HOWTO : Drupal 6.2 or 7 with Hiawatha 7.4 WebServer on Ubuntu Server/Desktop 10.10

I am going to setup a development environment of Drupal 6.2 or 7 with Hiawatha 7.4 on Ubuntu Desktop 10.10. However, this setting is also suit for production environment on Ubuntu Server 10.10 with a little bit changing.

Step 0 - Installation of Hiawatha

Follow this link to install required packages. You can omit the optional security settings at the moment.

Step 1 - Configuration of Hiawatha

Change the following section to the /etc/hiawatha/hiawatha.conf.

Binding {
   Port = 80
   #Interface = 127.0.0.1
   MaxKeepAlive = 30
   TimeForRequest = 3,20
   MaxRequestSize = 8192
   MaxUploadSize = 30
}

Add the following section to the /etc/hiawatha/hiawatha.conf.

UrlToolkit {
   ToolkitID = drupal7
   RequestURI exists Return
   Match /favicon.ico Return
   Match .* Rewrite /index.php
}

or/and

UrlToolkit {
   ToolkitID = drupal6
   RequestURI exists Return
   Match ^/favicon.ico$ Return
   Match /(.*)\?(.*) Rewrite /index.php?q=$1&$2
   Match /(.*) Rewrite /index.php?q=$1
}

Step 2 - Configuration of virtual host

sudo nano /etc/hiawatha/enable-site/drupal7

Drupal 7 :

VirtualHost {
   Hostname = localhost, 127.0.0.1
   WebsiteRoot = /var/www/drupal7
   StartFile = index.php
   SecureURL = false
   AccessLogfile = /var/log/hiawatha/access.log
   ErrorLogfile = /var/log/hiawatha/error.log
   TimeForCGI = 120
   #UseFastCGI = PHP5
   UseToolkit = drupal7
   #DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
   ExecuteCGI = yes
   PreventCSRF = yes
   PreventSQLi = yes
   PreventXSS = yes
   TriggerOnCGIstatus = no
}

or

sudo nano /etc/hiawatha/enable-site/drupal6

Drupal 6 :

VirtualHost {
   Hostname = localhost, 127.0.0.1
   WebsiteRoot = /var/www/drupal6
   StartFile = index.php
   SecureURL = false
   AccessLogfile = /var/log/hiawatha/access.log
   ErrorLogfile = /var/log/hiawatha/error.log
   TimeForCGI = 120
   #UseFastCGI = PHP5
   UseToolkit = drupal6
   #DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
   ExecuteCGI = yes
   PreventCSRF = yes
   PreventSQLi = yes
   PreventXSS = yes
   TriggerOnCGIstatus = no
}

Step 2a :

sudo /etc/init.d/hiawatha restart

Step 3 : Preparation of installation of Drupal

Download the Drupal from her official site. Extract the downloaded file and copy to /var/www/.

sudo tar -xzvf drupal-6.20.tar.gz

or

sudo tar -xzvf drupal-7.0.tar.gz

Step 3a :

Create a directory under /var/www/.

sudo mkdir /var/www/drupal6

or

sudo mkdir /var/www/drupal7

Step 3b :

Copy the files to the /var/www/.

sudo cp ~/drupal-6.20/* /var/www/drupal6

or

sudo cp ~/drupal-7.0/* /var/www/drupal7

Step 3c :

cd /var/www/drupal6

or

cd /var/www/drupal7

Step 3d :

sudo chmod a+w sites/default
sudo mkdir sites/default/files
sudo chmod a+w sites/default/files

sudo cp sites/default/default.settings.php sites/default/settings.php
sudo chmod a+w sites/default/settings.php

Step 3e :

mysql -u root -p

After entered the password, create a database for the installation.

create database drupal;

After that, then quit MySQL.

quit

Step 3f :

Open the browser and type "localhost" at the address field to continue the installation. The database name is "drupal".

When the installation is completed, carry out the following commands.

sudo chmod go-w sites/default
sudo chmod go-w sites/default/settings.php

sudo chmod a-r CHANGELOG.txt

Step 4 : Complete the installation

Drupal 6.2

sudo crontab -e

Add the following :

0 * * * * wget -O - -q -t 1 http://localhost/cron.php

or

Drupal 7

Administration -- Configuration -- System -- Cron

Get the Cron key at Administration -- Reports -- Status report -- Cron maintenance tasks.

sudo crontab -e

0 * * * * wget -O - -q -t 1 http://localhost/cron.php?cron_key=YOURKEY

Step 5 : Localization (Optional)

Download the required localization .po file at the following links.

http://localize.drupal.org/download
http://drupal.org/localize

That's all! See you.

HOWTO : CakePHP 1.3.7 and Hiawatha 7.4 on Ubuntu Desktop 10.10

This tutorial shows you how to configure a development environment of CakePHP on Ubuntu Desktop 10.10. It can also be used in production for Ubuntu Server 10.10.

Step 0 :

Follow this link to install Hiawatha 7.4 on Ubuntu Desktop 10.10. The security options can be skipped.

