Tuesday, August 31, 2010

Easily lock your mac; like windows!

After a lot of searching; I came to the conclusion that no one had what I was looking for, I took it upon myself to write a program in C that listens for OS X keybinding ( in my case Command + L ) in order to lock the screen.

I like to lock my machine when I walk away from it, at work or at home with OS X you have to jump through hoops to get the same functionality until now.

A simple keystroke ( like windows ) Command + L and my machine is instantly locked, this is not the fast user switching work around; the session is simply locked and when you log back in all of your programs are still running.

If you're interested in this, please contact me or leave a comment - I plan to sell the binary for .99c USD.


Thursday, August 20, 2009

Citrix XenApp Web Interface running on Linux

I have successfully implemented the Citrix XenApp web interface on Linux. I have taken the liberty to develop an install script for Red Hat Enterprise Linux 5, if you're in need of help, please contact me VIA email.

Saturday, September 27, 2008

Lian Li F1b

I have submitted a review inquiry with Lian Li, hopefully I get a response, if so I'll have a nice review for all of you. I am currently preparing reviews for 5 Razer products coming soon.

Monday, October 1, 2007

Properly securing SSH.

If you are like me you work in a corporate environment and SSH is needed not just by you but several other Administrators or Application Administrators so shutting down or changing the SSH port isn't applicable. You're in luck, after much research and a lot of brain storming I think I've came up with a very good result. If you've ever checked your system logs (/var/log/secure) you may have noticed copious amounts of SSH failed login attempts this may be why you're searching for new tactics to circumvent the SSH brute-force attempts.

The first thing we'll do is setup iptables rules, if you're running a Red Hat box; vi /etc/sysconfig/iptables and insert the following. Don't forget to add/remove the services you need to be opened.
# resides in /etc/sysconfig/iptables
# Written by Nate Dobbs for NS1 and NS2
# If tables need to be flushed execute
# /usr/sbin/iptables_flush.pl
# Firewall Rules
# Handle loopback addresses
-A INPUT -i lo -j ACCEPT
# Disallow ICMP requests from the world
-A INPUT -p icmp -j DROP
# Allow ICMP pings to the world, drop all others
-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outbound packets if state related, and inbound if established
-A INPUT -m state --state ESTABLISHED -j ACCEPT
# Drop stealth scans
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,FIN FIN -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
# open ports for some services
# open ssh
-A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
# open DNS
-A INPUT -p tcp -i eth0 --dport 53 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 53 -j ACCEPT
# Open Webmin
-A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 10000 -j ACCEPT
# Define policy - DROP

You may have noticed the iptables flush script I have defined in the comment section of the code I will include this as well.
#!/usr/bin/perl -w
# This is a IPTABLES flushing script
# Written by Nate Dobbs
# Feel free to redistribute and or modify at-will
# Please give all props to original author/s!
# Declare Vars
print "Welcome to the IPTABLES-Flush script!\n"

$_ = ;
chomp $_;
$_ = "Y" if (length($_) == 0);

if ($_ =~ /[Yy]/) {
print "Starting the IPTABLES-FLUSHING process!\n";
else {
print "Aborting script..\n";

$iptables = "/sbin/iptables";

%iptables_hash = (

reset_policy => "
reset_policy_mangle => "
reset_policy_nat => "
$IPTABLES -t nat -F;
$IPTABLES -t mangle -F",
reset_all_non_default_chains => "
$IPTABLES -t nat -X;
$IPTABLES -t mangle -X"

print "Resetting policies\n\n";
system (%iptables_hash {'reset_policy'});
sleep 5
print "done!\n";

print "Resetting mangle policy's\n\n";
system (%iptables_hash {'reset_policy_mangle'});
sleep 5
print "done!\n";

print "Resetting NAT policy's\n";
system (%iptables_hash {'reset_policy_nat'});
sleep 5
print "done...\n";

print "And finally flushing all non-default chains\n";
system (%iptables_hash {'reset_all_non_default_chains'});
print "Script is completed\n";

Now that we've got proper iptables rules it's time to edit /etc/hosts.deny; add the following.

