Categories
Security Ubuntu

Ubuntu 10.10 SSH login message fix

Do you get two welcome messages when logging in to your Ubuntu 10.10 host? I have experienced it on hosts upgraded from 10.04 and on freshly built hosts from the downloaded CD-ROM images. The problem can be easily fixed using…

sudo rm /etc/motd.tail

If you are still using password based login for SSH, consider using key based logins instead. It is very easy to set up, convenient to use and secure. If you also use PuTTY on a Windows PC you can use Pageant as the automatic authentication agent.

Categories
Security Ubuntu

Securing the list of last logged in users

The command ‘last‘ lists the times and dates of successful logins. The command ‘lastb‘ lists unsuccessful attempts. I found that both unnecessarily had public read access on most of my Ubuntu servers.

Two log files provide the data used by last and lastb. Both can be secured by changing the permission to 660.

sudo ls -l /var/log/?tmp
sudo chmod 660 /var/log/?tmp
sudo ls -l /var/log/?tmp

Afterwards, to list successful logins, use:-

sudo last

To list unsuccessful logins, use:-

sudo lastb

Categories
Security Ubuntu

Restricting access to ftpd

Whether the ftp daemon is in use or not on a Linux host, it’s a good idea to restrict the system user accounts from using it. Any user ID that is in /etc/passwd that is not permitted to use ftp should be copied to /etc/ftpusers. The following commands for Ubuntu create the file with a list of all users.

sudo awk -F”:” ‘{ print $1 }’ /etc/passwd | sort > ~/ftpusers

Edit the resulting ~/ftpusers to remove the IDs that are allowed to use ftp.

sudo nano ~/ftpusers

Then move the file from your home directory to /etc.

sudo mv ~/ftpusers /etc

Categories
Ubuntu

Wireshark missing interfaces on Ubuntu 10.10

The old Dell laptop that I use for packet sniffing was in need of a rebuild after I had been experimenting with Zabbix. In hindsight, I shouldn’t have used the laptop that has become my network toolkit. I had well and truly messed it up and I was desperate to get it operational again.

Ubuntu 10.10 had recently been released and I had already downloaded the ISO images overnight. With a freshly burned CDR in my hand, I set about installing the new version. This laptop is primarily a network analysis tool so Wireshark was naturally the first application to be installed. It wasn’t long before I found that 10.10 has the same missing interface problem that I had experienced with 10.04. “No problem” I thought. “I will just use the fix that I found for 10.04“. Well, that didn’t work either. I left it for a day to have a think, and came back to it with a solution that I found on Launchpad. The fix is as follows.
In a terminal session, execute these commands:-

sudo addgroup –quiet –system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Using your favourite text editor, add your user id to the wireshark group in /etc/group or use usermod instead:-

sudo usermod -a -G wireshark vince

Reconfigure the Wireshark Common package and answer ‘Yes’ to the question ‘Should non-superusers be able to capture packets?’ :-

sudo dpkg-reconfigure wireshark-common

Reboot, login and test Wireshark. The missing interfaces should be present now.

Categories
Internet Ubuntu

Scheduling automatic updates to save money

I had an unlimited download account with my previous Internet Service Provider and I never worried about what time of day I would download a CD-ROM ISO or system update. However, since changing to PlusNet I am now on a 60GB per month download limit as unlimited accounts are now a thing of the past. Now 60GB may seem a generous allowance, but in reality upload traffic also has to come of the allowance. With everyone in my household being a heavy internet user, 60GB a month is often not enough.

Fortunately for PlusNet customers, any internet use after midnight and before 8am does not come out of their monthly allowance. So to take advantage of this overnight benefit I have been adjusting the times that our computers perform their automated updates.

For all of our Microsoft Windows machines this is easily done in Windows update. Just set the time that updates should commence. In my case, I have set our fastest Windows PC to update at 7:05am, and all the others at 7:10am. My Son’s PC is woken up at 7:00am by it’s system BIOS and the updates it pulls down are cached on my Squid Proxy Server. The other Windows PCs collect their updates when they are switched on and most of the files are served from the proxy cache.

For all my Ubuntu hosts I have disabled the built-in automatic update feature and I use a CRON job that I can control instead. To do this, open a terminal session and run the CRONtab editor with the following command:-

sudo crontab -e

When the editor launches, paste the following line into the file and save your work. That’s it.

5 0 * * * (/usr/bin/aptitude -y update && /usr/bin/aptitude -y safe-upgrade) 2>&1 >> /var/log/automatic-update.log

Cron will perform a safe upgrade at 5 minutes past midnight. As I am using a Squid proxy to cache Ubuntu updates, I set my other machines to start their update 5 minutes later by changing the ‘5’ for ’10’ in the crontab line.

For a more detailed explanation of how this crontab command is constructed visit Kevin van Zonneveld’s blog

Want to save money on your broadband? Quick, grab this lifeline from PlusNet. Up to 20Mb broadband from only£9.99 per month. Free setup available - terms apply. Now with Internet phone calls. PlusNet broadband.