linux « dot kam

linux

Configure Simp Server to Encrypt IM clients in Linux

Recently many companies started to inject their security policies with securing IM communication. It makes sense, since everything you type in that chat window to your buddy flies over the network in a clear text. That does not sound to bad, you think, but what it really means, is if anybody wanted to see what you are talking to your colleague, or even to your wife, about, s/he can see it easily by reading your network packets – which is a very easy thing to do now days.

Another example could be the client whose policy is to monitor all the incoming/outgoing network request, and you want to talk over IM to your colleague about something that you do not want your client to see.

Below I’ll show you how to secure you IM communication with SimpServer: http://www.secway.fr/us/products/simpserver/ on Unix client/server boxes. I am going to use Ubuntu here as an example, but it should work for most if not for all Unix flavours.

1. Get the SimpServer.

According to the liink above “SimpServer is currently beta software and is free for any use”, hence let’s get it for free from here:

wget http://download.secway.com/public/products/simpserver/simpserver-2.1.5c-linux-x86.tgz

2. Install the SimpServer.

Before untarring it, let’s make sure the standard C++ libraries that SimpServer uses are installed:

sudo apt-get install libstdc++5

Now let’s untar it and move to “/usr/local” – that is where it will search for its binary files, so make sure you do that:

tar -xvzf simpserver-2.1.5c-linux-x86.tgz
 
sudo mv simp/ /usr/local/

Go to “/usr/local/simp/bin/”, and run the SimpServer:

cd /usr/local/simp/bin/
 
./simpserver
 
----------------------------------------------------------------------------------
SimpServer Linux 2.2.1.5c - (c) Copyright Secway 2000-2005
All rights reserved
 
Visit http://www.secway.com/products/simpserver/ for updates.
Visit http://www.secway.com/support/ for support.
 
MSN Service on 0.0.0.0:11863, mode 1
MSN Service on 0.0.0.0:1863, mode 0
AIM Service on 0.0.0.0:15191, mode 1
ICQ Service on 0.0.0.0:15190, mode 1
YAHOO Service on 0.0.0.0:15050, mode 1
Admin Service on 127.0.0.1:10023, mode 0
 
----------------------------------------------------------------------------------

If there are any problems, grab the simpserver version that is offered here: http://www.secway.fr/us/products/simpserver/download.php

3. Configure the SimpServer.

While SimpServer is running, telnet to it (port 10023). Default “username/password” are “admin/admin”:

$ telnet localhost 10023
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SimpServer Linux 2.2.1.5c - (c) Copyright Secway 2000-2005
All rights reserved
 
Visit http://www.secway.com/products/simpserver/ for updates.
Visit http://www.secway.com/support/ for support.
 
Login: admin
Password: admin

Let’s see what it is capable of by asking for “help”:

> help
SimpServer Linux 2.2.1.5c - (c) Copyright Secway 2000-2005
All rights reserved
 
Visit http://www.secway.com/products/simpserver/ for updates.
Visit http://www.secway.com/support/ for support.
 
 ?,        help                  print this help
 list,     list_keys             [all, public, private]
 generate, generate_private_key  [-e<account>] [-s<service>] [-c<cipher>] [-b<size>] [-n<name>] [-p
<password>]
 load,     load_private_key      -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-p
<password>]
 unload,   unload_private_key    -i<keyid> [-e<account>] [-s<service>] [-c<cipher>]
 change,   change_password       -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-o
<old_password>] [-p<new_password>]
 delete,   delete_key            -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-force] [-pendinf]
 accept,   accept_pending_key    -i<keyid> [-e<account>] [-s<service>] [-c<cipher>]
 quit,     exit                  exit

4. Create private/public certificates.

Notice that the “list” command, from the above help, shows all/public/private keys, including your public/private key, and all your IM buddies that you are talking to.

Let’s try to see what keys we have right away (without doing anything yet):

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
--------------------------------------------------------------------------------------------------------------------

As you can see, we have no keys – because for now we have neither “secure/encrypted” IM buddies, nor our public/private key pair.

Hence start by by running a “generate” command that would create your the key pair (link to certificates article) that will be used:

> generate
generating the new key pair, please wait... done!
new key: 278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16  RSA-2048  [admin] KeyPair

Now let’s “list” the keys again:

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
--------------------------------------------------------------------------------------------------------------------
Yes  Yes    278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16     RSA-2048    *  [admin] KeyPair

Perfect – you have your own “KeyPair”, that will be used to authenticate and encrypt communication from your IM buddies.

