terça-feira, 5 de julho de 2011
PTES - The Penetration Testing Execution Standard:
http://www.pentest-standard.org/index.php/Main_Page
segunda-feira, 4 de julho de 2011
Wi-fEye is designed to help with network penetration testing (wireless - python)
Wi-fEye is designed to help with network penetration testing, Wi-fEye will allow you to perform a number of powerful attacks Automatically, all you have to do is to lunch Wi-fEye, choose which attack to perform, select your target and let Wi-fEye do the magic !!.
Wi-fEye is divided to four main menus:
Cracking menu: This menu will allow you to:
Enable monitor mode
View avalale Wireless Networks
Launch Airodump-ng on a specific AP
WEP cracking: this will allow you to perform the following attacks automatically:
Interactive packet replay.
Fake Authentication Attack.
Korek Chopchop Attack.
Fragmentation Attack.
Hirte Attack (cfrag attack).
Wesside-ng.
WPA Cracking: This contains the following attacks:
Wordlist Attack
Rouge AP Attack.
2. Mapping: this menu will allow you to do the following:
Scan the network and view the connected hosts.
Use Nmap Automatically.
3. MITM: this menu will allow you to do the following Automatically:
Enable IP forwarding.
ARP Spoof.
Launch ettercap (Text mode).
Sniff SSL/HTTPS traffic.
Sniff URLs and send them to browser.
Sniff messengers from instant messengers.
Sniff images.
DNS Spoof.
HTTP Session Hijacking (using Hamster).
4. Others: this menu will allow you to o the following automatically:
Change MAC Address.
Hijack software updates (using Evilgrade).
Wi-fEye is divided to four main menus:
Cracking menu: This menu will allow you to:
Enable monitor mode
View avalale Wireless Networks
Launch Airodump-ng on a specific AP
WEP cracking: this will allow you to perform the following attacks automatically:
Interactive packet replay.
Fake Authentication Attack.
Korek Chopchop Attack.
Fragmentation Attack.
Hirte Attack (cfrag attack).
Wesside-ng.
WPA Cracking: This contains the following attacks:
Wordlist Attack
Rouge AP Attack.
2. Mapping: this menu will allow you to do the following:
Scan the network and view the connected hosts.
Use Nmap Automatically.
3. MITM: this menu will allow you to do the following Automatically:
Enable IP forwarding.
ARP Spoof.
Launch ettercap (Text mode).
Sniff SSL/HTTPS traffic.
Sniff URLs and send them to browser.
Sniff messengers from instant messengers.
Sniff images.
DNS Spoof.
HTTP Session Hijacking (using Hamster).
4. Others: this menu will allow you to o the following automatically:
Change MAC Address.
Hijack software updates (using Evilgrade).
fern-wifi-cracker
This is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools.
It should work on any version of linux running the following:
Requirements:
python
python-qt4
macchanger
aircrack-ng
xterm
To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
dpkg -i Fern-Wifi-Cracker_1.1_all.deb
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "Fern_Wifi_Cracker.desktop"
Downloads:
http://code.google.com/p/fern-wifi-cracker/downloads/list
Elegant Gnome Pack on Ubuntu
This is a project that provides an automatic configuration of your GNOME desktop just in one click, with the backup and restoring support.
The main goal of this projects is to create the most complete dark theme for the GNOME desktop with easy installation experience.
You must have this stuff installed on your system before you'll start:
Murrine GTK engine 0.98.0 or higher
Droid Sans Font
Nautilus Elementary (optional)
The pack contains the following stuff :
GUI utility to configure your desktop
Icon theme: Elegant-AwOken based on the AwOken icon set by alecive
GTK+ theme: Elegant GTK theme v 4.0
Cursor Theme: Neutral++ by ducakar
Wallpaper: gDIGE by *Muscarr
Keyboard layout indicator flags
Firefox theme
Google Chrome theme by Jorge Carrillo
Google Chrome scrollbar extension
Google Chrome selection extension
Smplayer theme
Pidgin buddy list theme by Szabo Istvan
Ubuntu Lucid/Maverick and Linux Mint 9/10 installation instructions:
1. Install Elegant GNOME:
sudo add-apt-repository ppa:elegant-gnome/ppa
sudo apt-get update && sudo apt-get upgrade
a)sudo apt-get install elegant-gnome
or
b)sudo apt-get install elegant-gnome-mint
2. Go to "Applications -> Accessories -> Elegant GNOME"
1. Install Nautilus Elementary: (optional)
sudo add-apt-repository ppa:am-monkeyd/nautilus-elementary-ppa
sudo apt-get update && sudo apt-get upgrade 2. Run Elegant GNOME app
3. Choose Configure Nautilus -> Nautilus Elementary
To install the pack from sources:
1. Download the archive and extract it
2. Open the terminal and cd to the extracted directory.
3. Run the command "make "(e.g. "make ubuntu").
run "make help" to see the available variants.
4. Run the command "sudo make install".
5. Go to "Applications -> Accessories -> Elegant GNOME".
6. Optional step. If you use the Nautilus Elementary:
a) Go to Applications -> Accessories -> Elegant GNOME
b) Choose "Configure Nautilus"
c) Select "Nautilus Elementary"
To remove the pack:(installed from sources)
1. Open the terminal and cd to the extracted directory.
2. Run the command "sudo make uninstall"
To install the Google Chrome theme:
1. Download and extract the "Google Chrome" archive
2. Drag and drop the *.crx files into the Google Chrome window.
Install Gerix Wifi/Wireless Cracker Ubuntu 10.04
Here we are to present the new version of Gerix Wifi Cracker NG (New Generation), a really complete GUI for Aircrack-NG which includes useful extras.
Completely re-written in Python + QT, automates all the different techniques to attack Access Points and Wireless Routers (but not only ..)
Currently Gerix Wifi Cracker NG is available and supported natively by BackTrack (pre-installed on the BT4 Final version) and available on all the different Debian Based distributions (Ubuntu, etc..).
The software requires: aircrack-ng, xterm, machchanger, zenity and obviously python-qt3. The version 1.0 is publicly released for the last tests and to collect opinions from users.
To install, open terminal and type
wget http://www.clshack.it/nopaste/gerix-wifi-cracker-ng-2.0-bt7.deb
sudo dpkg -i gerix-wifi-cracker-ng-2.0-bt7.deb
If cannot install then creates the directory
mkdir / pentest / wireless / wifi-gerix-cracker-ng
Well, once installed, can open it from here:
sudo python /usr/share/gerix-wifi-cracker-ng/gerix.py
or
sudo python /pentest/wireless/gerix-wifi-cracker-ng/gerix.py
BackTrack 5 Tools in Ubuntu 10.04 LTS
I wanted to use the new repository for Backtrack 5 to install some of the awesome sauce on Ubuntu. But to do so you need the repo links and key which is no where to be found on the intraweb... however if you already have a BT5 up and running all the info is there, just look under /etc/apt/ and you will see a file called trusted.gpg, you can import the key on Ubuntu using Software Sources under the Authentication tab and for Gnome 32bit the repository on my BT are:
deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://32.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing
I would image 64bit is the same just change the 32 to 64.. maybe I don't know.. Just use software sources to put them in. Note, its not recommended. A lot of the packages are patched and optimized for BackTrack. "We cannot more strongly recommend against this action because BackTrack tools are built with many custom features and libraries. We have no way of knowing how they will preform on a non Backtrack distribution. If you decide on this course of action you do so at your own risk and the BackTrack team will not offer any support." You've been warned. Doesn't matter to me, I usually bork mine atleast once a month doing something dumb, but that's the fun part, trying to fix it.
If you want a list of all the packages installed on BackTrack, just run "dpkg -l > bt5.txt" from the Backtrack terminal, or just download mine from here, it's BT5 Gnome 32bit package list. It's not the default however, I made this list after I had added a few things like bleachbit, synaptic package manager, and some gnome utils..
@firebitsbr
deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://32.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing
I would image 64bit is the same just change the 32 to 64.. maybe I don't know.. Just use software sources to put them in. Note, its not recommended. A lot of the packages are patched and optimized for BackTrack. "We cannot more strongly recommend against this action because BackTrack tools are built with many custom features and libraries. We have no way of knowing how they will preform on a non Backtrack distribution. If you decide on this course of action you do so at your own risk and the BackTrack team will not offer any support." You've been warned. Doesn't matter to me, I usually bork mine atleast once a month doing something dumb, but that's the fun part, trying to fix it.
If you want a list of all the packages installed on BackTrack, just run "dpkg -l > bt5.txt" from the Backtrack terminal, or just download mine from here, it's BT5 Gnome 32bit package list. It's not the default however, I made this list after I had added a few things like bleachbit, synaptic package manager, and some gnome utils..
@firebitsbr
Script Crawler Python - Web Crawler Security Tool
The web Crawler is a python based tool that automatically spider a web site. This tool also look for directory indexing and crawl the directories with indexing again to list all files in it. There is also an option that allows download the files found and it can be used with FOCA or other software to extract metadata from files.
Current stable version is 0.4 and the main features are:
Crawl http and https web sites.
Crawl http and https web sites not using common ports.
Uses regular expressions to find ‘href’ and ‘src’ html tag. Also content links.
Identifies relative links.
Identifies domain related emails.
Identifies directory indexing.
Detects references to URLs like ‘file:’, ‘feed=’, ‘mailto:’, ‘javascript:’ and others.
Uses CTRL-C to stop current crawler stages and continue working.
Identifies file extensions (zip, swf, sql, rar, etc.)
Download files to a directory:
Download every important file (images, documents, compressed files, etc)
Or download specified files types.
Or download a predefined set of files (like ‘document’ files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
Maximum amount of links to crawl. A default value of 5000 URLs is set.
Follows redirections using HTML and JavaScript Location tag and HTTP response codes.
Note: This crawler can be used with Domain Analyzer Security Tool. (See Domain Analyzer)
http://sourceforge.net/projects/webcrawler-py/
Current stable version is 0.4 and the main features are:
Crawl http and https web sites.
Crawl http and https web sites not using common ports.
Uses regular expressions to find ‘href’ and ‘src’ html tag. Also content links.
Identifies relative links.
Identifies domain related emails.
Identifies directory indexing.
Detects references to URLs like ‘file:’, ‘feed=’, ‘mailto:’, ‘javascript:’ and others.
Uses CTRL-C to stop current crawler stages and continue working.
Identifies file extensions (zip, swf, sql, rar, etc.)
Download files to a directory:
Download every important file (images, documents, compressed files, etc)
Or download specified files types.
Or download a predefined set of files (like ‘document’ files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
Maximum amount of links to crawl. A default value of 5000 URLs is set.
Follows redirections using HTML and JavaScript Location tag and HTTP response codes.
Note: This crawler can be used with Domain Analyzer Security Tool. (See Domain Analyzer)
http://sourceforge.net/projects/webcrawler-py/
quarta-feira, 29 de junho de 2011
Wi-Fi Tools
Wi-Fi Tools
As with many things in Pentest, there are many options to choose from and most work equally well provided the engineer has a thorough understanding of how to use them. I happen to use and prefer the following tools, but your taste may be different. Use what you like and know as long as it gets the job done.
Items with an asterisk are my preferred tools for each category.
Information Gathering:
*Fluke AirCheck
*AirMagnet Wi-Fi Analyzer Pro
MetaGeek inSSIDer
Xirrus Wi-Fi Inspector
WiFi Scanner (Mac)
Kismet (Linux)
Predictive Site Surveys:
*Cisco Wireless Control System (WCS)
AirMagnet Planner
Motorola LANPlanner
Aerohive Wi-Fi Planner (online - Free)
Post-Installation Site Surveys:
*AirMagnet Survey Pro
Ekahau Site Survey
TamoSoft TamoGraph Site Survey
Protocol & Roaming Analysis:
*Wireshark with CACE AirPcapNx and Wi-Fi Pilot (now Riverbed Cascade Pilot Personal Edition)
Wireshark with Atheros Adapter (Linux)
WildPackets OmniPeek
AirMagnet Wi-Fi Analyzer Pro with multi-adapter kit
AirMagnet VoFi Analyzer
TamoSoft CommView for Wi-Fi
Spectrum Analysis:
*Cisco Spectrum Expert (cardbus)
*Cisco CleanAir Access Points (Cisco infrastructure only)
*MetaGeek WiSpy DBx with Chanalyzer Pro
AirMagnet SpectrumXT
Performance Analysis:
*Iperf (CLI) or Jperf (Java) (both Free)
*2nd Ping Test Tool (Free)
*TCP/IP on Ethernet Performance Model (reference only) (Free)
Ixia IxChariot
Ixia Qcheck (Free)
Nuts About Nets NetStress (Free)
Ruckus SpeedFlex (Ruckus infrastructure only)
Ruckus Zap
Security / Pen-Testing:
*Backtrack Linux
Immunity SILICA-U
TamoSoft CommView packet injection
CACE AirPcapNx traffic replay and injection
Cable Plant Verification:
*PowerDsine PoE Tester
*Fluke MicroScanner Cable Verifier
*Tempo 200EP Tone Probe
*Smartronix SuperLooper Line (loop adapters)
Miscellaneous Tools:
*Nuts About Nets AirHORN
*tftpd32
*Cisco WLC Config Analyzer
*Microsoft Visio
@firebitsbr
As with many things in Pentest, there are many options to choose from and most work equally well provided the engineer has a thorough understanding of how to use them. I happen to use and prefer the following tools, but your taste may be different. Use what you like and know as long as it gets the job done.
Items with an asterisk are my preferred tools for each category.
Information Gathering:
*Fluke AirCheck
*AirMagnet Wi-Fi Analyzer Pro
MetaGeek inSSIDer
Xirrus Wi-Fi Inspector
WiFi Scanner (Mac)
Kismet (Linux)
Predictive Site Surveys:
*Cisco Wireless Control System (WCS)
AirMagnet Planner
Motorola LANPlanner
Aerohive Wi-Fi Planner (online - Free)
Post-Installation Site Surveys:
*AirMagnet Survey Pro
Ekahau Site Survey
TamoSoft TamoGraph Site Survey
Protocol & Roaming Analysis:
*Wireshark with CACE AirPcapNx and Wi-Fi Pilot (now Riverbed Cascade Pilot Personal Edition)
Wireshark with Atheros Adapter (Linux)
WildPackets OmniPeek
AirMagnet Wi-Fi Analyzer Pro with multi-adapter kit
AirMagnet VoFi Analyzer
TamoSoft CommView for Wi-Fi
Spectrum Analysis:
*Cisco Spectrum Expert (cardbus)
*Cisco CleanAir Access Points (Cisco infrastructure only)
*MetaGeek WiSpy DBx with Chanalyzer Pro
AirMagnet SpectrumXT
Performance Analysis:
*Iperf (CLI) or Jperf (Java) (both Free)
*2nd Ping Test Tool (Free)
*TCP/IP on Ethernet Performance Model (reference only) (Free)
Ixia IxChariot
Ixia Qcheck (Free)
Nuts About Nets NetStress (Free)
Ruckus SpeedFlex (Ruckus infrastructure only)
Ruckus Zap
Security / Pen-Testing:
*Backtrack Linux
Immunity SILICA-U
TamoSoft CommView packet injection
CACE AirPcapNx traffic replay and injection
Cable Plant Verification:
*PowerDsine PoE Tester
*Fluke MicroScanner Cable Verifier
*Tempo 200EP Tone Probe
*Smartronix SuperLooper Line (loop adapters)
Miscellaneous Tools:
*Nuts About Nets AirHORN
*tftpd32
*Cisco WLC Config Analyzer
*Microsoft Visio
@firebitsbr
segunda-feira, 27 de junho de 2011
Palestras diversas sobre Segurança
Link:
http://www.slideshare.net/firebits/presentations
@firebitsbr
http://www.slideshare.net/firebits/presentations
@firebitsbr
3º Open Source Jam do Google - Hardening e OpenVAS4 (Scripts e Checklits em hardening security)
Hoje estou postando sobre a minha palestra de Hardening e OpenVAS4 (Scripts p/ hardening) no 3º Open Source Jam do Google e a possibilidade de uso deste scanner de vulnerabilidades, mas mudando um pouco o foco de vulnerabilidades para hardening com alguns bons scripts próprios e checklists.
O slide da palestra está em:
http://www.slideshare.net/firebits/3-google-open-souce-jam-a-hardening
E uma foto para evidência do mesmo...rss;)
@firebitsbr
O slide da palestra está em:
http://www.slideshare.net/firebits/3-google-open-souce-jam-a-hardening
E uma foto para evidência do mesmo...rss;)
@firebitsbr
terça-feira, 21 de junho de 2011
Davmail e Thunderbird (Linux) para OWA Microsoft Exchange 2007
This morning I finally decided I couldn’t stand Evolution any longer. I started using it as my mail client at work because we have an Exchange mail server and Microsoft doesn’t make a client for Linux (surprise, surprise). I’ve never worked at a place that uses Exchange, so I’ve always just used Thunderbird for mail in the past. When I got here, this was my first serious experience with Outlook, and I started to get a bit hooked on some of the calendaring niceness. When I got my new Workstation and ditched Windows for Kubuntu I was looking for something that could integrate best with Exchange.
Evolution seemed the most attractive option because it has a plugin for exchange integration called evolution-exchange. You can install directly from the Ubuntu repositories. Basically it’s a scraper for the OWA (Outlook Web Access) web interface, and generally it works really well. I’ve been using it for about 5 months now, but there are just a few things I can’t stand about it that made me decide today to bin it.
Password manager is broken and has been for about 12 months it seems. No one cares to fix it. You have to type your password in each session.
A bug with the Evolution/Nvidia/Compiz combination of packages causes the cursor to leave garbage on the screen when you use the cursor keys in a new mail message.
HTML support sucks, the development community seem hell bent against it.
It can’t handle contacts with “>” in the name, which is a convention we use to keep mailing lists at the top of the list. This character will cause it to generate invalid mail headers, destroy the html layout of the email and makes me look like an ass, especially when sending announcements to groups like “>ALL STAFF”.
Occasionally the evolution-exchange plugin cache gets corrupted and you loose random mails, but you wouldn’t know unless you check occasionally in OWA or Outlook. You have to delete the whole cache and download them all again.
I was prepared to switch back to using Outlook in a virtual machine, but before doing so I decided to check first to see if there was any possible way to get Thunderbird to read Exchange calendars. Thunderbird has an extension called Lightning that adds Outlook style calendaring integration. The latest release is 0.9. Last time I used Thunderbird I think I had to get the development version of 0.8 in order to get enough working features to call it functional (appointment invites used to be very buggy in the 0.7 version). Version 0.9 has come along way, everything seems to work great… except still no support for Exchange calendars unfortunately. Your calendar is maintained locally or in some 3rd party web calendar that uses a non-proprietry protocol. Not quite good enough.
Then I found DavMail. It’s a gateway that basically does the same as the evolution-exchange plugin. This thing acts as a webservice making data available from Exchange via standard protocols by scraping the Exchange OWA interface. It maintains separate user sessions, so you really can set it up as a server side service, possibly even installed on the mail server itself.
A ray of hope! But would it work?
I had enough problems getting Lightning installed to tell the truth, and that’s just a plugin for Thunderbird! Turns out the link on the Mozilla site was no good for 64bit Linux OS and I had to jigg about with the URL to find the actual release for me. DavMail is a totally unsupported package though, the one thing going in it’s favour is that it’s Java based, so it should just work right? Well lets find out.
They have a deb package ready for me to download. I attempt to install it but I’m missing the dependency “libswt-gtk-3.4-java”. Oh boy, looks like it’s using ugly Swing for the UI (Update: thanks for the education Jurrie, libswt is certainly not Swing). Well, looks like my Kubuntu Hardy distro is a bit behind the times now because the best I could find was a package called “libswt3.2-gtk-java” (yeah, I love the way they switched naming conventions too ^^). I installed that anyway and then just used dpkg to force it to install. It created an icon in my start menu under “Internet” and then seemed to work perfectly, connect to OWA no worries, all was good. Except now my package manager is going boonta because I’ve got a “broken package”. I can’t find the chill button so I uninstalled it for now.
How do you downgrade a dependency? Well this method worked for me…
dpkg -e davmail_3.2.0-1_all.deb
cd DEBIAN/
nano control
tar -czvf control.tar.gz *
mv control.tar.gz ..
cd ..
ar r davmail_3.2.0-1_all.deb control.tar.gz
mv davmail_3.2.0-1_all.deb davmail_3.2.0-01_all.deb
When editing the control file I changed the dependency from “libswt-gtk-3.4-java” to “libswt3.2-gtk-java” and also changed the version number to 3.2.0-01 so as not to conflict with a real version. The deb installer GUI detected something was wrong and wouldn’t install it, but “dpkg -i” worked like a charm. This is probably totally the wrong approach to take to my problem, but I don’t care. While I can sort of understand why Gnome developers might think Swing is cool, I can’t believe the libswt-gtk project can possibly have achieved much in two minor versions that would break compatibility. The latest 32bit Ubuntu has the correct version so most people wont have to care about this at all.
