Skip to main content

Posts

Showing posts from 2009

Killing a Windows Virus From Linux Using F-Prot

While I enjoy using Linux every day, most of my family continues to use Windows (mostly WinXP) and relies on me for tech support. I have done the usual things such as installing Firefox and MalwareBytes, but they still get some infections. That usually involves running a scanner over and over and some virii evade detection.

F-Prot makes commercial virus scanners and has a free home version available for Linux.

Download the tar.bz2 file and extract it to /usr/local/share. Then, from the /usr/local/share/f-prot directory, run:

# ./install-f-prot.pl

and accept the defaults. The /usr/bin/fpscan link to the program will be created and teh virus database will be updated.

To scan a Windows drive, remove it and attach it to your Linux computer using a USB adapter, then mount the drive rw (read,write) at, for our example, /media/windows.

The run the scanner with:

# fpscan --disinfect /media/windows

As it progresses, any corrupted or infected files are listed. Any that cannot be cleaned can always …

Plymouth

Plymouth is a new bootsplash application that replaces splashy for many distros like Fedora and Mandriva. There's not a lot of documentation on how to use it.

The themes reside in /usr/share/plymouth/themes/ .

You set the default theme with:

# plymouth-set-default-plugin themename

or

# plymouth-set-default-theme themename


Then execute:

# /usr/libexec/plymouth/plymouth-update-initrd

to make it occur at boot.

Plymouth works by using a series of still images to create animation for the display during the init process, so it loads along with the kernel. The scripting uses its own language which is said by one of the developers to be "not hard" to figure out, meaning that we mere mortals may likely have only a difficult time creating our own Plymouth themes.

REFERENCES

Plymouth - ArchWIKI

Plymouth - Ubuntu

Plymouth themes: Fix, install, edit and create- Mint
PlymouthTheming Guide

Mandriva 2010.0 on the HP Mini 1120NR

I finally got tired of the frustration of trying to learn Ubuntu on the Mini and also annoyed that HP failed to update their version of it so that I could use my EVDO modem (which quit working after their most recent update). It's not that Ubuntu is bad, I'm just used to doing things on Mandriva/Fedora/RedHat systems.

What prompted me to make the change was the realization that I was not using the Mini because I disliked the default OS. And it was slow, slow, slow.

The Mini I have is the 1120NR with the following hardware:

$ lspci
00:00.0 Host bridge: Intel Corporation Mobile 945GME Express Memory Controller Hub (rev 03) 00:02.0 VGA compatible controller: Intel Corporation Mobile 945GME Express Integrated Graphics Controller (rev 03)
00:02.1 Display controller: Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller (rev 03)
00:1b.0 Audio device: Intel Corporation 82801G (ICH7 Family) High Definition Audio Controller (rev 02) 00:1c.0 PCI bridge: …

Icons for Your system

One annoyance with gaming in Linux is the lack of an icon for MS Windows apps that run under WINE or Cedega. The Icon Archive is a resource for some game icons as well as icons images for other things.

Mageia (and other distros) provides the png2ico application, useful if you want to convert a .png image to .ico format for use as favicon.ico for your website.

Mageia (and other distros) provides the icoutils package which contains two utilities: icotool will convert and create win32 icon and cursor files and wrestool will extract icon resources from MS Windows binaries. The man page for wrestool outlines the process for extracting icons from win32 binaries.

WineIcons "... is a Win32 program for Wine, that allows you to extract icons form ICO, EXE and DLL files and save them in PNG format. It is useful for KDE-like icons creation. WineIcons can be easily integrated into your Linux system."

If you need a free win32 app to extract icon files, @icon sushi is such an application. …

Fixing a Buggy ACPI BIOS Updated for Windows 8 and Linux Kernel 3.x

In the BIOS, there is a table that configures/determines a number of hardware values for ACPI and your system to use.

One of the features of ACPI is that the values and methods used can be differentiated at boot time depending on what OS you run. Each version of MS Windows has a unique identifier and while Linux can identify as "Linux", the Linux ACPI gurus have decided that Linux will always identify itself as "Windows NT". Even if you force Linux to identify itself as Linux, the Linux ACPI code still lies to the BIOS, except for the computers specifically listed in drivers/acpi/blacklist.

