Chuck's personal technology blog
Posts tagged ‘Linux’
ettercap is a little tool I’ve been playing with the past few days, along with metasploit. For anyone who has never heard of either of these tools, give them a shot in a test environment. What they can do is pretty scary stuff.
And yes, I do not care if you know my internal network IP for my laptop. Or one of freenode’s servers for that matter. However, in the last few examples I blurred out my IRC nick and MAC addresses, because I do care about those.
Apparently removing ~/.cache wasn’t the solution to the problem caused by empathy. The real solution is to uninstall VMWare player if you have it installed. For some reason the vmnet kernel module and empathy just do not like each other.
For more info on this problem, see Ubuntu bug 49566.
Although removing ~/.cache occasionally seems to solve other problems, due to couchdb’s excessive logging. (If you don’t believe me, run du -hs ~/.cache/desktop-couch after a few days of tinkering with Lucid.)
If your constantly having your machine crash whenever you try to open Empathy in the Beta/Alpha version of Ubuntu Lucid Lynx, give this a shot
rm -rf ~/.cache
And restart. Things should work as expected once you reboot. I had this problem for a few days, and it appears to be connected to the couchdb service malfunctioning. It also affects just about everything else, like Ubuntu One and Evolution.
The most secure you can get a box from a login point of view involves three authentication methods: Something you have, something you know, and something about you.
So to secure my laptop a little more I decided to implement the “something you have” method. The “something you know” method is obviously the password. Currently I don’t see the need or have the ability to easily add the “something about you” method, but maybe in the future.
Obviously I always have a USB flash drive on me, being a computer geek. Thus I decided to use pam-usb, which allows me to use a USB flash drive as an authentication method.
First, install the following two packages:
apt-get install pamusb-tools libpam-usb pmount
Then plug in your flash drive and run:
pamusb-conf --add-device <name>
Where <name> is whatever you like. You will then be asked to select your storage device. Select the desired drive and afterward:
pamusb-conf --add-user <account>
Account is whatever account you want to use the flash drive for. When asked for a device just select the one you previously configured. If you only configured one device than it will be selected by default.
Finally confirm you can authenticate properly. The flash drive must be plugged in for this step!
pamusb-check <account>
If you are told that the authentication succeeded congrats! Else, check your configuration again.
The final step to complete is to change everything in /etc/pam.d/gdm so that it now says:
#%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so readenv=1 auth required pam_env.so readenv=1 envfile=/etc/default/locale @include common-auth auth optional pam_gnome_keyring.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start @include common-password auth required pam_usb.so fs=fat check_device=-1 check_if_mounted=-1
Then just restart GDM or restart your computer. After that try to login without your flash drive inserted. It should simply fail. Afterwards try plugging in the flash drive, waiting a few seconds, and trying again. This time the login should succeed. Note the above setup is for using both a password and flash drive, not just a flash drive.
One time passwords are a very effective way to connect to an SSH server from an untrusted computer. Consider the following scenario I deal with almost daily.
The computers where I take classes are owned by a governmental organization. Sounds secure, right? Not really. Quite often other students will mess with the computers as they see fit. Plus, installing a keylogger is trivial, since the computers are Mac Minis running Windows Vista laid out on top of a desk, right next to their respective monitor.
Usually I would simply steal the network cable from a Mac Mini for my session on my secured laptop and plug it back in after, but unfortunately this behavior is forbidden by the administration. The biggest problem is not this, but that I need to get access to my remote server to copy a file off. And it cannot wait.
So, I simply fixed the problem by following this how-to and installing putty onto a removable medium, and using my laptop to generate the one time passwords. The linked guide isn’t to hard to follow, so I won’t bother creating my own version of it. However, I did notice some interesting things that could be done with the opie-client and opie-server packages that I plan to blog about later.
If you have any problems with following the how-to I linked to just post a comment here with your problem. I’ll do my best to help.
