Wednesday, April 29, 2009

HowTo: Using DenyHosts to help thwart SSH attacks on FreeBSD

DenyHosts is a script intended to be run by UNIX-like system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

I've used it before on Gentoo Linux and liked it, so today I'll lay out the steps required to install and configure it on FreeBSD:
  1. % su
  2. # cd /usr/ports/security/denyhosts
  3. # make install clean
  4. # echo 'denyhosts_enable="YES"' >> /etc/rc.conf
  5. # echo 'syslogd_flags="-s -c"' >> /etc/rc.conf
  6. # echo "sshd : /etc/hosts.deniedssh : deny" >> /etc/hosts.allow
  7. # echo "sshd : ALL : allow" >> /etc/hosts.allow
  8. # touch /etc/hosts.deniedssh
  9. Edit /usr/local/etc/denyhosts.conf and uncoment the BLOCK_SERVICE = sshd entry.
  10. # /usr/local/etc/rc.d/denyhosts onestart
Steps 1 to 3 deal with the installation procedure.

From step 4 to 9, rc.conf is updated so that DenyHosts is started at boot time and can act as a daemon monitoring SSH unauthorized login attempts registering them in hosts.deniedssh.

Finally, step 10 starts DenyHosts imediattely.

If you wish to learn more about DenyHosts have a look at the project's homepage at http://denyhosts.sourceforge.net.

Friday, April 24, 2009

HowTo: Enemy Territory on Gentoo Linux

Wolfenstein: Enemy Territory is a free multiplayer FPS that takes place in the World World II pitting two teams (Allies and Axis) against each other for victory.

In this post I'll detail the steps required to install and update Enemy Territory, the ET Pro mod, PunkBuster and XQF on Gentoo Linux.

1) Install and update Enemy Territory

Become the superuser:
$ su
And emerge the needed package:
# emerge enemy-territory
The game's License Agreement will appear to which you must press the q key so that the following prompt appears:
Do you accept the terms of this license (RTCW-ETEULA)? [yes/no]
Type yes.

Now start the game, create a player profile and quit. By doing so a .etwolf directory will be created in your home directory which includes a folder containing PunkBuster.

Inside the game you can check the installed version by pulling the console down by pressing ~ and typing version. It should output the following:
]\version
"version" is:"ET 2.60 linux-i386 Mar 10 2005" default:"ET 2.60 linux-i386 Mar 10 2005"
2) Install the ET Pro mod

To do so run:
# emerge enemy-territory-etpro
Now ET Pro will show under the Mods options in the games' main menu.

3) Update PunkBuster

Point to http://www.evenbalance.com/index.php?page=pbsetup.php scroll down and follow the Linux download to download PunkBuster update application.

Change directory to where you've downloaded the pbsetup.run and:
# su
# chmod +x pbsetup.run
# exit
$ cp pbsetup.run ~/.etwolf/pb
$ ./pbsetup.run
PunkBuster will ask to fetch updates and prompt for a License Agreement. Afterwards point to "Add a Game option", choose Enemy Territory and its installation path (/opt/enemy-territory).

On the main PunkBuster window click on Enemy Territory to select it and press "Check for Updates". Quit PunkBuster after updating it.

4) Install XQF

To browse and filter server I recommend installing and using the XQF Game Server Browser:
$ su
# emerge xqf
XQF will identify the installed Enemy Territory so select the game and press "Update" to have XQF pull an updated server list.

I tend to play on www.Enemy-Territory.com by www.4netplayers.de server ;)

5) Fix sound issues

ET uses Linux's OSS sound infrastructure so you might come across issues. If so please consult the Gentoo Linux Alsa Guide.

And we're done! See you on the battlefield :D

Wednesday, April 22, 2009

HowTo: Enemy Territory on Debian Linux

Wolfenstein: Enemy Territory is a free multiplayer FPS that takes place in the World World II pitting two teams (Allies and Axis) against each other for victory.

In this post I'll detail the steps required to install and update Enemy Territory, the ET Pro mod, PunkBuster and XQF on Debian GNU/Linux. As a bonus I'll also describe how to workaround sound problems with Enemy Territory on Debian 5.

These steps can be pretty much be reproduced in any Linux distribution. It should be noted that the steps were performed on Debian Lenny but should translate to newer releases.

