Wed, Sep 29, 2004 5:51 pm
Jubril Udeh Scam
I received a variant of the "pose as some deceased tycoon's
next of kin and get rich" email messages today. This one purports
to be from "Jubril Udeh Manager of Credit and Accounts Department of North
Atlantic Securities Sarls Lome-Togo Republic" in regards to millions
that belonged to the now deceased "Mr Levy Shimony a Lebanese Import and
Export Tycoon here in Lome Togo." The
message was purportedly sent to me
because of my "high repute and trust worthiness", characteristics one
supposes make me an ideal partner for participating in a fraudlent scheme
where I would pose as the deceased's next of kin.
Are there people foolish enough to fall for such ruses? Unfortunately,
the answer is "yes". There have apparently been quite a few people
who have fallen for such scams. One I read about was an accountant for
a law office who used her employer's funds to cover the scammer's
"transaction fees". She apparently thought she could cover the
money she took from her employer out of the large sum of money she
was sure to receive. What she did receive was a prison sentence,
since, of course, no funds were forthcoming from the scammer.
One recipient of one of these messages decided to scam the scammer.
He actually got the scammer to send him money, which he donated to
charity. For an amusing tale of how this scambaiter got the scammer
to join his "Holy Church of The Order of The Red Breast", see
The Tale of The Painted Breast.
[/security/scams]
permanent link
Fri, Sep 24, 2004 3:15 pm
Example Virus Messages
Examples of
messages containing various worms, viruses, and trojans.
[/security/viruses]
permanent link
Thu, Sep 23, 2004 7:32 pm
BHODemon
Adware/spyware may insert itself on your system using a
Browser
Helper Object (BHO). One tool that can show you the BHOs that
are enabled on your system is
BHODemon
from Definitive Solutions.
See
Installing and Using BHODemon
for additional download links and information on installing and using the
program.
[/security/spyware]
permanent link
Mon, Sep 20, 2004 1:13 am
Clam Antivirus (ClamAV)
A free antivirus package for Linux systems, Clam Antivirus, is available from
http://www.clamav.net/.
I downloaded the Clam AntiVirus package with
wget http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.75.1-1.i386.rpm
. I then installed the package on a mail server running Fedora Core
2 Linux.
rpm --install clamav-0.75.1-1.i386.rpm
warning: clamav-0.75.1-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1
The warning message can be prevented by using the command
rpm --import http://crash.fce.vutbr.cz/Petr.Kristof-GPG-KEY
prior to installing the package.
To use up2date to update the package, add the lines below to
/etc/sysconfig/rhn/sources if you are using Fedora Core 1.
You can add them after the other yum lines:
yum crash-hat http://crash.fce.vutbr.cz/crash-hat/1
#yum crash-test http://crash.fce.vutbr.cz/crash-hat/testing/1
If you are using Fedora Core 2, use the lines below:
yum crash-hat http://crash.fce.vutbr.cz/crash-hat/2
#yum crash-test http://crash.fce.vutbr.cz/crash-hat/testing/2
Otherwise, you will get the error message below when you try
up2date clamav
:
The following packages you requested were not found:
clamav
Once you have added the line to /etc/sysconfig/rhn/sources,
you can then use up2date -u clamav
to update the software
to a later version when one becomes available.
If you are using another version of Linux, see
http://www.clamav.net/binary.html#pagestart for information.
Clam AntiVirus will run on other operating systems as well. Supported
platforms are listed below (tested platforms in parentheses):
- GNU/Linux - all versions and platforms
- Solaris - all versions and platforms
- FreeBSD - all versions and platforms
- OpenBSD 3.0/1/2 (Intel/SPARC)
- AIX 4.1/4.2/4.3/5.1 (RISC 6000)
- HPUX 11.0
- SCO UNIX
- IRIX 6.5.20f
- Mac OS X
- BeOS
- Cobalt MIPS boxes (RAQ1, RAQ2, QUBE2)
- Windows/Cygwin
- Windows Services for Unix 3.5 (Interix)
Some features may not be available on all operating systems.
If you install the package with the rpm or up2date commands,
a new group and a new user account will be created, both named clamav.
The clamav configuration file will be located in /etc/clamav.conf.
The virus database updater program is called "freshclam". Freshclam's
configuration file is /etc/freshclam.conf. You can control how often
freshclam checks for new virus signatures by adjusting the Checks
value in the /etc/freshclam.conf file. The log file for clamav
is /var/log/clamav/clamd.log and the log file for freshclam is in
/var/log/clamav/freshclam.log.