Now edit /etc/hosts.allow and allow each IP or a entire subnet of allowed "trusted users" you will have to literally allow access to each service that is open with the iptables such as named, httpd etc. You can use ALL: ALL if you need unlimited access to a particular server. I would just recommend allowing access to your services such as ssh on a domain-trusted basis.
named: ALL
httpd: ALL
ssh: .yourdomain.com # the period in front of the domain is ESSENTIAL!

Don't forget to setup iptables for boot-time init
chkconfig --level 345 iptables on

Now restart your services
service iptables restart

iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
ACCEPT udp -- anywhere anywhere udp dpt:10000

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

Thursday, May 10, 2007

Installing Citrix on Linux (Ubuntu)

I've recently installed Citrix v10.0 on my laptop running Ubuntu Feisty 7.4. I've heard this was a very daunting task, I only experienced one issue and this was resolved very quickly after a google search. I'm going to spare the screenshots for security purposes, I think it'd be pretty taboo to post pictures of me logging into a secure site, eh?

1.) Download Citrix v10.0
2.) $sudo apt-get install libxaw6 libmotif3
$sudo tar xvfz en.linuxx86.tar.gz
$sudo ./setupwfc

# Now we're at the Citrix Installation
Citrix Presentation Server Client 10.0 setup.
Select a setup option:

1. Install Citrix Presentation Server Client 10.0
2. Remove Citrix Presentation Server Client 10.0
3. Quit Citrix Presentation Server Client 10.0 setup

Enter option number 1-3 [1]:1
  • Enter 1. Install Citrix Presentation Server Client 10.0
  • Please enter the directory in which Citrix
    Presentation Server Client is to be installed.

    [default /usr/lib/ICAClient] or type "quit"
    to abandon the installation: /usr/lib/ICAClient
  • You can choose to enter different folder. I choose: /usr/lib/ICAClient
  • You have chosen to install Citrix Presentation Server
    Client 10.0 in /usr/lib/ICAClient
Proceed with installation? [default n]: y
  • Enter: Y to continue

    Use of this component is subject to the Citrix license
    covering the Citrix product(s) with which you will be
    using this component. This component is only
    licensed for use with such Citrix product(s).

    CTX_code EP_T_A34320

    Select an option:

    1. I accept
    2. I do not accept
    Enter option number 1-2 [2]: 1

Installation proceeding...

Checking available disk space ...

Disk space available 588136 K
Disk space required 4964 K

Continuing ...
Creating directory /usr/lib/ICAClient
Core package...
Setting file permissions...
Integrating with browsers...
Browsers found.

Found entries in browser configuration(s) from an earlier
installation. Do you want these entries to point to the
new installation? [default y]: y
  • Enter: y to integrate with your Mozilla Firefox browser
  • Integration complete.

    Found KDE or GNOME desktop entries from an earlier
    installation. Do you want these entries to point to
    the new installation? [default y]: y
  • Enter: y to make sure your Citrix Client install in Gnome or KDE
  • Enter: 3. Quit Citrix Pesentation Server Client 10.0 setup
  • $cd /usr/lib/ICAClient
  • $sudo ./wfcmgr

Next you'll see an UGLY font provided by Citrix, if you would like to change this; DL this script
    • Run $chmod +x citrix-icaclient-10-ubuntu
    •  export ICAROOT=/usr/lib/ICAClient
    •  sudo bash citrix-icaclient-10-ubuntu

citrix.sh Version 0.7
Patching Citrix ICAClient 10.0 on Ubuntu 7.04,
continue [y/N] ?: y
Using ICAROOT=/usr/lib/ICAClient
patching file nls/en/UTF-8/Wfcmgr
patching file nls/en/Wfcmgr
    Citrix ICAClient 10 for Ubuntu 7.04
  • Close and open your Mozilla Firefox browser to make sure it loads the proper Citrix plugins.
  • Connect to your Citrix Server and choose your application.
  • Once prompted enter “/usr/lib/wfica” to open your application if required Chose "always use this app for this type of file".
Generally we would be finished by now; but I ran into some issues with the Thawte certificate, so I did this; I found out that Stanford University offers a root cert available for DL, (THANKS STANFORD!) do this if you get this error.

