Archive for the ‘linux’ Category

Building an Anonym.OS


Presentation by dr.kaos at Interz0ne IV, Atlanta GA, March 12, 2005


Tags: , , , , , , , ,

Anonym.OS LiveCD


Like sand through the hourglass, so are the vestiges of our privacy. From increased governmental surveilance to corporate content restrictions and data brokers, what you do, where you go, and who you talk to is of more interest to more people every day.

Anonym.OS is an OpenBSD 3.8 Live CD with strong tools for anonymizing and encrypting connections. Standard network applications are provided and configured to take advantage of the tor onion routing network.


Tags: , , , , , , , , ,



Well, it’s been a busy three days. I’ve received dozens of emails following our first public beta release of Anonym.OS, and I hope everyone will be patient with me as I try to respond to each email. In the meantime, I can address a few of the more common questions:

1. Where can I download Anonym.OS?

There are currently two download sites — Sourceforge and LinuxTracker

2. Is there an MD5 digest for the ISO?

Don’t know how I missed posting this with the ISO, sorry. :-/ aa3907cbe3220f57e1c1a1bbaec062ef

3. What do I have to do to burn/boot the CD?

You do not have to extract the ISO. Just burn it right from Windows, Mac OS, Linux or BSD and boot right off the CD.

Everything else I haven’t addressed here, I will be addressing in individual email responses, and I will try to compile the more pertinent points into a FAQ that everyone can refer to in the future.

Technorati Tags: , , ,

Armor Your Palace


A guide to securing your home and home network with inexpensive hardware, open source software and about 8 hours of dedicated time. This is a living document, updated on a regular basis to reflect additional best practice methodologies, tips and tricks as they become available.

In this guide, we will walk you through the process of building and configuring security systems to protect your home and home/office network through the use of motion-sensing digital security cameras, advanced firewalls, intrusion detection systems, and realtime notification mechanisms.

In a mere eight hours, we will endeavor to build and configure a moderately sophisticated wired and wireless home or office LAN with a DMZ for public-facing services, strong ingress and egress filtering for all connected subnets and a realtime risk management console with live monitoring and alerts by email and/or telephone!

Technorati Tags: , , ,


1001 ways to harden Linux


Saw this post about a “10 step approach to a secure server” and decided to sort through old courseware I’d written and filter through my bookmarks to provide readers with a fairly comprehensive list of resources for hardening a Linux box (regardless of flavor/distribution/vendor/purpose).

Bearing in mind that there are probably several hundreds of websites and whitepapers that talk to this topic, I’ve tried my best to filter the wheat from the chaff, leaving only those resources that I believe are valuable and offer some unique insight, perspective or technique…

I will also try to keep this page up-to-date by adding new resources as I find them.

Technorati Tags: ,


Hey, your SSH is showing


Saw an interesting submission by Chuck Talk at RootPrompt the other day about DenyHosts, a tool to prevent repeated attacks against public SSH services running on your servers.

Apparently someone had plenty of time to try to login, and was not deterred by repeated login failure. That set me on a course to find a solution that was simple, effective and enough of a barrier to the attacker that they would move on out of frustration, or simply be denied enough that they would find easier targets.

That search led me to find DenyHosts, a simple and elegant solution that works with a minimal configuration effort and is small, quick and clean. The ease of installation and operation make this an effective solution to annoying SSH attackers, and one that you should consider if you are using SSH services.

In essence, DenyHosts is a simple python script, watching logs for entries that might indicate obviously malicious and/or suspicious login attempts. From the FAQ:

DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is valid (eg. has a system account) or invalid (eg. does not have a system account).

When DenyHosts determines that a given host has attempted a configurable number of attempts (this is known as the deny_threshold), DenyHosts will add that host to the /etc/hosts.deny file. This will prevent that host from contacting your sshd server again.

Also, DenyHosts will note any successful logins that occurred by a host that has exceeded the deny_threshold. These are known as suspicious logins and should be investigated further by the system admin.

This blog will self destruct in 5… 4… 3…


Ran across an interesting idea for a self destructing server that essentially entails auto-burning a CD and rebooting to securely wipe the drives on a server containing sensitive information:

“My idea is to keep a blank CD-R in the drive of the server at all times. On [a] hard disk there is an ISO file that is written to the CD-R on demand and then the server is rebooted. The server will ignore the blank CD-R during reboots until it is written with a valid image. The contents of the ISO needs to be a boot loader and kernel, like Grub and Linux plus a file system with a wipe program. The wipe program is started once the kernel is booted and it iterates through the collection of hard drives, which the kernel found during the boot process, and writes over them with a pattern.”

It’s all about the shortcuts


Ok, so I use a Mac virtually all of the time now, and possibly because of (or despite?) its BSD underpinnings, OS X provides one of the smoothest and most logical interfaces I’ve used in 21 years of working with computers. In the end, though, I’m still drawn to the keyboard. Unfortunately, my typing has degenerated over the years, most probably because of my reliance on various and sundry GUIs. I can still bang away at probably something like 70 - 90 wpm if I try hard enough, but my errors are way up.

In order to simplify my life and improve my productivity, I’ve been trying to move back to the keyboard by way of shortcuts for virtually everything I do. It’s an often challenging process, especially when you’ve come to rely on the mouse as much as modern operating systems have inspired me to.

Nonetheless, I’ve found a few very useful tools that have made this process either transparent, or at the very least, significantly easier. Below is a list of those I use and love, with a couple at the bottom that I’ve yet to try but believe will further my efforts…