Now I’m rock’n with Thunderbird and Exchange! Without too much tomhackery even. So I settle back in with my old friend, so many features I’ve missed. The fantastic rich text editor (well actually it’s really basic, but light years a head of Evolution). The simplicity of theming it. I toyed with installing an Outlook theme and trying to get it to look and act exactly like Outlook. You can choose which IMAP folders to subscribe, so I picked Inbox and all it’s sub-folders, Drafts, Sent and Deleted Items. Now it’s easy to configure Thunderbird to put your sent mail into the IMAP Sent folder, but you still have the default Thunderbird Trash folder which you cannot easily convert to the IMAP Deleted Items folder. I found out you just have to edit user preferences to change the name. Searching on the net, people are always talking about editing some “prefs.js” file. I always just change the welcome page in Thunderbird to about:config, it was one of the first things I did when it was installed. This allows me to edit my preferences in the exact same way as you would in Firefox. In this case I just added the property as specified, restarted, and it worked like a charm.
I also hooked up the address book to the Exchange Global Address LDAP and then just tweaked the LDAP settings so it finds contacts a little quicker. One thing I notice is that the compose window only completes local addresses and not LDAP addresses. There had to be a fix for this.
With the power of about:config I searched for ldap and quickly found the settings that looked most useful…
ldap_2.autoComplete.directoryServer
ldap_2.autoComplete.useDirectory
The first one needed a quick search to figure out the syntax but the second one was just a boolean. Once that was done I had the same, if not better, contact auto-completion as I had previously with Evolution and Outlook. Game over, Thunderbird/Lightning/DavMail wins!
Update May 20, 2009 at 12:45 pm: Set mail.check_all_imap_folders_for_new to true, otherwise Thunderbird doesn’t check for new mail in your subfolders. This can be a problem if you have any Exchange mail filters running.
Update May 26, 2009 at 12:58pm: http://www.trustedbird.org/tb/Multi-LDAP here’s an addon that’s showing the easy way to configure LDAP addressbook lookups. Install that addon if you would like to search multiple LDAPs.
Evolution seemed the most attractive option because it has a plugin for exchange integration called evolution-exchange. You can install directly from the Ubuntu repositories. Basically it’s a scraper for the OWA (Outlook Web Access) web interface, and generally it works really well. I’ve been using it for about 5 months now, but there are just a few things I can’t stand about it that made me decide today to bin it.
Password manager is broken and has been for about 12 months it seems. No one cares to fix it. You have to type your password in each session.
A bug with the Evolution/Nvidia/Compiz combination of packages causes the cursor to leave garbage on the screen when you use the cursor keys in a new mail message.
HTML support sucks, the development community seem hell bent against it.
It can’t handle contacts with “>” in the name, which is a convention we use to keep mailing lists at the top of the list. This character will cause it to generate invalid mail headers, destroy the html layout of the email and makes me look like an ass, especially when sending announcements to groups like “>ALL STAFF”.
Occasionally the evolution-exchange plugin cache gets corrupted and you loose random mails, but you wouldn’t know unless you check occasionally in OWA or Outlook. You have to delete the whole cache and download them all again.
I was prepared to switch back to using Outlook in a virtual machine, but before doing so I decided to check first to see if there was any possible way to get Thunderbird to read Exchange calendars. Thunderbird has an extension called Lightning that adds Outlook style calendaring integration. The latest release is 0.9. Last time I used Thunderbird I think I had to get the development version of 0.8 in order to get enough working features to call it functional (appointment invites used to be very buggy in the 0.7 version). Version 0.9 has come along way, everything seems to work great… except still no support for Exchange calendars unfortunately. Your calendar is maintained locally or in some 3rd party web calendar that uses a non-proprietry protocol. Not quite good enough.
Then I found DavMail. It’s a gateway that basically does the same as the evolution-exchange plugin. This thing acts as a webservice making data available from Exchange via standard protocols by scraping the Exchange OWA interface. It maintains separate user sessions, so you really can set it up as a server side service, possibly even installed on the mail server itself.
A ray of hope! But would it work?
I had enough problems getting Lightning installed to tell the truth, and that’s just a plugin for Thunderbird! Turns out the link on the Mozilla site was no good for 64bit Linux OS and I had to jigg about with the URL to find the actual release for me. DavMail is a totally unsupported package though, the one thing going in it’s favour is that it’s Java based, so it should just work right? Well lets find out.
They have a deb package ready for me to download. I attempt to install it but I’m missing the dependency “libswt-gtk-3.4-java”. Oh boy, looks like it’s using ugly Swing for the UI (Update: thanks for the education Jurrie, libswt is certainly not Swing). Well, looks like my Kubuntu Hardy distro is a bit behind the times now because the best I could find was a package called “libswt3.2-gtk-java” (yeah, I love the way they switched naming conventions too ^^). I installed that anyway and then just used dpkg to force it to install. It created an icon in my start menu under “Internet” and then seemed to work perfectly, connect to OWA no worries, all was good. Except now my package manager is going boonta because I’ve got a “broken package”. I can’t find the chill button so I uninstalled it for now.
How do you downgrade a dependency? Well this method worked for me…
dpkg -e davmail_3.2.0-1_all.deb
cd DEBIAN/
nano control
tar -czvf control.tar.gz *
mv control.tar.gz ..
cd ..
ar r davmail_3.2.0-1_all.deb control.tar.gz
mv davmail_3.2.0-1_all.deb davmail_3.2.0-01_all.deb
When editing the control file I changed the dependency from “libswt-gtk-3.4-java” to “libswt3.2-gtk-java” and also changed the version number to 3.2.0-01 so as not to conflict with a real version. The deb installer GUI detected something was wrong and wouldn’t install it, but “dpkg -i” worked like a charm. This is probably totally the wrong approach to take to my problem, but I don’t care. While I can sort of understand why Gnome developers might think Swing is cool, I can’t believe the libswt-gtk project can possibly have achieved much in two minor versions that would break compatibility. The latest 32bit Ubuntu has the correct version so most people wont have to care about this at all.
Now I’m rock’n with Thunderbird and Exchange! Without too much tomhackery even. So I settle back in with my old friend, so many features I’ve missed. The fantastic rich text editor (well actually it’s really basic, but light years a head of Evolution). The simplicity of theming it. I toyed with installing an Outlook theme and trying to get it to look and act exactly like Outlook. You can choose which IMAP folders to subscribe, so I picked Inbox and all it’s sub-folders, Drafts, Sent and Deleted Items. Now it’s easy to configure Thunderbird to put your sent mail into the IMAP Sent folder, but you still have the default Thunderbird Trash folder which you cannot easily convert to the IMAP Deleted Items folder. I found out you just have to edit user preferences to change the name. Searching on the net, people are always talking about editing some “prefs.js” file. I always just change the welcome page in Thunderbird to about:config, it was one of the first things I did when it was installed. This allows me to edit my preferences in the exact same way as you would in Firefox. In this case I just added the property as specified, restarted, and it worked like a charm.
I also hooked up the address book to the Exchange Global Address LDAP and then just tweaked the LDAP settings so it finds contacts a little quicker. One thing I notice is that the compose window only completes local addresses and not LDAP addresses. There had to be a fix for this.
With the power of about:config I searched for ldap and quickly found the settings that looked most useful…
ldap_2.autoComplete.directoryServer
ldap_2.autoComplete.useDirectory
The first one needed a quick search to figure out the syntax but the second one was just a boolean. Once that was done I had the same, if not better, contact auto-completion as I had previously with Evolution and Outlook. Game over, Thunderbird/Lightning/DavMail wins!
Update May 20, 2009 at 12:45 pm: Set mail.check_all_imap_folders_for_new to true, otherwise Thunderbird doesn’t check for new mail in your subfolders. This can be a problem if you have any Exchange mail filters running.
Update May 26, 2009 at 12:58pm: http://www.trustedbird.org/tb/Multi-LDAP here’s an addon that’s showing the easy way to configure LDAP addressbook lookups. Install that addon if you would like to search multiple LDAPs.
3º Open Source Jam do Google _ Pate 2
Sua palestra do 3o Open Source Jam do Google, em São Paulo, está confirmada. O evento ocorrerá dia 23, a partir das 18h30. O nosso endereço é:
Av. Brig. Faria Lima, 3900 - 4o andar
Itaim Bibi - São Paulo
Vejo vocês lá!
Av. Brig. Faria Lima, 3900 - 4o andar
Itaim Bibi - São Paulo
Vejo vocês lá!
segunda-feira, 20 de junho de 2011
3º Open Source Jam do Google
Hoje saiu a confirmação da minha segunda palestra para o evento Google Open Source Jam.
A primeira palestrei mandei o slide sobre a palestra para Google (palestra remota), pois estava ministrando curso no senac de Campinas-SP
Já a segunda vez, que será 3 Open Source Jam do Google, no prêdio do Google de São Paulo, perto do meu trabalho.
Vou falar sobre Hardening e scanners como OpenVAS.
Até lá
@firebitsbr
A primeira palestrei mandei o slide sobre a palestra para Google (palestra remota), pois estava ministrando curso no senac de Campinas-SP
Já a segunda vez, que será 3 Open Source Jam do Google, no prêdio do Google de São Paulo, perto do meu trabalho.
Vou falar sobre Hardening e scanners como OpenVAS.
Até lá
@firebitsbr
sexta-feira, 10 de junho de 2011
Deploy do OpenVAS4 em Fedora 15 i386 Server (Draft)
Passo 1
Link http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 2
#cd /etc/yum.repos.d/
Passo 3
#wget http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 4
#yum update -y
Passo 5
#yum install -y libopenvas-debug.i386 libopenvas-devel.i386 libopenvas_base4.i386 libopenvas_hg4.i386 libopenvas_misc4.i386 libopenvas_nasl4.i386 libopenvas_omp4.i386 openvas-administrator.i386 openvas-administrator-debug.i386 openvas-cli.i386 openvas-cli-debug.i386 openvas-manager.i386 openvas-manager-debug.i386 openvas-scanner.i386 openvas-scanner-debug.i386 gsd.i386
Inicialização rápida do OpenVAS4
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin
Login no OpenVAS como "admin"
# firefox https://localhost:9392/
ou
# gsd
Link http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 2
#cd /etc/yum.repos.d/
Passo 3
#wget http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 4
#yum update -y
Passo 5
#yum install -y libopenvas-debug.i386 libopenvas-devel.i386 libopenvas_base4.i386 libopenvas_hg4.i386 libopenvas_misc4.i386 libopenvas_nasl4.i386 libopenvas_omp4.i386 openvas-administrator.i386 openvas-administrator-debug.i386 openvas-cli.i386 openvas-cli-debug.i386 openvas-manager.i386 openvas-manager-debug.i386 openvas-scanner.i386 openvas-scanner-debug.i386 gsd.i386
Inicialização rápida do OpenVAS4
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin
Login no OpenVAS como "admin"
# firefox https://localhost:9392/
ou
# gsd
segunda-feira, 6 de junho de 2011
samhain - verificador de integridade de filesystem
O Samhain é um sistema de detecção baseado em intrusão de host (HIDS) que fornece verificação de integridade de arquivos e acompanhamento do arquivo de log/análise, bem como detecção de rootkits, monitoramento de portas, detecção de arquivos executáveis SUID e processos ocultos.
Samhain foi projetado para monitorar vários sistemas legados com sistemas operacionais potencialmente diferentes, fornecendo registro centralizado e manutenção, embora também possa ser utilizado como aplicativo independente em um único host.
Samhain é uma aplicação multiplataforma de código aberto para sistemas POSIX (Unix,Linux Cygwin/Windows).
Version 2.8.4a http://www.la-samhna.de/samhain/samhain-current.tar.gz
MD5 checksum c9f7c291ee01a8c6c0bb14a3251b6285
bytes 2064459
release date May 11, 2011
Descompactando
Depois do download, descompacte o arquivo .tar.
$ gunzip samhain-current.tar.gz
$ tar -xf samhain-current.tar
samhain-2.8.4a.tar.gz
samhain-2.8.4a.tar.gz.asc
Obtendo última versão de desenvolvimento do samhain e a chave PGP 1024D/0F571F6C
(quase qualquer servidor de chaves vai fazer se pgp.mit.edu estão temporariamente indisponíveis):
$ gpg --keyserver pgp.mit.edu --recv-key 0F571F6C
Verifique a chave fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C)
$ gpg --fingerprint 0F571F6C
e verificar a chave PGP:
$ gpg --verify samhain-2.8.4a.tar.gz.asc samhain-2.8.4a.tar.gz
Descompacte pela segunda vez e entre na pasta:
$ gunzip samhain-2.8.4a.tar.gz
$ tar -xf samhain-2.8.4a.tar
$ cd samhain-2.8.4a
Instalação
Leia o arquivo README e/ou o manual de opções caso você deseja configurar o código-fonte, então faça:
$ ./configure [options]
$ make
$ make install
(Há também um make uninstall. Caso você deseja não usar mais o samhain.)
Se você curte interfaces "GUI" do tipo 'dialog' (xdialog, dialog, lxdialog) você poderá instalar usando este comando:
$ ./Install.sh
Após a instalação, você deve primeiro analisar o arquivo de configuração (por padrão em /etc/ samhainrc), especialmente no que diz respeito a endereços de rede como o endereço de e-mail e de arquivos/diretórios são verificado. Em seguida, você tem que inicializar o banco de dados:
$ samhain -t init
Depois, você pode inicializar o samhain em modo daemon para verificar o seu sistema em intervalos, conforme especificado no arquivo de configuração:
$ samhain -t check -D
Na maioria dos sistemas, após a $ make install, você pode adicionar para instalar os scripts necessários no boot da máquina:
$ make install-boot
OBS:(SOs suportados: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).
Samhain foi projetado para monitorar vários sistemas legados com sistemas operacionais potencialmente diferentes, fornecendo registro centralizado e manutenção, embora também possa ser utilizado como aplicativo independente em um único host.
Samhain é uma aplicação multiplataforma de código aberto para sistemas POSIX (Unix,Linux Cygwin/Windows).
Version 2.8.4a http://www.la-samhna.de/samhain/samhain-current.tar.gz
MD5 checksum c9f7c291ee01a8c6c0bb14a3251b6285
bytes 2064459
release date May 11, 2011
Descompactando
Depois do download, descompacte o arquivo .tar.
$ gunzip samhain-current.tar.gz
$ tar -xf samhain-current.tar
samhain-2.8.4a.tar.gz
samhain-2.8.4a.tar.gz.asc
Obtendo última versão de desenvolvimento do samhain e a chave PGP 1024D/0F571F6C
(quase qualquer servidor de chaves vai fazer se pgp.mit.edu estão temporariamente indisponíveis):
$ gpg --keyserver pgp.mit.edu --recv-key 0F571F6C
Verifique a chave fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C)
$ gpg --fingerprint 0F571F6C
e verificar a chave PGP:
$ gpg --verify samhain-2.8.4a.tar.gz.asc samhain-2.8.4a.tar.gz
Descompacte pela segunda vez e entre na pasta:
$ gunzip samhain-2.8.4a.tar.gz
$ tar -xf samhain-2.8.4a.tar
$ cd samhain-2.8.4a
Instalação
Leia o arquivo README e/ou o manual de opções caso você deseja configurar o código-fonte, então faça:
$ ./configure [options]
$ make
$ make install
(Há também um make uninstall. Caso você deseja não usar mais o samhain.)
Se você curte interfaces "GUI" do tipo 'dialog' (xdialog, dialog, lxdialog) você poderá instalar usando este comando:
$ ./Install.sh
Após a instalação, você deve primeiro analisar o arquivo de configuração (por padrão em /etc/ samhainrc), especialmente no que diz respeito a endereços de rede como o endereço de e-mail e de arquivos/diretórios são verificado. Em seguida, você tem que inicializar o banco de dados:
$ samhain -t init
Depois, você pode inicializar o samhain em modo daemon para verificar o seu sistema em intervalos, conforme especificado no arquivo de configuração:
$ samhain -t check -D
Na maioria dos sistemas, após a $ make install, você pode adicionar para instalar os scripts necessários no boot da máquina:
$ make install-boot
OBS:(SOs suportados: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).
terça-feira, 31 de maio de 2011
Escrito nem sempre é o que é realmente vivido.
Este post, talvez será refeito durante o tempo, mas uma coisa que reparei, é que principalmente na internet, se você não publicar algo, quer dizer que você não sabe ou não fez ainda.
Qual vez você vê um artigo e se fala: "Já pensei isso antes, já fiz isso antes, estava escrevendo um artigo sobre isso e outra pessoa fez..." e por ai vai...
De 1989 até 2002 eu fiz muita coisa na minha carreira profissional, mas só fui descobrir o que é internet (usando) em 2002 quando fiz um curso para MCP em VB6 (antigo VB6) em uma franquia Microsoft.
Hoje tenho essa box ainda em casa e só foi usar (o que já sabia quase tudo, menos ActiveX e algumas coisas para DB SQL) em uma empresa de Energia e Gás (multinacional) como trabalhei como consultor em 2004/2005.
Nunca mais usei tais conhecimentos, mas o conceito foi herdado nos próximos anos.
Há muita coisa na minha mente, que foi, que está e que estará em artigos, mas com sempre falta de recursos, como equipamentos, tempo e um pouco dinheiro, fazem boas ou más idéias não acontecerem (sabe que más idéias, são boas também? Porque? Porque pode aparecer alguém com uma boa idéia mediante ao conhecimento da má idéia.)
Ser generalista foi ruim na minha carreira, eu acho...eu sempre quis me aprofundar em algo, mas o mercado não tem interesse ou simplesmente o nicho para mim, não foi muito claro...
Eu devia ter arriscado mais ainda...mas a vontade sempre este comigo...mas a dúvida me levou a não tentar.
Quem sabe agora mais experiente...já venho arriscando mais, mas pretendo muito mais...
(Continuamos outro dia...)
@firebitsbr
Qual vez você vê um artigo e se fala: "Já pensei isso antes, já fiz isso antes, estava escrevendo um artigo sobre isso e outra pessoa fez..." e por ai vai...
De 1989 até 2002 eu fiz muita coisa na minha carreira profissional, mas só fui descobrir o que é internet (usando) em 2002 quando fiz um curso para MCP em VB6 (antigo VB6) em uma franquia Microsoft.
Hoje tenho essa box ainda em casa e só foi usar (o que já sabia quase tudo, menos ActiveX e algumas coisas para DB SQL) em uma empresa de Energia e Gás (multinacional) como trabalhei como consultor em 2004/2005.
Nunca mais usei tais conhecimentos, mas o conceito foi herdado nos próximos anos.
Há muita coisa na minha mente, que foi, que está e que estará em artigos, mas com sempre falta de recursos, como equipamentos, tempo e um pouco dinheiro, fazem boas ou más idéias não acontecerem (sabe que más idéias, são boas também? Porque? Porque pode aparecer alguém com uma boa idéia mediante ao conhecimento da má idéia.)
Ser generalista foi ruim na minha carreira, eu acho...eu sempre quis me aprofundar em algo, mas o mercado não tem interesse ou simplesmente o nicho para mim, não foi muito claro...
Eu devia ter arriscado mais ainda...mas a vontade sempre este comigo...mas a dúvida me levou a não tentar.
Quem sabe agora mais experiente...já venho arriscando mais, mas pretendo muito mais...
(Continuamos outro dia...)
@firebitsbr
segunda-feira, 30 de maio de 2011
PoC sobre SNMP com snmpwalk
Hoje montei um PoC sobre SNMP com snmpwalk em uma VM e vou demonstrar no próximos posts os perigos de ter esse daemon ativado nos ambientes, sem uma mitigação em segurança, caso seja realmente necessário estar ativado.
sexta-feira, 27 de maio de 2011
Gelo v1.031! Exploits em LUA!!!
“Gelo is a Lua extension library that aims to simplify and accelerate the development of exploit-oriented tools. Gelo extends Lua with a set of objects and functions that allow you to write scripts for performing complex pen-testing tasks. Gelo is currently being used to build extensions in Sandcat.“
This is the official change log:
Added new functions and methods (See the Readme.txt for details)
Improved IPv6 support.
Since we last wrote about Gelo, it now supports Ruby scripting and a lot of updated example scripts!
Download Gelo v1.031 (gelo-1.031.zip).
This is the official change log:
Added new functions and methods (See the Readme.txt for details)
Improved IPv6 support.
Since we last wrote about Gelo, it now supports Ruby scripting and a lot of updated example scripts!
Download Gelo v1.031 (gelo-1.031.zip).
Scanner de Hardening - HardeningOne - Recoding de plugins para o OpenVAS.