1.) cd /usr/lib/ICAClient/keystore/cacerts
2.) sudo wget www2.slac.stanford.edu/computing/windows/services/citrix/

Friday, May 4, 2007

Peer-to-peer and Bit-Torrent Security concerns.

I was inspired to write this blog when a friend emailed me asking questions about his safety when using Bit-torrent clients. This really depends on what type of security you're asking about, there are several different ways. By the way, this friend is a VERY tech-savy person and a pure genius for that matter, the reason I was compelled to write this is because it's a very common question that most people don't bother researching or take into consideration.

Q: Am I safe from Virus'?
A: BitTorrent is a much safer service than other peer-to-peer networks because of how it functions. While other peer-to-peer services allow a certain degree of access to a shared folder or someone’s hard drive, BitTorrent users cannot share anything outside of the desired file type that is in an open BitTorrent window.

Due to the fact that you are only downloading segments of the file as opposed to the full thing, it also makes it incredibly difficult (if not impossible) to transmit viruses through the BitTorrent system. There are a number of people who are opposed to peer-to-peer technologies because of possible security concerns, however, virtually none of these concerns are found in the BitTorrent service.

Q: Is using Bit-torrent software Illegal?
A: No, you can infact make it illegal by downloading pirated software/movies/music. Many software developers prefer Bit-Torrent because seeders can share it's bandwidth to lessen the load on their servers. Thus increasing download speeds for everyone.

Q: How do I protect myself from the MPAA/RIAA?
A: This is a very interested question, for one the best way is NOT TO DOWNLOAD ILLEGAL FILES. But of course there are some ways of protecting yourself. The main thing I recommend is the installation/use of Peer Guardian, this application is only available for Windows' Platform ATM. If you're a *NIX user I recommend checking out MoBlock.

Link to PeerGuardian
Link to MoBlock

Please note that MoBlock actually ties in/initiates new IPTABLES rules, so make sure you have access to your terminal (especially if you want to put this on your Linux router the new rules could flush your existing NAT rules).

There are ways to keep yourself safe, support the cause and never violate your own morals,

Monday, April 30, 2007

Beryl - More than just eye candy!

I officially installed Beryl on my Ubuntu machine, I must say I'm pretty surprised by the sheer beauty of this window manager! It's much smoother than Vista's 'Aero' window manager, while moving things around, flipping 'cube' around rapidly and the wobbly screens I notice no lag at all. While on Vista I felt a lot of jerkiness and overall poor performance. Pretty sad IMHO
My machine is as follows (posted in another forum);

AMD FX-55 OC'd 2.9ghz

Zalman 110mm Heatsink
2gb Corsair XMS TWINX DDR 400
74gb Seagate Barracuda
15kRPM U320 SCSI
eVA 7900 GTO -OC'd clock and RAM 700/800

20.1" Samsung widescreen LCD 205BW
Razer Copperhead 2k DPI
gaming mouse
Razer Tarantula Gaming Keyboard
ThermalTake TSUNAMI DreamTower

ThermalTake 480w Purepower Silent PSU
Xfi 7.1 sound

Klipsh 5.1 pro-media speakers

18582 3dmarks with 3dma
Still need to OC my RAM, I will post the new 05 '06 scores.

CPU Idles at 35*C max load so far has reached 44*C
GPU idles at 38*C max 50*C

My machine is pretty beefy; but this isn't the reason the performance is so well, I had vista on this machine for a short time to give it a run. I had tremendous issues with drivers and overall system performance, shame on you Microsoft, XP is better than Vista ATM!

I upgraded to Ubuntu Feisty Fawn, after the first initial reboot GDM wouldn't start I checked dmesg and noticed that Feisty Fawn is shipped with older nvidia drivers, so I pointed to my previously installed (newer) drivers and BAM GDM is up again! Now for the install/configuration of Beryl.

Install Beryl in Ubuntu Feisty

sudo apt-get install beryl emerald-themes

Pressed ALT+F2 and typed beryl-manager

Now it's up and running wo0t, added to the start menu and I'm good to go. One thing, You can't game while running the Beryl window manager, there is an option to switch back to your default window manager (I do this while gaming) then I switch back, it's pretty seamless and very rapid while changing.

Here are some screenshots of Beryl in action!