5. Connect IM clients to the SimpServer.

Next, let’s connect to our SimpPro / SimpLight / etc.. IM buddies. Here is an example on how to configure “Pidgin” to use a SimpServer:

For example you’d like your work AIM account to “follow the company standards” and use encryption via simp server. Here is what you should do

Go to "Accounts" -> (Choose your AIM account) "Edit Account" -> "Advanced"
 
Choose "SOCKS4" in "Proxy Options"
 
type "127.0.0.1" in Host
type "15191" in Port

Pidgin SOCKS4 settings

Why “127.0.0.1”? Because you have started the SimpServer on your local box. By the way, you can start the server on one box, and use it from many other PCs by entering IP address of that box to the “host” field for the proxy settings of the account in your IM client.

Why “15191”? Let’s look at the server output once again:

MSN Service on 0.0.0.0:11863, mode 1
MSN Service on 0.0.0.0:1863, mode 0
AIM Service on 0.0.0.0:15191, mode 1
ICQ Service on 0.0.0.0:15190, mode 1
YAHOO Service on 0.0.0.0:15050, mode 1
Admin Service on 127.0.0.1:10023, mode 0

We see that “AIM Service” listens on the port “15191”.

6. Start using the SimpServer with your IM client(s).

Now when you send an IM to anybody who runs SimpPro / SimpLight / or just a Simp Server, they would get a pop up asking them to accept your message. After they do accept it, your public key ( one of the keys that was generated by the “generate” command ) will be added to their Simp database. Same thing will happen when they ping you or respond to your IM encrypted message – their public key will be added to the simpserver:

Here is an example of what happens initially, when there is a new “Simp-Oriented” buddy pings you:

(2008-10-16 15:16:09) BuddyName: *** (*) SimpServer Linux 2.2.1.5c - Encrypted and Authenticated (*) ***
(2008-10-16 15:16:09) BuddyName: Hey, that is cool - so now our messages are encrypted...!

And now you can go back to your “telnet” session and “list” the keys again:

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
--------------------------------------------------------------------------------------------------------------------
Yes  Yes    278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16     RSA-2048    *  [admin] KeyPair
 No  N/A    0f2292a9d40c2f90  ab1d 6f78 6bff a03e 892a 34df 2b3a 26e7 16ff cbb9   2008-10-16     RSA-2048  AIM   <buddy1Name>
 No  N/A    62f02d7e858e0139  c315 616f 8518 d9c8 9827 e4c4 d8b4 2448 06f7 4278   2008-10-16     RSA-2048  AIM   <buddy2Name>

Notice that now you have your own “KeyPair”, a public key for “Buddy1Name”, and a public key for “Buddy2Name”.

Happy Secure IMing, and don’t abuse your secrecy :)

hardware / howto / linux / network / tutorials / ubuntu — 9 Comments
29
Sep 08

Sure Way to Restart a Wireless Network

linux penguin is watching windows fly

While wireless signal is good, the network is dead – why is that? Many reasons, of course. You can spend time to figure out the reason and then try to fix, which is a good approach, but requires some time. Or you can restart the network to see if it resolves the issue, and if it does – forget that the problem ever existed.

However the way to restart a wireless network is not always “black and white”. Sometimes it is possible using GUI, and sometimes by typing something that means “network service restart”. And yes these ways are “clean”, but have a drawback – they rely on operating system to do what it suppose to do and restart the network.

However, OS does not always behave (yes, Linux does not always behave, along with Mac, and Windows, and “any” OS.. ). But here is a sure way to restart it – you would need to get down to the driver level though – to be less OS (or distribution) specific. But I’ll guide you through, don’t worry..

So, the signal is full/good/strong:

wireless signal is good
but there is no network:

$ ping -c 4 google.com
ping: unknown host google.com

First thing to do is to see what wireless card you are using:

$ lspci | grep -i network
08:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

In my case it is Intel 3945ABG. Next, check what driver is used for this card. I did a simple google search, and saw that the driver is “ipw”something.