Tive uma idéia há umas semanas atrás e depois foi reforçada pela meu amigo Rafael Lachi: A de fazer o Scanner de Hardening - HardeningOne o recoding de plugins para o OpenVAS e estou em rápida conversão.
Vou publicar os plugins aqui no blog ao terminar.
@firebitsbr
Vou publicar os plugins aqui no blog ao terminar.
@firebitsbr
quinta-feira, 12 de maio de 2011
SWFRETools: A Tool to Reverse Engineer SWF Files!
The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license.
The basic architecture of SQFRETools is as follows:
The list of tools are part of the SWFRETools:
Flash Dissector: Flash Dissector is a GUI tool that allows you to inspect SWF files on a binary level. When you open a SWF file in Flash Dissector you have the ability to look through the structures defined in the SWF file in a hex editor and in a structure viewer. This makes it easy to understand what bytes of a SWF file hold what functionality.
SWF Parser: SWF Parser is an open-source SWF file parser implemented in Java that you can build upon when you want to create your own Flash reverse engineering tools.
Minimizer: The Minimizer program takes a SWF input that makes Flash Player crash and automatically removes the parts of the SWF file that are not related to the crash. This makes it easier to determine what the root cause of a crash is.
FP Debugger: This Flash Player hooking script hooks important functionality in Flash Player at runtime and dumps information about what Flash Player is parsing and executing. This is very useful in situations where Flash Player trips up and static analysis are out of sync with what Flash Player is doing.
StatsGenerator: Generate stats over SWF files.
Detailed information about using the above mentioned tools can be found in the “readme” files in the each of their directories. Application testing or code review businesses are in boom in the IT and Financial sectors. Tools such as SWFREtools help you as you try to analyze SWF file based exploits or even with stuff such as metadata from the extracted images.
This SWF file reverse engineering framework depends on the following lists of files and softwares:
Java FileDrop
JHexView
Java
splib
Buggery
Link:https://github.com/sporst/SWFREtools
Download SWFREtools (swfretools_100.zip)
@firebitsbr
The basic architecture of SQFRETools is as follows:
The list of tools are part of the SWFRETools:
Flash Dissector: Flash Dissector is a GUI tool that allows you to inspect SWF files on a binary level. When you open a SWF file in Flash Dissector you have the ability to look through the structures defined in the SWF file in a hex editor and in a structure viewer. This makes it easy to understand what bytes of a SWF file hold what functionality.
SWF Parser: SWF Parser is an open-source SWF file parser implemented in Java that you can build upon when you want to create your own Flash reverse engineering tools.
Minimizer: The Minimizer program takes a SWF input that makes Flash Player crash and automatically removes the parts of the SWF file that are not related to the crash. This makes it easier to determine what the root cause of a crash is.
FP Debugger: This Flash Player hooking script hooks important functionality in Flash Player at runtime and dumps information about what Flash Player is parsing and executing. This is very useful in situations where Flash Player trips up and static analysis are out of sync with what Flash Player is doing.
StatsGenerator: Generate stats over SWF files.
Detailed information about using the above mentioned tools can be found in the “readme” files in the each of their directories. Application testing or code review businesses are in boom in the IT and Financial sectors. Tools such as SWFREtools help you as you try to analyze SWF file based exploits or even with stuff such as metadata from the extracted images.
This SWF file reverse engineering framework depends on the following lists of files and softwares:
Java FileDrop
JHexView
Java
splib
Buggery
Link:https://github.com/sporst/SWFREtools
Download SWFREtools (swfretools_100.zip)
@firebitsbr
terça-feira, 10 de maio de 2011
Site www.backtrack-linux.org sofrendo ataque DoS dias antes do lançamento do backtrack5 (resolvido)
Até umas 13:30 do horário do Brasil, estavam rolando DoS no site www.backtrack-linux.org, qual inclusive até mandei um artigo para br-linux.org.
Site www.backtrack-linux.org sofrendo ataque DoS dias antes do lançamento do backtrack5
Site www.backtrack-linux.org sofrendo ataque DoS dias antes do lançamento do backtrack5 é o que fala no twitter oficial do projeto em http://twitter.com/#!/backtracklinux.
Ubuntu 10.10 64 Bits Oracle 11G R2 64 Bits (ideal para PoCs)
http://barrasbin.wordpress.com/2011/05/09/ubuntu-10-10-64-bits-oracle-11g-r2-64-bits/
LOIC: Ferramenta para Ataques Dos/DDoS
LOIC (Low Orbit Ion Cannon), basicamente, transforma a conexão de rede de seu computador em uma firehose of garbage requests (pedidos de lixo), direcionada para um servidor web de destino. Ele é um aplicativo escrito em C# e explorado para facilitar ataques Dos.
Por si só, um computador raramente gera bastante TCP, UDP, HTTP ou pedidos de uma só vez para oprimir um web-server - garbage-requests, que podem ser facilmente ignorados, enquanto os pedidos legítimos para páginas da web são respondidos de forma normal.
Mas, quando milhares de usuários estiverem executando LOIC pelo menos uma vez, a onda de pedidos tornar-se-á avassaladora (muitas vezes), fechando um servidor web (ou uma de suas máquinas ligadas, como um servidor de banco de dados ). Em alguns casos, poderá haver impedimento de solicitações legítimas à serem respondidas.
LOIC é mais focado em aplicações Web, o que também podemos chamá-lo de ataques baseados em aplicações DoS. LOIC pode ser utilizado em um site de destino, inundando o servidor com os pacotes TCP, UDP, HTTP ou pedidos com a intenção de interromper o serviço de um determinado host.
O que podemos falar resumidamente sobre LOIC? Sem dúvidas, ele é uma boa ferramenta para realizar ataques DoS ou DDoS, mas quem ousar a testá-lo, deve assim fazê-lo por sua conta e risco, pois essas atitudes são consideradas ilegais pelo FBI e outras agências da lei. Lembrando que ele não possui a funcionalidade de ocultar o seu endereço IP. Além disso, o seu código fonte está disponível, e a versão mais atual, a 1.0.4, está liberada através do SourceForge. Mais detalhes sobre esta ferramenta tão interessante podem ser lidos através do PentestIT.
Saiba Mais:
[1] SourceForge: http://sourceforge.net/projects/loic/files/loic/
Por si só, um computador raramente gera bastante TCP, UDP, HTTP ou pedidos de uma só vez para oprimir um web-server - garbage-requests, que podem ser facilmente ignorados, enquanto os pedidos legítimos para páginas da web são respondidos de forma normal.
Mas, quando milhares de usuários estiverem executando LOIC pelo menos uma vez, a onda de pedidos tornar-se-á avassaladora (muitas vezes), fechando um servidor web (ou uma de suas máquinas ligadas, como um servidor de banco de dados ). Em alguns casos, poderá haver impedimento de solicitações legítimas à serem respondidas.
LOIC é mais focado em aplicações Web, o que também podemos chamá-lo de ataques baseados em aplicações DoS. LOIC pode ser utilizado em um site de destino, inundando o servidor com os pacotes TCP, UDP, HTTP ou pedidos com a intenção de interromper o serviço de um determinado host.
O que podemos falar resumidamente sobre LOIC? Sem dúvidas, ele é uma boa ferramenta para realizar ataques DoS ou DDoS, mas quem ousar a testá-lo, deve assim fazê-lo por sua conta e risco, pois essas atitudes são consideradas ilegais pelo FBI e outras agências da lei. Lembrando que ele não possui a funcionalidade de ocultar o seu endereço IP. Além disso, o seu código fonte está disponível, e a versão mais atual, a 1.0.4, está liberada através do SourceForge. Mais detalhes sobre esta ferramenta tão interessante podem ser lidos através do PentestIT.
Saiba Mais:
[1] SourceForge: http://sourceforge.net/projects/loic/files/loic/
Microsoft: Atualização para Índices de Exploits
A Microsoft apresentou uma notificação relacionada às alterações feitas nas classificações do seu Exploit Index. Este índice foi projetado para fornecer informações adicionais, para ajudar os clientes a priorizar a implantação de atualizações de segurança da Microsoft.
Microsoft Exploit Index
1. Consistent exploit code likely
2. Inconsistent exploit code likely
3. Functioning exploit code likely
De uma forma aparente, essa publicação se traduz em código fácil de ser criado, ou que já tenha sido criado; código de criação moderada ou talvez uma ocorrência de DoS na qual os resultados não apresentem consistência e vulnerabilidades nas quais o risco não seja considerado alto.
Houve também a inclusão na notificação de um alerta adiantado de um patch mensal, que reúne um conjunto de patches do Microsoft Office e patches dos Windows Servers 2003 a 2008 R2. A Microsoft afirmou que irá agregar seus Exploit Index nos programas atuais e nos antigos também. Outras informações podem ser vistas nos links da Microsoft disponíveis no Security Technet.
Saiba Mais:
Security Technet: http://technet.microsoft.com/en-us/s.../cc998259.aspx
Microsoft Exploit Index
1. Consistent exploit code likely
2. Inconsistent exploit code likely
3. Functioning exploit code likely
De uma forma aparente, essa publicação se traduz em código fácil de ser criado, ou que já tenha sido criado; código de criação moderada ou talvez uma ocorrência de DoS na qual os resultados não apresentem consistência e vulnerabilidades nas quais o risco não seja considerado alto.
Houve também a inclusão na notificação de um alerta adiantado de um patch mensal, que reúne um conjunto de patches do Microsoft Office e patches dos Windows Servers 2003 a 2008 R2. A Microsoft afirmou que irá agregar seus Exploit Index nos programas atuais e nos antigos também. Outras informações podem ser vistas nos links da Microsoft disponíveis no Security Technet.
Saiba Mais:
Security Technet: http://technet.microsoft.com/en-us/s.../cc998259.aspx
Gated- Daemon para roteamento dinâmico no linux
É uma daemon de roteamento que trabalha com varios protocolos e substitui o routed(admn) e outros daemons de roteamento.
O gated trabalha com os protocolos de roteamento RIP, BGP e OSPF.
para utiliza-lo voce deverá usar o caminho /etc/gated e não /usr/sbin/in.gated com uma das opções baixo:
/etc/gated [ -c ] [ -C ] [ -n ] [ -N ] [ -t trace_options ] [ -f config_file ] [ trace_file ]
-c
Verifica se o arquivo tem erros de sintaxe na configuração e cria uma area de despejo no diretorio /usr/tmp/gated_dump, é necessário rodar como root.
-C
especifica que o arquivo de configuração so será lido ser houver erros de sintaxe, marca 1 se houver erros e 0 caso não tenha erros.
-n
Especifica que o gate não irá modificar tabela de roteamento do kernel. É usado para testar as configurações atuais.
-N
Specifies that gated will not daemonize. Normally, if tracing to stderr is not specified, gated will daemonize if the
parent process ID is not 1. This allows the use of an /etc/inittab-like method of invoking gated that does not have a PID of
1.
-t
Especifica uma lista separada por vírgula de opções de trace para serem ativados na inicialização. Se nenhuma opção for especificada, será assumida as configurações padroes, Nenhum espaço é permitido entre esta opção e os seus argumentos.
Esta opção deve ser usada para buscar eventos que ocorrem antes do arquivo de configuração ser analisado, como a determinação da configuração da interface e leitura de rotas a partir do kernel. Essas opções são explicadas em maiores detalhes em gated.conf.
-f
Use um arquivo de configuração alternativo ao invés do padrão gated.conf.
Arquivo do gated:
/etc/gated
Binario do gated
/etc/gated.conf
arquivo de configuração padrao
/etc/gated.conf+
Arquivo de configuração mais recente
/etc/gated.conf-
older configuration file
/etc/gated.conf--
Arquivo de configuração mais velho
/etc/gated.pid
Arquivo onde contem o pid do gated
/var/tmp/gated_dump
Arquivo de dump do gate(despejo do grated)
/var/tmp/%s_parse
Arquivos de armazenamento de erros
Download da pacote rmp do gated:
http://rpmfind.net/linux/rpm2html/search.php?query=gated
O gated trabalha com os protocolos de roteamento RIP, BGP e OSPF.
para utiliza-lo voce deverá usar o caminho /etc/gated e não /usr/sbin/in.gated com uma das opções baixo:
/etc/gated [ -c ] [ -C ] [ -n ] [ -N ] [ -t trace_options ] [ -f config_file ] [ trace_file ]
-c
Verifica se o arquivo tem erros de sintaxe na configuração e cria uma area de despejo no diretorio /usr/tmp/gated_dump, é necessário rodar como root.
-C
especifica que o arquivo de configuração so será lido ser houver erros de sintaxe, marca 1 se houver erros e 0 caso não tenha erros.
-n
Especifica que o gate não irá modificar tabela de roteamento do kernel. É usado para testar as configurações atuais.
-N
Specifies that gated will not daemonize. Normally, if tracing to stderr is not specified, gated will daemonize if the
parent process ID is not 1. This allows the use of an /etc/inittab-like method of invoking gated that does not have a PID of
1.
-t
Especifica uma lista separada por vírgula de opções de trace para serem ativados na inicialização. Se nenhuma opção for especificada, será assumida as configurações padroes, Nenhum espaço é permitido entre esta opção e os seus argumentos.
Esta opção deve ser usada para buscar eventos que ocorrem antes do arquivo de configuração ser analisado, como a determinação da configuração da interface e leitura de rotas a partir do kernel. Essas opções são explicadas em maiores detalhes em gated.conf.
-f
Use um arquivo de configuração alternativo ao invés do padrão gated.conf.
Arquivo do gated:
/etc/gated
Binario do gated
/etc/gated.conf
arquivo de configuração padrao
/etc/gated.conf+
Arquivo de configuração mais recente
/etc/gated.conf-
older configuration file
/etc/gated.conf--
Arquivo de configuração mais velho
/etc/gated.pid
Arquivo onde contem o pid do gated
/var/tmp/gated_dump
Arquivo de dump do gate(despejo do grated)
/var/tmp/%s_parse
Arquivos de armazenamento de erros
Download da pacote rmp do gated:
http://rpmfind.net/linux/rpm2html/search.php?query=gated
quarta-feira, 4 de maio de 2011
Google negociando com operadoras dos EUA para dificultar uso de celulares Android como modem 3G
Dar uma olhada em tethering e criar um táctica.
A prática do tethering, ou compartilhamento da conexão de dados do celular com um computador ou tablet, é bastante desejada pelos usuários, mas incomoda o modelo de negócio das operadoras dos EUA, que têm planos especiais (leia-se: mais caros) para quem quer usar este tipo de serviço.
Não é de surpreender, portanto, que elas tentem pressionar de todas as formas contra os hacks e aplicativos que elas consideram “abusivos” por permitir que usuários de planos de dados contratualmente exclusivos para uso pelo celular façam este tipo de conexão, vulgarmente conhecida como “usar o celular como modem” (via USB ou Bluetooth) ou “usar o celular como roteador Wi-Fi”.
No Brasil a situação dos planos é diferente, mas nos EUA a pressão das operadoras aparentemente está chegando ao Google, que está operando em conjunto com elas para restringir determinados aplicativos do Android Market que permitiam oferecer capacidade de compartilhamento que excede a do plano de dados contratado. Caso interessante a ser acompanhado! (via osnews.com)
A prática do tethering, ou compartilhamento da conexão de dados do celular com um computador ou tablet, é bastante desejada pelos usuários, mas incomoda o modelo de negócio das operadoras dos EUA, que têm planos especiais (leia-se: mais caros) para quem quer usar este tipo de serviço.
Não é de surpreender, portanto, que elas tentem pressionar de todas as formas contra os hacks e aplicativos que elas consideram “abusivos” por permitir que usuários de planos de dados contratualmente exclusivos para uso pelo celular façam este tipo de conexão, vulgarmente conhecida como “usar o celular como modem” (via USB ou Bluetooth) ou “usar o celular como roteador Wi-Fi”.
No Brasil a situação dos planos é diferente, mas nos EUA a pressão das operadoras aparentemente está chegando ao Google, que está operando em conjunto com elas para restringir determinados aplicativos do Android Market que permitiam oferecer capacidade de compartilhamento que excede a do plano de dados contratado. Caso interessante a ser acompanhado! (via osnews.com)
Re-post Analisando aplicações Linux com strace e ltrace
Neste artigo vamos estudar o uso das ferramentas strace e ltrace para analisar aplicações Linux.
Alguma vez você já tentou executar uma aplicação de linha de comando em Linux que simplesmente retornava sem exibir nenhuma mensagem de erro? Ou então um erro de segmentation fault que não fazia sentido? Já precisou entender porque uma aplicação estava demorando demais para executar? Ou travando sem nenhuma explicação?
Estas são situações bastante comuns em Linux, seja no universo desktop ou embarcado. Mas você não precisa se desesperar! Você esta em um ambiente ideal para debugar aplicações.
Olhe só este exemplo. O netcat (ou nc) é uma popular ferramenta de rede para trabalhar com o protocolo TCP/IP. O comando abaixo visa se conectar em um servidor na máquina local e na porta 1234.
$ nc localhost 1234
$
Veja que o comando simplesmente retornou sem exibir nenhuma mensagem de erro. O que aconteceu? Qual a melhor forma de analisar este tipo de situação?
É aí que entram as ferramentas strace e ltrace.
STRACE
O strace é uma ferramenta que monitora as chamadas de sistema (system calls) e os sinais recebidos pela aplicação. A maneira mais comum de executá-la é passando a aplicação a ser monitorada como parâmetro.
Voltando ao nosso exemplo, veja como ela funciona:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ strace nc localhost 1234
execve("/bin/nc", ["nc", "localhost", "2000"], [/* 37 vars */]) = 0
brk(0) = 0x9864000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7835000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=127096, ...}) = 0
mmap2(NULL, 127096, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7815000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
..........
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(2000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
select(4, NULL, [3], NULL, NULL) = 1 (out [3])
getsockopt(3, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
fcntl64(3, F_SETFL, O_RDWR) = 0
close(3) = 0
close(-1) = -1 EBADF (Bad file descriptor)
exit_group(1) = ?
Cada linha é uma chamada de sistema com os parâmetros e o código de retorno. Foram 262 chamadas ao sistema no total, e por questões de espaço, estou exibindo apenas as 10 primeiras e as 10 últimas linhas. Mas estas linhas são suficientes para entender o que esta acontecendo ao executar o comando nc.
Na linha 16, a chamada à função connect() esta retornando erro (-1) ao se conectar na minha máquina (127.0.0.1) na porta 1234 (não existe nenhum servidor na minha máquina escutando a porta 1234).
O exemplo foi bem simples, mas nos dá uma noção do poder desta ferramenta. A grande vantagem é que não precisamos do código-fonte da aplicação, nem de símbolos no arquivo binário. Tudo isso funciona através de uma funcionalidade fornecida pelo kernel, chamada de ptrace, que possibilita que um processo possa controlar outro processo, manipulando seus descritores de arquivo, memória, registradores, etc. É isso que faz o strace.
É claro que existem muitas outras aplicações para o strace. Basta usar a imaginação.
Você já instalou alguma aplicação mas não sabia onde ela buscava o arquivo de configuração? O comando abaixo pode te responder:
$ strace app_name 2>&1 | grep "open" | grep "\/etc"
Com este comando, buscamos todas as chamadas open() em arquivos dentro de “/etc”.
Perceba também que o strace não serve apenas para debug. É também a ferramenta perfeita para você entender o funcionamento de uma aplicação e até fazer engenharia reversa quando o que você tem é apenas o binário.
Além disso, com o strace podemos fazer análise de performance através do parâmetro “–c”.
$ strace -c du /home/sprado
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
70.16 0.273238 12 23144 getdents64
28.63 0.111506 1 104334 fstatat64
0.43 0.001680 0 11559 write
0.29 0.001130 0 23734 close
0.24 0.000927 0 34716 fcntl64
0.23 0.000881 0 12148 openat
0.02 0.000096 0 12166 fstat64
0.00 0.000000 0 3 read
0.00 0.000000 0 30 13 open
0.00 0.000000 0 1 execve
0.00 0.000000 0 3 3 access
0.00 0.000000 0 14 brk
0.00 0.000000 0 2 munmap
0.00 0.000000 0 4 mprotect
0.00 0.000000 0 21 mmap2
0.00 0.000000 0 1 set_thread_area
------ ----------- ----------- --------- --------- ----------------
100.00 0.389458 221880 16 total
Temos algumas informações valiosas na saída deste comando. Os contadores de cada chamada do sistema (calls) e tempo de processamento (seconds) são extremamente úteis quando queremos saber onde esta o gargalo na execução da nossa aplicação.
Existem ainda muitas outras funcionalidades. Você pode monitorar apenas as chamadas de sistema relacionadas à rede usando “trace=network” como parâmetro, ou então a comunicação entre processos usando “trace=ipc”. Uma descrição completa das funcionalidades do strace podem ser encontradas no manual da ferramenta.