If you are running very new hardware intended for Windows Vista or Windows 8, you might get better performance on ACPI-related issues if you identify, or "spoof", your Linux OS as Vista or Windows 8. This is done by adding the boot-time kernel parameter of acpi_osi="Windows 2006" or "Windows 2012" respectively (and the quotes are necessary). still,…

Spoofing the OS to the BIOS

In the past, I used a Tyan MP2466 dual-processor motherboard and noticed something odd about it over the years. I had instability problems where it locks up so that only cycling the power switch will restore it to function. It seemed related to video and USB devices and IRQ's, but maybe not. I've also dual-booted to WinXP to play some of my games that won't run in Linux and noticed that I never had the same instability problems with WinXP on the very same hardware.

All that seems over now. A kernel command line option, acpi_osi=, will spoof the Operating System to the BIOS. The available choices are found in uteval.c in the kernel source. Here is the current list:

"Microsoft Windows" will spoof for Windows98
"Windows 2000", /* Windows 2000 */
"Windows 2001", /* Windows XP */
"Windows 2001 SP1", /* Windows XP SP1 */
"Windows 2001 SP2", /* Windows XP SP2 */
"Windows 2001.1", /* Windo…

lsscsi and systool

The lspci andlsusb commands are familiar to me, but lsscsi was unfamiliar. Written by Doug Gilbert, it provides information about SCSI devices by scanning the sysfs pseudo file system. The author maintained a web page (now defunct) that provided useful information about lsscsi, including some detailed descriptions of the SCSI subsystem information available. Fortunately, a copy resides here. Here's a sample listing from my system That also shows the generic SCSI device names (note that command can be run as a regular user) :

$ lsscsi -g
[0:0:0:0] disk ATA ST3250624A 3.AA /dev/sda /dev/sg0
[0:0:1:0] disk ATA Maxtor 6L200P0 BAH4 /dev/sdb /dev/sg1
[1:0:0:0] disk ATA Maxtor 6Y250P0 YAR4 /dev/sdc /dev/sg2
[1:0:1:0] cd/dvd HL-DT-ST DVD-RAM GH22LP20 1.02 /dev/sr0 /dev/sg3[2:0:0:0] disk Seagate FreeAgent 102D /dev/sdd /dev/sg5
[3:0:0:0] cd/dvd SONY DVD RW DRU-810A 1.0a /dev/sr1 /dev/sg4[4:0:0:0] disk ST910…

UNIX Copy-on-Select for MS Windows

One of the most striking differences between UNIX and MS Windows is the copy and paste behavior using the mouse.

This becomes an annoyance if you are used to the UNIX way of doing things and always forget to highlight-right-click-copy when using MS Windows.

Andy Polyakov's True X-Mouse Gizmo allows UNIX-like copy-on-select behavior in MS Windows environments.

The page also contains useful information about how the utility works and how to modify its behavior, as well as a few things to watch out for.

Importantly, it does not remove the traditional MS Windows behavior, so users accustomed to that way of doing things will not notice a difference.

IceWm and GMail

I have been using the IceWM window manager and have been exploring how to add functionality and usability to it since it presents as basic window manager. The homepage provides useful documentation and FAQs.

By default, IceWm expects you to have traditional UNIX tools at hand and doesn't automatically provide for newer technologies like GMail. It would be nice for the mail icon to work with a GMail account.

Joel Dare has built upon the work of others and crafted a URL that automatically opens your GMail account in a browser. Importantly, Joel's version of the URL closes any open logins to GMail before attempting to log in; earlier versions of the URL would not complete correctly if you have multiple GMail accounts as I do.

Since the URL contains my password in plain text, I chose to create a script at ~/bin/gmail-login with permissions of 700:

#!/bin/sh
# the following is all on one linefirefox https://www.google.com/accounts/ServiceLoginAuth?continue=http://mail.google.com/gmail…

KDE's kdict, dict.org and Firefox

I haven't used the KDE desktop since the release of KDE4, instead relying on IceWM. and while I may go back to it, I miss one of the desktop applets, kdict. Using it to check a definition, spelling, synonyms, etc. was very handy.

Since I use Fierfox as my primary browser, it made sense to consider using a bookmarklet. Bookmarklets are small pieces of javascript code that can be treated as a bookmark. When clicking the bookmark, the code will be executed. I modified a bookmarklet for Dictionary.com to use the dict.org dictionary like kdict did.