The program doesn't start automatically when you install it with the
rpm or up2date commands. You can start it with
/etc/init.d/clamd start
or by rebooting the system.
If you left the TCP listening port to be the default of 3310, you can
see whether it is running by using the netstat command
netstat -at | grep 3310
. You should see the system is
listening for connections on that port.
tcp 0 0 *:3310 *:* LISTEN
Or you can use the ps command to check on whether it is running:
[root@mail root]# ps aux | grep clamd | grep -v "grep"
clamav 2315 0.0 6.1 18024 15628 ? S 00:13 0:00 /usr/sbin/clamd
You can use the clamscan command to scan a directory or file for viruses.
E.g. a scan of the files in the directory where clamav test files
are stored might produce output such as that shown below:
[root@mail root]# clamscan /usr/share/doc/clamav-0.75.1/test
/usr/share/doc/clamav-0.75.1/test/test-failure.rar: RAR module failure
/usr/share/doc/clamav-0.75.1/test/test-failure.rar: OK
/usr/share/doc/clamav-0.75.1/test/README: OK
/usr/share/doc/clamav-0.75.1/test/test.bz2: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.75.1/test/test.zip: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.75.1/test/test-zip-noext: ClamAV-Test-Signature
FOUND
/usr/share/doc/clamav-0.75.1/test/test.msc: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.75.1/test/test.rar: ClamAV-Test-Signature FOUND
/usr/share/doc/clamav-0.75.1/test/test: ClamAV-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 24009
Scanned directories: 1
Scanned files: 8
Infected files: 6
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 5.640 sec (0 m 5 s)
The files in the clamav test directory are actually harmless, but the
scan shows you the clamav scanning program is working. If you want to
test with an actual worm, you can use the following example of
Worm.SomeFool.P, aka W32.Netsky.P@mm.
Worm.SomeFool.P
If you want to scan just a particular file, you can use put the file
name after the command, e.g.
clamscan corrected_doc.pif
.
If you wish to manually update the virus defintions, issue the command
freshclam
.
Clam AntiVirus 0.75.1-1 Package and Download Information
Milter package for use with sendmail
Clam AntiVirus 0.75.1-1 Milter Package and Download Information
[/security/antivirus/clamav]
permanent link
Sun, Sep 19, 2004 8:58 pm
Logrotate PPP Error
After first setting up a Linux server with
Fedora Core 2 Linux, I received the following error message in an email
message sent to root:
Date: Sun, 12 Sep 2004 19:00:42 -0400
From: root@mail.somewhere001.us (Anacron)
To: root@mail.somewhere001.us
Subject: Anacron job 'cron.daily'
/etc/cron.daily/logrotate:
error: stat of /var/log/ppp/connect-errors failed: No such file or directory
According to
Bugzilla Bug 126771: logrotate error because of non-existent
/var/log/ppp/connect-errors this error can be prevented by adding
a missingok to /etc/logrotate.d/ppp. The problem occurs
if PPP isn't used, which means there won't be a log file for it in
/var/log/ppp. By adding the missingok to
/etc/logrotate.d/ppp, you indicate that an error message shouldn't
be produced if the log file is missing and so can't be rotated.
According to
Bug 122911 - Logrotate problem if ppp isn't used and there isn't a logfile in
/var/log, the problem is present in version 2.4.2 release 2 of the ppp
package. I didn't add the missingok line, but instead upgraded the
ppp package (use up2date --install ppp
). I now have
version 2.4.2 release 3.FC2.1 of ppp, which added the missingok
line.
# Logrotate file for ppp RPM
/var/log/ppp/connect-errors {
missingok
compress
notifempty
daily
rotate 5
create 0600 root root
}
[/os/unix/linux/sysmgmt]
permanent link
Fri, Sep 17, 2004 8:40 pm
Daily Rotation of Mail Logs
For a Linux mail server I set up, I want to have sendmail's log file, which
is
/var/log/maillog, rotated daily rather than once a week.
With the default
setting for logrotate, the file maillog will be closed and become maillog.1
after a week. If there is a maillog.1 it becomes maillog.2, etc. I want
this to occur at midnight every night. To achieve the daily rotation, log in
under the root account and edit the
file
/etc/logrotate.d/syslog, removing
/var/log/maillog from the line where it is listed with all of
the other log files that get rotated. Then create a new logrotate control file,
e.g.