$ man strace
LTRACE
O ltrace tem as mesmas características do strace, mas ao invés de monitorar as chamadas do sistema, ele monitora as chamadas às funções das bibliotecas carregadas dinamicamente.
Veja como ficaria o nosso exemplo do “nc” com o ltrace:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ltrace nc localhost 1234
__libc_start_main(0x804a700, 3, 0xbf868d94, 0x804caa0, 0x804ca90
getopt(3, 0xbf868d94, "46Ddhi:jklnP:p:q:rSs:tT:Uuvw:X:x"...) = -1
getservbyname("1234", "tcp") = NULL
strchr("1234", '-') = NULL
strtoul(0xbf86a695, 0xbf866b4c, 10, 0xbf868d94, 0x804d0f8) = 1234
calloc(1, 6) = 0x091c0520
getaddrinfo("localhost", "1234", 0xbf866b78, 0xbf866b4c) = 0
socket(2, 1, 6) = 3
fcntl(3, 3, 0, 0xbf866b4c, 0x8e49ae) = 2
fcntl(3, 4, 2050, 0xbf866b4c, 0x8e49ae) = 0
connect(3, 0x91c0cf0, 16, 0xbf866b4c, 0x8e49ae) = -1
__errno_location() = 0xb77eb688
select(4, 0, 0xbf866a98, 0, 0) = 1
getsockopt(3, 1, 4, 0xbf866b44, 0xbf866b40) = 0
fcntl(3, 4, 2, 0xbf866b44, 0xbf866b40) = 0
close(3) = 0
freeaddrinfo(0x091c0cd0) =
close(-1) = -1
exit(1
+++ exited (status 1) +++
Veja que, da mesma forma, conseguimos identificar o problema na chamada a connect() na linha 12.
O detalhe aqui é que esta ferramenta monitora apenas a chamada às funções de biblioteca linkadas dinamicamente com a aplicação, e por isso você não conseguirá usá-la se a aplicação for linkada estaticamente com as bibliotecas do sistema.
NO UNIVERSO EMBEDDED
A utilização destas ferramentas em Linux embarcado é idêntica. A única diferença é que você irá precisar cross-compilar o strace e o ltrace para executar na sua arquitetura-alvo.
O conhecimento e o uso deste tipo de ferramenta é essencial para o desenvolvedor Linux. Seja para debugar um problema em determinada aplicação, monitorar sua performance ou aprender sobre seu funcionamento, investir um tempo para conhecê-la mais profundamente é extremamente válido. Mas não existe conhecimento sem prática. Portanto, mãos à obra!
Um abraço,
Sergio Prado
Alguma vez você já tentou executar uma aplicação de linha de comando em Linux que simplesmente retornava sem exibir nenhuma mensagem de erro? Ou então um erro de segmentation fault que não fazia sentido? Já precisou entender porque uma aplicação estava demorando demais para executar? Ou travando sem nenhuma explicação?
Estas são situações bastante comuns em Linux, seja no universo desktop ou embarcado. Mas você não precisa se desesperar! Você esta em um ambiente ideal para debugar aplicações.
Olhe só este exemplo. O netcat (ou nc) é uma popular ferramenta de rede para trabalhar com o protocolo TCP/IP. O comando abaixo visa se conectar em um servidor na máquina local e na porta 1234.
$ nc localhost 1234
$
Veja que o comando simplesmente retornou sem exibir nenhuma mensagem de erro. O que aconteceu? Qual a melhor forma de analisar este tipo de situação?
É aí que entram as ferramentas strace e ltrace.
STRACE
O strace é uma ferramenta que monitora as chamadas de sistema (system calls) e os sinais recebidos pela aplicação. A maneira mais comum de executá-la é passando a aplicação a ser monitorada como parâmetro.
Voltando ao nosso exemplo, veja como ela funciona:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ strace nc localhost 1234
execve("/bin/nc", ["nc", "localhost", "2000"], [/* 37 vars */]) = 0
brk(0) = 0x9864000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7835000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=127096, ...}) = 0
mmap2(NULL, 127096, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7815000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
..........
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(2000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
select(4, NULL, [3], NULL, NULL) = 1 (out [3])
getsockopt(3, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
fcntl64(3, F_SETFL, O_RDWR) = 0
close(3) = 0
close(-1) = -1 EBADF (Bad file descriptor)
exit_group(1) = ?
Cada linha é uma chamada de sistema com os parâmetros e o código de retorno. Foram 262 chamadas ao sistema no total, e por questões de espaço, estou exibindo apenas as 10 primeiras e as 10 últimas linhas. Mas estas linhas são suficientes para entender o que esta acontecendo ao executar o comando nc.
Na linha 16, a chamada à função connect() esta retornando erro (-1) ao se conectar na minha máquina (127.0.0.1) na porta 1234 (não existe nenhum servidor na minha máquina escutando a porta 1234).
O exemplo foi bem simples, mas nos dá uma noção do poder desta ferramenta. A grande vantagem é que não precisamos do código-fonte da aplicação, nem de símbolos no arquivo binário. Tudo isso funciona através de uma funcionalidade fornecida pelo kernel, chamada de ptrace, que possibilita que um processo possa controlar outro processo, manipulando seus descritores de arquivo, memória, registradores, etc. É isso que faz o strace.
É claro que existem muitas outras aplicações para o strace. Basta usar a imaginação.
Você já instalou alguma aplicação mas não sabia onde ela buscava o arquivo de configuração? O comando abaixo pode te responder:
$ strace app_name 2>&1 | grep "open" | grep "\/etc"
Com este comando, buscamos todas as chamadas open() em arquivos dentro de “/etc”.
Perceba também que o strace não serve apenas para debug. É também a ferramenta perfeita para você entender o funcionamento de uma aplicação e até fazer engenharia reversa quando o que você tem é apenas o binário.
Além disso, com o strace podemos fazer análise de performance através do parâmetro “–c”.
$ strace -c du /home/sprado
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
70.16 0.273238 12 23144 getdents64
28.63 0.111506 1 104334 fstatat64
0.43 0.001680 0 11559 write
0.29 0.001130 0 23734 close
0.24 0.000927 0 34716 fcntl64
0.23 0.000881 0 12148 openat
0.02 0.000096 0 12166 fstat64
0.00 0.000000 0 3 read
0.00 0.000000 0 30 13 open
0.00 0.000000 0 1 execve
0.00 0.000000 0 3 3 access
0.00 0.000000 0 14 brk
0.00 0.000000 0 2 munmap
0.00 0.000000 0 4 mprotect
0.00 0.000000 0 21 mmap2
0.00 0.000000 0 1 set_thread_area
------ ----------- ----------- --------- --------- ----------------
100.00 0.389458 221880 16 total
Temos algumas informações valiosas na saída deste comando. Os contadores de cada chamada do sistema (calls) e tempo de processamento (seconds) são extremamente úteis quando queremos saber onde esta o gargalo na execução da nossa aplicação.
Existem ainda muitas outras funcionalidades. Você pode monitorar apenas as chamadas de sistema relacionadas à rede usando “trace=network” como parâmetro, ou então a comunicação entre processos usando “trace=ipc”. Uma descrição completa das funcionalidades do strace podem ser encontradas no manual da ferramenta.
$ man strace
LTRACE
O ltrace tem as mesmas características do strace, mas ao invés de monitorar as chamadas do sistema, ele monitora as chamadas às funções das bibliotecas carregadas dinamicamente.
Veja como ficaria o nosso exemplo do “nc” com o ltrace:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ltrace nc localhost 1234
__libc_start_main(0x804a700, 3, 0xbf868d94, 0x804caa0, 0x804ca90
getopt(3, 0xbf868d94, "46Ddhi:jklnP:p:q:rSs:tT:Uuvw:X:x"...) = -1
getservbyname("1234", "tcp") = NULL
strchr("1234", '-') = NULL
strtoul(0xbf86a695, 0xbf866b4c, 10, 0xbf868d94, 0x804d0f8) = 1234
calloc(1, 6) = 0x091c0520
getaddrinfo("localhost", "1234", 0xbf866b78, 0xbf866b4c) = 0
socket(2, 1, 6) = 3
fcntl(3, 3, 0, 0xbf866b4c, 0x8e49ae) = 2
fcntl(3, 4, 2050, 0xbf866b4c, 0x8e49ae) = 0
connect(3, 0x91c0cf0, 16, 0xbf866b4c, 0x8e49ae) = -1
__errno_location() = 0xb77eb688
select(4, 0, 0xbf866a98, 0, 0) = 1
getsockopt(3, 1, 4, 0xbf866b44, 0xbf866b40) = 0
fcntl(3, 4, 2, 0xbf866b44, 0xbf866b40) = 0
close(3) = 0
freeaddrinfo(0x091c0cd0) =
close(-1) = -1
exit(1
+++ exited (status 1) +++
Veja que, da mesma forma, conseguimos identificar o problema na chamada a connect() na linha 12.
O detalhe aqui é que esta ferramenta monitora apenas a chamada às funções de biblioteca linkadas dinamicamente com a aplicação, e por isso você não conseguirá usá-la se a aplicação for linkada estaticamente com as bibliotecas do sistema.
NO UNIVERSO EMBEDDED
A utilização destas ferramentas em Linux embarcado é idêntica. A única diferença é que você irá precisar cross-compilar o strace e o ltrace para executar na sua arquitetura-alvo.
O conhecimento e o uso deste tipo de ferramenta é essencial para o desenvolvedor Linux. Seja para debugar um problema em determinada aplicação, monitorar sua performance ou aprender sobre seu funcionamento, investir um tempo para conhecê-la mais profundamente é extremamente válido. Mas não existe conhecimento sem prática. Portanto, mãos à obra!
Um abraço,
Sergio Prado
segunda-feira, 2 de maio de 2011
domingo, 1 de maio de 2011
Pytbull: IDS-IPS Testing Framework para Snort e Suricata
Para aqueles que procuram por uma opção de fonte aberta com o intuito de testar seus dispositivos IDS/IPS, Pytbull é a escolha adequada para esta finalidade. Ele é um framework de testes de Intrusion Detection / Prevention System (IDS / IPS) para Snort e Suricata. Muitos de nós temos conhecimento da importância e da grandiosidade destes dois projetos.
Mesmo que se concentre sobre o Snort e sobre o Suricata, ele também pode ser utilizado para testar a capacidade de detecção e bloqueio de outros IDS / IPS. Além disso, você também pode usá-lo para comparar IDS / IPS, comparar suas modificações de configuração, ou simplesmente para verificar / validar essas configurações. O framework está bem equipado, com cerca de 300 testes agrupados em 8 módulos de testes, tais como:
- clientSideAttacks: Este módulo usa um shell reverso para fornecer ao servidor as instruções para download remoto de arquivos maliciosos.
- testRules: É um teste de regras básicas do módulo. Estes ataques deveriam ser detectados pelas regras definidas e fornecidas com o IDS / IPS.
-badTraffic: Este módulo não transmite pacotes compatíveis com RFC para o servidor para testar como os pacotes são processados e respondidos.
-fragmentedPackets: Este módulo transmite vários payloads para um servidor, na intenção de testar sua capacidade de recompor-los e detectar os ataques.
-multipleFailedLogins: Este módulo testa a capacidade do servidor para controlar vários logins falhos (por exemplo, FTP). Ele faz uso de regras personalizadas sobre o Snort e Suricata.
-evasionTechniques: Este módulo utiliza várias técnicas de evasão para verificar se o IDS/IPS pode detectá-los.
-shellcodes: Este módulo transmite shellcodes diversos para o servidor na porta 21/tcp, para testar a capacidade do servidor de detectar e rejeitar shellcodes.
-denialOfService: Este módulo transmite testa a capacidade do IDS / IPS para se proteger contra tentativas de DoS simples.
Pytbull é facilmente configurável e pode integrar novos módulos no futuro. Depois de baixá-lo, você precisa editar o arquivo config.cfg que acompanha a ferramenta.
Saiba Mais:
[1] Pytbull: An IDS/IPS Testing Framework: http://www.pentestit.com/2011/04/30/pytbull-idsips-testing-framework/
Mesmo que se concentre sobre o Snort e sobre o Suricata, ele também pode ser utilizado para testar a capacidade de detecção e bloqueio de outros IDS / IPS. Além disso, você também pode usá-lo para comparar IDS / IPS, comparar suas modificações de configuração, ou simplesmente para verificar / validar essas configurações. O framework está bem equipado, com cerca de 300 testes agrupados em 8 módulos de testes, tais como:
- clientSideAttacks: Este módulo usa um shell reverso para fornecer ao servidor as instruções para download remoto de arquivos maliciosos.
- testRules: É um teste de regras básicas do módulo. Estes ataques deveriam ser detectados pelas regras definidas e fornecidas com o IDS / IPS.
-badTraffic: Este módulo não transmite pacotes compatíveis com RFC para o servidor para testar como os pacotes são processados e respondidos.
-fragmentedPackets: Este módulo transmite vários payloads para um servidor, na intenção de testar sua capacidade de recompor-los e detectar os ataques.
-multipleFailedLogins: Este módulo testa a capacidade do servidor para controlar vários logins falhos (por exemplo, FTP). Ele faz uso de regras personalizadas sobre o Snort e Suricata.
-evasionTechniques: Este módulo utiliza várias técnicas de evasão para verificar se o IDS/IPS pode detectá-los.
-shellcodes: Este módulo transmite shellcodes diversos para o servidor na porta 21/tcp, para testar a capacidade do servidor de detectar e rejeitar shellcodes.
-denialOfService: Este módulo transmite testa a capacidade do IDS / IPS para se proteger contra tentativas de DoS simples.
Pytbull é facilmente configurável e pode integrar novos módulos no futuro. Depois de baixá-lo, você precisa editar o arquivo config.cfg que acompanha a ferramenta.
Saiba Mais:
[1] Pytbull: An IDS/IPS Testing Framework: http://www.pentestit.com/2011/04/30/pytbull-idsips-testing-framework/
sexta-feira, 29 de abril de 2011
Ramblings: Lack Of IT Security Professionals, University Courses and Unqualified Penetration Testers « Adam On Security:
Today I want to talk to you about my reasoning why the Security Industry is desperate for staff, and explain a little bit about my self as I'm trying to break into the security industry as a network penetration tester, I also have a solid dig at universities, and i'm probably going to offend a lot of people with this, but it needs to be said and this is what freedom of speech is all about.
The State Of The Industry
The UK IT Security Industry is reported to be about 50,000 people short, why is this? In my opinion it's because there is no where for security professionals to practice legitimate hacking techniques outside of spending thousands on various different systems and building networks. This results in there being a large amount of Security staff that don't know how to think like an attacker and a business wondering why their network keeps getting broken into. This in turn creates fear and a greater demand for more security staff creating a vacuum
The Blame Game
I personally blame the state of security education for this shortage. In short you can't teach someone how to hack and how to audit networks without them at some point auditing a real, secure servers in the wild. Even if you could create an environment to train security staff in attack methods, it would no way be as diverse as the array of internet connected business that they will be presented with in the field. The person in training could only ever leave education with a very narrow skill set based on the budget size of the institute where they learnt.
Universities - The Root Of All Evil?
So what happens is Universities pump out thousands of 'security' students that don't know anything about the real security practices or attack methods they will be expected to defend against. I have done my security degree for 2 years now, and I can tell you, I haven't learn a thing about security that I didn't know before I went or that i have learnt in my spare time, and that's not an exaggeration.
Universities in the UK work at the speed of the worst student on the course, so all security students get is repetitious explanations of the basics of computing causing long drawn out tutorials that leave no time for more in depth security concepts.
If your a prospective security student reading this you might think that you'll be challenged with all this useful information that is relevant to your career. Instead all you get for your £9000 a year is watered down and censored horse sh*t. The closest I have come to real security talk is chatting to lecturers outside of lessons because they're not under pressure of talking about "taboo" subjects.
To be blunt universities just don't have the time or balls to teach security students REAL security that they can actually use in the field, they can't talk about things like buffer overflows in detail, they can't step by step explain concepts like SQL injection. This is for two reasons, firstly its like giving students a loaded shotgun, they can't control what you do with that information, and they don't want to be liable. Secondly they don't want it to go over anyone's heads, god forbid a student might actually have to do some extra reading at home to understand something, even worse god forbid a student actually fail! So instead students come out with a piece of paper that says they are qualified to work in IT Security when in fact they have been taught very little about it, instead we have been repetitively spoon fed the basics of computing with a light glance at how one might approach the topic of security, because its less likely to cause a fuss and to go over students heads.
These students then hit the field knowing very little about real security, and it falls to business owners to spend time and money training them from the ground up, or they simply get jobs securing business without a clue about what there doing from an attackers perspective. So what did we just spend 9000 a year on?
Here is what you get for your 9000 a year on a security course each week in the UK
3 Hours of Cisco - Cisco fund a large portion of my University so we don't have a free choice like other courses and are forced to spend 3 years learning a qualification that expires in 3 years (CCNA), oh and did I mention we have to pay them to actually take the certification test ontop of our fees and the end of the 3 years?
1.5 Hours of business studies - Group work making a marketing plan for a product I will never make that isn't really anything to do with my course.
3 Hours of Open systems (linux technologies) quite interesting but I have used linux for 3 years and the things explained are basic even5 months into the module, 90% talking about licensing, 10% actually using linux.
3 Hours of watered down and heavily censored security, for example one way hashing, key exchanges, file systems.
2.5 Hours of Visual Basic programming RFID tags because the Uni is backed by Micro$oft so we have no choice about learning anything other than VB.Net .
(This also assumes the lecturers show up and your lecturer knows what he is talking about. Which isn't always the case)
Now does that sound like someone you want to hire for a network penetration tester position? How about if I told you that these people are being hired to secure databases with your credit card details in ? Scared now - you should be.
Me as a Hacker
I don't hesitate to say I have dabbled in the less legal sides of hacking and security, but ONLY to learn and explore. I don't think you can work in security unless you have done at some point, if you haven't, how do you know if the things you have read about actually work? You haven't practiced anything to do with real auditing, you have just read the books. If you are working in penetration testing and have never dabbled, then at some point your company hired you for a job you were unequipped to do, and it probably cost them more to train you than if they hired someone with a greater skill set.
The Interview
I'll put this to you, If I turned up to a job interview for a penetration tester 'year in industry' tomorrow and there was an equally qualified person applying at the same time for the same position. The person standing next to me has the same degree and the same qualifications, but he has never looked into hacking because he never had the equipment or outlet to practice the skills he could only read about in his spare time.
Then there is me who could root a corporate file server in minutes, social engineer my way through you're companies head quarters with a smile on my face and read your CEO's emails from the coffee shop across the road. Does the interviewer ask me where I learnt these things? Would he even ask if i possessed them as a skill? Or does he look at the piece of paper in front of him and go by the fact that Joe Blogs next to me gets the job because his suit is shinier and he can talk the talk? Then 6 months later the company wonders why they are struggling to explain simple port scanning and network mapping to Joe Blogs and wonders why there is no good quality security staff to be had.
If Kevin Mitnick showed up at your door asking for a job at your network security company, would you turn him down because the origin of his skills is a little dubious? Of course you wouldn't, he is one of the greatest minds in the security (in my opinion) and he doesn't have an LPT or a CEH and his degree is a little out dated, but he has the skills and the mind set.
Security is an industry where you can't just recruit someone because of the papers they hold, anyone can revise and memorize information to pass a course, you need to put the skills they say they have to the test. I'd kill to show up to an interview and the company have an easily compromisable server running in the room to test their applicants. I bet half of the applicants wouldn't know where to start, despite there Security Degree and CCNA emblazoned all over their CV.
Here Is My Challenge
I have learnt all my skill security/penetration skill base on my own, I'm doing my degree because I do need the piece of paper for Penetration Testing firms to even look twice at my CV.
If there is one thing I can tell you, and I tell people time and time again is this: I eat sleep and breath this, I don't stop, Computer Security isn't just a career for me, its a way of life (avoiding cliches). That's not something I can get across on 2 sides of A4 and not something anyone can get with a 3 year course and a light dusting of certifications.
I challenge any UK Penetration Testing Firm or (companies that need an in house penetration tester), If you call me in for an interview for a year in industry placement (September 2011 - 2012), give me 30 minutes of your time with a my laptop, I will show you more penetration testing related skill than any applicant you have seen, and that is a promise. My email is adam@adamonsecurity.com if you want to take me up on that.
Happy Hacking
The State Of The Industry
The UK IT Security Industry is reported to be about 50,000 people short, why is this? In my opinion it's because there is no where for security professionals to practice legitimate hacking techniques outside of spending thousands on various different systems and building networks. This results in there being a large amount of Security staff that don't know how to think like an attacker and a business wondering why their network keeps getting broken into. This in turn creates fear and a greater demand for more security staff creating a vacuum
The Blame Game
I personally blame the state of security education for this shortage. In short you can't teach someone how to hack and how to audit networks without them at some point auditing a real, secure servers in the wild. Even if you could create an environment to train security staff in attack methods, it would no way be as diverse as the array of internet connected business that they will be presented with in the field. The person in training could only ever leave education with a very narrow skill set based on the budget size of the institute where they learnt.