To make one for yourself, right-click on the Firefox Bookmarks toolbar, then select "New Bookmark", then fill in the following information. The javascript is all on one line.

Name: Dict.org
Location: javascript:void(q=prompt('Dict.org%20Search:',getSelection()));if(q)%20void(location.href='http://www.dict.org/bin/Dict?Form=Dict2&Database=*&Query='%20+%20escape(q))

The Database=* value mimics that used by kdict an…

HP Mini 1120NR Mi Edition

My wife surprised me with an HP Mini 1120NR Mi Edition for an anniversary gift!

While it runs Linux, it uses an HP-modified version of Ubuntu, which is a Debian-based Linux. Nothing wrong with that, except that Debian/Ubuntu organizes things differently than Mandriva/RedHat, so it took some getting used to.

The first thing I did was to increase the memory from 1GB of RAM to 2GB of RAM, not that I needed it right now, but RAM is currently very inexpensive. Previous version of Ubuntu for the Mini did not have kernels compiled for >1GB support, but this one recognized it upon re-boot.

The interface is unlike a conventional desktop and is called harbour-launcer. you can see how HP modified the Ubuntu/GNOME desktop by reading how others have modified their desktops to mimic HP.

The first thing that I need to do was install some familiar apps, like mc.

Alt-F2 brings up a RUN dialog, and entering gnome-terminal launches a terminal window. I couldn't become the superuser since I didn't …

Using rsync to Fix a Downloaded ISO File

I wanted to upgrade to Mandriva 2009.1 and had the .iso image, but the checksum failed. Since I was at my workshop and had only EVDO modem service, I didn't want to download the entire .iso again and I remembered that I could use rsync to "fix" the damaged .iso file.

To avoid using bandwidth at the garage, I use a USB drive at home (where I have Verizon FIOS) to mirror the current Mandriva repositories using rsync, so I knew that Georgia Tech had an rsync server. I just needed to find the path to the .iso files.

NOTE: Although Mandriva 2009 is now obsolete, the technique described here still works on any downloaded file using and rsync server.
Starting with:

$ rsync rsync.gtlib.gatech.edu::

I eventually wound up with:

rsync://rsync.gtlib.gatech.edu::mandrake/mandrake/official/iso/2009.1/

as the path.

Then, I changed directory to where I had the damaged .iso file and executed (all on one line):

$ rsync -Pz --stats --inplace --ignore-times rsync://rsync.gtlib.gatech.edu::man…

Fighting Linux Rootkits

Recently having had an unpleasant experience with a rootkit that was installed in /var/tmp, better security measures were clearly needed.

Unfortunately, /tmp and /var/tmp are world-writable by necessity and are the favorite target of rookit users. It would be nice to have some sort of protection on these directories and the easiest way is to mount a filesystem image using the loopback device and mount it with noexec and nosuid options via /etc/fstab.

Create the file system image, change its permissions with chmod 1777 and keep it in /boot; 1,200,000 512-byte blocks should be a good size and not waste too much disk space for small files. If your needs are different, adjust accordingly.

# dd if=/dev/zero of=/boot/tmp.img bs=512 count=1200000

This produces a disk size of roughly 300M.

The filesystem format chosen for this particular task is Reiserfs because it handles large amounts of smaller files very well. We need to use the -f option because the file is not a block special device. If the…

FFMPEG-0.5 Compile for Mandriva 2009.0

As you may be aware, ffmpeg now is at version 0.5

Since an updated RPM package is not yet available, I decided to compile ffmpeg-0.5 on my Mandriva 2009.0 system to support all available codecs and optimize the binary for speed.

A number of ffmpeg codec options are disabled by default because of copyright/patent issues making them not re-distributable. But as an individual, we can enable them and break no laws as long as we do not provide copies of the binaries to others. Sources for the non-free codecs are available to be built manually, but all are available for Mandriva from PLF.

The ffmpeg source code is here.

After unpacking the source code archive, do a quick ./configure and you'll see the potential available codecs and other options by looking at the file. You'll need to install all the libraries (plus the *-devel stuff) to compile ffmpeg. Looking at config.err was very useful in determining what problems I had during the attempts at compiling.

I used (all on one line)…

Compressing Files to Save Space

Binary Compression

If you need to save space on your Flash-drive-based Linux OS. you might consider UPX, self-described as the "Ultimate Packer for eXecutables".