Step 0a :

sudo nano /etc/hiawatha/hiawatha.conf

Add the following to "hiawatha.conf".
UrlToolkit {
   ToolkitID = cakephp
   Match ^/app/webroot/ Skip 2
   Match ^/app/(.*) Rewrite /$1 Continue
   Match ^/(.*) Rewrite /app/webroot/$1 Continue
   RequestURI exists Return
   Match (.*)\?(.*) Rewrite $1&$2 Continue
   Match ^/app/webroot/(.*) Rewrite /app/webroot/index.php?url=$1
}

UrlToolkit {
   ToolkitID = cakephp_apps
   Match ^/webroot/ Skip 2
   Match ^/(.*) Rewrite /$1 Continue
   Match ^/(.*) Rewrite /webroot/$1 Continue
   RequestURI exists Return
   Match (.*)\?(.*) Rewrite $1&$2 Continue
   Match ^/webroot/(.*) Rewrite /webroot/index.php?url=$1
}

Step 0b :

sudo nano /etc/hiawatha/enable-sites/mysite

VirtualHost {
   Hostname = localhost, 127.0.0.1
   WebsiteRoot = /var/www/mysite
   StartFile = index.php
   AccessLogfile = /var/log/hiawatha/access.log
   ErrorLogfile = /var/log/hiawatha/error.log
   TimeForCGI = 15
   #UseFastCGI = PHP5
   UseToolkit = cakephp_apps
   DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
   ExecuteCGI = yes
   PreventCSRF = yes
   PreventSQLi = yes
   PreventXSS = yes
}

Step 1 :

Install CakePHP for github.
sudo apt-get install git

cd /var/www

sudo git clone https://github.com/cakephp/cakephp.git

Step 1a :

sudo nano /etc/environment

Add the following to the end of the line, but within in the " ".

:/var/www/cakephp/cake/console

Step 1b :

. /etc/environment

To see if the captioned path is included or not :

echo $PATH

Step 2 :

Create databases and tables according to your project requirement.

mysql -u root -p

When done, type the following :

quit

Step 3 :

cd /var/www

sudo su

cake bake project myproject

Follows the instruction on the screen.

cd /var/www/myproject

cake bake model all
cake bake controller all
cake bake view all

Exit from the root.
exit

Step 4 :

cd /var/www/myproject/config

sudo cp database.php.default database.php

Change the "login", "password" and "database" accordingly to the MySQL root and password as well as database that you just created.

Step 5 :

Now you can open Firefox to browse your application by typing "localhost" at the address field.

Step 6 :

To configure localization for the application.

sudo apt-get install libwxgtk2.8-dev libwxbase2.8-0 wx-common wx2.8-headers libwxgtk2.8-0

Go to http://www.poedit.net to download the current version 1.4.6.1.

tar -xvzf poedit-1.4.6.1.tar.gz
cd poedit-1.4.6.1

./configure
make
sudo make install

Reboot your computer when necessary.

Step 6a :

cd /var/www/myproject

sudo su

cake i18n

Select "E" and follows the instruction on screen. Then, select "I".

Now, a "default.pot" file is created at the /var/www/myproject/locale.

Exit from the root.
exit

Execute "poedit" and open the file "default.pot". Translate the content to Traditional Chinese and then save to "default.po". A "default.mo" will also be created.

Step 6b :

sudo mkdir /var/www/myproject/locale/zh_TW
sudo mkdir /var/www/myproject/locale/zh_TW/LC_MESSAGES

sudo cp /var/www/myproject/locale/default.* /var/www/myproject/locale/zh_TW/LC_MESSAGES/

Step 6c :

cd /var/www/myproject/config
sudo nano core.php

Append the following line to the core.php :

Configure::write('Config.language', 'zh_TW');

Restart Hiawatha :
sudo /etc/init.d/hiawatha restart

For example :
Open the browser and type "localhost/users", the content will be changed to Traditional Chinese.

*Where "users" is a Controller and table of a database that you just create. "users" is just an example.

That's all! See you.

HOWTO : Tor on Back|Track 4 R2

Step 1 :

Make sure tor and privoxy are installed.

apt-get install tor privoxy

Step 2 :

nano /etc/privoxy/config

Append the following line to the file.

forward-socks4a / localhost:9050 .

Step 3 :

/etc/init.d/privoxy start
/etc/init.d/tor start

Step 4 :

Install tor button on firefox

https://addons.mozilla.org/zh-TW/firefox/addon/torbutton/

Go to Tor Button perference and set as the following.

Select "Use custom proxy settings"

HTTP Proxy : 127.0.0.1 Port : 8118
SSL Proxy : 127.0.0.1 Port : 8118
SOCKS host : 127.0.0.1 Port : 9050

Step 5 :

Click on the "Tor enable" at the right bottom of the Firefox to enable the Tor Button.

Hints : You should repeat the Step 3 and Step 5 when you are using Tor to surf the internet next time.

That's all! See you.

HOWTO : Traditional Chinese support on Back|Track 4 R2

Back|Track 4 R2 is an English based Linux distribution. The Firefox cannot browse Traditional Chinese webpages properly. This tutorial shows you how to make Back|Track 4 R2 to recognize Traditional Chinese characters on Firefox.

Open the terminal and key in the following :

apt-get install language-support-zh language-support-fonts-zh language-support-input-zh language-support-translations-zh language-pack-zh language-pack-zh-base language-pack-kde-zh language-pack-kde-zh-base kde-l10n-zhtw

After the installation, reboot your system.

That's all! See you.

HOWTO : GoDaddy.com and Google Apps (Email) with your Domain

You can use GMail web mail service with your domain name, such as yourname@yourdomain.com on www.gmail.com.

Follow this link to set up Postfix to use GMail as your SMTP server.

