average admins

Originally posted at techsays.com on February 25nd, 2007.

Twice in the past week I’ve needed to start a script automatically if the server was ever rebooted.

I haven’t had to do that in quite a while so I had to look it up.

Lucky for me, a user of the JustLinux forums already answered the question for someone else. Except instead of just answering his question with a simple answer, he supplied a well written howto with great examples.

You can find his post here: http://justlinux.com/forum/showthread.php?t=40831

And if you know me, I don’t like relying on remote websites to have the information when I need it years from now. I like pulling the information down so if JustLinux crashes next month, I’ll still know how to do this.

Craig McPherson
01-11-2001, 11:31 PM
Alternate, more “standard” solutions:

If you want to run SSHD from your inetd server rather than as a standalone server (this is a good way to save memory if you’ll be accepting SSH connections only occasionally — the daemon is only started when a connection comes in, which makes the connection take a split second longer to establish, but saves memory when there’s no active SSH connection), just add an entry for it to your inetd configuration file.

For the standard inetd, in your inetd.conf:

ssh stream tcp nowait root /usr/sbin/sshd

(Adjust path accordingly, make sure “ssh” is in your /etc/services)

For xinetd, which cool people use, in your xinetd.conf:

service ssh
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/sshd
}

Restart your inetd program after changing its configuration file.

The ssh program on my system claimed it needed to be passed the “-i” flag to be run from inetd, but that wasn’t my experience. If it’s required with your version of ssh, just add -i to the inetd.conf, or the line “server_args = -i” to your xinetd.conf.

If you want to run your sshd as a standalone daemon, you should make an init script for it in /etc/init.d. A very simple /etc/init.d/ssh could be just this:

#!/bin/sh
/usr/sbin/sshd&

Of course, if you were going to do something that simple, you might as well just call your init script “/etc/init.d/local”, and add any other commands that you want run at bootup to it.

Then you just go to the init directory for the runlevel you boot into (check /etc/inittab for this), ie /etc/rc2.d for runlevel 2. Now create a symlink there pointing to your init script, and call it something like “S90local” or “S90ssh”. It has to start with a capital S, and the number following that determines when during the boot process the script should be run.

A more complex init script would be something like this, from the Debian SSH package:

#! /bin/sh

# /etc/init.d/ssh: start and stop the OpenBSDh “secure shell(tm)” daemon

test -x /usr/sbin/sshd | | exit 0
( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null | | exit 0

# forget it if we’re trying to start, and /etc/ssh/NOSERVER exists
if expr “$1″ : ‘.*start$’ >/dev/null && [ -e /etc/ssh/NOSERVER ]; then
echo “Not starting OpenBSD Secure Shell server (/etc/ssh/NOSERVER)”
exit 0
fi

# Configurable options:

case “$1″ in
start)
test -f /etc/ssh/sshd_not_to_be_run && exit 0
echo -n “Starting OpenBSD Secure Shell server: sshd”
start-stop-daemon –start –quiet –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;
stop)
echo -n “Stopping OpenBSD Secure Shell server: sshd”
start-stop-daemon –stop –quiet –oknodo –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;

reload|force-reload)
echo -n “Reloading OpenBSD Secure Shell server’s configuration”
start-stop-daemon –stop –signal 1 –quiet –oknodo –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;

restart)
echo -n “Restarting OpenBSD Secure Shell server: sshd”
start-stop-daemon –stop –quiet –oknodo –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
sleep 10
start-stop-daemon –start –quiet –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;

*)
echo “Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}”
exit 1
esac

exit 0

Then symlink it as before.

Anyway, what you did broke a number of Linux and Unix standards. The Linux Standards Base people aren’t going to come to your door with a gun, but you might run into problems down the line.

1. Symlinks in the various rc boot directories (rc.boot, rcS.d, rc0-6.d) can’t point directly to binaries. They have to point to scripts, which generally in turn start binaries. Of course, nothing will break if you do this but it violates the standards.

2. You shouldn’t use rc.boot. I believe its use is deprecated and is only for backwards compatibility while programs finish switching over to the standards. rc.boot will probably be removed at some point. Use the normal runlevel rc directories (rc2.d through rc5.d) for normal stuff, rcS.d for stuff that will be started in EVERY runlevel, even single user mode (stuff like SSH should NOT start in single user mode), rc0.d and rc6.d should be used for stuff that needs to be run when shutting down or rebooting.

Clear enough?

——————
http://users.ipa.net/~cmcpher/paminv.gif DEBIAN (http://www.debian.org/) http://users.ipa.net/~cmcpher/paminv.gif
It turns girls into statues!

[This message has been edited by Craig McPherson (edited 11 January 2001).]

http://scratchpad.wikia.com/wiki/Reverse_Engineering_Mentoring

Wow, this is very cool!

Didier Stevens has started a mentoring program to teach newbies how to reverse engineer software. The instructions are very well written and very easy to follow.

If you’re interested in RE, then this is a great place to start.

I found this on one of my “must-read” blogs, A Day in the Life of an Information Security Investigator

This particular entry is about an article from Redmond themselves describing the methods for doing forensics on Windows machines.

I haven’t read though it, yet, but if SecurityMonkey thinks it’s good enough for his site, then I’m definitely going to post it here.