1) Install and update Enemy Territory

Let's start by fetching the games' installer, make the downloaded file executable and run it to install the game:
$ wget -c http://ftp.freenet.de/pub/4players/hosted/et/official/et-linux-2.60.x86.run
$ su
# chmod +x et-linux-2.60.x86.run
#./et-linux-2.60.x86.run
Press OK in the popup.

Agree with the License Agreement by pressing ENTER at the License Agreement prompt and choosing YES on "Do you agree with the license?" popup that follows.

Choose NO at the "Would you like to read the CHANGES file?" popup. You can allways read the CHANGES file latter on if you want.

Choose the installation path. And press in the Symlink path popup press ENTER.

Install both Enemy Territory and Punkbuster by pressing the TAB key to move to the OK option.

The License Agreement for Punkbuster shows up. Press ENTER twice.

Choose to install the startup menu entries.

After this the game installs. Don't choose to start the game imediatlely as we haven't finished installing everything.

Now download its update:
$ wget -c http://darkstar.ist.utl.pt/games/et-2.60b.zip
Unzip the file:
$ unzip et-2.60b.zip
Change directory of the unziped directory and copy the update files to games' directory:
$ cd Enemy\ Territory\ 2.60b/linux
$ su
# cp * /usr/local/games/enemy-territory/
Logout from the root account:
# exit
Now start the game, create a player profile and quit. By doing so a .etwolf directory will be created in your home directory which includes a folder containing PunkBuster.

Inside the game you can check the installed version by pulling the console down by pressing ~ and typing version. It should output the following:
]\version

"version" is:"ET 2.60b linux-i386 May 8 2006" default:"ET 2.60b linux-i386 May 8 2006"
2) Install the ET Pro mod

Next let's install Enemy Territory's best mod: ET Pro.
$ wget -c http://bani.anime.net/etpro/etpro-3_2_6.zip
$ unzip etpro-3_2_6.zip
$ et
$ cp -R etpro ~/.etwolf
Now ET Pro will show under the Mods options in the games' main menu.

Note: If have other users using ET I suggest copying etpro to /usr/local/games/enemy-territory instead thus making the mod available to every user.

3) Update PunkBuster

Point to http://www.evenbalance.com/index.php?page=pbsetup.php scroll down and follow the Linux download to download PunkBuster update application.

Change directory to where you've downloaded the pbsetup.run and:
# su
# chmod +x pbsetup.run
# exit
$ cp pbsetup.run ~/.etwolf/pb
$ ./pbsetup.run
PunkBuster will ask to fetch updates and prompt for a License Agreement. Afterwards point to "Add a Game option" and choose Enemy Territory. Punkbuster will point the installation path to your username's .etwolf directory.

Note: If you want all your users to have Punkbuster updated run the above steps as root and point to the game's install directory which should be /usr/local/games/enemy-territory.

On the main PunkBuster window click on Enemy Territory to select it and press "Check for Updates". Quit PunkBuster after updating it.

4) Install XQF

To browse and filter server I recommend installing and using the XQF Game Server Browser:
$ su
# aptitude install xqf
XQF will identify the installed Enemy Territory so select the game and press "Update" to have XQF pull an updated server list.

I tend to play on www.Enemy-Territory.com by www.4netplayers.de server ;)

5) Fix sound issues

ET uses Linux's OSS sound infrastructure. If you don't have sound here's how to enable the needed kernel module at boot time:
$ su
# echo "snd_pcm_oss" >> /etc/modules
# modprobe snd_pcm_oss
And we're done! See you on the battlefield :D

Bonus section: etpro launch script

If you play etpro if can repeat the following steps to launch etpro directly (I'm assuming your shell is Bash):
$ echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
$ mkdir ~/bin
$ touch ~/bin/et-pro
$ chmod +x ~/bin/et-pro
$ vim ~/bin/et-pro
Add the following lines:
#!/bin/sh
cd "/usr/local/games/enemy-territory/"
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:.
exec ./et.x86 "$@" +set fs_game etpro
Now you can launch etpro simply by:
$ et-pro

Thursday, April 16, 2009

Book Review: Building a Server with FreeBSD 7

I just love this book. Refreshing concept, clean, straight to the point and very very lean. In it you won't find any desktop related topics, this is an 100% server oriented book.