Step 0 :

Apply of free Google Apps (Free) Email :

Google Apps (Free) Email

Step 1 :

Create the MX record at your domain automatically.

Create the MX record at your domain manually.

The MX record are :
ASPMX.L.GOOGLE.COM
ALT1.ASPMX.L.GOOGLE.COM
ALT2.ASPMX.L.GOOGLE.COM
ASPMX2.GOOGLEMAIL.COM
ASPMX3.GOOGLEMAIL.COM

Step 1a :

Create a SPF record

Step 2 :

You will receive a email from Google and ask you to create a adminstrator account with your domain name. Your domain name needs to be authorized to use Google Apps. You should follow the instructions to complete the process.

After that, you can you GMail as your domain's email.

Step 3 (Optional) :

If you are using Untangle as gateway and IPS, you should do the following :

Open a browser and point to Untangle web page as well as login.

Config/Networking/Hostname

Change the following settings :

From -
Hostname : untangle.mydomain.com

To -
Hostname : untangle.mydomain.local

Step 3a (Optional) :

Config/Email/Outging Email Server (SMTP)

Change the following settings :

Send Email using the specified SMTP Server
- Server Address or Hostname : <postifx server IP address>
- Server Port : 25

Known issue

Cannot send to yourself with your domain, e.g. yourname@yourdomain.com via Untangle.

That's all! See you.

HOWTO : Send Mail to GMail by Postfix on Ubuntu Server 10.10

You cannot send any mail to GMail from you mail server, unless you set GMail server as your SMTP server.

Step 0 :

Install the Ubuntu Server 10.10 and select Mail Server when install.

Step 1 :

sudo nano /etc/postfix/transport

Append the following line.

*     smtp:[smtp.gmail.com]:587

Step 2 :

sudo nano /etc/postfix/sasl/sasl_passwd

Append the following line.

[smtp.gmail.com]:587     samiux@gmail.com:password

Step 3 :

sudo nano /etc/postfix/main.cf

Add or make the change of the following lines.

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
mynetworks = 192.168.0.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Step 4 :

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem

Step 5 :

sudo postmap /etc/postfix/transport
sudo postmap /etc/postfix/sasl/sasl_passwd

Step 6 :

sudo /etc/init.d/postfix restart

That's all! See you.

HOWTO : Faster Firefox

The following steps are for broadband users who are using Firefox and wish it is running more faster.

Step 0 :

Open Firefox and type the following at the address field.

about:config

Step 1 :

Change the following value from "false" to "true" :

network.http.pipelining
network.http.proxy.pipelining

Step 2 :

Change the following value from "4" to "30" :

network.http.pipelining.maxrequests

Step 3 :

At any browsing area of the browser, add the following string with a value of "0" :

nglayout.initialpaint.delay

Step 4 :

Restart Firefox. Now, you can browse the web pages more faster.

That's all! See you.

HOWTO : No skill hacking with Armitage on Back|Track 4 R2

*** WARNING : This tutorial is for education purpose only. It alert you to update your system once there is any patch or update available. Please do not hack any website, computer and/or network without authorization. Otherwise, you will be put into the jail. ***

Prerequisites

In order to complete this tutorial, you should have an Ubuntu or Windows system as host. Back|Track 4 R2 and Metasploitable as clients on VirtualBox 3.2.

You can download Back|Track 4 R2 at here and Metasploitable at here. Metasploitable is an Ubuntu Server 8.04 that installed some applications with flaws that can be exploited.

The installation of Back|Track 4 R2 is here.

The network interfaces of Back|Track 4 R2 on VirtualBox 3.2 are "NAT and "Host Only (vboxnet0)". The network interface of Metasploitable is "Host Only (vboxnet0)".

The Armitage should be installed on Back|Track 4 R2 and the tutorial is here.

Step 0 :

Run the Metasploitable on VirtualBox first. The IP address should be 192.168.56.101. The run Back|Track 4 R2 on VirtualBox the next and the IP address should be 10.x.x.x of eth0.

Step 1 :

On the Back|Track 4 R2, run the following command to make sure eth0 and eth1 are up and have their IPs.

/etc/init.d/networking restart

Step 2 :

Run the following commands to launch Armitage.

/etc/init.d/mysql start
cd /pentest/exploits/armitage
./armitage.sh

Step 3 :

Select "Use SSL" and click "Start MSF".

Then, "Using database driver mysql" message box will be displayed. Click "OK".

Step 4 :

Select "Host" -- "Nmap Scan" -- "Intense Scan, all TCP ports"

Wait for the scanning complete.

Step 5 :

Select "Attacks" -- "Find Attacks" -- "by port".

Wait for the scanning complete.

Step 6 :

Select "Attacks" -- "Hail Mary" -- "by port".

Wait for the "Monitor" image to change to red colour. If so, the target is exploited. Then, right click on the "Monitor" image and select "Shell". To check if the target is privilege escalated by issuing "whoami" on the Shell. If it shows "root", you are successfully owned the target.



That's all! See you.

HOWTO : The Onion Router (Tor) on Ubuntu 10.10 Desktop

Tor Overview

Step 1 :

sudo nano /etc/apt/sources.list

Append the following line to the file :

deb http://deb.torproject.org/torproject.org lucid main

Save and exit. Then add the key :

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Install tor.

sudo apt-get install tor

Step 2 :

Install Privoxy.

sudo apt-get install privoxy

Edit the configure file of privoxy.

sudo nano /etc/privoxy/config

Append the following line.

forward-socks4a / localhost:9050 .

