Tag Archives: ubuntu

Suricata rule management using Oinkmaster

It is possible to download and install rules manually, but there is a much easier and quicker way to do so. There are special programs which you can use for downloading and installing rules. For example, Pulled Pork and Oinkmaster. Here I’m going to show how to install & use Oinkmaster.

To install Oinkmaster, enter:

sudo apt-get install oinkmaster

There are several rulesets available. There are Emerging Threats (ET), ET Pro and VRT. In this example we are using ET Free edition.

Oinkmaster need to know where these rules can be found. These rules can be found at:
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

To configure your Oinkmaster rules location, open oinkmaster.conf and add the link/url as below:

sudo nano /etc/oinkmaster.conf

Then add this line below:
url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

In the new rules directory, a file named classification.config and reference.config can be found. The directories of both need to be added into suricata.yaml file. Do so by entering as below:

sudo nano /etc/suricata/suricata.yaml

Add this line below:

classification-file: /etc/suricata/rules/classification.config
reference-config-file: /etc/suricata/rules/reference.config

Let’s try run the Oinkmaster:

sudo oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules

The rules in locate at /etc/suricata/rules.

  • https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
  • https://web.nsrc.org/workshops/2015/pacnog17-ws/raw-attachment/wiki/Track2Agenda/ex-suricata-rules.htm

Configuring proxy for APT in Ubuntu

Recently, I have a problem where when I tried to update Ubuntu package via apt-get, it shows HTTP 401 proxy error related.
Just a note, I’m running VM using my office network which has an enterprise web proxy servers.

From this site;

APT configuration file method

This method uses the apt.conf file which is found in your /etc/apt/ directory. This method is useful if you only want apt-get (and not other applications) to use a http-proxy permanently.

On some installations there will be no apt-conf file set up. This procedure will either edit an existing apt-conf file or create a new apt-conf file.

gksudo gedit /etc/apt/apt.conf

Add this line to your /etc/apt/apt.conf file (substitute your details for yourproxyaddress and proxyport).

Acquire::http::Proxy “http://username:password@yourproxyaddress:proxyport”;

Save the apt.conf file.

References:

  • http://askubuntu.com/questions/257290/configure-proxy-for-apt
  • http://askubuntu.com/questions/543616/why-does-add-apt-repository-now-fail-to-retrieve-keys-behind-my-proxy-server-bu

Fix Locale problem on Ubuntu

Recently, I saw this kind or error quite frequent. At first I thought that it was nothing.
But eventually, it’s kinda bothering me when I see the error message :p

Jul  6 15:18:01 lel CRON[25571]: pam_env(cron:session): Unable to open env file: /etc/default/locale: No such file or directory
Jul 6 15:31:50 lel sshd[29217]: pam_env(sshd:session): Unable to open env file: /etc/default/locale: No such file or directory

So, here is the solution to solve this problem.
First, run this command:

sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8

It updates /etc/default/locale with provided values.

If you see the /etc/default/locale file, it shows something like this:

#  File generated by update-locale
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8

If the problem still occur, maybe you can try this first before running the command above again:

sudo locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales

Credit:
http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue/505424#505424

SNMP Cannot Find Module on Ubuntu 14.04

If you encounter error something like this:

Cannot find module (SNMPv2-MIB): At line 0 in (none)
Cannot find module (SNMPv2-SMI): At line 0 in (none)
Cannot find module (SNMP-NOTIFICATION-MIB): At line 0 in (none)
Cannot find module (SNMPv2-TM): At line 0 in (none)

Then, where are in the same path. Path where we searching for the answers. XD
So, here is the solution to solve this error.

First, edit this sources.list file:

sudo vi /etc/apt/sources.list

add this line to the end of file:

deb http://fr.archive.ubuntu.com/ubuntu precise main multiverse

:w to save and :q to exit vi editor

Then, install this packages:

sudo apt-get install snmpd snmp-mibs-downloader

And then run this:

sudo download-mibs

Voila! Done. Hope it helps. πŸ™‚

Ubuntu – Authentication token manipulation error

Authentication token manipulation error on Ubuntu
Authentication token manipulation error on Ubuntu

Recently, I forgot my “root” password for my Ubuntu (duh!). So I try attempting to change my “root” password by selecting recovery mode on the grub menu and dropped into a root shell prompt.

Everything works perfect until I try to change the password. The picture above is what I get when i try to change the password. πŸ™

So, to solve this, just run this on the prompt:

mount -rw -o remount /

Anddddd… Walla! Try to reset the password again and it works! πŸ™‚

Hash sum mismatch error on Ubuntu

I think most of you will encounter with this kind of problem if you are using the previous version of Ubuntu.

W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources  Hash Sum mismatch, 
E: Some index files failed to download. They have been ignored, or old ones used instead.

The solution is to remove the content of /var/lib/apt/lists directory:

sudo rm /var/lib/apt/lists/*

then run:

sudo apt-get update

Credit to askubuntu.com

Disable IPv6 on Ubuntu

If you want to disable IPv6 on your server, below is the step to do it.

  1. Edit this file:
nano /etc/sysctl.conf
  1. Add these lines to the bottom of the file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
  1. Run this command on your terminal:
sudo sysctl -p

Done!

Enable graphical root login on ubuntu 12.04

In Ubuntu, user “root” won’t show up as an options to login, which you need to adjust the Ubuntu to allow login as “root”.

Run this command below in your terminal (as normal user with sudo):

sudo passwd root
sudo sh -c 'echo "greeter-show-manual-login=true" >> /etc/lightdm/lightdm.conf'

Reboot and then you should be able to login as root using graphical user login.

Restore grub without live CD on Linux

If you start your Ubuntu and it display a grub shell to you, you can run this command below to fix it:

grub-rescue> prompt
             ls
             set prefix=(hdX,Y)/boot/grub
             set root=(hdX,Y)
             set
             ls /boot
             insmod /boot/grub/linux.mod
             linux /vmlinuz root=/dev/sdXY ro
             initrd /initrd.img
             boot

* Ensure that you entered correct partition (e.g. hd0,1) for hdX,Y. If not, than your grub will be messed.

References :
http://superuser.com/questions/181733/how-can-i-restore-grub-without-a-live-cd1
http://www.linux.com/learn/tutorials/776643-how-to-rescue-a-non-booting-grub-2-on-linux