And you can find his article here.

http://unattended.msfn.org/unattended.xp/

Have you ever wanted a Windows CD that would install Windows by automatically putting in your name, product key, timezone and regional settings? And have it merged with the latest Service Pack to save time? Followed by silently installing all your favourite applications along with DirectX 9.0c, .Net Framework 1.1 and then all the required hotfixes, updated drivers, tweaks, and a readily patched UXTheme without any user interaction whatsoever? Then this guide will show you how you can do just that!

Through the course of this guide, you will create a CD that does all the installing for you. The CD will be fully updated with the latest hotfixes, and install all your programs for you.

This guide has been broken up into three parts: Beginner, Intermediate, Advanced. It has been done so, to help you understand what you’re doing and not to get over your head too fast. There are pages upon pages of information on this subject, and this guide only covers the tip of the iceberg.

I remember reading a cool article a long time ago about how it was possible for someone to create a backdoored image and use it to gain access to the internal network of the company he was targeting. The article was called Wardriving Into GIAC Enterprises with JPEG’s and is available here: http://www.giac.org/certified_professionals/practicals/gcih/0651.php

Well, apparently it’s STILL possible to backdoor an image, but this time it’s with JavaScript. I don’t know JavaScript very well but I can only assume that it’s possible to code a quick script to download any imaginable tool and execute it.

http://www.gnucitizen.org/blog/backdooring-images

Surely you’ve heard of how it’s possible, by just visiting a website, to have a JavaScript script sent to your computer which can do any number of things … such as port scanning your internal network, for example. SPIDynamics has written a POC that does just that. You can read about there here: http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html. Now you know how to incorporate that code in a simple image.

If you want to test this out yourself and you don’t have a webserver for uploading images, try downloading XAMPP and setting up a webserver on your local machine. It’s perfect for testing web applications such as this.

I spent a few minutes at work last night after everyone left to catch up on some Windows patches that, for whatever reason, weren’t being installed by the WSUS server.

We run all of our client workstations through a proxy that gets assigned through Logon scripts. Since I was logging on to these workstations as the local Administrator I was not getting the proxy settings assigned to me so I had to manually configure each PC’s IE settings twice (once to add the proxy and another to remove it). I only had a handful (maybe 20) of PCs to do this to so it wasn’t THAT big of a deal but it got me wondering if there was an easier way to apply the proxy settings to IE. After a quick Google search I found a site that explains what registry settings to make: http://www.adopenstatic.com/cs/blogs/ken/…/131.aspx

I’ve never used RegWrite in any of my scripts so I had to look it up:
http://www.devguru.com/…/wshshell_RegWrite.html

So here’s the final scripts that can easily be placed on a server for quick access:

IE-EnableProxySettings.vbs

Set WshShell = WScript.CreateObject(”WScript.Shell”)
WshShell.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable”,”1″,”REG_DWORD”
WshShell.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer”,”proxyserver:8080″,”REG_SZ”

IE-DisableProxySettings.vbs

Set WshShell = WScript.CreateObject(”WScript.Shell”)
WshShell.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable”,”0″,”REG_DWORD”
WshShell.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer”

OK, everyone knows that Google has a powerful search interface but few people take the time to learn how to use it, myself included.

The most powerful search I’ve really ever done was something like intitle:”index of” blah blah .mp3

I’m not really getting the most out of my Google search and I’m probably missing a lot of potential search results.

I ran across a post on one of my favorite blogs, Geeks Are Sexy, about Interesting Reads for a Monday Morning.

One of the things he mentions is a really nice list of the 30 Essential Pieces Of Free (and Open) Software for Windows, which I encourage you to read since there really is some good software there.

I’ll list a few items from the list so make sure you check out the article to catch them all.

* Either/Or - if you want to search for something OR something else, make sure your OR is capitalized.

* Include/Exclude words - I use this all the time. If you want to exclude a certain phrase or word from your search results add a nice - before it. something OR something else -”something over there”

* Various operators: site:averageadmins.com chris davis, -inurl:(html | htm | php) intitle:”index of” +description +”last modified” +size +name search words. The last one is one of the best methods I’ve found of searching through directory listings.

If you REALLY want to hone your Google searching skills, you need to head over to Johnny Long’s site: johnny.ihackstuff.com

http://www.dslinux.org/index.html

How freaking cool is that? Linux on the ol’ DS.

Hey, Joey, you got a DS for sale?

I figured with all of the talk lately about mobile phones, I might as well post this. It was my how-to of the day. Might come in handy one day.
Ever dropped your cell phone in the sink, or even worse the toilet? Did you ever leave it in your pocket and run it through the washer? It usually means you have to replace your phone, but sometimes if you’re fast you can save the phone.

(more…)

Upon receiving my unlocked Nokia E61 smartphone from MyWorldPhone.com I had a lot of customizing I wanted to do to the phone. However, for some reason, there was some “Planet3″ branding on the phone which disallowed some configuration changes, like customizing the soft keys and the active standby applications on the phone’s standby screen. After Jason and I did some research, here is what we came up with.

The Nokie E61, when shipped from MyWorldPhones.com, has a firmware installed on it with some “Planet3″ branding. Since this firmware is the most recent release from Nokia, I was unable to reflash it with the Nokia firmware because Nokia’s firmware updater recognized my installed version as the latest version and there were no upgrades available. I was unable to format and reinstall the phone to the defaults since the installed firmware had the “Planet3″ software built-in. I found a way around this by doing some digging and it all started at ,e-series.org.

(more…)