Step 2a (Optional) :

If you are behind firewall or NAT as well as router, you should append the following line at the configure file.

forward 192.168.*.*/ .

Step 3 :

Made sure Tor is working.

sudo /etc/init.d/privoxy start
sudo /etc/init.d/tor start

netstat -a | grep 9050

If the output is similar to the following line, your Tor is working.

tcp 0 0 localhost:9050 *:* LISTEN

Step 4 :

Get "TorButton" addon for Firefox. Then enable/disable it by Ctrl+2.

Step 5 :

You can confirm the Tor is working on the remote side by visiting the following site.

check.torproject.org

Step 6 (Optional) :

If the System start/stop links do not exist, please issue the following commands :

sudo update-rc.d privoxy defaults
sudo update-rc.d tor defaults

Reference

Tor Project
TorButton
WiKi of Tor

That's all! See you.

HOWTO : Adaptec RAID 2405 on Ubuntu 10.10 Desktop

Adaptec RAID 2405 is a 0, 1, 10 Hardware RAID card.

The Adaptec Storage Manager is also working very well on Ubuntu 10.10. The current version of the Adaptec Storage Manager is v6.5-18579 which is dated August 25, 2010.

The User's Guide can be download at here

This tutorial shows you how to install Adaptec Storage Manager on Ubuntu 10.10 Desktop.

Step 1 :

Download the Adaptec Storage Manager, extract and install. Let's 64-bit for example.

tar -xzvf asm_linux_x64_v6_50_18579.tgz

cd manager

sudo apt-get install alien
alien --scripts StorMan-6.50.x86_64.rpm
sudo dpkg -i storman_6.50-18580_amd64.deb

Step 2 :

Run the Manager by issuing the following command :

sudo /usr/StorMan/StorMan.sh

The username and password is the username and password of your Ubuntu 10.10 Desktop (sudoer account).

Remarks : The installation for Adaptec RAID 5805 is similar.

That's all! See you.

HOWTO : Information gathering with Dradis on Back|Track 4 R2

Dradis is an effective information sharing tool. It is pre-installed in Back|Track 4 R2.

Step 1 :

Setting up Dradis server.

cd /pentest/misc/dradis/server
ruby ./script/server

Open your browser and the address is "https://localhost:3004". Accepted the certificate. Enter your password twice. Then, login to the system with your desired username and the previous password.

Or, you can use the default username and password, they are "etd" and "dradis" respectively.

Step 2 :

Setting up Dradis client.

nano /pentest/misc/dradis/client/conf/dradis.xml

Locate the following lines.

<option name='restful_user' value='etd'/>
<option name='restful_password' value='dradis'/>

Change the default value of "etd" and "dradis" according to the Step 1 above when necessary.

cd /pentest/misc/dradis/client
ruby ./dradis.rb

A "dradis>" prompt will be displayed.

Step 3 :

Start MySQL. Open a new terminal and execute the following commands :

/etc/init.d/mysql start

msfconsole

At the "msf>" prompt, enter the following :

db_driver mysql

db_connect root:toor@127.0.0.1/msf3

load db_tracker

Then, scan the port of the target "192.168.56.101" with NMap.

nmap -v -sV 192.168.56.101 -oA subnet_1

db_import subnet_1.xml

Now, you can issue the following commands to inspect the result :

db_host
db_services

Step 4 :

Go back to the terminal where it has the "dradis>" prompt. Issue the following command :

import nmap /root/subnet_1.gnmap grepable

Then, go back to the browser and refresh. You will see the data has been imported.

Reference

How to use Dradis

That's all! See you.

HOWTO : RTL8191SE wireless card on Back|Track 4 R2

Lenovo ThinkPad X100e (Type 3508-65B) is equipped with AMD Athlon Neo MV-40 CPU and Realtek RTL8191SEvB wireless LAN Controller. It is working perfectly on Ubuntu 10.04 and 10.10. However, the wirelss card does not work on Back|Track 4 R2 (which is believed to be Ubuntu 8.04 with newer kernel). In additon, Back|Track 4 R2 is installed with Wicd as network manager.

This tutorial is going to show you how to install the r8191se_pci wireless driver on Back|Track 4 R2.

Step 1 :

Download the official Linux driver from Realtek. The current version is 0018 dated 2010-Oct-25 at the time of this writing.

Download Linux driver at RTL8191SE-VA2 section.

Step 2 :

Extract and compile the driver as well as copy the firmware the workable directory.

tar -xzvf rtl8192se_linux_2.6.0019.1207.2010.tar.gz

cd rtl8192se_linux_2.6.0019.1207.2010

make
make install

cp -Ra ~/rtl8192se_linux_2.6.0019.1207.2010/firmware/RTL8192SE/ /lib/firmware

Step 3 :

Load the driver.

depmod -a
modprobe r8192se_pci
ifconfig wlan0 up

or, reboot the system.

Step 4 :

Go to "Menu" -- "Internet" -- "Wicd Network Manager".

Select "Preference". Add "wlan0" to "Wireless interface".

Then click the "Refresh" button. Now, you should see the Access Points in the air. Select your desired Access Point, entered password and surf the internet.