Let’s see what ipw-like modules/drivers are currently running/loaded:

$ modprobe -l | grep ipw
/lib/modules/2.6.20-17-generic/kernel/ubuntu/wireless/ipw3945/ipw3945.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/usb/serial/ipw.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/net/wireless/ipw2200.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/net/wireless/ipw2100.ko

Here it is “ipw3945”. Let’s kill it (-r stands for “remove”):

$ sudo modprobe -r ipw3945

Let’s start it back up:

$ sudo modprobe ipw3945

Checking connectivity:

$ ping -c 4 google.com
 
PING google.com (64.233.187.99) 56(84) bytes of data.
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=1 ttl=238 time=43.3 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=2 ttl=238 time=28.9 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=3 ttl=238 time=27.7 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=4 ttl=238 time=34.7 ms
 
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 27.742/33.685/43.323/6.165 ms

Perfect!

eclipse / howto / java / linux / software / sun / technology — 13 Comments
15
Sep 08

Reset Lost Password in Sun Application Server

Sun Application Server Password Reset Happens to the best of us, less with system admins more with developers. But we are all human, and believe it or not we DO forget and loose passwords at least once every so often. Some time ago I wrote a tutorial on how to reset lost root password in mysql, and here is another similar tutorial on how to reset the lost domain password but this time for Sun Application Server.

Before going any further with this article, please first check “.asadminprefs” file:

cat /home/toly/.asadminprefs
 
AS_ADMIN_USER=admin
AS_ADMIN_PASSWORD=YourSecretPasswordInTextHere!

the admin password could be there

If it is not there, there are two ways to reset it:

Reinstall or recreate the affected domain.
Create a new dummy domain and copy its security key file over to the real domain to substitute the password.

Below is an explanation for the second approach (in case when “reinstall or recreate affected domain” is not an option):

Given:

 >   Sun App server is installed in                 "/opt/SUNWappserver"
 >   Domain to which the password is lost:   "domain1"

Step 1. Creating a new dummy domain

/opt/SUNWappserver/bin/asadmin create-domain --adminport 7070 --adminuser admin --instanceport 7071 dummy-domain
 
Please enter the admin password>password
Please enter the admin password again>password
Please enter the master password>password
Please enter the master password again>password
 
Domain dummy-domain created.

Step 2. Copy dummy-domain’s “admin-keyfile” to domain1’s “admin-keyfile”

cp /opt/SUNWappserver/domains/dummy-domain/config/admin-keyfile  /opt/SUNWappserver/domains/domain1/config/admin-keyfile

now the password for domain1 is “password” – DONE :)

Step 3. Deleting the dummy domain

/opt/SUNWappserver/bin/asadmin delete-domain dummy-domain
Domain dummy-domain deleted.

NOTES:

The above is true for Sun’s Application Server 8.x and later.

For Sun’s Application Server 9.x check out “change-admin-password“

cool places / howto / java / linux / software / technology / tutorials / ubuntu — 5 Comments
11
Sep 08

Install Sun Application Server on Ubuntu

Sun Microsystems

On the client site when working on Java (or should I say JEE) projects, the application servers are most of the time “rotate” between these four: JBoss, Websphere, Weblogic, and someties Geronimo. However there are some clients who have pretty tight contracts with Sun, and in these cases the Sun Application Server is used.

I think now days in development world in general, well except maybe .NET part of it, Ubuntu and/or Mac OS slowly become OSs of choice for developers. Sun app server however is not the most used app server out there, and since its installation could be a bit non-straightforward, here are four simple steps on how to install it on Ubuntu box:

Step 1. Download the “.bin” form sun:

“Sun Java System Application Server”

http://java.sun.com/j2ee/1.4/download.html (I needed 8.2, but there are more recent ones)

Step 2. Change permissions, to make it runnable:

chmod 744 sjsas_pe-8_2-linux.bin

Step 3. If you just run it:

./sjsas_pe-8_2-linux.bin

It is going to complaint that it is missing a standard c++ library:

./sjsas_pe-8_2-linux.bin: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory

Having done some “apt-cache” searches ( apt-cache search libstdc++ ), found that Ubuntu has “libstdc++.so.6” in /usr/lib.
From /usr/lib run:

 sudo ln -s libstdc++.so.6 libstdc++-libc6.2-2.so.3

Step 4. Run it now, it will install Sun App Server successfully! * **

* Do not run installation as root – it will fail (for most sun app servers versions)

** If you use any form of Beryl (or some Compiz’es), disable it, or reload window manager as a “Gnome Manager”. This is due to the fact the the installer is written in Swing, and Swing does not get along too well with some display managers.

