Sometimes Linux screws u up and getting out of it is real fun,provided ur willing to see outputs u dont want to and all night sleep off .
ha ha ! yeah thats what i did last night.And all i was trying to do was to watch a movie in linux :)
It was FC5 full installation and it still didnt have a mediaplayer.So i had downloaded all the VLC XINE WINE mplayer , mpg123 mpg321 and 2 more packages.I was dead sure one of these was going to install and i was going to watch some movies.
And also yesterday we tried a small hack at expect and i was trying to write a script that could automatically login in to a server transfer files through ftp and logout by itself.
And we tried shell script but interactive mode was impossible hence someone said EXPECT was good ! so we tried a little hack.
and the code read like this
#!/usr/bin/expect -f
spawn ftp $remote_server
expect “username:”
send “$my_user_id\r”
expect “password:”
send “$my_password\r”
expect “ftp>”
send “bin\r”
expect “ftp>”
send “prompt\r”
expect “ftp>”
send “mget *\r”
expect “ftp>”
.
send “bye\r”
expect eof
and when finished jus execute it by bash$ expect -f filename
and its all done :) .
The time was 2Am and i sat down to install mediaplayer and i relaised all of them went down :(.Then i tried putting in wine and execting and it still wasnt playing. Then i realised it is possible to simply include the media files to a plugin manager .
and the time now was :) 5am hmm what do i do now.nothin! jus shut down the pc.
taggy –
In Mac OS X, the root account is disabled by default. The first user account created is added to the admin group and that user can use the sudo command to execute other commands as root. The conventional wisdom is that sudo is the most secure way to run root commands, but a closer look reveals a picture that is not so clear.
What you get with sudo
What are you really gaining by using sudo in the default Mac OS X configuration? First, you gain some comfort that nobody can login as root, either locally or remotely via SSH or FTP and tamper with your machine. Second, you get a log entry in /var/log/system.log every time sudo is used showing you who used it and what command was executed. These appear good enough reasons to endure the slight inconvenience of using sudo.
However, the way sudo is configured out of the box, you only need to enter your own password for authentication. This means that if someone guesses your password or steals it (and has access to it locally or via SSH), they can take over your box just as if you had root enabled.
Worse, if you execute sudo -s to start a root shell, the only thing that shows up in your system.log is this:
Mar 20 07:49:12 sudo: username : TTY=ttyp3 ; PWD=/Users/
username ; USER=root ; COMMAND=/bin/bash
Every other command after starting a root shell does NOT get logged at all. All you can tell from this is when someone started the root shell. Whatever happened after that is a mystery. The same problem exists if a command is executed that permits shell escapes like many text editors, telnet programs, etc. So, in fact, using sudo has gained us absolutely nothing over enabling and using root.
These deficiencies can be mitigated, and we’ll get to that later.
Securing the root account
If you enable the root account, there are a couple of precautions you should take. First, give root a different password than your user account.
You can prevent root logins to SSH by changing this line in the sshd configuration file, /private/etc/sshd_config:
#PermitRootLogin yes
to this:
PermitRootLogin no
Then, stop and restart SSH in System Preferences / Sharing. To go one step further, disable all password logins to SSH and allow only public key authentication. This is how I configure my Linux servers. There are many fine resources on the web that describe the gory details of using SSH public key authentication.
FTP logins by root are disabled by default since the root account is listed in the /etc/ftpusers file. Users listed in that file are not allowed to login using FTP.
Finally, disable user access to sudo by commenting out the %admin line in /private/etc/sudoers:
#%admin ALL=(ALL) ALL
With two minor configuration changes, we have a system that is arguably more secure than the default system using sudo. Why? Because if someone guesses or steals your user password, they can’t use sudo to take over the machine. They still have to guess the root password. Of course, if they have a local account, they may be able to use a privilege escalation vulnerability to gain root access, but that is an issue for Apple.
Back to sudo
Is there a way to make the sudo configuration more secure? There are many things that can be done to improve the default settings. Here are a couple.
