Installation and Usage Guide for CSF firewall

1 Introduction

CSF stands for Configserver security and firewall. CSF is a configuration script built to provide better security to servers , at the same time providing a large number of configuration options and features to configure and secure with extra checks to ensure smooth operation. It helps in locking down public access and to restrict what can be accessed like only e-mails or only websites, etc. To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.

  • Login Tracking
  • Process Tracking
  • Directory Watching
  • Advanced Allow/Deny features
  • Block Reporting
  • Port Flood Protection

And many more. This post does not cover all the features and thus for more detailed information about each of the features read the “readme.txt” file from the csf folder that we will download.

2 Downloading and Installing

The first step involves removing any previous version of csf that might have been downloaded and then downloading the latest version. To perform these use the following two commands:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz

Now we extract the tar file in the home directory and move into the csf directory.

tar -xzf csf.tgz
cd csf

The steps till here are shown in the image below.

Now we are ready to install, but before we can, we will need to have root privileges else we will not be able to install. So, use the following command to gain root privilege and type in the password if asked.

sudo su

Install CSF using the following command:

sh install.sh

Once the installation is over successfully, the output will look similar to the image below.

Once the installation is complete, we can do the verification.To do so, we test if our system has all the required iptables modules. Now when this is run, it might indicate that you might not be able to run all the features but that is alright. This test can be considered as PASS as long as the script doesn’t report any FATAL errors. To test it, use the following command:

perl /usr/local/csf/bin/csftest.pl

My result of running this test is shown in the image below:

3 Remove other firewalls

It is important to remove older firewalls or any other firewalls setup to protect the server. This is because the conflict of Firewalls can lead to failures or inaccessibility. You should also not install any other iptables firewall and if it already exists, then it has to be removed at this stage. Most of the systems is likely to have APF+BFD firewalls and has to be removed. So use the following command to detect and remove them if they exist.

sh /usr/local/csf/bin/remove_apf_bfd.sh

I didn’t have it pre-installed , so the output of the command in my system looked like the image below:

Read my full post on HowToForge here.

Advertisements

Attendence.gov.in : my technical perspective!

Attendance.gov.in is an online  biometric Attendance System launched by the Indian Government to  have a transparent view on the work ethics of Government employees. This is one of the projects undertaken by the prime minister of India Shri Narendra Modi.

The website looks fabulous compared to earlier government websites. Its responsive and provides a good amount of data for the public to view. But, there are claims to this website leading to hanging of the computer or sometimes the browser and  the coding of the website being of inferior quality. So, I  spent time going through the website , to find evidence of either a bad execution  or a bad user experience.

So, during my  entire  session viewing the website, neither the website nor the system hanged. It was working completely normal and it didn’t provide any lag of signs of hanging when i tried multitasking with this website opened on 2 different browsers.  The website is programmed to fetch data from the server every 8 seconds so that, the data displayed is updated to almost real time. But I found that  on an average, the data was being refreshed every 2 to 20 seconds and the changes in the numbers were reflected on the graph accordingly.

Websites use AJAX to create asynchronous websites. The concept behind an asynchronous websites is that, the website shows changes dynamically when the server system changes its state and the change is reflected in the users browser without the need for the user to have some kind of an interaction with the website.  Now there is code in this website where ajax is used but its effect is nullified by using async: false (screenshot below)  , So this beats the whole point of using ajax.

blogpost1attendance
l
ink to this source code : here

There  is also evidence that, some of the charts used in the website  has data hard coded using JS. And yes, its true (screenshot below).

attendance2

link to source code: here

So with this, the question arises,  will the data be manually updated every time?or is it just dummy data?
I think, its not dummy data because, this data has changed since the last time, indicating that this data is manually updated. Now, there might be a better way to update data that relatively stays same for a long period of time but i don’t know of any.

I don’t think its fair to say that, we haven’t used the best programmers available to carry out a much better job of getting this site up and running. I mean, healthcare.gov project under the Obama administration, clearly had the best of the people building it but failed miserably the first time but it recovered. So, I think we are at a better state than that and can always strive to achieve better.

To conclude, being an ambitious project there might be certain areas, where it lacks to be a website built with high standards. But as a layman, it provides me with a way to have more transparency with the working of government and beginning of an era of online information sharing in India, and that is why I am extremely exited about this.

Grub rescue

I had triple-boot on my system. Windows 8, windows 7 and Ubuntu and all the boot management done by Ubuntu Grub of course. Almost having all the 3 OS for about 6 months, I started facing difficulties like slowing down, shortage of space, etc and so I decided to delete windows 8.