Universities - The Root Of All Evil?
So what happens is Universities pump out thousands of 'security' students that don't know anything about the real security practices or attack methods they will be expected to defend against. I have done my security degree for 2 years now, and I can tell you, I haven't learn a thing about security that I didn't know before I went or that i have learnt in my spare time, and that's not an exaggeration.
Universities in the UK work at the speed of the worst student on the course, so all security students get is repetitious explanations of the basics of computing causing long drawn out tutorials that leave no time for more in depth security concepts.
If your a prospective security student reading this you might think that you'll be challenged with all this useful information that is relevant to your career. Instead all you get for your £9000 a year is watered down and censored horse sh*t. The closest I have come to real security talk is chatting to lecturers outside of lessons because they're not under pressure of talking about "taboo" subjects.
To be blunt universities just don't have the time or balls to teach security students REAL security that they can actually use in the field, they can't talk about things like buffer overflows in detail, they can't step by step explain concepts like SQL injection. This is for two reasons, firstly its like giving students a loaded shotgun, they can't control what you do with that information, and they don't want to be liable. Secondly they don't want it to go over anyone's heads, god forbid a student might actually have to do some extra reading at home to understand something, even worse god forbid a student actually fail! So instead students come out with a piece of paper that says they are qualified to work in IT Security when in fact they have been taught very little about it, instead we have been repetitively spoon fed the basics of computing with a light glance at how one might approach the topic of security, because its less likely to cause a fuss and to go over students heads.
These students then hit the field knowing very little about real security, and it falls to business owners to spend time and money training them from the ground up, or they simply get jobs securing business without a clue about what there doing from an attackers perspective. So what did we just spend 9000 a year on?
Here is what you get for your 9000 a year on a security course each week in the UK
3 Hours of Cisco - Cisco fund a large portion of my University so we don't have a free choice like other courses and are forced to spend 3 years learning a qualification that expires in 3 years (CCNA), oh and did I mention we have to pay them to actually take the certification test ontop of our fees and the end of the 3 years?
1.5 Hours of business studies - Group work making a marketing plan for a product I will never make that isn't really anything to do with my course.
3 Hours of Open systems (linux technologies) quite interesting but I have used linux for 3 years and the things explained are basic even5 months into the module, 90% talking about licensing, 10% actually using linux.
3 Hours of watered down and heavily censored security, for example one way hashing, key exchanges, file systems.
2.5 Hours of Visual Basic programming RFID tags because the Uni is backed by Micro$oft so we have no choice about learning anything other than VB.Net .
(This also assumes the lecturers show up and your lecturer knows what he is talking about. Which isn't always the case)
Now does that sound like someone you want to hire for a network penetration tester position? How about if I told you that these people are being hired to secure databases with your credit card details in ? Scared now - you should be.
Me as a Hacker
I don't hesitate to say I have dabbled in the less legal sides of hacking and security, but ONLY to learn and explore. I don't think you can work in security unless you have done at some point, if you haven't, how do you know if the things you have read about actually work? You haven't practiced anything to do with real auditing, you have just read the books. If you are working in penetration testing and have never dabbled, then at some point your company hired you for a job you were unequipped to do, and it probably cost them more to train you than if they hired someone with a greater skill set.
The Interview
I'll put this to you, If I turned up to a job interview for a penetration tester 'year in industry' tomorrow and there was an equally qualified person applying at the same time for the same position. The person standing next to me has the same degree and the same qualifications, but he has never looked into hacking because he never had the equipment or outlet to practice the skills he could only read about in his spare time.
Then there is me who could root a corporate file server in minutes, social engineer my way through you're companies head quarters with a smile on my face and read your CEO's emails from the coffee shop across the road. Does the interviewer ask me where I learnt these things? Would he even ask if i possessed them as a skill? Or does he look at the piece of paper in front of him and go by the fact that Joe Blogs next to me gets the job because his suit is shinier and he can talk the talk? Then 6 months later the company wonders why they are struggling to explain simple port scanning and network mapping to Joe Blogs and wonders why there is no good quality security staff to be had.
If Kevin Mitnick showed up at your door asking for a job at your network security company, would you turn him down because the origin of his skills is a little dubious? Of course you wouldn't, he is one of the greatest minds in the security (in my opinion) and he doesn't have an LPT or a CEH and his degree is a little out dated, but he has the skills and the mind set.
Security is an industry where you can't just recruit someone because of the papers they hold, anyone can revise and memorize information to pass a course, you need to put the skills they say they have to the test. I'd kill to show up to an interview and the company have an easily compromisable server running in the room to test their applicants. I bet half of the applicants wouldn't know where to start, despite there Security Degree and CCNA emblazoned all over their CV.
Here Is My Challenge
I have learnt all my skill security/penetration skill base on my own, I'm doing my degree because I do need the piece of paper for Penetration Testing firms to even look twice at my CV.
If there is one thing I can tell you, and I tell people time and time again is this: I eat sleep and breath this, I don't stop, Computer Security isn't just a career for me, its a way of life (avoiding cliches). That's not something I can get across on 2 sides of A4 and not something anyone can get with a 3 year course and a light dusting of certifications.
I challenge any UK Penetration Testing Firm or (companies that need an in house penetration tester), If you call me in for an interview for a year in industry placement (September 2011 - 2012), give me 30 minutes of your time with a my laptop, I will show you more penetration testing related skill than any applicant you have seen, and that is a promise. My email is adam@adamonsecurity.com if you want to take me up on that.
Happy Hacking
quinta-feira, 28 de abril de 2011
Seguraça extrema com LIDS
Autor: Anderson L Tamborim
Data: 21/02/2004
Introdução ao LIDS
1.0 - O que é o LIDS?
LIDS é um patch de melhorias para a kernel do Linux escrita por Xie Huagang e Philippe Biondi. Este patch adiciona esquemas de segurança extrema ao kernel e que não são possíveis apenas com as funções nativas da kernel.
Entre algumas destas funções temos:
Mandatory Access Controls (MACs)
Detecção de Port Scanners
Proteção de acesso a arquivos e pastas (incluindo pelo root)
Proteção de processos, módulos e interfaces.
1.1 - Porque utilizar o LIDS?
LIDS é um conjunto indispensável de ferramentas que vem sofrendo muitas melhorias nos últimos anos e me arrisco a dizer que ele está no auge do seu potencial com a versão 2.4.24 e 2.6 do kernel do Linux.
As ferramentas que acompanham o LIDS são muito fáceis de utilizar e configurar. Quem trabalha com segurança e deseja alcançar um nível superior de segurança dentro do seu sistema NECESSITA conhecer LIDS.
O LIDS, como vocês verão, não é uma ferramenta para se utilizar em micros de usuários devido a robustez de sua configuração, o que causaria uma série de problemas que o tornam de certa forma inviável, sendo que também temos ótimas ferramentas de IDS para Linux que usuários podem utilizar, como Snort, Portsentry, entre outras.
Com o LIDS podemos restringir qualquer acesso ao nosso sistema e ele nos manterá totalmente informado de tudo que esta havendo no sistema, qualquer tentativa de burlar sistemas protegidos pelo LIDS é documentada em emails e nos logs.
1.2 - Onde posso conseguir o LIDS?
Bom, o LIDS é uma atualização FREE para a kernel. Pode ser encontrada em http://www.lids.org e também nesta lista de mirrors: http://www.lids.org/mirrors.html.
1.3 - Direitos e Copyright
This software is copyright(c) 2000, 2001, 2002 for Steve Bremer - 2002, 2003 for Sander Klein and it is a FREE document. You may redistribute it under the terms of the GNU General Public License. The information herein this document is, to the best of Sander's knowledge, correct. However, LIDS and the LIDS-FAQ is written by humans and thus, the chance of mistakes, bugs, etc. might occur from time to time. No person, group, or other body is responsible for any damage on your computer(s) and any other losses by using the information on this document. i.e. "THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT."
Instalando o LIDS
2.1 - Como aplicar o patch do LIDS ao meu kernel?
A primeira coisa que devemos fazer é entrar em www.lids.org e baixar a versão de LIDS que corresponde ao kernel que iremos compilar, recomendo o kernel 2.4.24.
Se você não possui a versão deste kernel, poderá baixa-lo em www.kernel.org. Não entrarei em detalhes de como recompilar o kernel, se caso você que esteja lendo não possui tal habilidade, procure documentação antes de prosseguir.
Vamos descompactar o arquivo:
$ tar -zxvf lids-lids_version-kernel_version.tar.gz
Agora vamos entrar na pasta do nosso kernel:
$ cd /usr/src/linux
Agora aplicar o patch:
# patch -p1 < /path/to/lids/patch/lids-lids_version-kernel_version.patch Agora que o patch está aplicado, configure o seu kernel normalmente com o "make menuconfig". Você verá que apareceu um menu a mais na lista com o nome de Linux Intrusion Detection System. Para que o LIDS funcione, você deverá ter selecionados os seguintes esquemas: [*] Prompt for development and/or incomplete code/drivers [*] Sysctl Support General setup --->
[*] Networking support
[*] PCI support
(Any) PCI access mode
[*] PCI quirks
[ ] PCI bridge optimization (experimental)
[*] Backward-compatible /proc/pci
[ ] MCA support
[ ] SGI Visual Workstation support
[*] System V IPC
[ ] BSD Process Accounting
[*] Sysctl support
<*> Kernel support for a.out binaries
<*> Kernel support for ELF binaries
<*> Kernel support for MISC binaries
Kernel support for JAVA binaries (obsolete)
< > Parallel port support
[ ] Advanced Power Management BIOS support
Networking options ---> *(Personalize de acordo com suas
necessidades)
<*> Packet socket
[*] Kernel/User netlink socket
[*] Routing messages
<*> Netlink device emulation
[*] Network firewalls
[ ] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[ ] IP: multicasting
[*] IP: advanced router
[ ] IP: policy routing
[*] IP: equal cost multipath
[ ] IP: use TOS value as routing key
[*] IP: verbose route monitoring
[*] IP: large routing tables
[ ] IP: kernel level autoconfiguration
[*] IP: firewalling
[*] IP: firewall packet netlink device
[ ] IP: transparent proxy support
[*] IP: masquerading
--- Protocol-specific masquerading support will be built as
modules.
[*] IP: ICMP masquerading
--- Protocol-specific masquerading support will be built as
modules.
[*] IP: masquerading special modules support
IP: ipautofw masq support (EXPERIMENTAL)
IP: ipportfw masq support (EXPERIMENTAL)
IP: ip fwmark masq-forwarding support (EXPERIMENTAL)
[*] IP: optimize as router not host
< > IP: tunneling
< > IP: GRE tunnels over IP
[*] IP: aliasing support
[ ] IP: ARP daemon support (EXPERIMENTAL)
[*] IP: TCP syncookie support (not enabled per default)
--- (it is safe to leave these untouched)
< > IP: Reverse ARP
[*] IP: Allow large windows (not recommended if <16Mb of memory) < > The IPv6 protocol (EXPERIMENTAL)
opções do lids no kernel -->
Linux Intrusion Detection System --->
[*] Linux Intrusion Detection System support (EXPERIMENTAL)
--- LIDS features
(1024) Maximum protected objects to manage
(1024) Maximum ACL subjects to manage
(1024) Maximum ACL objects to manage
(1024) Maximum protected proceeds
[ ] Hang up console when raising a securit alert
[ ] Security alert when execing unprotected programs before
sealing LIDS
[*] Try not to flood logs
(60)Authorised time between two identic logs (seconds)
[*] Allow switching LIDS protections
(3)Number of attempts to submit password
(3) Time to wait after a fail (seconds)
[ ] Allow remote users to switch LIDS protections
[ ] Allow any program to switch LIDS protections
[*] Allow reloading config. File
[*] Port Scanner Detector in kernel
[*] Send security alerts through network
[ ] Hide klids kernel thread
(3) Number of connection tries before giving up
(30)Sleep time after a failed connection
(16)Message queue size
Muito bem, agora recompile seu kernel normalmente como sempre faz. Adicione a imagem no seu gerenciador de inicialização e tudo mais. Pronto, seu kernel tem suporte ao LIDS.
2.2 - Instalando Lidsadm & Lidsconf
Entre na pasta onde você descompactou o LIDS:
$ tar -zvxf lidstools-version.tar.gz
$ cd lidstools-version
$ ./configure
$ make
$ su -
# make install
Junto ao LIDS, a versão que vem do lidstools já é antiga, puxe a versão 0.5.1 na página do LIDS e compile ela.
Muito bem, depois que terminar de compilar ele vai pedir uma senha, coloque uma que se lembre depois, porque ela será muito importante.
Depois que você instalar poderá ver se está tudo rodando perfeitamente:
$ lidsadm -v
Ele retornará a versão do lidsadm.
Bom... Primeira DICA: não reinicie seu sistema ainda ou então ele estará totalmente bloqueado. Recomendo-lhe limpar todas as funções do LIDS antes de reiniciar.
Se você olhar em /etc/lids/, teremos 2 arquivos:
Lids.cap -> Arquivo com as funções de capabilities
Lids.conf -> com as Entradas de configuração que editaremos
São os principais que usaremos.
Conhecendo o LIDS
3.1 - /sbin/lidsadm & /sbin/lidsconf
O lidsadm é um software que usaremos para administrar nosso LIDS. Vamos dar uma analisada básica nele:
# lidsadm -h
lidsadm version 0.4.1 for LIDS project
Huagang Xie
Philippe Biondi
Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]
lidsadm -V
lidsadm -h
Commands:
-S To submit a password to switch some protections
-I To switch some protections without submitting
password (sealing time)
-V To view current LIDS state (caps/flags)
-v To show the version
-h To list this help
Available capabilities:
CAP_CHOWN chown(2)/chgrp(2)
CAP_DAC_OVERRIDE DAC access
CAP_DAC_READ_SEARCH DAC read
CAP_FOWNER owner ID not equal user ID
CAP_FSETID effective user ID not equal owner ID
CAP_KILL real/effective ID not equal process ID
CAP_SETGID set*gid(2)
CAP_SETUID set*uid(2)
CAP_SETPCAP transfer capability
CAP_LINUX_IMMUTABLE immutable and append file attributes
CAP_NET_BIND_SERVICE binding to ports below 1024
CAP_NET_BROADCAST broadcasting/listening to multicast
CAP_NET_ADMIN interface/firewall/routing changes
CAP_NET_RAW raw sockets
CAP_IPC_LOCK locking of shared memory segments
CAP_IPC_OWNER IPC ownership checks
CAP_SYS_MODULE insertion and removal of kernel modules
CAP_SYS_RAWIO ioperm(2)/iopl(2) access
CAP_SYS_CHROOT chroot(2)
CAP_SYS_PTRACE ptrace(2)
CAP_SYS_PACCT configuration of process accounting
CAP_SYS_ADMIN tons of admin stuff
CAP_SYS_BOOT reboot(2)
CAP_SYS_NICE nice(2)
CAP_SYS_RESOURCE setting resource limits
CAP_SYS_TIME setting system time
CAP_SYS_TTY_CONFIG tty configuration
CAP_MKNOD mknod operation
CAP_LEASE taking leases on files
CAP_HIDDEN hidden process
CAP_KILL_PROTECTED kill protected programs
CAP_PROTECTED Protect the process from signals
Available flags:
LIDS de-/activate LIDS locally (the shell & childs)
LIDS_GLOBAL de-/activate LIDS entirely
RELOAD_CONF reload config. file and inode/dev of
protected programs
Temos a lista de todos os "capabilities".
Com o lidsconf faremos as configurações do LIDS no nosso sistema, ou seja, o que iremos bloquear e o que iremos liberar. O lidsconf na sua instalação gera uma configuração padrão que podemos analizar assim:
# lidsconf -h
lidsconf version 0.4.1 for the LIDS project
Huagang Xie
Philippe Biondi
Usage: lidsconf -A [-s subject] -o object [-d] [-t from-to]
[-i level] -j ACTION
lidsconf -D [-s file] [-o file]
lidsconf -Z
lidsconf -U
lidsconf -L [-e]
lidsconf -P
lidsconf -v
lidsconf -[h|H]
Commands:
-A,--add To add an entry
-D,--delete To delete an entry
-Z,--zero To delete all entries
-U,--update To update dev/inode numbers
-L,--list To list all entries
-P,--passwd To encrypt a password with RipeMD-160
-v,--version To show the version
-h,--help To list this help
-H,--morehelp To list this help with CAP/SOCKET name
subject: -s,--subject subj
can be any program, must be a file
object: -o,--object [obj]
can be a file, directory or Capability, Socket Name
ACTION: -j,--jump
DENY deny access
READONLY read only
APPEND append only
WRITE writable
GRANT grant capability to subject
IGNORE ignore any permissions set on this object
DISABLE disable some extersion feature
OPTION:
-d,--domain The object is an EXEC Domain
-i,--inheritance Inheritance level
-t,--time Time dependency
-e,--extended Extended list
Os comandos principais que usaremos serão:
lidsconf -L: lista as configurações atuais.
lidsconf -Z: zera as configurações.
lidsconf -U: Atualiza as configurações, sempre deve-se atualizar quando se acrescenta uma nova regra.
Como posso setar uma nova password:
# lidsconf -P
MAKE PASSWD
enter new password:
reenter new password:
wrote password to /etc/lids/lids.pw
A senha ficará escrita nesse arquivo com criptografia de 185 bits.
3.2 - Como dizer ao LIDS para recarregar minha configuração?
Bom, para que isso ocorra você deve ter selecionado esses esquemas no seu menuconfig:
[*] Allow switching LIDS protections
(3) Number of attempts to submit password
(30) Time to wait after a fail (seconds)
[ ] Allow remote users to switch LIDS protections
[ ] Allow any program to switch LIDS protections
[*] Allow reloading config. file <-----------
# lidsadm -S -- +RELOAD_CONF
Isso irá recarregar o seu LIDS com as novas configurações sem precisar reiniciar o kernel.
3.3 - Socorro meu sistema esta totalmente bloqueado
Bom, se isso acontecer você deverá bootar seu linux pelo kernel antigo (sem LIDS) e retirar todos os atributos de configurações existentes para deixar tudo zerado:
# /sbin/lidsconf -Z
# /sbin/lidsconf -U
Porque rebootar por outro kernel?
Por que provavelmente você não conseguirá acessar as configurações do LIDS pelo kernel rodando ele. Ele estará bloqueado por padrão.
3.4 - Sem rebootar a máquina como posso desabilitar o LIDS?
Para conseguir essa façanha, utilize este comando:
# lidsadm -S -- -LIDS_GLOBAL
Agora você terá o LIDS desabilitado e seu sistema estará totalmente desprotegido por ele, caso queira ligá-lo novamente utilize:
# lidsadm -S -- +LIDS_GLOBAL
3.4 - Como ver o status do meu LIDS?
O comando abaixo nos trará uma saída com as funções que estão em uso pelo kernel:
# lidsadm -V
VIEW
CAP_CHOWN 0
CAP_DAC_OVERRIDE 0
CAP_DAC_READ_SEARCH 0
CAP_FOWNER 0
CAP_FSETID 0
CAP_KILL 0
CAP_SETGID 0
CAP_SETUID 0
CAP_SETPCAP 0
CAP_LINUX_IMMUTABLE 0
CAP_NET_BIND_SERVICE 0
CAP_NET_BROADCAST 0
CAP_NET_ADMIN 0
CAP_NET_RAW 0
CAP_IPC_LOCK 0
CAP_IPC_OWNER 0
CAP_SYS_MODULE 0
CAP_SYS_RAWIO 0
CAP_SYS_CHROOT 0
CAP_SYS_PTRACE 0
CAP_SYS_PACCT 0
CAP_SYS_ADMIN 0
CAP_SYS_BOOT 1
CAP_SYS_NICE 0
CAP_SYS_RESOURCE 1
CAP_SYS_TIME 0
CAP_SYS_TTY_CONFIG 0
CAP_MKNOD 0
CAP_LEASE 0
CAP_HIDDEN 1
CAP_KILL_PROTECTED 0
CAP_PROTECTED 0
LIDS 0
LIDS_GLOBAL 1
RELOAD_CONF 0
Configurando o LIDS
4.1 - Protegendo um arquivo/pasta como "somente leitura"
Essa configuração não irá permitir que nenhum usuário consiga escrever nos arquivos protegidos. Essa atitude é muito útil em caso de arquivos binários como o /bin/login, /bin/su para evitar o trabalho de rootkits.
Devemos frisar que quando digo nenhum usuário, me refiro a nenhum mesmo, nem mesmo o root. Portanto cuidado com os arquivos que irá proteger.