Remarks :

RTL8191SE wireless card does not support aircrack-ng's injection mode. You may consider to buy USB wireless adapter, such as TP-Link TL-WN321G, TP-Link TL-WN821N and TL-WN822N. Or, changes the RTL8192SE to Intel 5100 as they all support monitor and injection modes.

That's all! See you.

HOWTO : Remove your IP address from the SPAM blacklist

If you are setting up a mail server at home, you will wonder why the recipient cannot receive your email which is sent by your mail server. The reason is that your IP is blacklisted.

How to overcome this problem? It is quiet easy and just send a request to the Spamhaus.org to cancel your IP from the blacklist. For example, your IP is 218.191.114.234.

http://spamhaus.org/query/bl?ip=218.191.114.234

If you find any item is in red colour (e.g. PBL), your IP is blacklisted. You just click on the link under the red coloured item. Then, select "Remove an IP from PBL" button. Usually, SBL and XBL are in green colour.

Accepted the agreement and click "Remove IP address" button. Finally, fill in the blanks and wait for the confirmation email for the confirmation code to fill into the screen provided after you sent the request.

Make sure your email address is not a web based free account, such as gmail, hotmail, or yahoo and etc.

That's all! See you.

HOWTO : Wireless Router connects to Wired Router

*** This tutorial is written on July 16, 2007 by me. I repost it here for reference. The origianl tutorial is here. ***

I have a wired and a wireless routers. I connect them together to make them looking as one router. Then, I can access all the computers within the same intranet.

Router A (connect to the internet)

Step 1 :

I assigned the wired router to be router A which is connected to the internet directly. I did nothing on the Router A. The LAN IP is 192.168.0.1.

Router B (connect to the Router A)

Step 2 :

I assigned the wireless router to be Router B and I should change the settings of it.

WAN -
Set the WAN IP to be static 192.168.111.2, subnet mask is 255.255.255.0 and gateway is 192.168.111.1, no matter your Router B is wired or wireless. For me, Router B is a wireless. (You can change the WAN IP and gateway to meet your requirement, here is only an example)

LAN :
Disabled DHCP and set the LAN IP to 192.168.0.200, subnet mask is 255.255.255.0, no matter your Router B is wired or wireless. (You can change the LAN IP to meet your requirement, here is only an example)

Step 3 :

Connect Router A and Router B via a cable on LAN ports only. WAN port will not be used at the Router B. Connect Router A to the internet as normal. Now, you can access Router A by 192.168.0.1 and Router B by 192.168.0.200 via your browser. Any computer or laptop will be assigned an IP of 192.168.0.XXX.

That’s all! See you.

HOWTO : Virtualization platform by Proxmox VE

Proxmox Virtual Environment (Proxmox VE) works with virtualization featured CPU (such as Intel VT and AMD-V CPU) and non-virtualization featured CPU. Virtualization featured CPU is working on full virtualization by KVM technology. Non-virtualization featured CPU is working on container virtualization by OpenVZ.

This tutorial is mainly on setting up the Proxmox VE with Virtualization featured CPU only.

Proxmox VE does not work on fake RAID or software RAID (RAID on motherboard may consider as fake or software RAID). Make sure you are using Hardware RAID when necessary.

Why virtualization?
The answer is here.

Remarks : Proxmox VE is working fine on Intel Xeon E5420 Quad Core X 2, 16GB ECC DDR2 RAM and 1TB X 6 Hard Drive on Adaptec RAID 6 with 2 Hot Spare (1.8TB for usage).



Step 1 :

Download the latest Proxmox VE at here. The current version is 1.6-5261-4 (with 2.6.32-4 kernel) at the time of this writing. The ISO image is 64-bit version. The ISO image has a hard drive space limitation to 2TB.

If you want to have larger than 2TB hard drive size, you should follow the procedure at here.

Step 2 :

You should have 3 network interfaces at least where eth0 (vmbr0) is for the Proxmox VE, eth1 (vmbr1) is for connecting to the internet and eth2 (vmbr2) is for the virtual machines. Where the vmbrX is the virtual network interface for the virtual machines that binded to the physical network interfaces.

Step 3 :

Install Proxmox VE and follow the instructions on the screen (a mouse is required). For example, the IP address is 192.68.100.2 and the hostname is proxmox.samiux.com. The primary DNS and gateway are 192.168.100.1.

Step 4 :

After the installation, the system will be rebooted. If you do not have a router connected to the Proxmox box, connect the Proxmox VE to a laptop which is set to the IP address 192.168.100.5 manually. You may require a switch to do so. (I used to install software based router/UTM, so this procedure is necessary, please see Step 9 for details).

On the browser, type http://192.168.100.2 and then you are directed to the Proxmox VE control panel. Username is "root" and password is the password that you created during the installation.

Step 5 :

Go to "Configuration" -- "System". Bind the phyiscal network interfaces to virtual interfaces. vmbr0 is binded to eth0 (IP : 192.168.100.2, subnet mask : 255.255.255.0, Gateway : 192.168.100.1). vmbr1 is binded to eth1 and vmbr2 is binded to eth2. You are required to reboot your system after the network interfaces binding.

Step 6 :

Go to "VM Manger" -- "ISO Images". Upload the Ubuntu 10.10 Server ISO file (for example) to the Proxmox. Assumed that we are using KVM for the virtualization.

Step 7 :

Go to "VM Manager" -- "Virtual Machines". Create a virtual machine by selecting "Create" tab.