The process to do that is simple.
on start menu, select run and type msconfig. Once that opens select the Boot tab and in it select the Windows 8 option and click on delete and then click on OK.
I then, deleted the partition holding Windows 8 and merged it with one on the other drives. Now, this leads to en error. The Linux grub manages only the windows 8 and the windows 8 boot loader manages between windows 7 and windows 8. So, when the windows 8 partition was deleted , it corrupted the grub as well.
This lead to the error :

unknown filesystem:
grub rescue> _

This error can be fixed easily.  The path the grub has to be set. So, type the following commands :

set boot=(hd0,msdos6)
set prefix=(hd0,msdos6)/boot/grub
insmod normal
normal

Once all the 4 commands are typed , automatically the grub loads allowing you to chose the OS to boot into.

once the boot options is got.. Boot into Ubuntu and then reinstall the grub using the following commands

sudo update-grub
sudo grub-install /dev/sda

Some times the boot file might not be there on (hd0,msdos6) , in this situation , you can type ls and find out all the partitions
Example :
grub rescue> ls
(hd0), (hd0,msdos5),(hd0,msdos6),(hd0,msdos7),(hd0,msdos8)

So use ls to find the boot folder.
Eg:
grub rescue> ls  (hd0,msdos5)
no file system found
grub rescue> ls (hd0,msdos6)
ext4: file system

So, when a message that come like ext4 or any other file system exist, the boot file is present in that partition. So in the above 4 statements, substitute (hd0,msdos6) with the partition you have found containing the file system.

Socket Programming using TCP/IP

Socket programs are used to communicate between various processes usually running on different systems. It is mostly used to create a client-server environment. This post  provides the various functions used to create the server and client program and an example program. In the example, the client program sends a file name to the server and the server sends the contents of the file back to the client.

Functions used in server program:

  • socket() –    This call creates an unnamed socket and returns a file descriptor to the calling process.
    usage :   int socket(int domain, int type, int protocol)
    Eg:  sockfd=socket(AF_INET,SOCK_STREAM,0);
    here AF_INET means the the communication is over the internet domain.SOCL_STREAM indicates its a stream type of communication and 0 indicates the protocol used is TCP/IP.
  • bzero()–    this call is used set all the values of the buffer to zero.
    usage: bzero(pointer_to_buffer,size_of_buffer)
    eg:  bzero((char *)&serv_addr,sizeof(serv_addr));
    here serv_addr is of the struct type sockaddr_in which has members used to describe the complete address of a system.
  • serv_addr.sin_family=AF_INET;
    As stated earlier the serv_addr has severaal members and the first of it is sin_family and it contains the code for the address family  and is always AF_INET, indicating the internet domain.
  • serv_addr.sin_addr.s_addr=INADDR_ANY;
    here sin_addr has one member s_addr which is used to hold the IP address of the machine its running in, and this IP ddress is got from the INADDR_ANY constant.
  • serv_addr.sin_port=htons(portno);
    here we hav to store port number into he sin_port member and this takes on the network bute order. So, htons() converts the host byte order representation of the port number to network byte order representation.
  • bind() – It is a system call that binds a socket to an address. Here, the address would be the IP address of the current machine and the port number.
    usage : bind(socket_fd, pointer_of_address_its_bound_to, size_of_address);
    Eg:  bind(sockfd, (struct sockaddr *)&serv_addr,sizeof(Serv_addr)_);
    On failure, it returns a value less than zero.
  • listen() –  This call allows a process to listen on socket for communication.
    usage: listen(socket_fd, no_of_waiting_connections);
    so it takes in a socket file descriptor and  the no. of connections waiting while the process is handling a particular connection. so they wait in a blocking queue.
    Eg : listen(sock_fd,5);
    so 5 connections can wait at the max.
  • accept() –  is a system call that causes the process to block until the client connects to the server.
    it returns a new descriptor and all communication should be carried out using the new file descriptor.
    usage: int accept(sockfd,pointer_to_address_of client, addr_storing_size_of_client_address);
    Eg:  newsockfd= accept(sockfd, (struct sockaddr *)&cli_addr,&clilen);
    here cli_len=sizeof(cli_addr); so the newsockfd has the new socket address which will be used for communication.
    So, this command blocks  until the read() of data is complete that is till the client has finished its write().
  • bzero(buffer,4096);
    n=read(newsockfd,buffer,4096);
    this initializes the buffer to zero and then reads the content from the socket (using the newsockfd) into the buffer. Her since the client sends the file name first, the buffer now contains the filename whose contents has to be sent back. The read(), will also block the process till there is something remaining to read from the socket.
  • fd=open(buffer,O_RDONLY) opens the file requested by the client in the read only mode.
  • read(fd,buffer,4096);
    this reads the contents of the file into the buffer. In socket programming, all communications happens using the buffer both at client and server side. With the completion of this read , the contents of the file is residing in the buffer and is ready to be sent to the client.
  • write(newsockfd,buffer,4096);
    this is the final command ehich writes the contents of the buffer( which has the file content) into the socket using the newsockfd which finally delivers it to the client process.