# lidsconf -A -o /path/to/file -j READONLY
Isso será necessário para proteger o arquivo como somente leitura. Se quisermos proteger uma pasta toda, basta colocarmos a pasta que queremos:
# lidsconf -A -o /pasta -j READONLY
E todas subpastas e arquivos de dentro estarão protegidos.
4.2 - Protegendo um arquivo/pasta tornando-o oculto e inacessível por usuários
Essa configuração tornará o arquivo protegido como invisível e inacessível para os usuários e para o sistema. Assim ele se tornará quase que algo não existente.
Raramente usaremos esses parâmetros sozinhos e sim em conjuntos para obter um controle em que softwares poderão escrever em determinados arquivos e tudo mais.
# lidsconf -A -o /path/file -j DENY
Com isso o arquivo ficará totalmente inacessível.
Isso e muito útil quando temos um servidor em que não se adiciona usuários, daí faremos o seguinte esquema para proteger o /etc/shadow:
# lidsconf -A -o /etc/shadow -j DENY
# lidsconf -A -o /bin/login -j READONLY
# lidsconf -A -s /bin/login -j READONLY
Isso faria com que nós conseguíssemos logar no sistema, mesmo o /etc/shadow estando totalmente inacessível ao sistema. Somente o /bin/login interage com ele.
4.3 - Como proteger meus arquivos de logs?
Bom, com certeza que arquivos de logs são os alvos mais previsíveis durante uma invasão, todo usuário iria querer sumir com suas entradas de dentro deles. Portanto, protegendo os logs como APPEND eles podem apenas ser adicionados, nunca apagados.
# lidsconf -A -o /var/log -j APPEND
Assim o invasor mesmo com root no sistema não conseguiria eliminar seus vestígios no sistema.
Bom, isso é o básico que todos devem saber sobre o LIDS. Vou passar agora umas regras básicas de proteção para o sistema, como por exemplo, proteger determinador daemons.
Configurações básicas para o sistema
Configuração de proteção para o Sistema:
# Protect System Binaries
#
/sbin/lidsconf -A -o /sbin -j READONLY
/sbin/lidsconf -A -o /bin -j READONLY
# Protect all of /usr and /usr/local
# (This assumes /usr/local is on a separate file system).
#
/sbin/lidsconf -A -o /usr -j READONLY
/sbin/lidsconf -A -o /usr/local -j READONLY
# Protect the System Libraries
#(/usr/lib is protected above since /usr/lib generally isn't
# on a separate file system than /usr)
#
/sbin/lidsconf -A -o /lib -j READONLY
# Protect /opt
#
/sbin/lidsconf -A -o /opt -j READONLY
# Protect System Configuration files
#
/sbin/lidsconf -A -o /etc -j READONLY
/sbin/lidsconf -A -o /usr/local/etc -j READONLY
/sbin/lidsconf -A -o /etc/shadow -j DENY
/sbin/lidsconf -A -o /etc/lilo.conf -j DENY
# Enable system authentication
#
/sbin/lidsconf -A -s /bin/login -o /etc/shadow -j READONLY
/sbin/lidsconf -A -s /usr/bin/vlock -o /etc/shadow -j READONLY
/sbin/lidsconf -A -s /bin/su -o /etc/shadow -j READONLY
/sbin/lidsconf -A -s /bin/su -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /bin/su -o CAP_SETGID -j GRANT
# Protect the boot partition
#
/sbin/lidsconf -A -o /boot -j READONLY
# Protect root's home dir, but allow bash history
#
/sbin/lidsconf -A -o /root -j READONLY
/sbin/lidsconf -A -s /bin/bash -o /root/.bash_history -j WRITE
# Protect system logs
#
/sbin/lidsconf -A -o /var/log -j APPEND
/sbin/lidsconf -A -s /bin/login -o /var/log/wtmp -j WRITE
/sbin/lidsconf -A -s /bin/login -o /var/log/lastlog -j WRITE
/sbin/lidsconf -A -s /sbin/init -o /var/log/wtmp -j WRITE
/sbin/lidsconf -A -s /sbin/init -o /var/log/lastlog -j WRITE
/sbin/lidsconf -A -s /sbin/halt -o /var/log/wtmp -j WRITE
/sbin/lidsconf -A -s /sbin/halt -o /var/log/lastlog -j WRITE
/sbin/lidsconf -A -s /etc/rc.d/rc.sysinit -o /var/log/wtmp -i 1 -j WRITE
/sbin/lidsconf -A -s /etc/rc.d/rc.sysinit -o /var/log/lastlog -i 1 -j WRITE
# Startup
#
/sbin/lidsconf -A -s /sbin/hwclock -o /etc/adjtime -j WRITE
# Shutdown
#
/sbin/lidsconf -A -s /sbin/init -o CAP_INIT_KILL -j GRANT
/sbin/lidsconf -A -s /sbin/init -o CAP_KILL -j GRANT
# Give the following init script the proper privileges to kill
# processes and unmount the file systems. However, anyone who can
# execute these scripts by themselves can effectively kill your
# processes. It's better than the alternative, however.
#
# Any ideas on how to get around this are welcome!
#
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_INIT_KILL -i 1 -j GRANT
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_KILL -i 1 -j GRANT
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_NET_ADMIN -i 1 -j GRANT
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_SYS_ADMIN -i 1 -j GRANT
# Other
#
/sbin/lidsconf -A -s /sbin/update -o CAP_SYS_ADMIN -j GRANT
Segurança para Apache:
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o CAP_SETGID -j GRANT
# Config files
/sbin/lidsconf -A -o /etc/httpd -j DENY
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /etc/httpd -j READONLY
# Server Root
/sbin/lidsconf -A -o /usr/local/apache -j DENY
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /usr/local/apache -j READONLY
# Log Files
/sbin/lidsconf -A -o /var/log/httpd -j DENY
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /var/log/httpd -j APPEND
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /usr/local/apache/logs -j WRITE
Segurança para MySQL:
/sbin/lidsconf -A -o /usr/local/mysql/var -j APPEND
/sbin/lidsconf -A -o /usr/local/mysql -j DENY
/sbin/lidsconf -A -s /usr/local/mysql/libexec/mysqld -o /usr/local/mysql -j READONLY
/sbin/lidsconf -A -s /usr/local/mysql/libexec/mysqld -o /usr/local/mysql/var -j WRITE
Segurança para Snort:
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_DAC_OVERRIDE -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_NET_RAW -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_HIDDEN -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_SETGID -j GRANT
Segurança para Postfix:
/sbin/lidsconf -A -o /etc/postfix -j DENY
/sbin/lidsconf -A -o /var/spool/postfix -j DENY
/sbin/lidsconf -A -s /etc/init.d/postfix -o /etc/postfix -j READONLY -i 1
/sbin/lidsconf -A -s /etc/init.d/postfix -o /var/spool/postfix -j WRITE -i 1
/sbin/lidsconf -A -s /usr/sbin/postfix -o /etc/postfix -j READONLY -i 4
/sbin/lidsconf -A -s /usr/sbin/postfix -o /var/spool/postfix -j WRITE -i 4
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_SETGID -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_SETUID -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_HIDDEN -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_DAC_OVERRIDE -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_SYS_CHROOT -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o /etc/aliases.db -j READONLY -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o /var/spool/postfix -j WRITE -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o /etc/postfix -j READONLY -i 1
/sbin/lidsconf -A -s /usr/sbin/postdrop -o /etc/postfix -j READONLY
/sbin/lidsconf -A -s /usr/sbin/postdrop -o /var/spool/postfix -j WRITE
/sbin/lidsconf -A -s /usr/sbin/sendmail -o /etc/postfix -j READONLY
/sbin/lidsconf -A -s /usr/sbin/sendmail -o /var/spool/postfix -j WRITE
Considerações finais
Espero que este texto possa ajudar muita gente a melhorar a segurança de seus servidores e se aprofundar no mundo da segurança digital.
Em www.lids.org temos um FAQ completo onde podemos encontrar muito mais exemplos.
Obrigado por ler meu trabalho, espero que aproveitem bem.
Anderson Luiz Tamborim.
Y2h4ck@linuxmail.org
Fontes: http://www.lids.org
http://www.linuxsecurity.org
- eof --
Data: 21/02/2004
Introdução ao LIDS
1.0 - O que é o LIDS?
LIDS é um patch de melhorias para a kernel do Linux escrita por Xie Huagang e Philippe Biondi. Este patch adiciona esquemas de segurança extrema ao kernel e que não são possíveis apenas com as funções nativas da kernel.
Entre algumas destas funções temos:
Mandatory Access Controls (MACs)
Detecção de Port Scanners
Proteção de acesso a arquivos e pastas (incluindo pelo root)
Proteção de processos, módulos e interfaces.
1.1 - Porque utilizar o LIDS?
LIDS é um conjunto indispensável de ferramentas que vem sofrendo muitas melhorias nos últimos anos e me arrisco a dizer que ele está no auge do seu potencial com a versão 2.4.24 e 2.6 do kernel do Linux.
As ferramentas que acompanham o LIDS são muito fáceis de utilizar e configurar. Quem trabalha com segurança e deseja alcançar um nível superior de segurança dentro do seu sistema NECESSITA conhecer LIDS.
O LIDS, como vocês verão, não é uma ferramenta para se utilizar em micros de usuários devido a robustez de sua configuração, o que causaria uma série de problemas que o tornam de certa forma inviável, sendo que também temos ótimas ferramentas de IDS para Linux que usuários podem utilizar, como Snort, Portsentry, entre outras.
Com o LIDS podemos restringir qualquer acesso ao nosso sistema e ele nos manterá totalmente informado de tudo que esta havendo no sistema, qualquer tentativa de burlar sistemas protegidos pelo LIDS é documentada em emails e nos logs.
1.2 - Onde posso conseguir o LIDS?
Bom, o LIDS é uma atualização FREE para a kernel. Pode ser encontrada em http://www.lids.org e também nesta lista de mirrors: http://www.lids.org/mirrors.html.
1.3 - Direitos e Copyright
This software is copyright(c) 2000, 2001, 2002 for Steve Bremer - 2002, 2003 for Sander Klein and it is a FREE document. You may redistribute it under the terms of the GNU General Public License. The information herein this document is, to the best of Sander's knowledge, correct. However, LIDS and the LIDS-FAQ is written by humans and thus, the chance of mistakes, bugs, etc. might occur from time to time. No person, group, or other body is responsible for any damage on your computer(s) and any other losses by using the information on this document. i.e. "THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT."
Instalando o LIDS
2.1 - Como aplicar o patch do LIDS ao meu kernel?
A primeira coisa que devemos fazer é entrar em www.lids.org e baixar a versão de LIDS que corresponde ao kernel que iremos compilar, recomendo o kernel 2.4.24.
Se você não possui a versão deste kernel, poderá baixa-lo em www.kernel.org. Não entrarei em detalhes de como recompilar o kernel, se caso você que esteja lendo não possui tal habilidade, procure documentação antes de prosseguir.
Vamos descompactar o arquivo:
$ tar -zxvf lids-lids_version-kernel_version.tar.gz
Agora vamos entrar na pasta do nosso kernel:
$ cd /usr/src/linux
Agora aplicar o patch:
# patch -p1 < /path/to/lids/patch/lids-lids_version-kernel_version.patch Agora que o patch está aplicado, configure o seu kernel normalmente com o "make menuconfig". Você verá que apareceu um menu a mais na lista com o nome de Linux Intrusion Detection System. Para que o LIDS funcione, você deverá ter selecionados os seguintes esquemas: [*] Prompt for development and/or incomplete code/drivers [*] Sysctl Support General setup --->
[*] Networking support
[*] PCI support
(Any) PCI access mode
[*] PCI quirks
[ ] PCI bridge optimization (experimental)
[*] Backward-compatible /proc/pci
[ ] MCA support
[ ] SGI Visual Workstation support
[*] System V IPC
[ ] BSD Process Accounting
[*] Sysctl support
<*> Kernel support for a.out binaries
<*> Kernel support for ELF binaries
<*> Kernel support for MISC binaries
< > Parallel port support
[ ] Advanced Power Management BIOS support
Networking options ---> *(Personalize de acordo com suas
necessidades)
<*> Packet socket
[*] Kernel/User netlink socket
[*] Routing messages
<*> Netlink device emulation
[*] Network firewalls
[ ] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[ ] IP: multicasting
[*] IP: advanced router
[ ] IP: policy routing
[*] IP: equal cost multipath
[ ] IP: use TOS value as routing key
[*] IP: verbose route monitoring
[*] IP: large routing tables
[ ] IP: kernel level autoconfiguration
[*] IP: firewalling
[*] IP: firewall packet netlink device
[ ] IP: transparent proxy support
[*] IP: masquerading
--- Protocol-specific masquerading support will be built as
modules.
[*] IP: ICMP masquerading
--- Protocol-specific masquerading support will be built as
modules.
[*] IP: masquerading special modules support
[*] IP: optimize as router not host
< > IP: tunneling
< > IP: GRE tunnels over IP
[*] IP: aliasing support
[ ] IP: ARP daemon support (EXPERIMENTAL)
[*] IP: TCP syncookie support (not enabled per default)
--- (it is safe to leave these untouched)
< > IP: Reverse ARP
[*] IP: Allow large windows (not recommended if <16Mb of memory) < > The IPv6 protocol (EXPERIMENTAL)
opções do lids no kernel -->
Linux Intrusion Detection System --->
[*] Linux Intrusion Detection System support (EXPERIMENTAL)
--- LIDS features
(1024) Maximum protected objects to manage
(1024) Maximum ACL subjects to manage
(1024) Maximum ACL objects to manage
(1024) Maximum protected proceeds
[ ] Hang up console when raising a securit alert
[ ] Security alert when execing unprotected programs before
sealing LIDS
[*] Try not to flood logs
(60)Authorised time between two identic logs (seconds)
[*] Allow switching LIDS protections
(3)Number of attempts to submit password
(3) Time to wait after a fail (seconds)
[ ] Allow remote users to switch LIDS protections
[ ] Allow any program to switch LIDS protections
[*] Allow reloading config. File
[*] Port Scanner Detector in kernel
[*] Send security alerts through network
[ ] Hide klids kernel thread
(3) Number of connection tries before giving up
(30)Sleep time after a failed connection
(16)Message queue size
Muito bem, agora recompile seu kernel normalmente como sempre faz. Adicione a imagem no seu gerenciador de inicialização e tudo mais. Pronto, seu kernel tem suporte ao LIDS.
2.2 - Instalando Lidsadm & Lidsconf
Entre na pasta onde você descompactou o LIDS:
$ tar -zvxf lidstools-version.tar.gz
$ cd lidstools-version
$ ./configure
$ make
$ su -
# make install
Junto ao LIDS, a versão que vem do lidstools já é antiga, puxe a versão 0.5.1 na página do LIDS e compile ela.
Muito bem, depois que terminar de compilar ele vai pedir uma senha, coloque uma que se lembre depois, porque ela será muito importante.
Depois que você instalar poderá ver se está tudo rodando perfeitamente:
$ lidsadm -v
Ele retornará a versão do lidsadm.
Bom... Primeira DICA: não reinicie seu sistema ainda ou então ele estará totalmente bloqueado. Recomendo-lhe limpar todas as funções do LIDS antes de reiniciar.
Se você olhar em /etc/lids/, teremos 2 arquivos:
Lids.cap -> Arquivo com as funções de capabilities
Lids.conf -> com as Entradas de configuração que editaremos
São os principais que usaremos.
Conhecendo o LIDS
3.1 - /sbin/lidsadm & /sbin/lidsconf
O lidsadm é um software que usaremos para administrar nosso LIDS. Vamos dar uma analisada básica nele:
# lidsadm -h
lidsadm version 0.4.1 for LIDS project
Huagang Xie
Philippe Biondi
Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]
lidsadm -V
lidsadm -h
Commands:
-S To submit a password to switch some protections
-I To switch some protections without submitting
password (sealing time)
-V To view current LIDS state (caps/flags)
-v To show the version
-h To list this help
Available capabilities:
CAP_CHOWN chown(2)/chgrp(2)
CAP_DAC_OVERRIDE DAC access
CAP_DAC_READ_SEARCH DAC read
CAP_FOWNER owner ID not equal user ID
CAP_FSETID effective user ID not equal owner ID
CAP_KILL real/effective ID not equal process ID
CAP_SETGID set*gid(2)
CAP_SETUID set*uid(2)
CAP_SETPCAP transfer capability
CAP_LINUX_IMMUTABLE immutable and append file attributes
CAP_NET_BIND_SERVICE binding to ports below 1024
CAP_NET_BROADCAST broadcasting/listening to multicast
CAP_NET_ADMIN interface/firewall/routing changes
CAP_NET_RAW raw sockets
CAP_IPC_LOCK locking of shared memory segments
CAP_IPC_OWNER IPC ownership checks
CAP_SYS_MODULE insertion and removal of kernel modules
CAP_SYS_RAWIO ioperm(2)/iopl(2) access
CAP_SYS_CHROOT chroot(2)
CAP_SYS_PTRACE ptrace(2)
CAP_SYS_PACCT configuration of process accounting
CAP_SYS_ADMIN tons of admin stuff
CAP_SYS_BOOT reboot(2)
CAP_SYS_NICE nice(2)
CAP_SYS_RESOURCE setting resource limits
CAP_SYS_TIME setting system time
CAP_SYS_TTY_CONFIG tty configuration
CAP_MKNOD mknod operation
CAP_LEASE taking leases on files
CAP_HIDDEN hidden process
CAP_KILL_PROTECTED kill protected programs
CAP_PROTECTED Protect the process from signals
Available flags:
LIDS de-/activate LIDS locally (the shell & childs)
LIDS_GLOBAL de-/activate LIDS entirely
RELOAD_CONF reload config. file and inode/dev of
protected programs
Temos a lista de todos os "capabilities".
Com o lidsconf faremos as configurações do LIDS no nosso sistema, ou seja, o que iremos bloquear e o que iremos liberar. O lidsconf na sua instalação gera uma configuração padrão que podemos analizar assim:
# lidsconf -h
lidsconf version 0.4.1 for the LIDS project
Huagang Xie
Philippe Biondi
Usage: lidsconf -A [-s subject] -o object [-d] [-t from-to]
[-i level] -j ACTION
lidsconf -D [-s file] [-o file]
lidsconf -Z
lidsconf -U
lidsconf -L [-e]
lidsconf -P
lidsconf -v
lidsconf -[h|H]
Commands:
-A,--add To add an entry
-D,--delete To delete an entry
-Z,--zero To delete all entries
-U,--update To update dev/inode numbers
-L,--list To list all entries
-P,--passwd To encrypt a password with RipeMD-160
-v,--version To show the version
-h,--help To list this help
-H,--morehelp To list this help with CAP/SOCKET name
subject: -s,--subject subj
can be any program, must be a file
object: -o,--object [obj]
can be a file, directory or Capability, Socket Name
ACTION: -j,--jump
DENY deny access
READONLY read only
APPEND append only
WRITE writable
GRANT grant capability to subject
IGNORE ignore any permissions set on this object
DISABLE disable some extersion feature
OPTION:
-d,--domain The object is an EXEC Domain
-i,--inheritance Inheritance level
-t,--time Time dependency
-e,--extended Extended list
Os comandos principais que usaremos serão:
lidsconf -L: lista as configurações atuais.
lidsconf -Z: zera as configurações.
lidsconf -U: Atualiza as configurações, sempre deve-se atualizar quando se acrescenta uma nova regra.
Como posso setar uma nova password:
# lidsconf -P
MAKE PASSWD
enter new password:
reenter new password:
wrote password to /etc/lids/lids.pw
A senha ficará escrita nesse arquivo com criptografia de 185 bits.
3.2 - Como dizer ao LIDS para recarregar minha configuração?
Bom, para que isso ocorra você deve ter selecionado esses esquemas no seu menuconfig:
[*] Allow switching LIDS protections
(3) Number of attempts to submit password
(30) Time to wait after a fail (seconds)
[ ] Allow remote users to switch LIDS protections
[ ] Allow any program to switch LIDS protections
[*] Allow reloading config. file <-----------
# lidsadm -S -- +RELOAD_CONF
Isso irá recarregar o seu LIDS com as novas configurações sem precisar reiniciar o kernel.
3.3 - Socorro meu sistema esta totalmente bloqueado
Bom, se isso acontecer você deverá bootar seu linux pelo kernel antigo (sem LIDS) e retirar todos os atributos de configurações existentes para deixar tudo zerado:
# /sbin/lidsconf -Z
# /sbin/lidsconf -U
Porque rebootar por outro kernel?
Por que provavelmente você não conseguirá acessar as configurações do LIDS pelo kernel rodando ele. Ele estará bloqueado por padrão.
3.4 - Sem rebootar a máquina como posso desabilitar o LIDS?