The most obvious change is to require a different password than your user password to authenticate. This can be done while keeping root logins disabled with a little trickery. First, enable the root account, change the root password, then use Netinfo Manager to change the root shell to /usr/bin/false. Any attempt to login as root will immediately end. Then, you can force sudo to require the root password by adding this line to /private/etc/sudoers:
Defaults:ALL rootpw
Another security enhancement is to set up restrictions by user, and listing specific commands that are allowed to be run using sudo. By limiting the commands that can be run, you can limit the damage that can be done by a user account. This means changing the line in /private/etc/sudoers that grants all commands to users in the admin group. Check the sudoers man page for the details.
With these changes in place, sudo becomes much more secure, and is probably safer than using root directly. You should still change the SSH configuration to deny root logins and use public key authentication.
The real story
I’ve made arguments and suggestions for using the root account and for using sudo. But consideration should be given to the role of the computer and primary user(s) before making a decision on which may work best for you.
The main goal of sudo is to allow users limited access to root commands for the purpose of distributing the sysadmin load. On a single user box, you are only distributing the load to yourself. If you take a few precautions, enabling the root user is perfectly acceptable and can be more secure than the default configuration using sudo. On a multi-user box, sudo adds value and may be the best way to go. Given its limitations, the notion that sudo is always the best choice is dubious. The real story is it depends on the configuration.
We have all heard enough of forks and crashes .But this simple piece of one line can FORK BOMB
ur system until all your resources get exhausted.
:(){ :|:& }; :
It exponentialy increases the forking .
ON Linux BSD :P jus try out guys may be u can crash ur server :P when the assignmenst are due :)
Today i was about to meet babes :P well i will leave that to another entry i will talk something that cud actually be great.I went up to a converstaion and as it shifted to domains i become someone i was quite sometime ago.A spectator and i was looking down at everyone.When at the back i was putting every individual on a network and tried if there could be symmetric flow of data across N networks.I know i staerted off the bad way but today as i had absolutely nothing to talk and i just let my mind wander around while the discussion went on .When i designate every member there as Network family and try to put their talks in to my data.I realised whenever theres is a third party interruption in a network ,there exists a definite indication of sniffers for thats what they are meant for.
Everytime codelabs crashed and i was wondering how one could actually pierce thru a very safe group of individuals i realised as we represent four system users ,there could be an option someone is listening to the terminal we work on through a port.
If not many tried it works when u type this
$finger
username tty login w
the ttyX is the terminal no. they are working and although the permissions are initially to root.While there is work on they become writable by user and as in UNIX “everything in Unix is a file“They become writable by user.Hence
$cat /dev/ttyX& would put out the ocntents and they can always be put up thru the ports.And today when i was going tooooooooooo dumb in a conversation holding nothing for me :P i was think of this tool called snortstorm and a very effective and terminal to terminal :) and i relaised there definitely existed a snortstorm at codelabs.
This time im sure im gonna wait and see :P who pens up a port and im sure i can find out what port and hence which person :P ppl can sometimes be choosy abt numbers :P
Amidst all these :P let me tell u :D the day hasnt started for me :P
Taggy—
Sat down to write something else iam scribbling down some tech somehow i just relaised :P im better digging in to the UNIX and OS :D than trying to look somewhere else :)
Afterall someone did say “Out of Normal social expectations ” it was the last thing that struck me when i boarded on to the 47A :) back home :P and iam already feeling the bliss of just being theyaga :P
I was just browsing through Wikipedia :)and found these !
“When you say “I wrote a program that crashed Windows”, people just stare at you blankly and say “Hey, I got those with the system, *for free*”.”
“Some people have told me they don’t think a fat penguin really embodies the grace of Linux, which just tells me they have never seen an angry penguin charging at them in excess of 100mph. They’d be a lot more careful about what they say if they had.”
the Linux philosophy is ‘laugh in the face of danger’. Oops. Wrong one. ‘Do it yourself’. That’s it.”
“Really, I’m not out to destroy Microsoft. That will just be a completely unintentional side effect.” [Linuz Torvalds]
Iam Theyagarajan S ( 'taggy') . to know more ,head out to