Functions used in client program:

  • connect() –  is a function used by the client to establish a connetion to the server. It takes 3 arguements:
    usage: connect(sockfd, host_to_which_itconnects, sizeof_addr);
    Eg: connect(sockfd,(struct sockaddr*)&serv_addr,sizeof(Serv_addr))<0);
  • The client too like the server uses the write() to send the file name to server and uses read() to read the content of the file into the buffer. It finally uses write(1,buffer,4096) to print the content on file onto standard output.

The full source code and usage for the client and server can be found here.

Setting up and using Github on Linux : A beginners guide

github

 

GitHub is a treasure trove of some of the world’s best projects, built by the contributions of developers all across the globe. This simple, yet extremely powerful platform helps every individual interested in building or developing something big to contribute and get recognized in the opensource community.

This post will be a quick setup guide on Github and how to perform various functions of creating a repository locally, connecting to the remote host that contains your project (where every one can see), committing the changes and finally pushing all the content in the local system to Github.
Please note that this post assumes the the reader is familiar with the terms  on Github such as push , pull requests , commit , repository,etc.

Step 1

download and install git for Linux :
sudo apt-get install git

Step 2

Set up the configuration details for you, as a user of Github:

git config –global user.name “user_name”
git config –global user.email “email_id”

An example for this would be:
git config –global user.name “akshay” [here the “user_name” can be anything.. in my case its akshay]
git config –global user.name “abc@gmail.com” [here the “email_id” should be the ID used to create the GitHub account. In this example its abc@gmail.com]

Read my full post on HowToForge Here.

Join me on Github: https://github.com/akshaypai

Validating user Input in C++

Inputs have to be validated before allowing any kind of processing or operations to be performed on it. This is extremely important because, an unhandled wrong input might have the complete ability to crash a system.  C++ has some good  validation techniques that can be used to validate most kind of inputs. This post discusses some of the techniques and its shortcomings and what could be done to improve the quality of validation.

Now, consider a program has to accept only integer inputs and reject all the others. So, the developer would have declared to store the integer value in say “int a;”. So “a” will store the input value.

When the user input is accepted using the “cin>>a” statement, we can use the inbuilt methods surrounding the “cin”  statement to test its status.

Here is a sample program: –

#include
#include using namespace std;

int main()
{
int a;

 cout<<“Enter an integer number\n”; cin>>a;
while(1)
{
if(cin.fail())
{
cin.clear();
cin.ignore(numeric_limits::max(),’\n’);
cout<<“You have entered wrong input”<<endl; cin>>a;
}
if(!cin.fail())
break;
}

cout<<“the number is: “<<a<<endl;
return 0;
}

From the above example, the various functions are used to validate the input like the cin.fail(), cin.ignore(), etc. The various functions of these methods are :

function

Description

cin.fail() This function returns true when an input failure occurs. In this case it would be an input that is not an integer. If the cin fails then the input buffer is kept in an error state.
cin.clear() This is used to clear the error state of the buffer so that further processing of input can take place. This ensures that the input does not lead to an infinite loop of error message display.
cin.ignore() This function is used to ignore the rest of the line after the first instance of error that has occurred and it skips to or moves to the next line.
cin.eof() This function can be used to check end of file errors. This returns 1  if the program tried reading something but , it was from the end of the file.

NewYearsPromoBusiness-10usd728x90

Here is a screenshot of the various wrong inputs given, and them being handled by the program till a correct  input is provided.

 imput valid

Though this technique seems to work fine it hides a dangerous fault that can occur. This can be considered as a dis advantage of using c++. This technique does not catch certain types of input.
The following screenshots show 2 inputs that is accepted and the numerical part is printed.

invalid1

invalid2

 So, how can this erroneous inputs be handled?
The technique we can apply is to accept the input as a string. The analyze the string to be of the illegal types shown above using regular expressions. If the input is valid then convert it into an integer and use it in the program else display an error message.
Though its possible, its very difficult to be achieved in c++. This is mainly because,  c++ doesn’t support regular expressions by default, we have to make use of the regex library which is quite complex to use.
So to conclude, though C++ provides some handy tools to validate inputs, it does not help us to cover all possible situations in a straight forward way, which would lead us to use other workarounds to get our job done. But the validation of input can be handled in an efficient way with languages like java and c#.