Para conseguir essa façanha, utilize este comando:
# lidsadm -S -- -LIDS_GLOBAL
Agora você terá o LIDS desabilitado e seu sistema estará totalmente desprotegido por ele, caso queira ligá-lo novamente utilize:
# lidsadm -S -- +LIDS_GLOBAL
3.4 - Como ver o status do meu LIDS?
O comando abaixo nos trará uma saída com as funções que estão em uso pelo kernel:
# lidsadm -V
VIEW
CAP_CHOWN 0
CAP_DAC_OVERRIDE 0
CAP_DAC_READ_SEARCH 0
CAP_FOWNER 0
CAP_FSETID 0
CAP_KILL 0
CAP_SETGID 0
CAP_SETUID 0
CAP_SETPCAP 0
CAP_LINUX_IMMUTABLE 0
CAP_NET_BIND_SERVICE 0
CAP_NET_BROADCAST 0
CAP_NET_ADMIN 0
CAP_NET_RAW 0
CAP_IPC_LOCK 0
CAP_IPC_OWNER 0
CAP_SYS_MODULE 0
CAP_SYS_RAWIO 0
CAP_SYS_CHROOT 0
CAP_SYS_PTRACE 0
CAP_SYS_PACCT 0
CAP_SYS_ADMIN 0
CAP_SYS_BOOT 1
CAP_SYS_NICE 0
CAP_SYS_RESOURCE 1
CAP_SYS_TIME 0
CAP_SYS_TTY_CONFIG 0
CAP_MKNOD 0
CAP_LEASE 0
CAP_HIDDEN 1
CAP_KILL_PROTECTED 0
CAP_PROTECTED 0
LIDS 0
LIDS_GLOBAL 1
RELOAD_CONF 0
Configurando o LIDS
4.1 - Protegendo um arquivo/pasta como "somente leitura"
Essa configuração não irá permitir que nenhum usuário consiga escrever nos arquivos protegidos. Essa atitude é muito útil em caso de arquivos binários como o /bin/login, /bin/su para evitar o trabalho de rootkits.
Devemos frisar que quando digo nenhum usuário, me refiro a nenhum mesmo, nem mesmo o root. Portanto cuidado com os arquivos que irá proteger.
# lidsconf -A -o /path/to/file -j READONLY
Isso será necessário para proteger o arquivo como somente leitura. Se quisermos proteger uma pasta toda, basta colocarmos a pasta que queremos:
# lidsconf -A -o /pasta -j READONLY
E todas subpastas e arquivos de dentro estarão protegidos.
4.2 - Protegendo um arquivo/pasta tornando-o oculto e inacessível por usuários
Essa configuração tornará o arquivo protegido como invisível e inacessível para os usuários e para o sistema. Assim ele se tornará quase que algo não existente.
Raramente usaremos esses parâmetros sozinhos e sim em conjuntos para obter um controle em que softwares poderão escrever em determinados arquivos e tudo mais.
# lidsconf -A -o /path/file -j DENY
Com isso o arquivo ficará totalmente inacessível.
Isso e muito útil quando temos um servidor em que não se adiciona usuários, daí faremos o seguinte esquema para proteger o /etc/shadow:
# lidsconf -A -o /etc/shadow -j DENY
# lidsconf -A -o /bin/login -j READONLY
# lidsconf -A -s /bin/login -j READONLY
Isso faria com que nós conseguíssemos logar no sistema, mesmo o /etc/shadow estando totalmente inacessível ao sistema. Somente o /bin/login interage com ele.
4.3 - Como proteger meus arquivos de logs?
Bom, com certeza que arquivos de logs são os alvos mais previsíveis durante uma invasão, todo usuário iria querer sumir com suas entradas de dentro deles. Portanto, protegendo os logs como APPEND eles podem apenas ser adicionados, nunca apagados.
# lidsconf -A -o /var/log -j APPEND
Assim o invasor mesmo com root no sistema não conseguiria eliminar seus vestígios no sistema.
Bom, isso é o básico que todos devem saber sobre o LIDS. Vou passar agora umas regras básicas de proteção para o sistema, como por exemplo, proteger determinador daemons.
Configurações básicas para o sistema
Configuração de proteção para o Sistema:
# Protect System Binaries
#
/sbin/lidsconf -A -o /sbin -j READONLY
/sbin/lidsconf -A -o /bin -j READONLY
# Protect all of /usr and /usr/local
# (This assumes /usr/local is on a separate file system).
#
/sbin/lidsconf -A -o /usr -j READONLY
/sbin/lidsconf -A -o /usr/local -j READONLY
# Protect the System Libraries
#(/usr/lib is protected above since /usr/lib generally isn't
# on a separate file system than /usr)
#
/sbin/lidsconf -A -o /lib -j READONLY
# Protect /opt
#
/sbin/lidsconf -A -o /opt -j READONLY
# Protect System Configuration files
#
/sbin/lidsconf -A -o /etc -j READONLY
/sbin/lidsconf -A -o /usr/local/etc -j READONLY
/sbin/lidsconf -A -o /etc/shadow -j DENY
/sbin/lidsconf -A -o /etc/lilo.conf -j DENY
# Enable system authentication
#
/sbin/lidsconf -A -s /bin/login -o /etc/shadow -j READONLY
/sbin/lidsconf -A -s /usr/bin/vlock -o /etc/shadow -j READONLY
/sbin/lidsconf -A -s /bin/su -o /etc/shadow -j READONLY
/sbin/lidsconf -A -s /bin/su -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /bin/su -o CAP_SETGID -j GRANT
# Protect the boot partition
#
/sbin/lidsconf -A -o /boot -j READONLY
# Protect root's home dir, but allow bash history
#
/sbin/lidsconf -A -o /root -j READONLY
/sbin/lidsconf -A -s /bin/bash -o /root/.bash_history -j WRITE
# Protect system logs
#
/sbin/lidsconf -A -o /var/log -j APPEND
/sbin/lidsconf -A -s /bin/login -o /var/log/wtmp -j WRITE
/sbin/lidsconf -A -s /bin/login -o /var/log/lastlog -j WRITE
/sbin/lidsconf -A -s /sbin/init -o /var/log/wtmp -j WRITE
/sbin/lidsconf -A -s /sbin/init -o /var/log/lastlog -j WRITE
/sbin/lidsconf -A -s /sbin/halt -o /var/log/wtmp -j WRITE
/sbin/lidsconf -A -s /sbin/halt -o /var/log/lastlog -j WRITE
/sbin/lidsconf -A -s /etc/rc.d/rc.sysinit -o /var/log/wtmp -i 1 -j WRITE
/sbin/lidsconf -A -s /etc/rc.d/rc.sysinit -o /var/log/lastlog -i 1 -j WRITE
# Startup
#
/sbin/lidsconf -A -s /sbin/hwclock -o /etc/adjtime -j WRITE
# Shutdown
#
/sbin/lidsconf -A -s /sbin/init -o CAP_INIT_KILL -j GRANT
/sbin/lidsconf -A -s /sbin/init -o CAP_KILL -j GRANT
# Give the following init script the proper privileges to kill
# processes and unmount the file systems. However, anyone who can
# execute these scripts by themselves can effectively kill your
# processes. It's better than the alternative, however.
#
# Any ideas on how to get around this are welcome!
#
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_INIT_KILL -i 1 -j GRANT
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_KILL -i 1 -j GRANT
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_NET_ADMIN -i 1 -j GRANT
/sbin/lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_SYS_ADMIN -i 1 -j GRANT
# Other
#
/sbin/lidsconf -A -s /sbin/update -o CAP_SYS_ADMIN -j GRANT
Segurança para Apache:
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o CAP_SETGID -j GRANT
# Config files
/sbin/lidsconf -A -o /etc/httpd -j DENY
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /etc/httpd -j READONLY
# Server Root
/sbin/lidsconf -A -o /usr/local/apache -j DENY
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /usr/local/apache -j READONLY
# Log Files
/sbin/lidsconf -A -o /var/log/httpd -j DENY
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /var/log/httpd -j APPEND
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd -o /usr/local/apache/logs -j WRITE
Segurança para MySQL:
/sbin/lidsconf -A -o /usr/local/mysql/var -j APPEND
/sbin/lidsconf -A -o /usr/local/mysql -j DENY
/sbin/lidsconf -A -s /usr/local/mysql/libexec/mysqld -o /usr/local/mysql -j READONLY
/sbin/lidsconf -A -s /usr/local/mysql/libexec/mysqld -o /usr/local/mysql/var -j WRITE
Segurança para Snort:
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_DAC_OVERRIDE -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_NET_RAW -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_HIDDEN -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /usr/sbin/snort -o CAP_SETGID -j GRANT
Segurança para Postfix:
/sbin/lidsconf -A -o /etc/postfix -j DENY
/sbin/lidsconf -A -o /var/spool/postfix -j DENY
/sbin/lidsconf -A -s /etc/init.d/postfix -o /etc/postfix -j READONLY -i 1
/sbin/lidsconf -A -s /etc/init.d/postfix -o /var/spool/postfix -j WRITE -i 1
/sbin/lidsconf -A -s /usr/sbin/postfix -o /etc/postfix -j READONLY -i 4
/sbin/lidsconf -A -s /usr/sbin/postfix -o /var/spool/postfix -j WRITE -i 4
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_SETGID -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_SETUID -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_HIDDEN -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_DAC_OVERRIDE -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o CAP_SYS_CHROOT -j GRANT -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o /etc/aliases.db -j READONLY -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o /var/spool/postfix -j WRITE -i 1
/sbin/lidsconf -A -s /usr/lib/postfix/master -o /etc/postfix -j READONLY -i 1
/sbin/lidsconf -A -s /usr/sbin/postdrop -o /etc/postfix -j READONLY
/sbin/lidsconf -A -s /usr/sbin/postdrop -o /var/spool/postfix -j WRITE
/sbin/lidsconf -A -s /usr/sbin/sendmail -o /etc/postfix -j READONLY
/sbin/lidsconf -A -s /usr/sbin/sendmail -o /var/spool/postfix -j WRITE
Considerações finais
Espero que este texto possa ajudar muita gente a melhorar a segurança de seus servidores e se aprofundar no mundo da segurança digital.
Em www.lids.org temos um FAQ completo onde podemos encontrar muito mais exemplos.
Obrigado por ler meu trabalho, espero que aproveitem bem.
Anderson Luiz Tamborim.
Y2h4ck@linuxmail.org
Fontes: http://www.lids.org
http://www.linuxsecurity.org
- eof --
Inserindo data e hora no comando history
Para adicionar a data e hora no comando history você precisa inserir o conteúdo "%h/%d - %H:%M:%S " na variável HISTTIMEFORMAT, então faça:
# export HISTTIMEFORMAT="%h/%d - %H:%M:%S "
Quando reiniciar sua máquina, ou fizer o logoff com o seu usuário, a variável automaticamente será desativada, ou melhor, não terá conteúdo, então você precisa adicionar no .bashrc do seu usuário.
Se você estiver utilizando o usuário root, acesse:
# vim /root/.bashrc
E adicione ao final do arquivo a exportação da variável:
export HISTTIMEFORMAT="%h/%d - %H:%M:%S "
# export HISTTIMEFORMAT="%h/%d - %H:%M:%S "
Quando reiniciar sua máquina, ou fizer o logoff com o seu usuário, a variável automaticamente será desativada, ou melhor, não terá conteúdo, então você precisa adicionar no .bashrc do seu usuário.
Se você estiver utilizando o usuário root, acesse:
# vim /root/.bashrc
E adicione ao final do arquivo a exportação da variável:
export HISTTIMEFORMAT="%h/%d - %H:%M:%S "
Symbian development on Linux and OS X (Como emular symbian no Linux e MAC OS X)
Neste link:http://www.martin.st/symbian/ há uma breve explicação de como fazer isso, mas estou escrevendo um paper melhorado voltado para pentest/análise de malware.
Introduction
Since version 1.03 of my gnupoc package, I've combined SDK patches, updated tool sources and gcc patches into one (slighly larger) package, instead of distributing lots of patches separately. People interested in the old approach can read the old version of this page.
The main goal of this gnupoc patch collection is to be able to build symbian projects on unix-like systems with as little changes as possible to the actual projects. This means that it e.g. uses the same mmp files and external makefiles for icons as on Windows.
My patches and tools are based on the original GnuPoc project.
Using this package, you can build applications for S60 1st, 2nd, 3rd ed and 5th ed, Symbian^3, and UIQ 3, on Linux and OS X. The SDKs can be unpacked and binaries and sis packages be built completely without wine.
The latest, unreleased version is available on GitHub. If you're having problems, you may want to check whether it already has been fixed here.
News/changes
Version 1.20 (March 10, 2010) - Support for Qt 4.7.2 and Qt Mobility 1.1.1, support for installing CodeSourcery GCC 2009q1 (4.3) and 4.4-172, support for the symbian/linux-gcce mkspec in Qt 4.7.x, installing SDK headers with the canonical capitalization (keeping lowercase names via symlinks), support for replacing carbide style environment variables in pkg files in makesis, support for bitmaps in mifconv
Version 1.19 (November 17, 2010) - A critical fix for a bug in 1.18, where elf2e32 was unable to create binaries with UIDs in the unprotected range, on some OSes
Version 1.18 (November 15, 2010) - Bug fixes for Qt 4.7.0, support for Qt 4.7.1, a script for installing Qt Mobility, some improvments to elf2e32 and elftran, support for the new Symbian^3 SDK version
Version 1.17 (September 24, 2010) - Support for installing Open C 1.7.5 (thanks to Tero Hasu), support for installing Qt 4.7.0, in addition to Qt 4.6.3. See the gnupoc-package/sdks/README.qt file for instructions on setting up the Qt SDK.
Version 1.16 (August 12, 2010) - Initial support for using the Qt for Symbian SDKs for building Qt applications, preliminary support for the Symbian^3 SDK beta. See the gnupoc-package/sdks/README.qt file for instructions on setting up the Qt SDK. Additionally, assorted fixes and updates to the toolchain.
Version 1.15 (January 18, 2010) - Added support for some more parameters to elf2e32, fixed a crash in extmake, fixed a problem in one of the installer scripts, as pointed out by Anderson Lizardo.
Version 1.14 (December 1, 2009) - Added support for RVCT, based on patches by Anderson Lizardo, added support for both armv5 and armv5_abiv2. Added an installer script for the Open C/C++ plugins. Updated the bundled unshield source (fixing some 64 bit issues). Fix compilation of CSL GCC on newer linux distributions (newer versions of bison). Large updates to the elf2e32 replacement, fixing handling of some more uncommon combinations. Initial replacements for the elftran, gendirective, genstubs and getexports tools (needed for building armv5 binaries).
Version 1.13 (March 31, 2009) - Updated the S60 5.0 SDK scripts and patches to the 1.0 version of the SDK, recently released, some minor fixes.
Version 1.12 (January 22, 2009) - Fixed compilation with gcc 4.3, integrated a fix for ar in both EKA1 and EKA2 gcc (needed on e.g. Ubuntu 8.10), fixed building DLLs on the S60 3.2 SDK (thanks to Jean-Yves Baudy for pointing this out), assorted fixes for S60 5.0, fix building of the EKA1 gcc on x86_64/linux, initial support for compiling context-sensitive help (requires wine), other misc fixes
Version 1.11 (October 3, 2008) - Initial support for S60 5.0
Version 1.10 (September 4, 2008) - compilation fixes for g++ 4.3 (thanks to Mrinal Kalakrishnan and Jakob Kemi for sending patches!), some minor new features implemented in signsis
Version 1.09 (March 31, 2008) - adds support for S60 3.2, and has some minor bugfixes and new features for the included tools
Version 1.08 (February 27, 2008) - fixes a lot of issues on OS X Leopard. Seems to work fine on most Leopard machines, if you experience problems please let me know.
Version 1.07 (December 04, 2007) - fixes a regression in compiling the EKA1 gcc
Version 1.06 (November 26, 2007) - fixed a bug in elf2e32 which prevented it from working on S60 3.1, fixed some compilation problems on FreeBSD, added an initial patch for the S60 3.2 SDK beta (but no installer script yet, since I haven't found a tool able to unpack the installer). Thanks to all who reported problems and helped solve them!
Version 1.05 (September 14, 2007) - a bugfix for signsis, deflate compression support for petran and elf2e32, build elf2e32 by default, an initial version of a svgt-binary encoder
Version 1.04 (September 2, 2007) - fixes for rcomp, petran and makesis for running on 64-bit linux, small bugfixes in mifconv and elf2e32, better error reporting in the new rcomp, completely new makesis for Symbian 9 SIS files, use unshield instead of i6comp.exe for extracting S60 SDKs
Version 1.03 (August 13, 2007) - support for UIQ 3.0 and 3.1, added most tools except gcc into the package, support for symbian 9 resources in rcomp, elf2e32 replacement, mifconv replacement, support for building the old GCC toolchain on OSX/intel
Version 1.02 (April 7, 2007) - calls external makefiles using wine, some more assorted bugfixes
Version 1.01 (March 5, 2007) - clarified the license, added instructions on doing a read-only installation of the SDKs, some other slight bugfixes
Version 1.0 (October 15, 2006) - initial release
Download the latest package above. First you'll have to install a toolchain for the SDK you want to use. For S60 1st and 2nd ed, you need the EKA1 toolchain, for S60 3rd ed and UIQ 3, you need the EKA2 toolchain.
Installing the EKA1 toolchain
Refer to the tools/README file for more details on this process.
In addition to the GnuPoc archive, you need the source to the modified gcc release (local copy).
Unpack the GnuPoc archive, enter the tools directory, and compile gcc using the install_gcc_539 script:
tar -zxvf gnupoc-package-1.03.tar.gz
cd gnupoc-package-1.03
cd tools
./install_gcc_539 ../../gcc-539-2aeh-source.tar.bz2 ~/symbian-gcc
If you want to have a compiler for the THUMB target, build that with the isntall_gcc_539_thumb script similarly.
Then you can install the rest of the tools. These aren't strictly necessary if wine is available, but recommended. (If omitted, the build scripts uses the exe versions in the SDK instead.)
./install_eka1_tools ~/symbian-gcc
Installing the EKA2 toolchain
Refer to the tools/README file for more details on this process.
In addition to the GnuPoc archive, you need CodeSourcery's GCC. For Linux, you can choose to download the binaries, for other platforms you can compile it from source. (There's also local copies of the Linux binaries and the source.)
To install the binaries, just unpack them (in your home directory):
mkdir csl-gcc
cd csl-gcc
tar -jxvf ../gnu-csl-arm-2005Q1C-arm-none-symbianelf-i686-pc-linux-gnu.tar.bz2
To compile it from source instead, unpack the GnuPoc archive and use the install_csl_gcc script:
tar -zxvf gnupoc-package-1.03.tar.gz
cd gnupoc-package-1.03
cd tools
./install_csl_gcc ../../gnu-csl-arm-2005Q1C-arm-none-symbianelf.src.tar.bz2 ~/csl-gcc
Then you can install the rest of the tools. These aren't strictly necessary if wine is available. (If omitted, the build scripts uses the exe versions in the SDK instead.)
cd gnupoc-package-1.03
cd tools
./install_eka2_tools ~/csl-gcc
Note, this requires openssl libraries to be installed.
SDKs
Refer to the sdks/README file for more details on this process.
After downloading the GnuPoc package above, you still need to get the SDK you want to use from Forum Nokia. (The UIQ SDKs were available from http://developer.uiq.com earlier, but are no longer available.) The following versions are supported at the moment:
Version File name Install script Comments
S60 1st Edition, FP1, WINS nS60_sdk_v1_2.zip install_gnupoc_s60_12
S60 2nd Edition, WINS s60_sdk_v2_0.zip install_gnupoc_s60_20 Working emulator
S60 2nd Edition, FP1, WINS S60_SDK_2_1_NET.zip install_gnupoc_s60_21
S60 2nd Edition, FP1, CW S60_SDK_v21c_CW.zip install_gnupoc_s60_21_cw Working emulator
S60 2nd Edition, FP2, WINS s60_2nd_fp2_sdk_msb.zip install_gnupoc_s60_26 Working emulator
S60 2nd Edition, FP2, CW s60_2nd_fp2_sdk.zip install_gnupoc_s60_26_cw Working emulator
S60 2nd Edition, FP3 s60_2nd_sdk_fp3.zip install_gnupoc_s60_28
S60 3rd Edition, Maintenance Release S60-SDK-0616-3.0-mr.3.749.zip install_gnupoc_s60_30
S60 3rd Edition, FP 1 S60-SDK-200634-3.1-Cpp-f.1090b.zip install_gnupoc_s60_31
S60 3rd Edition, FP 2 S60-3.2-SDK-f.inc3.2130.zip install_gnupoc_s60_32
S60 5th Edition S60_5th_Edition_SDK_v1_0_en.zip install_gnupoc_s60_50
N97 SDK Nokia_N97_SDK_v1_0_en.zip install_gnupoc_s60_50
Symbian^3 Symbian_3_SDK_v0_9_en.zip install_gnupoc_symbian3
UIQ 3.0 UIQ3.0SDK.exe install_gnupoc_uiq_30
UIQ 3.1 UIQ3.1SDK.exe install_gnupoc_uiq_31
(Everything is tested using Wine 0.9.15 and remote X to X11.app on OS X, things might work better or worse on other setups.)
