on Ubuntu so it is better to disable it to gain speed. I am talking about real speeds up to %30 – %40. There are a couple ways to disable it :

1- You can compile Firefox yourself
2- You can compile Firefox via ubuntuzilla
3- Or you can continue reading and finish this title in a couple of seconds

Open a terminal and edit your .bashrc file :

$gedit ~/.bashrc

at the end of that file add the following and save it :

export MOZ_DISABLE_PANGO=1

Restart your firefox ($pkill firefox) and see the difference.

Some times its nice to tunnel through SSH. Perhaps you have SSH running but the firewall does not allow anything but SSH in. You can tunnel VNC (or any other service) through SSH by doing the following:

On the machine local to you establish an SSH connection to the remote machine with “Local (-L)”  port forwarding. This may seem confusing and often confuses me, where <-p PORT> is optional

ssh -L 5901:localhost:5900 username@HOST <-p PORT>

Once I have the connection established I can now use vncviewer to connect to my local host with the port specified

vncviewer  localhost:5901

have fun

Engarde Secure Linux, out of the box Linux distribution built for what the name says, Secure (security). Engarde Secure Linux does just that for your server with easy to setup user restrictions, trusted hosts, Firewall protection etc via the GDWT (Guardian Digital WebTool).

Download

ENGARDE SECURE LINUX

Click images to download Ebooks. Rename files in .7z. Request password and Enjoy!!