Type : Fully virtualized (KVM)
Disk space (GB) : enter your desired size, e.g. 80
Name : any name, e.g. Ubuntu_server
Memory (MB) : at least 512MB

Start at boot : enabled
Disk type : IDE or SCSI (I perfer to SCSI)
Guest type : Linux 2.6
CPU Sockets : 1 (sockets but not cores)

Bridge : vmbr2
Network Card : e1000

Then, press "Create" button.

Step 8 :

The "VMD 101" is created. Select it and you will direct to the details of "KVM 101". Change the value of CPU Sockets and Cores/Socket when necessary.

Go to "Hardware" tab and add the Ubuntu server ISO image to the "CD-ROM drives".

Press "Start" button. Then click on the red coloured "Open VNC console". Java is required for this operation.

Then, install the Ubuntu 10.10 server accordingly.

Step 9 (Optional) :

You can also create a software based router and/or Unified Threat Management (UTM), such as Untangle. You need to blind vmbr1 to eth0 (internet connection) and vmbr2 to eth1 (for connecting to other virtual machines). Where eth0 and eth1 are the interface name of Untangle.

If you are going to install Untangle inside Proxmox VE, you should install Untangle first and then the Ubuntu server and etc.

Step 10 :

Go the the Proxmox box. Login and execute the following commands in order to update the Proxmox as well as the kernel. The most updated kernel is 2.6.35-1 at the time of this writing.

aptitude update
aptitude upgrade
aptitude install proxmox-ve-2.6.35

cd /boot
rm *-2.6.32-4*
update-grub

After that, reboot the Proxmox box.

That's all! See you.

HOWTO : Setting up a Penetration environment with VirtualBox

*** CAUTION : This tutorial is written for Penetration Test only. Otherwise, you may be arrested if you attack/intrude any other network/computer without authorization. ***

Software :
Back|Track 4 R1
Ubuntu 10.10 Desktop
VirtualBox 3.2.10 r66523

Hardware :
Lenovo ThinkPad X200 with 4GB RAM and 80GB SSD

Lenovo ThinkPad X200 is installed Ubuntu 10.10 Desktop edition. On which, installs VirtualBox.

Go to the Oracle VM VirtualBox site to download the VirtualBox :
http://dlc.sun.com/virtualbox/vboxdownload.html#linux

(A) Create Back|Track virtual machine :

Select at least 8GB virtual hard drive place and 512MB RAM for the Back|Track. The first network adapter is set to "NAT" while the second is set to "Host-Only".

Boot up Back|Track from the VirtualBox and click on "install.sh" to install Back|Track.

Login for further setting. The username is "root" and the password is "toor".

Step 1 :

After the installation, you may execute the following command to fix the screen size to 800x600.

fix-splash800

Then, change the password of the root when necessary. Otherwise, the username is "root" while the password is "toor".

Execute the following command to make Back|Track to start network interface and X.org when bootup each time.

kate /root/.bash_profile

Append the following lines :

start-network
startx

Step 2 :

To install VirtualBox Additions when necessary via "Konqueror" -- "Storage Media" -- "media:/hdc".

bash VBoxLinuxAdditions-x86.run

Step 3 :

apt-get -y update
apt-get -y upgrade

Step 4 :

Go to "Menu" -- "BackTrack" -- "Penetration" -- "Fast Track". Select "Fast-Track Interactive" and choose "1".

Step 4a :

Go to "Menu" -- "BackTrack" -- "Penetration" -- "ExploitDB". Select "Update Exploitdb".

Step 4b :

Go to "Menu" -- "BackTrack" -- "Penetration" -- "Social Engineering Toolkit". Select "S.E.T-Update".

Step 5 :

At the terminal, execute the following command :

airodump-ng-oui-update

Step 6 :

Go to "Menu" -- "BackTrack" -- "Vulnerability Identification" -- "OpenVAS" -- "OpenVAS NVT Sync".

Step 7 :

Update the Add-ons of Firefox.

Step 8 :

apt-get -y install crark
apt-get -y install wbox
apt-get -y install vlc

Step 9 :

Update the Framework. However, it will take several hours.

cd /pentest/exploits/framework3/
svn up

Step 10 :

Reboot the system.

(B) Create Metasploitable virtual machine (Optional)

Go to the following link to download the "Metasploitable" which is an Ubuntu 8.04 server with some flaws.

http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Set the downloaded Metasploitable as virtual hard drive at VirtualBox. The network adapter is set to "Host-Only". The virtual hard disk space is at least 8GB and 512MB RAM for the Metasploitable.

(C) The final

Now, the IP address of eth0 of Metasploitable is similar to 192.168.56.101. The IP address of eth0 and eth1 of Back|Track are similar to 10.0.2.15 and 192.168.56.102 respectively.

You may require to execute the following command at Back|Track in order to see the two network interfaces and their IPs.

/etc/init.d/networking restart

Back|Track can access (or ping) Metasploitable via IP address. Back|Track can surf the internet but Metasploitable cannot.

At last, your penetration environment is set up.

(D) Free Tutorials

(1) Metaploit Unleashed
(2) Fast-Track
(3) Social-Engineer Tootkit
(4) Got Milk?
(5) How to Metasploit Beginner to Advanced (Video)

(E) Non-free Training

Offensive Security

(F) Resources

(1) Exploits Database
(2) Metaploit Blog
(3) Offensive security Blog
(4) Yet another Back|Track in Gnome
(5) Metasploit

That's all! See you.

