Archive for the ‘Linux’ Category

Review: Penetration Testing with the Bash shell by Keith Makan – Packt Pub.

Penetration Testing with the Bash shell

I’ll have to say that, for some reason, I thought this book was going to be some kind of guide to using only bash itself to do penetration testing. It’s not that at all. It’s really more like doing penetration testing FROM the bash shell, or command line of you like.

Your first 2 chapters take you through a solid amount of background bash shell information. You cover topics like directory manipulation, grep, find, understanding some regular expressions, all the sorts of things you will appreciate knowing if you are going to be spending some time at the command line, or at least a good topical smattering. There is also some time spent on customization of your environment, like prompts and colorization and that sort of thing. I am not sure it’s really terribly relevant to the book topic, but still, as I mentioned before if you are going to be spending time at the command line, this is stuff that’s nice to know. I’ll admit that I got a little charge out of it because my foray into the command line was long ago on an amber phosphorous serial terminal. We’ve come a long way, Baby πŸ™‚

The remainder of the book deals with some command line utilities and how to use them in penetration testing. At this point I really need to mention that you should be using Kali Linux or BackTrack Linux because some of the utilities they reference are not immediately available as packages in other distributions. If you are into this topic, then you probably already know that, but I just happened to be reviewing this book while using a Mint system while away from my test machine and could not immediately find a package for dnsmap.

The book gets topically heavier as you go through, which is a good thing IMHO, and by the time you are nearing the end you have covered standard bash arsenal commands like dig and nmap. You have spent some significant time with metasploit and you end up with the really technical subjects of disassembly (reverse engineering code) and debugging. Once you are through that you dive right into network monitoring, attacks and spoofs. I think the networking info should have come before the code hacking but I can also see their logic in this roadmap as well. Either way, the information is solid and sensical, it’s well written and the examples work. You are also given plenty of topical reference information should you care to continue your research, and this is something I think people will really appreciate.

To sum it up, I like the book. Again, it wasn’t what I thought it was going to be, but it surely will prove to be a valuable reference, especially combined with some of Packt’s other fine books like those on BackTrack. Buy your copy today!

Wednesday, July 16th, 2014

Linux System Administration LiveLessons By Ben Whaley (Pearson)

http://www.informit.com/store/linux-system-administration-livelessons-video-training-9780133551310

Wow, where do I even start. This is a LOT of material and really, my first review of a lengthy video (series). The series consists of 9 downloadable .mov files which total up to approximately 1.3Gb of space and around 350 minutes of video, or about 5.5 hours according to my video players calculations.

The first noticeable bonus from a video series as opposed to a book, is, well, video. You get to watch commands and examples in real time along with the information. Of course, the inverse is also true and if you are looking for quick reference or brevity then a book is really the way to go. Somehow, however, it almost seems as though I tend to get less distracted from the content with video than with a book. That can indeed be a bonus!

There are 9 video sections or selections in this series and the are as follows: Where to start, The Shell, Booting and Shutting Down, Access Controls and Root Powers, Controlling Processes, The File System, Log Files, TCP/IP Networking and finally, Security. This really is an exceptionally wide range of information to cover, I think, and that brings me to my review.

This videos series says it is aimed at Linux beginners, Administrators familiar with other OSes and Anyone interested in learning about Linux. All in all, I think that covers exactly everybody, everywhere. If you combine that with the enormous amount of information that wants to be covered in the subject material it just makes the objective impossible. I found the information good in some areas, too advanced for general and new users in others and completely missing in places as well. Even topically it seems a bit disjointed to me, for instance talking about how to “start out” without ever stepping through an actual Linux install, just use some pre built virtual machine copy. You hear a lot about running Linux via Vagrant and Virtualbox but as an actual System Administrator, I can assure you, that is not how most people run it. I realize we are talking nuts and bolts OS stuff here but I also found the content a bit dry. Some user or admin stories would have helped a great deal in that area. I would think finding a way to keep the interest of your audience would be even more paramount when dealing with dry technical content.

Now, does this mean it was all bad? Not at all and don’t walk away from this review with that impression. There is some genuinely good information buried in there for most Administrator levels, just realize that if something sounds too advanced or technical for you, skip to the next video chapter, much like you would in a book. Ben seems to not only know what he’s talking about but I don’t think I noticed him saying “er” or “ah” or “um” in nearly 6 hours of video πŸ™‚ Usable as it is, the perfect fix for this would be to split the info up into 2 *much* shorter general videos. Aim one of them at the total beginner and aim the other at advandced. You may even want to break off some of the heavier topics for their own videos where they can get more specialized attention. Networking would be a great candidate for that.

I love Pearson to death as they have some of the best techie content out there, but this one needs some work I think.

Monday, June 9th, 2014

Linux Recruting

I get a LOT of emails from headhunters, many asking me to come work for them doing every-damn-thing for no money as a “consultant” on (only) a 6 month contract πŸ™‚ I am sure all tech people do. Occasionally I get email from a recruiter who is actually asking me for help looking for a decent Linux person. I got one of those this afternoon. In summary, the email went like this:

I am looking for (Linux Admin) and you probably aren’t looking but I am having a hard time and could you help point me somewhere I can find one?