hardware / howto / linux / software / technology / ubuntu — 31 Comments
6
Aug 08

Speed Up Ubuntu Boot Time by Starting Networking on The Background

Ubuntu Boot Up Time It is quite a simple change but it makes an Ubuntu laptop to boot 2-3 times faster! What takes the most time during boot in Ubuntu (and many other Linux distros) are DHCP discovery and DHCP timeout that are run by networking startup scripts. This of course can be solved with tweaking the timeout or just configuring a static IP, however this solution is not all that elegant, just because “What if the system needs this particular timeout?” or “What if it is a laptop, and it’s IP cannot be static?”

The idea to solve this is simply to take an advantage of concurrency. So instead of all other boot scripts to wait on the networking script(s) to finish its discovering and “timeouting” during a system boot, these network script(s) could be started in parallel, as separate child processes. This will speed up boot time, since the system should no longer wait on the “networking” to finish.

One thing to understand here, is that networking is not taken out of the boot process – it stills belongs to it (it is its child), and it would still run, and would do its important job – the difference is it would do it in parallel.

Here are two easy steps on howto archive this in Ubuntu (it can be applied to pretty much any Linux/Unix distribution, however the scrips/locations will/might be different) :

Step 1. Find network startup scripts:

cd /etc
 
user@host:/etc$ sudo find . | grep network
./rcS.d/S40networking
./init.d/networking
./network
./network/.interfaces.swp
./network/if-post-down.d
./network/if-post-down.d/avahi-daemon
./network/if-post-down.d/wireless-tools
./network/if-post-down.d/wpasupplicant
./network/interfaces
./network/if-up.d
./network/if-up.d/ntp
./network/if-up.d/clamav-freshclam-ifupdown
./network/if-up.d/ntpdate
./network/if-up.d/avahi-daemon
./network/if-up.d/sendmail
./network/if-up.d/avahi-autoipd
./network/if-up.d/wpasupplicant
./network/if-up.d/mountnfs
./network/if-pre-up.d
./network/if-pre-up.d/wireless-tools
./network/if-pre-up.d/wpasupplicant
./network/if-down.d
./network/if-down.d/clamav-freshclam-ifupdown
./network/if-down.d/sendmail
./network/if-down.d/avahi-autoipd
./network/if-down.d/wpasupplicant
./networks
user@host:/etc$ ll ./rcS.d/S40networking
lrwxrwxrwx 1 root root 20 2007-05-20 18:48 ./rcS.d/S40networking -> ../init.d/networking

FOUND IT: In this case the netwoking script that runs on startup is “../init.d/networking”

Step 2. Extract “start” case into a separate method:

user@host:/etc$ sudo vi ../init.d/networking

here is a “start case” in the original file:

case "$1" in
start)
	log_action_begin_msg "Configuring network interfaces"
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true
	if [ "$VERBOSE" != no ]; then
	    if ifup -a; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	else
	    if ifup -a >/dev/null 2>&1; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	fi
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true
	;;

let’s modify it by extracting the “start case” into a separate method so it can be run as a background process on the start up:

here is a “start case” in the modified file:

# adding this method so it can be run as a background process on the start up
start_on_boot () {
 
	log_action_begin_msg "Configuring network interfaces"
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true
	if [ "$VERBOSE" != no ]; then
	    if ifup -a; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	else
	    if ifup -a >/dev/null 2>&1; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	fi
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true
}
 
case "$1" in
 
start)
 
	# start networking on the background, so it does not slow down the boot time
	start_on_boot &
 
	;;

Save the file, reboot and enjoy

DONE :)

Interesting related articles:

making ubuntu boot in 19 seconds
understanding bash fork bomb

kam
one of those blogs

linux

Configure Simp Server to Encrypt IM clients in Linux

Sure Way to Restart a Wireless Network

Reset Lost Password in Sun Application Server

Install Sun Application Server on Ubuntu

Speed Up Ubuntu Boot Time by Starting Networking on The Background

here is more about

kamone of those blogs

linux

Configure Simp Server to Encrypt IM clients in Linux

Sure Way to Restart a Wireless Network

Reset Lost Password in Sun Application Server

Install Sun Application Server on Ubuntu

Speed Up Ubuntu Boot Time by Starting Networking on The Background

here is more about

kam
one of those blogs