/etc/maillogrotate.conf. Don't put it in the
/etc/logrotate.d directory. My
maillogrotate.conf file contains the
following lines:
# Begin maillogrotate control file
/var/log/maillog {
daily
rotate 14
sharedscripts
create 0600 root root
missingok
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
# End maillogrotate control file
The meaning of the lines is as follows:
- Comment
- Specifies the file to be rotated, /var/log/maillog
- Indicates the file should be rotated on a daily basis
- rotate 14 indicates 14 previous versions (2 weeks worth
of logs) should be kept, i.e.
there will be a maillog file as well as maillog.1 through maillog.14
- sharedscripts means that the postrotate script will only
be run once, not for every file that is rotated.
- create 0600 root root indicates that immediately after logrotate
has rotated the file, it should create a new file with the same name as the
one just rotated, in this case maillog. The permissions for the file, 0600,
indicate that the owner will have read and write access to the file, but
no one else will be given any access to the file. After access is specified,
the owner and group for the file are each set to root (the format is
create mode owner group
.
- missingok indicates that if the log file is missing, proceed to the
next one without issuing an error message.
- Any lines between postrotate and endscript will be executed
after the rotation is completed. In this case, the syslog process will be restarted. The process id for syslog is stored in /var/run/syslog.pid, so
cat /var/run/syslogd.pid displays the contents of syslogd.pid. The
2> /dev/null at the end indicates that STDERR (error messages) will
be redirected to /dev/null, which means that they are discarded. The backticks
around this command (be certain to use the ` character, which is on the
key to the left of the 1 key not the single quote, ' here) mean take
the output of this command and use it as an argument to /bin/kill -HUP,
which kills the syslog process, which will get automatically restarted. The
second 2> /dev/null means that any error messages generated from
the kill command are also discarded. The || true at the end means that
if there is a problem with the kill command then still mark this part of the
script as successful, i.e. don't abort with an error message. The || means "or" and true always returns a successful exit status.
You then need to create a crontab entry with crontab -e
.
This will open the crontab file in the vi editor. The crontab file can be
used to run commands on a scheduled basis. Hit the i key to put the
vi editor in insert mode then type the following command:
0 0 * * * /usr/sbin/logrotate /etc/maillogrotate.conf 1>/dev/null 2>/dev/null
Then hit the : (colon) key and type wq to save the file and exit
from the editor.
The crontab file consists of 6 fields:
minute |
A number from 0 to 59 indicating the minute the command will run |
hour |
A number from 0 to 23 indicating the hour for the command to be run |
day of month |
A number from 1 to 31 indicating the day of the month to run the command
|
month |
A number from 1 to 12 indicating the month to run the command |
day of week |
A number from 0 to 6 (Sunday to Saturday) for the command to be run |
command |
The command to be run |
So the listed crontab entry will run the /usr/sbin/logrotate program
at midnight every day (the asterisks means use all possible values for the
field). The logrotate program will use the file I created,
/etc/maillog.conf, to determine what it should do. Any output, whether
standard output or error messages, are sent to
/dev/null, i.e. discarded.
In addition to keeping two weeks worth of logs in the
/var/log/maillog directory, I like to archive mail logs in
a separate directory to be parsed by statistics generation programs. If
I add new programs, I can run them on all the old log files to generate
statistics for the entire year. So I create a /root/maillog directory
to hold the maillog files and a program, copy-maillog, which will copy
the previous day's maillog to that directory with that day's date appended to
the filename. I place the copy-maillog file in /root/bin and make
it executable.
mkdir /root/maillog
mkdir /root/bin
The copy-maillog program contains the following lines:
#!/bin/bash
cp -a /var/log/maillog.1 /root/maillog/maillog.$(date --date=yesterday +%m%d%y)
This will copy the previous day's maillog file, maillog.1 to the
/root/maillog/ directory. The $(date --date=yesterday +%m%d%y)
extension means append yesterday's date formated as month, day, year, e.g.
maillog.091604 for the September 16, 2004 mail log file.
To make the script executable, type chmod 700 copy-maillog
.
I then create a crontab entry to run copy-maillog script at half past
midnight every night. Use crontab -e
again to edit the
crontab file, then move the cursor to the end of the file and hit the
a key to append data after the cursor. Hit the enter key to
start a new line and insert the following:
30 0 * * * /root/bin/copy-maillog 1>/dev/null 2>/dev/null
Then hit the Esc key followed by the colon key. Type wq to save
the modifications to the crontab file and exit from the editor. If
you then type crontab -l
to list the contents of the
crontab file, you shold see something similar to the following:
[root@mail bin]# crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.8726 installed on Fri Sep 17 18:27:16 2004)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 0 * * * /usr/sbin/logrotate /etc/maillogrotate.conf 1>/dev/null 2>/dev/null
30 0 * * * /root/bin/copy-maillog 1>/dev/null 2>/dev/null
References:
-
How to
rotate maillogs daily on RedHat
-
Linux / Unix Command: logrotate
-
Sams Teach Yourself
Shell Programming in 24 Hours
-
Redirection, Pipes, and Backticks
[/network/email/sendmail]
permanent link
Wed, Sep 15, 2004 11:10 pm
Bandwidth Monitoring on a Linux System
On a Linux system, if you need information on how much bandwidth is being used
and what type of traffic is consuming the bandwidth, two tools you can use
that don't require a Graphical User Interface (GUI) are
IPTraf and
Linux Bandwidth Monitor (bwmon).