HOWTO : Compress PDF on Ubuntu

Ricardo Ferreira maintain/develop a very nice Nautilus script to compress and optimize PDF files. We are going to show you how to install and use it.

Step 1 :

Make sure zenity and ghostscript are installed. If not, please install them.

sudo apt-get install zenity ghostscript

Step 2 :

cd ~/.gnome2/nautilus-scripts
wget http://launchpad.net/compress-pdf/1.x/1.1/+download/Compress-PDF-1.1.tar.gz
tar zxvf Compress-PDF-1.1.tar.gz

Step 3 :

Locate a PDF file, right click on it. Select "script" and "Compress PDF" on the menu.

A window will popup and just select "Default" and click "OK".

Wait for a while and the compressed PDF will be created accordingly.

That's all! See you!

HOWTO : Ubuntu 10.10 on Gigabyte TouchNote T1028X

Gigabyte TouchNote T1028X equipped with Intel Atom N280 and eGalax touch screen. It runs Ubuntu 10.10 flawlessly except touchpad and touchscreen. This tutorial is telling you how to overcome these problems.

"lsusb" shows the following :

Bus 005 Device 002: ID 0eef:0001 D-WAV Scientific Co., Ltd eGalax TouchScreen

Step 1 :

Boot up the system and press "Ctrl+Alt+F2" to go to command prompt.

sudo nano /etc/default/grub

Append "i8042.noloop=1 usbhid.quirks=0xeef:0x1:0x40" to "GRUB_CMDLINE_LINUX_DEFAULT".

*where i8042.noloop=1 solves the touchpad probem.

It will look like this :

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash i8042.noloop=1 usbhid.quirks=0xeef:0x1:0x40"

Save and exit.

sudo update-grub

Step 2 :

sudo nano /etc/modprobe.d/blacklist.conf

Append the following to the file.

blacklist usbtouchscreen

Step 3 :

sudo mkdir /usr/lib/X11/xorg.conf.d

sudo nano /usr/lib/X11/xorg.conf.d/05-evdev.conf

Append the following to the file.

Section "InputClass"
   Identifier "eGalax"
   MatchProduct "eGalax"
   MatchDevicePath "/dev/input/event*"
   Driver "evdev"
   Option "SwapAxes" "off"
   Option "Calibration" "2 4100 11 4099"
EndSection

The value of calibration is "2 4100 11 4099" is perfect on my Gigabyte TouchNote T1028X (resolution 1366 x 768). However, you can change the value after doing Step 6 when necessary.

Step 4 :

The current version of xinput-calibrator is 0.7.5 at the time of this writing.

wget https://github.com/downloads/tias/xinput_calibrator/xinput-calibrator_0.7.5-1ubuntu1_i386.deb --no-check-certificate

sudo dpkg -i xinput-calibrator_0.7.5-1ubuntu1_i386.deb

Step 5 :

Reboot your system.

Step 6 (Optional) :

To calibration your system and edit the value to Step 3 when necessary.

xinput_calibrator

Step 7 (Optional) :

Get uTouch (Multi-touch). However, this netbook does not support multi-touch. The following procedure does not causing harm to your system anyway.

sudo add-apt-repository ppa:utouch-team/utouch
sudo apt-get update
sudo apt-get install utouch

Testing program.

sudo apt-get install python-pymt
python /usr/share/pymt-examples/launcher-multi.py
python /usr/share/pymt-examples/games/bubblebattles/bubblebatte.py

That's all! See you.

HOWTO : GPS Grid Reference (Android App) with offline maps

*** This HOWTO is updated for the version 2.6 or later of GPS Grid Reference ***

What is MGRS?
Military Grid Reference System (MGRS) is the geocoordinate standard used by NATO militaries for locating points on the earth. It is also widely used by hikers.

What is GPS?
Global Positioning System (GPS) is a space-based global navigation satellite system that provides reliable location where there is an unobstructed line of sight to four or more GPS satellites.

Most Android smartphone equipped with GPS and it is functioning very well and reliable. It works very well with Google Maps but internet connection (wifi or 3G) is required to make it work flawlessly.

How about there is no internet connection when you are outside your home country or at the mountains? An offline map is the best choice.

Why paid for GPS Grid Reference?
There are many free offline map apps available in the Market but why bother to pay for "GPS Grid Reference"?

The main reason to use "GPS Grid Reference" is that this app supports Military Grid Reference System (MGRS) completely amongst in the Market so far. MGRS is widely used by military and hikers.

How to make an offline map

Step 1 :
First of all, download the Mobile Atlas Creator at SourceForge. The current version is Mobile Atlas Creator 1.8 RC 1 at the time of this writing.

Extract the zip file to the directory "mobac". Go to the directory "mobac". Load the program by executing the following command :

chmod +x start.sh

Step 1a :
Run the following command to execute the program for creation of offline maps.

sh start.sh

*** Well tested on Ubuntu 10.04

Step 2 :
Locate your area that an offline map will be made. Highlight the area on the map on your right hand side.

Step 3 :
We are going to make an OpenStreetMap Osmarenderer offline map. Select "OpenStreetMap Osmarenderer" at "Map Source" on your left hand side.

Step 4 :
Select all zoom levels at "Zoom Levels", such as from 0 to 17.

Step 5 :
Add "Hong_Kong" (or any name of your selected area) at "Name" on "Atlas Content". Press "Clear" button and then press "Add selection" button.