UPX is free and provided under the terms of the GPL. It uses a proprietary compression algorithm, the NRV compression library, but can be used with reduced efficiency with the UCL compression library.

It offers very fast in-place decompression and is available for several platforms other than Linux, including ARM, MIPS, PowerPC, DOS and Win32.

For Win32 platforms, there is a GUI version (download here), but it uses an older version of UPX as its base which should not be a problem if all you are only compressing Win32 binaries.

The command line version works on all supported executable formats in all OS versions.

Data Compression

If you just need to compress non-executable files, 7-Zip is a file archiver with the high compression ratio. The program only supports the 7z, ZIP, GZIP, BZIP2 and TAR for packing, but unpac…

Using Linux for MS Windows Anti-Virus Removal

Here's an amusing way to tell someone, essentially, to RTFM.

I saw this link in a Slashdot story about malware and virus removal, but the offered link was identified as a Linux solution.

Anyway, it's easy to see how the URL is crafted, so now you can pimp slap someone who should have Googled it in the first place.

http://lmgtfy.com/?q=live+cd+windows+antivirus

And lmgtfy stands for "Let Me Google That For You" in case you missed the joke.

Funny.
Useful.
Satisfying.

BTW, the Linux solution would be a LiveCD version of Knoppix using BitDefender.

Here's the main site.

And the link to the RPM and DEB downloads.

And the link to the current LiveCD. The MD5SUM of the ISo image is 2404d4abeb23532ef842d940ccc3aeaa.

Of course, you could build your own LiveCD.

But even better, use TRK,  the Trinity Rescue Kit, a bootable Linux CD that offers several virus scanners as well as Windows cleaning, password and rescue utilities plus a Linux distro with ssh, file-sharing, backup a…

Mandriva RPM Meta-Packages

Mageia now provides a few meta-packages, which are small RPM files that contain only the dependencies needed for the application(s) they address. Essentially, a package of package names to be installed. The meta-packages all begin with the name task- and are found in the repositories.

For example, using urpmi to install task-kde4 will install all the files needed for a full KDE desktop; task-kde4-minimal installs a minimal desktop; task-gnome installs the full GNOME desktop; likewise task-e17, task-xfce and task-lxqt easily install those desktops.

There are task- packages for Blackberry and Nokia syncing, and task-lamp installs a full Linux-Apache-MySQL-PHP server plus ProFTP.

You can use urpmq -d task-package to see what dependencies will be installed.

All the task- packages have a .src.rpm and that can be installed, modified and compiled to change things. I have experimented with the LAMP module to NOT install Apache so I can try the nginX web server.

One possible use of meta-packa…

The Mozilla/Firefox about: Redirector

The popular Firefox web browser has a few "hidden" features accessed by the "about:" URL. MozillaZine has an article about them and the actual code can be viewed here.

The about:robots URL is an Easter Egg, or hidden joke. Another Easter Egg was attempted but was thwarted: someone wanted to include an about:kitchensink joke. There is a humorous discussion here (Comments #119 and #120 are the most important) and you can see a demonstration of the joke here.

If you are interested, there are several about: extensions available for Firefox here.

Verizon DSL and MTU

From Brett Charbeneau of theTidewater UNIX Users Group:

Verizon was adjusting the Maximum Transmission Unit of all
packets on the fly on their routers - and they stopped doing that recently.

Some sites, Microsoft Update in specific, demand that the MTU be between 1400 and 1536 or they simply won't interact with a browser. Any browser. At all.

Packets that have a frame size larger or smaller than that are ignored or otherwise mangled beyond recognition by any browser I know of.

So, if you are like me and have several locations sharing Verizon DSL
circuits between lots of Windows users via an iptables-based firewall/router, Microsoft Update, mail.yahoo.com, and a bunch of other sites suddenly became inaccessible on February 9, 2009 for no apparent reason.

The fix is to set a "clamp" on packet size via a variety of iptables
commands, I like to do it in the FORWARD chain like so (all one line):

# iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:…

Fun With Mail Headers

Microsoft Outlook looks for a special email header, X-Message-Flag, and if found, will display a message to the user in the message dialog along with a red flag. If you mail client (MUA) permits the creation of custom headers, you can create an X-Message-Flag header and assign some arbitrary text string to it. Only users of Microsoft's Outlook will see the message.