IPTraf description from Red Hat's IPTraf package:
IPTraf is a console-based network monitoring utility. IPTraf gathers
data like TCP connection packet and byte counts, interface statistics
and activity indicators, TCP/UDP traffic breakdowns, and LAN station
packet and byte counts. IPTraf features include an IP traffic monitor
which shows TCP flag information, packet and byte counts, ICMP
details, OSPF packet types, and oversized IP packet warnings;
interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP
packet counts, IP checksum errors, interface activity and packet size
counts; a TCP and UDP service monitor showing counts of incoming and
outgoing packets for common TCP and UDP application ports, a LAN
statistics module that discovers active hosts and displays statistics
about their activity; TCP, UDP and other protocol display filters so
you can view just the traffic you want; logging; support for Ethernet,
FDDI, ISDN, SLIP, PPP, and loopback interfaces; and utilization of the
built-in raw socket interface of the Linux kernel, so it can be used
on a wide variety of supported network cards.
A ZDNet article,
Police your network traffic with IPTraf explains how to use IPTraf to
log and monitor IP traffic on your system.
You can download IPTraf from the developer's
website or you may already have it with your distribution of Linux. An
RPM is available from
Red Hat or from
this site.
The options when running bwmon are shown below:
Linux Network Bandwidth Monitor $Revision: 1.3 $
by Kimmo Nupponen (kimmoon@users.sourceforge.net)
$Date: 2002/05/08 06:33:09 $
usage: bwmon [-b] [-h] [-a] [-m] [-u seconds]
-a Print bandwidth utiliasation in Kbytes rather than Kbits. The default
is to use Kbits
-a Print also average bandwidth since last boot per interface
-m Print maximum bandwidth since launch of this utility
-h Print this help message
-u Update timeout (integer value)
Use <space-bar> to refresh the screen before update timeout expires
Use 'q' or 'Q' to exit this utility
Note that you have to have proc mounted to allow this software
to work!
bwmon Screenshot
IPTraf
Screenshots
[/os/unix/linux/network]
permanent link
Wed, Sep 15, 2004 11:09 am
Feature Comparison Between Adobe Acrobat 6.0 Standard and Professional
A chart is available at
http://www.adobe.com.au/events/roadshows/pdfs/FeatureComparision.pdf
comparing the features found in Adobe Acrobat 6.0 Standard and Professional
versions. The chart also covers Adobe Reader 6.0 and Acrobat Elements 6.0.
[/os/windows/software/pdf]
permanent link
Sun, Sep 12, 2004 10:46 pm
Painting Plastic
If you want to paint cases, parts, or most plastics, you can use
Fusion paint from Krylon. The paint dries
in 15 minutes or less.
The paint comes in the following colors:
- Almond - 2437
- Black - 2421
- Blonde Shimmer - 2339
- Blue Hyacinth - 2333
- Burgundy - 2325
- Burgundy - 2425
- Buttercream - 2334
- Dover White - 2322
- Dover White - 2422
- Espresso - 2340
- Espresso - 2436
- Fairytale Pink - 2331
- Gloss Black - 2321
- Gloss White - 2320
- Honeydew - 2335
- Hunter Green - 2324
- Hunter Green - 2424
- Khaki - 2438
- Navy - 2326
- Navy - 2426
- Nickel Shimmer - 2338
- Patriotic Blue - 2329
- Pewter Gray - 2439
- Pumpkin (Safety) Orange - 2337
- Red Pepper - 2328
- River Rock - 2323
- River Rock - 2423
- Spring Grass - 2327
- Sun Dried Tomato - 2332
- Sunbeam - 2330
- Twilight - 2440
- White - 2420
ZDNet's Brian Cooley reports it worked well on his Teo 300 cellphone in
his September 9, 2004 entry in
Dealing with technology in real life column.
[/pc/hardware/miscellaneous]
permanent link
Privacy Policy
Contact