Step 6 :
Select "Mobile Trail Explorer" at "Atlas settings".

Step 7 :
Change the setting of the program at "Settings" of "Saved profiles" when necessary.

Step 8 :
Press "Create atlas" and wait for the finish of the offline maps creation.

Step 9 :
Once the process is completed. Go to "mobac/Hong_Kong_<current date>_<current time>". Rename the sub-directory "TilesAtHome" to "Osmarender".

How to get GPS Grid Reference

GPS Grid Reference is an Android app that is developed by Luck. The Full version of the app supports offline map. You are required to purchase the app from the Market at 4.99 pounds (or about $75-HK). Download and install the app after the purchase.

However, I have a problem to search and download the app on Dell Streak which is running Android 2.1Update1. The app can be downloaded on Nexus One that is running Android 2.2.1.

How to install the offline maps

Step 10 :
Connect your Android smartphone to your computer with USB cable. Select "Turn on USB storage". The content of the SD card of your Android will be displayed.

Step 11 :
Create a directory namely "GPS Grid Reference" on the root directory of the SD card.

Step 11a :
Create an empty file namely ".nomedia" under "GPS Grid Reference" in order to prevent the Gallery from reading the offline maps.

touch .nomedia

Step 12 :
Copy the directory "Osmarender" and its sub-directories to the SD card under "GPS Grid Reference/tiles".

sdcard/GPS Grid Reference/tiles/Osmarender

How to make the offline map working with GPS Grid Reference

Make sure you have enabled GPS on your Android. Start "GPS Grid Reference" app on your Android. Select "GPS". Press the icon on the lower left corner and select "OSM <default>" at "Map Mode" which is located at the top of the lower right corner. Press "Menu". Select "MGRS" at "Change datum" and select "10" at "OS Grid Figure".

Please allow several minutes for the positioning. You are not required to activate the wireless or 2G/3G on your Android. That is OFFLINE.

Where to download Hong Kong (includes Shenzhen) and Macau offline maps?
You can download the maps here which are created on October 25, 2010 (GMT +8, Hong Kong time).

Hong Kong (includes Shenzhen) offline map (created from Osmarenderer)
Macau offline map (created from Osmarenderer)

** The offline maps are well tested on Nexus One with Android 2.2.1 and GPS Grid Reference 2.6.

** Hong Kong and Macau offline maps cannot be co-existed as they will overwrite each other

** Make sure you have at least 110MB free spaces on your SD card for the Hong Kong offline map while 10MB for the Macau offline map (Osmarender format)

Do I earn money from promoting GPS Grid Reference?
No. I am not working for GPS Grid Reference or Luck. I got NOTHING when you purchase GPS Grid Reference or any app from Luck.

Do I also need compass and map during hiking?
Yes. Make sure you bring along with your compass and map when you are hiking. They act as a backup in case your Android or the app is out of order or out of battery.

That's all! See you.

DELL Streak 5" Android Tablet Review

I bought my DELL Streak 5" Widescreen Tablet at Broadway yesterday at $5,499-HK. I played with the demo unit, which was version 1.6, and I was very satisfied with the performance and layout. So, I placed the order. When I was checking the device, I found that the device was equipped with 2.1-update1. Surprise!

I informed the salesman who changed the specification tag at once and he seemed to be very happy with this changes.

Details of the "About Phone"

Firmware version
2.1-update1

Baseband version
64AUSB1A120321-EU

Kernel version
2.6.29-perf

OEM Version
STREAK.ANDROID.HK

Build number
20100908

After using for a day with this handheld device, I find that it is very good and almost can replaced my Lenovo Thinpad X200 or X100e (which are running Ubuntu 10.04).

It comes with QuickOffice which is compatible with Google Doc. QuickOffice can sync with Google Doc and Dropbox too. I download the Thinking Space app and it is working flawlessly.

Pro

- 5" in size, it is portable and lightweight.
- large screen for reading PDFs and webpages easily and comfortable.
- the touch keyboard is suitable for typing but not for fast typist.
- a little bit modified UI. A new look and feel.
- fast and responsive.
- strong and hard glass screen. Not easy to break and scratch. Please refer to this site.
- almost can replace my Lenovo ThinkPad X200 or X100e.
- comes with 16GB SanDisk Class 2 mircoSD.
- free gift - AutoNavi, for driving only, I think.
- another free gift - Toshiba 4GB Class 4 microSD.
- some built-in apps, such as Chinese Calendar, QuickOffice, SugarSync and Chinese dictionary.

Con

- a little bit modified UI. So you need some time to learn it which is differ from my Nexus One.
- no Flash at the moment. However, you can install Flash manually according to this site.
- battery cannot run for long. Similar problem on my Nexus One.
- no tethering and portable hotspot. Version 2.2 have.
- not very suitable for making phone call as it is quiet big.
- redundance to my Nexus One.
- not equipped with Traditional Chinese handwriting IME. Hong Kong Characters not tested at the moment.
- not comes with vehicle docking.

Conclusion

According to DELL, this device can be OTA to version 2.2 which will provide tethering and Flash that I need most. Lightweight and fast handheld device - a very success Mobile Internet Device (MID) in the market so far. I recommend to all who need surfing internet and writing on the road. Great device!

P.S. Service centre in Hong Kong is Kinghill Technology Development Ltd

That's all! See you.