Update 1:  29th Sept 2015

Blog Reader @Nick has provided a solution that is free from reg-ex, and i encourage you to try this out as well and let me know how it works in the comments:

A solution to the problem regex expression free

#include
#include
#include

int main()
{
std::string line;
int num;
//split onto multiple lines for readability
while((std::cout <> num) && !(is >> line)) //re-using `line` to test for extra stuff after the number
{
break; //done, we got what we wanted
}
std::cerr << “Invalid input, try again.” << std::endl;
}
}

Hack 1 : Running a C program without main()

This  post is a simple example of deception. It shows how a programmer can defy the very important rule of having a main() in c program and still make the program run. This illustrates the concept on a simple program though it can be scaled to  much bigger and more complex programs.

#include<stdio.h>

#define decode(s,t,u,m,p,e,d) m##s##u##t
#define begin decode(a,n,i,m,a,t,e)

int begin()

{
printf(” hello “);
}

This program runs without main().

how??

Here we are using preprocessor(a program which processes the source code before compilation.) directive #define with arguments to give an impression that the program runs without main. But in reality it runs with a hidden main function.

The ‘##‘ operator is called the token pasting or token merging operator. That is we can merge two or more characters with it.

In the 2nd line of the program-

#define decode(s,t,u,m,p,e,d) m##s##u##t

What is the preprocessor doing here. The macro decode(s,t,u,m,p,e,d) is being expanded as “msut” (The ## operator merges m,s,u & t into msut). The logic is when you pass (s,t,u,m,p,e,d) as argument it merges the 4th,1st,3rd & the 2nd characters(tokens)

Now look at the third line of the program –

#define begin decode(a,n,i,m,a,t,e)

Here the preprocessor replaces the macro “begin” with the expansion decode(a,n,i,m,a,t,e). According to the macro definition in the previous line the argument must be expanded so that the 4th,1st,3rd & the 2nd characters must be merged. In the argument (a,n,i,m,a,t,e) 4th,1st,3rd & the 2nd characters are ‘m’,’a’,’i’ & ‘n’.

So the third line “int begin” is replaced by “int main” by the preprocessor before the program is passed on for the compiler. That’s it…

So actually C program can never run without a main() . We are just disguising the main() with the preprocessor, but actually there exists a hidden main function in the program.

Time To Transform with the T100! (Windows 8.1 edition)

We are the children of the Internet”, and we need to be on it almost all day long. But to use it we need technology, a device built with state of the art equipment that allows us to stay connected with the rest of the world.  We need it to watch, share, store, and recreate the beautiful things around us. We need it to experience visually the places, and the beauty we haven’t got the opportunity to see with our own eyes. But most importantly, we need it to store the best memories, which will one day reflect our past, show us our “good old days”.

My life involves a lot of travel. From home to college or from home to music school, it’s a long journey, I am most of the day, on the move and the Public transport is involved deeply with my life. It not only takes me to the places I want to go, but also gives me a lot of time to spend, and I think about spending that time effectively. So here I have got an opportunity, to share how I wish my daily journey could be better. It’s the Time to Transform. And here is how a “Transformed” will keep me hooked on to it, Make my journey count, make me spend my time in an enhanced way.

So as I travel, I get the chance to see vivid pictures of people around me, whether it’s a man in deep thoughts or two people conversing, I also get to see people getting about their work, all trying to fit in well, in the big city. I like to interpret what they think and write about it. The thoughts that come to me at that instant are often forgotten. But with the T100, I can write about it the moment I experience something, describing my views and thoughts as it flows, capture everything without missing details. The T100’s light weight will be just perfect to hold and write about the awesome day that I experience. I also go on weekend treks to nearby hills and sunset points. There too I like to sit amidst the nature and describe its beauty. So here again ,the light weight T100 is just what is needed to carry it there, and just clip on the keyboard when I feel I have to write and drift away. And I can also take pictures of myself with the T100’s camera. But i feel the the best part about it, is the battery. Out in the treks, I don’t often find charging points, hence I restrict the use of my smart phone as the battery gets over fast. But the T100’s long lasting battery makes it the best thing I can have with me all day long, using it, to do the things I love. It is all that I want, packed and presented to make my life easier.