Some of the messages are funny, some pro-Linux, some anti-Microsoft, some informative, some just stupid. A few example messages are:

Warning: Outlook transmits Viruses! Upgrade to Linux Now!
Using Microsoft software might be a security risk.
If you can read this, you're too close!
Message text blocked: VIOLATION OF US 1201(a)(3)
Warning: message not sent with a DRM-Certified client User-Agent.Warning: Your mail program does not comply with RFC 1855.
Magic 8-Ball says Outlook Not Good.
Outlook : A program designed to spread viri, but it can do mail too.Linux : The choice of a GNU generation.OUTLOOK
ERROR: Large chicken feath…

pci.ids and usb.ids lists

You know that there are lists of PCI and USB devices that Linux uses to identify those devices? The files containing the lists are named pci.ids and usb.ids.


It seems that I have some hardware on my Linux box that is "unknown". How does that get fixed or changed? Over time, those devices will get added to a list that Linux uses to identify devices.

Here's how to add new hardware to the list and how to get the most current lists to drop in you own Linux box.

PCI

The list is maintained by The PCI ID Repository. You can download the most current file from there or submit new devices or discuss changing old entries.

Download it with:

wget -nd http://pci-ids.ucw.cz/v2.2/pci.ids

To locate where on your system the files are located, use the find command and then copy the new files to that location. This works on my system:

sudo mv pci.ids /usr/share/


USB

The USB list lives at Linux-USB.Org. You can download the most current file from there or submit new devices or discuss changin…

Grokking Linux Modules

A lot of the functionality of Linux is contained in the kernel modules. These small pieces of software link the Linux kernel to your hardware, but it's not all that easy to get information about them if you are having trouble with a particular module.


The command lsmod will list all currently loaded modules.

The command modinfo will list general information about a particular module.

The command get_module will list specific information about a particular module as loaded in your kernel.

My system was generating an error message about the shpchp module. To see what other modules might be associated with it:

# lsmod | grep shpchp
shpchp 33556 0
pci_hotplug 29476 1 shpchp

To get the general information about the module:

# modinfo shpchp
filename: /lib/modules/2.6.27.5-desktop-2mnb/kernel/drivers/pci/hotplug/shpchp.ko.gz
license: GPL
description: Standard Hot Plug PCI Controller Driver
author: Dan Zink , Greg Kroah-Hartman , Dely S…

Trusted Platform Module

TPM, or Trusted Platform Module can be used to authenticate computer hardware or protect encrypted disks. A HOWTO can be found here. The Wikipedia entry is here.

TPM is supported only on devices that have TPM hardware support and is typically enabled in the BIOS. A guide to actually using TPM is included in the references. 

It's mentioned here only because I was curious about it.I stumbled upon this while looking at the parameters for the libata module. It has an option named allow_tpm which, when enabled (it's disabled by default) permits the use of the TPM modules and functions. It can be enabled with an entry in /etc/modprobe.conf as:

option libata allow_tpm=1

Do you have TPM support in your Linux kernel? If so, the modules will be listed with the command:

# ls -la /lib/modules/`uname -r`/kernel/drivers/char/tpm

If you are using TPM to secure your hard drive, it makes sense to use a bootloader that can access it. That bootloader would be TrustedGRUB, a modification of GRUB t…

Sharing an Internet Connection on Mandriva 2009.0

Sadly and frustratingly, the Mandriva Linux wizard intended to set up Internet sharing, drakgw, is broken* and has not been well maintained. Until they fix it, here's how to do it by hand, assuming that ppp0 is your Internet-facing connection and eth0 connects to your local LAN. Thanks in part to mheanre and the folks at TWUUG.



1. Mandriva uses shorewall as the default firewall. It needs to be told to pass the data we want to allow. Edit the contents of /etc/shorewall/policy to look like this:

loc net ACCEPT
fw loc ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
loc $FW ACCEPT -


2. Set up ip-masquerade in the kernel:

# echo 1 > /proc/sys/net/ipv4/ip_forward

To make this permanent, add the following to /etc/sysctl.conf:

net.ipv4.conf.default.forwarding = 1


3. Tell iptables to use NAT:

# /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

I found that I needed to add that line to the end of /etc/rc.d/rc.local for it t…