This is the book to get if you want to step up a server running services such as Apache, FTP, SAMBA, DNS, DHCP, NTP, VPN and so on. Chapter 1, presents the reader on clear and very straight to the option instructions on how to install FreeBSD and perform core administrative actions.

After this chapter we move to the core of the book: services. For here on the reader can choose the service he wants to install/configure and jump right to it.

For each service the author describes the application's background and history, software version used in the book, needed dependencies, install and configurations instructions. The book also shows how to test the service and points to further information. All this is a very systematic and streamlined manner.

BASWF7 is 288 pages long and makes a nice companion to set up services on FreeBSD for anyone acquainted with UNIX like systems. It's also a good complement to FreeBSD's own Handbook by moving into the territory where the Handbook falls short: third parties application configuration.

The book however isn't perfect. It should have in my opinion instructions on how to set up NFS and provide security hardening instructions/advice such as how to build a simple firewall to protect the server.

To sum up: I full hearty recommend this book to anyone wanting to build a server with FreeBSD.

Tip: D-Link DGE-528 on FreeBSD

Here's how to enable 1000baseTX full-duplex on a D-Link DGE-528 network card:
  1. % su
  2. # pciconf -lv
  3. # ifconfig
  4. # ifconfig -m re0
  5. # ifconfig re0 media 1000baseTX mediaopt full-duplex
  6. # vim /etc/rc.conf
  7. ifconfig_re0="inet 192.168.1.3 netmask 255.255.255.0 media 1000baseTX mediaopt full-duplex"
Start by becoming the superuser.

Steps 2, 3 and 4 help you determine where the card is (in my case re0) and collect more info on it.

On step 5 use ifconfig to apply the new setting and test the card out. If everything is ok add the ifconfig setting to /etc/rc.conf (steps 6 and 7) so that the next time you boot the next settings are applied.

Sources:
man 4 re
man 8 ifconfig

Wednesday, April 15, 2009

Tip: Fixing NVIDIA mismatched kernel module on Debian

I've installed Debian 5 Lenny a few day ago and imagine my surprise when yesterday I decided to update it and came across a broken Xorg.

Upon boot X11 didn't load and presented the following error message:
Failed to load the NVIDIA kernel module!
One of the updated packages was the Linux kernel, so I suspected that the problem was with the NVIDIA package and a mismatched Linux kernel.

I had nvidia-kernel-2.6.26-1-686 installed and the new kernel was 2.6.26-2-686 so I needed a matching NVIDIA kernel module.

So here are the steps that I took to fix things up:
  1. # aptitude search ~i~nvidia
  2. # aptitude update
  3. # aptitude purge nvidia-glx
  4. # aptitude install nvidia-kernel-2.6-686
  5. # aptitude install nvidia-glx
  6. # /etc/init.d/gdm restart
On step 1 let's us check exactly what we have installed related with nvidia. Next we update the apt's database and proceed removing the nvidia-glx on setp 3.

With steps 4 nvidia-kernel-2.6.26-2-686 and nvidia-kernel-common are pulled in and you'll be syncronized with the installed Linux kernel.

The nvidia-glx package is installed in step 5 and finnally gdm (replace gdm by the login manager you are using) is restarted bringing X11 back online.

And we're done. Bloodly kernel upgrades ;)

Thursday, April 9, 2009

Tip: Updating packages that don't want to be updated on Debian

In my desktop I have a series of operating systems including Debian GNU/Linux. Having spent most of my time in FreeBSD running XFCE4 I figured I'd update my Debian Sid install whose last update as performed more that 6 months ago.

So after performing apt-get update, apt-get upgrade and apt-get dist-upgrade a few packages insisted on not wanting to be updated with APT screaming "The following packages have been kept back".

A quick jump to the Debian's own APT HOWTO at http://www.debian.org/doc/manuals/apt-howto/index.en.html#contents presented some APT stuff that I were unaware.

So to know what's keeping a package from being updated you may use:
apt-get -o Debug::pkgProblemResolver=yes dist-upgrade
Running this command helped me out in figuring what to do, which involved removing and re-installing some packages in a specific order.

APT does have some interesting thing into it doesn't it?

;)