The installation script uses included prebuild binaries of p7zip and a specially patched version of unshield for linux/x86. If you can't run these, see sdks/unshield/README and sdks/7z/README for instructions on compiling native versions of them.
Example on installing an SDK:
tar -zxvf gnupoc-package-1.03.tar.gz
cd gnupoc-package-1.03
cd sdks
./install_gnupoc_s60_26 ../../s60_2nd_fp2_sdk_msb.zip ~/symbian-sdks/s60_26
The install scripts makes almost all files lowercase and patches the build scripts. The exception to the lowercase rule is the GLES include directory and libGLES_CM.lib, for compatibility reasons.
In order to use the SDK, you'll have to set the EPOCROOT environment variable to point to your SDK and add the toolchain directory and the epoc32/tools directory of the SDK to your PATH. This might be cumbersome if frequently switching between different SDKs. To ease that situation, you can install some wrapper scripts:
./install_wrapper ~/gnupoc
If you've installed the toolchains to other directories than mentioned here, edit ~/gnupoc/gnupoc-common.sh and set EKA1TOOLS and EKA2TOOLS to point to where you've installed them. With these wrappers, you only have to have this single directory in your PATH, and depending on the EPOCROOT variable, the correct toolchain is included and scripts from the current SDK are called.
Wine setup
If you're going to use some tools through wine, you have to copy uidcrc.exe from the epoc32/tools directory in the SDK to a directory in the wine path, e.g. ~/.wine/drive_c/windows. By default, wine is only needed for using the windows compilers, but you might use it to run the original tools instead of the native replacements, if you have problems with the native ones.
If using external makefiles (as for building icons in 3rd edition) with wine, copy make.exe and mifconv.exe, too. make.exe probably can be used from any SDK version, but you'll need mifconv.exe from the 3.0 SDK, since mifconv.exe in 3.1 has some problems starting within wine. Note, this is only needed if omitting the extra EKA2 tools above.
In order to build binaries for the emulator, you'll need a windows compiler. Unfortunately, these have to be copied from a real installation. (Perhaps it's possible to do the complete installation of them within wine?)
For the WINS compiler, I've used Visual C++ Toolkit 2003, set up according to this page. Just copy over the C:\Program Files\Microsoft Visual C++ Toolkit 2003 directory to e.g. ~/.wine/drive_c/msvcpp2003.
For the WINSCW compiler, you can install Carbide C++ from Forum Nokia. These instructions apply to Carbide C++ 1.0, for newer versions you might need to use slightly different paths. Copy C:\Program Files\Carbide\plugins\com.nokia.carbide.cpp.support_1.0.0 to e.g. ~/.wine/drive_c/codewarrior.
These have to be added to the wine path. Edit ~/.wine/user.reg, and add this after the WINE REGISTRY Version 2 line:
[Environment]
"Path"="c:\\msvcpp2003\\bin;c:\\codewarrior\\Symbian_Tools\\Command_Line_Tools;c:\\windows;c:\\windows\\system"
(Of course, if you've already got a similar environment definition in that file, add it there instead.)
When using the CW compiler, you'll also need to add these variables to your unix environment (the perl build scripts need them, adding them to the wine environment isn't enough, and if set in the unix environment, they're also automatically available in wine):
export MWCSym2Includes="c:\\codewarrior\\symbian_support\\MSL\\MSL_C\\MSL_Common\\include;c:\\codewarrior\\symbian_support\\MSL\\MSL_C++\\MSL_Common\\include;c:\\codewarrior\\symbian_support\\MSL\\MSL_Extras\\MSL_Common\\include"
export MWSym2Libraries="+c:\\codewarrior\\symbian_support"
export MWSym2LibraryFiles="MSL_All_MSE_Symbian.lib;gdi32.lib;user32.lib;kernel32.lib"
Using it
After installing everything, you're able to compile things in the same way as on windows.
In order to compile most projects, the usage of upper/lowercase for filenames must be cleaned up somewhat. The install scripts clean up the usage of lower/upper case in the bundled examples (by forcing them to lowercase), so the should all be buildable directly. (Or at least it tries to, it might not work reliably in stranger examples.)
To build the hello world example on a S60 3rd edition SDK, do the following:
export PATH=~/gnupoc:${PATH}
export EPOCROOT=~/symbian-sdks/s60_30/
cd ${EPOCROOT}/s60ex/helloworldbasic/group
bldmake bldfiles
abld build gcce urel
cd ../sis
makesis helloworldbasic_gcce.pkg helloworldbasic.sis
For 1st and 2nd edition, use the paths for those SDKs and build using abld build armi urel instead. The .pkg files for those examples are written for the THUMB target. Either update the .pkg file and replace all occurrances of thumb with armi or build them using abld build thumb urel (which requires that you built a thumb compiler).
On 3rd edition, all sis files must be signed before they can be installed. If you haven't already got a key and certificate pair, generate them:
makekeys -cert -expdays 3650 -password mykey.key mycert.cer
This will prompt for information to enter into the certificate, and create a certificate valid for 10 years. (To create a certificate without a password, just leave out -password. The makekeys tool included in this package has a similar but not identical syntax compared to the makekeys tool in the real SDKs.) Then sign the sis file using this certificate:
signsis helloworldbasic.sis helloworldbasic.sisx mycert.cer mykey.key
The newly generated .sisx file can then be installed on a device.
The version of makesis for Symbian 9 included in this package is also able to sign the package directly when creating it, using a built-in certificate. To use this feature, just add the command line parameter -c.
Contact
// Martin Storsjö
Introduction
Since version 1.03 of my gnupoc package, I've combined SDK patches, updated tool sources and gcc patches into one (slighly larger) package, instead of distributing lots of patches separately. People interested in the old approach can read the old version of this page.
The main goal of this gnupoc patch collection is to be able to build symbian projects on unix-like systems with as little changes as possible to the actual projects. This means that it e.g. uses the same mmp files and external makefiles for icons as on Windows.
My patches and tools are based on the original GnuPoc project.
Using this package, you can build applications for S60 1st, 2nd, 3rd ed and 5th ed, Symbian^3, and UIQ 3, on Linux and OS X. The SDKs can be unpacked and binaries and sis packages be built completely without wine.
The latest, unreleased version is available on GitHub. If you're having problems, you may want to check whether it already has been fixed here.
News/changes
Version 1.20 (March 10, 2010) - Support for Qt 4.7.2 and Qt Mobility 1.1.1, support for installing CodeSourcery GCC 2009q1 (4.3) and 4.4-172, support for the symbian/linux-gcce mkspec in Qt 4.7.x, installing SDK headers with the canonical capitalization (keeping lowercase names via symlinks), support for replacing carbide style environment variables in pkg files in makesis, support for bitmaps in mifconv
Version 1.19 (November 17, 2010) - A critical fix for a bug in 1.18, where elf2e32 was unable to create binaries with UIDs in the unprotected range, on some OSes
Version 1.18 (November 15, 2010) - Bug fixes for Qt 4.7.0, support for Qt 4.7.1, a script for installing Qt Mobility, some improvments to elf2e32 and elftran, support for the new Symbian^3 SDK version
Version 1.17 (September 24, 2010) - Support for installing Open C 1.7.5 (thanks to Tero Hasu), support for installing Qt 4.7.0, in addition to Qt 4.6.3. See the gnupoc-package/sdks/README.qt file for instructions on setting up the Qt SDK.
Version 1.16 (August 12, 2010) - Initial support for using the Qt for Symbian SDKs for building Qt applications, preliminary support for the Symbian^3 SDK beta. See the gnupoc-package/sdks/README.qt file for instructions on setting up the Qt SDK. Additionally, assorted fixes and updates to the toolchain.
Version 1.15 (January 18, 2010) - Added support for some more parameters to elf2e32, fixed a crash in extmake, fixed a problem in one of the installer scripts, as pointed out by Anderson Lizardo.
Version 1.14 (December 1, 2009) - Added support for RVCT, based on patches by Anderson Lizardo, added support for both armv5 and armv5_abiv2. Added an installer script for the Open C/C++ plugins. Updated the bundled unshield source (fixing some 64 bit issues). Fix compilation of CSL GCC on newer linux distributions (newer versions of bison). Large updates to the elf2e32 replacement, fixing handling of some more uncommon combinations. Initial replacements for the elftran, gendirective, genstubs and getexports tools (needed for building armv5 binaries).
Version 1.13 (March 31, 2009) - Updated the S60 5.0 SDK scripts and patches to the 1.0 version of the SDK, recently released, some minor fixes.
Version 1.12 (January 22, 2009) - Fixed compilation with gcc 4.3, integrated a fix for ar in both EKA1 and EKA2 gcc (needed on e.g. Ubuntu 8.10), fixed building DLLs on the S60 3.2 SDK (thanks to Jean-Yves Baudy for pointing this out), assorted fixes for S60 5.0, fix building of the EKA1 gcc on x86_64/linux, initial support for compiling context-sensitive help (requires wine), other misc fixes
Version 1.11 (October 3, 2008) - Initial support for S60 5.0
Version 1.10 (September 4, 2008) - compilation fixes for g++ 4.3 (thanks to Mrinal Kalakrishnan and Jakob Kemi for sending patches!), some minor new features implemented in signsis
Version 1.09 (March 31, 2008) - adds support for S60 3.2, and has some minor bugfixes and new features for the included tools
Version 1.08 (February 27, 2008) - fixes a lot of issues on OS X Leopard. Seems to work fine on most Leopard machines, if you experience problems please let me know.
Version 1.07 (December 04, 2007) - fixes a regression in compiling the EKA1 gcc
Version 1.06 (November 26, 2007) - fixed a bug in elf2e32 which prevented it from working on S60 3.1, fixed some compilation problems on FreeBSD, added an initial patch for the S60 3.2 SDK beta (but no installer script yet, since I haven't found a tool able to unpack the installer). Thanks to all who reported problems and helped solve them!
Version 1.05 (September 14, 2007) - a bugfix for signsis, deflate compression support for petran and elf2e32, build elf2e32 by default, an initial version of a svgt-binary encoder
Version 1.04 (September 2, 2007) - fixes for rcomp, petran and makesis for running on 64-bit linux, small bugfixes in mifconv and elf2e32, better error reporting in the new rcomp, completely new makesis for Symbian 9 SIS files, use unshield instead of i6comp.exe for extracting S60 SDKs
Version 1.03 (August 13, 2007) - support for UIQ 3.0 and 3.1, added most tools except gcc into the package, support for symbian 9 resources in rcomp, elf2e32 replacement, mifconv replacement, support for building the old GCC toolchain on OSX/intel
Version 1.02 (April 7, 2007) - calls external makefiles using wine, some more assorted bugfixes
Version 1.01 (March 5, 2007) - clarified the license, added instructions on doing a read-only installation of the SDKs, some other slight bugfixes
Version 1.0 (October 15, 2006) - initial release
Download the latest package above. First you'll have to install a toolchain for the SDK you want to use. For S60 1st and 2nd ed, you need the EKA1 toolchain, for S60 3rd ed and UIQ 3, you need the EKA2 toolchain.
Installing the EKA1 toolchain
Refer to the tools/README file for more details on this process.
In addition to the GnuPoc archive, you need the source to the modified gcc release (local copy).
Unpack the GnuPoc archive, enter the tools directory, and compile gcc using the install_gcc_539 script:
tar -zxvf gnupoc-package-1.03.tar.gz
cd gnupoc-package-1.03
cd tools
./install_gcc_539 ../../gcc-539-2aeh-source.tar.bz2 ~/symbian-gcc
If you want to have a compiler for the THUMB target, build that with the isntall_gcc_539_thumb script similarly.
Then you can install the rest of the tools. These aren't strictly necessary if wine is available, but recommended. (If omitted, the build scripts uses the exe versions in the SDK instead.)
./install_eka1_tools ~/symbian-gcc
Installing the EKA2 toolchain
Refer to the tools/README file for more details on this process.
In addition to the GnuPoc archive, you need CodeSourcery's GCC. For Linux, you can choose to download the binaries, for other platforms you can compile it from source. (There's also local copies of the Linux binaries and the source.)
To install the binaries, just unpack them (in your home directory):
mkdir csl-gcc
cd csl-gcc
tar -jxvf ../gnu-csl-arm-2005Q1C-arm-none-symbianelf-i686-pc-linux-gnu.tar.bz2
To compile it from source instead, unpack the GnuPoc archive and use the install_csl_gcc script:
tar -zxvf gnupoc-package-1.03.tar.gz
cd gnupoc-package-1.03
cd tools
./install_csl_gcc ../../gnu-csl-arm-2005Q1C-arm-none-symbianelf.src.tar.bz2 ~/csl-gcc
Then you can install the rest of the tools. These aren't strictly necessary if wine is available. (If omitted, the build scripts uses the exe versions in the SDK instead.)
cd gnupoc-package-1.03
cd tools
./install_eka2_tools ~/csl-gcc
Note, this requires openssl libraries to be installed.
SDKs
Refer to the sdks/README file for more details on this process.
After downloading the GnuPoc package above, you still need to get the SDK you want to use from Forum Nokia. (The UIQ SDKs were available from http://developer.uiq.com earlier, but are no longer available.) The following versions are supported at the moment:
Version File name Install script Comments
S60 1st Edition, FP1, WINS nS60_sdk_v1_2.zip install_gnupoc_s60_12
S60 2nd Edition, WINS s60_sdk_v2_0.zip install_gnupoc_s60_20 Working emulator
S60 2nd Edition, FP1, WINS S60_SDK_2_1_NET.zip install_gnupoc_s60_21
S60 2nd Edition, FP1, CW S60_SDK_v21c_CW.zip install_gnupoc_s60_21_cw Working emulator
S60 2nd Edition, FP2, WINS s60_2nd_fp2_sdk_msb.zip install_gnupoc_s60_26 Working emulator
S60 2nd Edition, FP2, CW s60_2nd_fp2_sdk.zip install_gnupoc_s60_26_cw Working emulator
S60 2nd Edition, FP3 s60_2nd_sdk_fp3.zip install_gnupoc_s60_28
S60 3rd Edition, Maintenance Release S60-SDK-0616-3.0-mr.3.749.zip install_gnupoc_s60_30
S60 3rd Edition, FP 1 S60-SDK-200634-3.1-Cpp-f.1090b.zip install_gnupoc_s60_31
S60 3rd Edition, FP 2 S60-3.2-SDK-f.inc3.2130.zip install_gnupoc_s60_32
S60 5th Edition S60_5th_Edition_SDK_v1_0_en.zip install_gnupoc_s60_50
N97 SDK Nokia_N97_SDK_v1_0_en.zip install_gnupoc_s60_50
Symbian^3 Symbian_3_SDK_v0_9_en.zip install_gnupoc_symbian3
UIQ 3.0 UIQ3.0SDK.exe install_gnupoc_uiq_30
UIQ 3.1 UIQ3.1SDK.exe install_gnupoc_uiq_31
(Everything is tested using Wine 0.9.15 and remote X to X11.app on OS X, things might work better or worse on other setups.)
The installation script uses included prebuild binaries of p7zip and a specially patched version of unshield for linux/x86. If you can't run these, see sdks/unshield/README and sdks/7z/README for instructions on compiling native versions of them.
Example on installing an SDK:
tar -zxvf gnupoc-package-1.03.tar.gz
cd gnupoc-package-1.03
cd sdks
./install_gnupoc_s60_26 ../../s60_2nd_fp2_sdk_msb.zip ~/symbian-sdks/s60_26
The install scripts makes almost all files lowercase and patches the build scripts. The exception to the lowercase rule is the GLES include directory and libGLES_CM.lib, for compatibility reasons.
In order to use the SDK, you'll have to set the EPOCROOT environment variable to point to your SDK and add the toolchain directory and the epoc32/tools directory of the SDK to your PATH. This might be cumbersome if frequently switching between different SDKs. To ease that situation, you can install some wrapper scripts:
./install_wrapper ~/gnupoc
If you've installed the toolchains to other directories than mentioned here, edit ~/gnupoc/gnupoc-common.sh and set EKA1TOOLS and EKA2TOOLS to point to where you've installed them. With these wrappers, you only have to have this single directory in your PATH, and depending on the EPOCROOT variable, the correct toolchain is included and scripts from the current SDK are called.
Wine setup
If you're going to use some tools through wine, you have to copy uidcrc.exe from the epoc32/tools directory in the SDK to a directory in the wine path, e.g. ~/.wine/drive_c/windows. By default, wine is only needed for using the windows compilers, but you might use it to run the original tools instead of the native replacements, if you have problems with the native ones.
If using external makefiles (as for building icons in 3rd edition) with wine, copy make.exe and mifconv.exe, too. make.exe probably can be used from any SDK version, but you'll need mifconv.exe from the 3.0 SDK, since mifconv.exe in 3.1 has some problems starting within wine. Note, this is only needed if omitting the extra EKA2 tools above.
In order to build binaries for the emulator, you'll need a windows compiler. Unfortunately, these have to be copied from a real installation. (Perhaps it's possible to do the complete installation of them within wine?)
For the WINS compiler, I've used Visual C++ Toolkit 2003, set up according to this page. Just copy over the C:\Program Files\Microsoft Visual C++ Toolkit 2003 directory to e.g. ~/.wine/drive_c/msvcpp2003.
For the WINSCW compiler, you can install Carbide C++ from Forum Nokia. These instructions apply to Carbide C++ 1.0, for newer versions you might need to use slightly different paths. Copy C:\Program Files\Carbide\plugins\com.nokia.carbide.cpp.support_1.0.0 to e.g. ~/.wine/drive_c/codewarrior.
These have to be added to the wine path. Edit ~/.wine/user.reg, and add this after the WINE REGISTRY Version 2 line:
[Environment]
"Path"="c:\\msvcpp2003\\bin;c:\\codewarrior\\Symbian_Tools\\Command_Line_Tools;c:\\windows;c:\\windows\\system"
(Of course, if you've already got a similar environment definition in that file, add it there instead.)
When using the CW compiler, you'll also need to add these variables to your unix environment (the perl build scripts need them, adding them to the wine environment isn't enough, and if set in the unix environment, they're also automatically available in wine):
export MWCSym2Includes="c:\\codewarrior\\symbian_support\\MSL\\MSL_C\\MSL_Common\\include;c:\\codewarrior\\symbian_support\\MSL\\MSL_C++\\MSL_Common\\include;c:\\codewarrior\\symbian_support\\MSL\\MSL_Extras\\MSL_Common\\include"
export MWSym2Libraries="+c:\\codewarrior\\symbian_support"
export MWSym2LibraryFiles="MSL_All_MSE_Symbian.lib;gdi32.lib;user32.lib;kernel32.lib"
Using it
After installing everything, you're able to compile things in the same way as on windows.
In order to compile most projects, the usage of upper/lowercase for filenames must be cleaned up somewhat. The install scripts clean up the usage of lower/upper case in the bundled examples (by forcing them to lowercase), so the should all be buildable directly. (Or at least it tries to, it might not work reliably in stranger examples.)
To build the hello world example on a S60 3rd edition SDK, do the following:
export PATH=~/gnupoc:${PATH}
export EPOCROOT=~/symbian-sdks/s60_30/
cd ${EPOCROOT}/s60ex/helloworldbasic/group
bldmake bldfiles
abld build gcce urel
cd ../sis
makesis helloworldbasic_gcce.pkg helloworldbasic.sis
For 1st and 2nd edition, use the paths for those SDKs and build using abld build armi urel instead. The .pkg files for those examples are written for the THUMB target. Either update the .pkg file and replace all occurrances of thumb with armi or build them using abld build thumb urel (which requires that you built a thumb compiler).
On 3rd edition, all sis files must be signed before they can be installed. If you haven't already got a key and certificate pair, generate them:
makekeys -cert -expdays 3650 -password mykey.key mycert.cer
This will prompt for information to enter into the certificate, and create a certificate valid for 10 years. (To create a certificate without a password, just leave out -password. The makekeys tool included in this package has a similar but not identical syntax compared to the makekeys tool in the real SDKs.) Then sign the sis file using this certificate:
signsis helloworldbasic.sis helloworldbasic.sisx mycert.cer mykey.key
The newly generated .sisx file can then be installed on a device.
The version of makesis for Symbian 9 included in this package is also able to sign the package directly when creating it, using a built-in certificate. To use this feature, just add the command line parameter -c.
Contact
// Martin Storsjö
Assinar:
Postagens (Atom)