There are times when I get to see the same things over and over again. At that point I don’t feel like writing, that’s when music and games come into picture. And again, all I need is the same device. I being a technology enthusiast, love to know the specifications of a device. And this device runs the touch version of the operating system I have used since childhood, “The Windows 8.1”. And is also a gaming power house with processor capable of clocking at 2.2 GHz. I couldn’t ask for more. Just take it out and play hard. Or listen to music, and share it with someone who loves it too. I mean, it’s no more days of slow transfer to flash drives, the USB 3.0 does the fast transfers and it’s on the T100.

I am not new to ASUS. I have been using the N55 SL notebook for studies and project and to write. But now it is time to move forward, time to transform. So, to conclude, a user can see the T100 as a tablet or as a laptop, but what it actually is, is an ASUS’ flagship model, built  to give us the best of both worlds.

P.S: if you want to get transformed, or have a story similar to mine, check out the T100  HERE.

Microsoft Infinity Room

For people like me who are enthralled by technology and the data that makes it work more efficiently this is something amazing to watch. Big data around the world is unimaginably large and might not be able for us to even visualize it in our minds. But  it is because of them that we are able to do more as time goes and as the technology advances.

San Francisco played host to a special mirrored room last month for an impressive illustration of big data. Software giant Microsoft was in town for its SQL Server 2014 launch party, and the carefully choreographed room was the centerpiece of the company’s push towards data analysis. The Infinity Room mixes LED animations, pixel spheres, and a narrative around how a quarter coin contributes to the US economy.

Members of the public were invited to experience the unique room during the three day event, and Microsoft has now created an online 360-degree virtual tour version. It’s an elegant approach to a topic that’s not always easy to grasp, and it demonstrates how data analysis of a simple coin is essential for economies around the world.

This video embarks on the journey of the american quarter . The time from which it was started and how the tremendous amount if quarters that were made from nickel and copper and how the immense data about the quarters that was produced lead to a profit for the American government and how the value of it has changed over the century. A stunning visualisation. I wish I can be there One day!! Its well put by Microsoft: “See the ordinary, Become Extraordinary”

Here is the video, its breathtaking:

Source : Microsoft
S
ource: The Verge

The Tor Project : Anonymity Online

As of now, we don’t have any privacy online. It can be the government or websites we browse , keep an eye out for what we do and store that data. And in times like these what we need is a tool to protect us from the exploitation and protect our privacy.

Why should we be worried?
That is because website knows from where a person is browsing and identifies the user. Then starts profiling the user. This helps them to send targeted ads to the user in a hope that the user will buy it. This information can then be sold to others and they exploit it.The result can be unwanted mails , ads and many more.  Now there is a near to perfect solution to it. Its TOR.

Tor helps the user to stay anonymous , provided the user obeys certain browsing rules while using the tor network.

So what exactly is TOR?
The TOR project is a network of servers called the tor network run by volunteers all across the globe.  So when a user is on the tor network , and sends some request, (say a search for a particular topic) then the request is sent through the TOR network and it flows through various path and  finally comes out of some random server present in the TOR network. So the website to which the request was sent thinks it came from the server from which  the request came out of the tor network and not from the user. Hence keeping you anonymous.
How anyone could get into the TOR network –
Getting into the tor network can be done through downloading and setting up the tor bundle. Its mainly a Firefox browser that it configured and modified to connect to the tor network when you open the browser. Tor also allows user to view  blocked website because of its amazing technology.
The bundle can be found HERE.
But one should note that to stay anonymous , the user should follow the rules strictly. Some of them are the tor browser plugins are disabled.Which means most of youtube videos wont play, One cannot use torrent through TOR and also that when a file or a document is downloaded, It shouldn’t be opened before exiting the TOR  network. So read the whole set of detailed Documents from here.

I have used it and its interesting to know the way it works. What is even more amazing is that, the Tor project includes an operating  system called TAILS. Tails is actually Debian Linux operating system which is modified to help its users stay anonymous. Its designed to run off of a pendrive and helps to leave no trace of what the user was doing. This OS can downloaded here. 

So all you have to do is make  a live USB of trails and run it directly from the pendrive each time. Tor or Trails both don’t save history, so it means that all the work when done is deleted, leaving no trace. SO its advisable to store important data in permanent drives rather than on the USB stick itself.

Utilizing the tor network purely depends on the user. It can protect a user if used correctly or sacrifice the privacy if misused. I have  high interest in this project and there is lots to explore  about the TOR network and lots to know about the services it offers. More than following a standard procedure, this is about exploring things, so the more you explore, the more you use it, the more you will start liking it. Give it a try!!