I always respond to those emails, and, for posterity and for any recruiters watching, here’s the answer:

Not necessarily true. I am always looking πŸ˜‰
I get a lot of requests and offers and I’ll tell you what turns me off and that may help you find someone. Linux guys with any experience are in really short supply and they are a unique breed of techie. Most are driven to Linux by the premise of free software and/or open source ideals, and as such they do not necessarily have (current) windows skills and are even more likely to not be interested in using any that they do have. I fit into that category. Also, not every Linux guy is a java programmer/desktop technician/helpdesk/printer mechanic/insert other required skill set jumble here. I see a lot of those. “We need a Linux guy that will fix our windows desktop, program new device drivers, fix our mainframe and telephone system, sweep floors and wash cars” kind of things. Those kind of people do not exist πŸ™‚ Lastly is the compensation. Most companies have dealt with the influx of paper certed, dime a dozen MCSE’s for their technical needs and they truly believe that anyone out of grade school can “do tech” for them. It has greatly devalued the industry as a whole. They do not understand the real high skilled people are rare and expensive and can *easily* find work, which is why most Linux/Unix people have not been effected by the technical recession.

So I guess in short,
Linux guys are almost always staunch Linux guys (and if they are not, be suspicious).
Be specific in what you need but remember that These kinds of tech guys are quick at catching on to related technologies so try and be general where you can. For example, there are a bunch of scripting languages and all of them are capable of getting the job done, so say you need a scripter instead of you need a perl scripter.
Be prepared to offer more compensation for a rarer Linux tech than you would an unemployed Windows tech.
Advertise in the right circles. When I get offers, I often send them out to some of the mailing lists of Linux techs I am on, and there are some great Linux groups on Facebook and Google Plus. There are also websites like Linuxquestions.org where Linux geeks hang out.
Lastly, if all else fails, try a few less experienced Linux guys.

Thursday, December 12th, 2013

Le Sigh…

Last night a couple of my infrastructure VMs suffered some catastrophic problems due to an unexpected power issue. This brings a couple of notable postables to mind:

Make sure you backup even your development work. The 2 VMs that got corrupted for me were development VMs that I was testing software and configs on, therefor I reasoned that I really didn’t need to back them up. Well, I was wrong.

The second is how to mount an LVM partition from a rescued disk. I had to dig around, but this is the first time this has ever happened to me:

lvm vgscan -v
lvm vgchange -a y
lvm lvs –all
mount /dev/vgname/lvname /mnt/somewhere

Now off to see what all I can rescue from my configs and data πŸ™

Wednesday, December 11th, 2013

Plex Media Server – Issues

Plex

Plex

Dang.. Some days it’s hard to find what I need on the net. Now I could have SWORN that some time ago I had not only mentioned on my blog that I was a complete Plex Media Server fan, but that I have been running it forever and have only had 1 issue with it. That issue is I actually moved it from one machine to another (the server and data) and once there I found that I could no longer fix incorrect data matches.. None of the movie databases were listed anymore, etc.. Well it took me forever to figure out not only what the problem actually was, but how and where to fix it. That all being said, it happened to me today again, which is why I went looking here.

The issue is that for some reason whether through updates or whatever, the plugins get messed around and no longer work. The fix for this is relatively simple really:

Stop the service:
/etc/init.d/plexmediaserver stop

Move the Plugins directory (move and not delete – just in case):
mv /usr/lib/plexmediaserver/Resources/Plug-ins /usr/lib/plexmediaserver/Resources/Plug-ins-old

Start the service back up:
/etc/init.d/plexmediaserver start

Give it a minute or three and you should be back in business.

Enjoy!

Sunday, October 20th, 2013

HTML 5 Unleashed

HTML 5 Unleashed

HTML 5 Unleashed

This has been a hard review on me in a lot of ways. The first being I found it very difficult recently just to get the time to put into this, and secondly, and more importantly, I just plain suck at Javascript πŸ™‚

This is not the first book on HTML 5 I have reviewed for Pearson, I reviewed the HTML5 Developer’s Cookbook previously, and I hope to be able to review more, because I am just not very savvy with this yet. Thankfully, this really has nothing to do with the book itself though. The book is layed out very well, like all the rest of their “Unleashed” series and I particularly appreciate their orange chapter tabs on the sides of the pages. This helped me a lot as I was flipping back and fourth trying to figure out what I was messing up this time.

The author, Simon Sarris, does a really great job of laying the book out in a sensical manner by first explaining the new stuff in HTML 5 and conceptualizing things a bit before moving into the easy things like working with the new layout and tags on to adding new audio and video goodies and then, where they leave me in the dust, working with canvasing, geolocation and other more advanced APIs.

This book gives really good examples and color illustrations and exercises to follow along with. Just exactly what I need in my HTML 5 learning quest, without being overly wordy, long and over complicated, or too technical. I found it helpful and, with some further practice, I can make better use of it than I do now. For a paltry $45 (retail) you’ll certainly get your monies worth.

And since I mentioned practicing this, it bears mentioning that Pearsons InformIT has just released a flagship new product called a “Learning Kit” which is “a self-paced electronic course that integrates text, graphics, video screencasts, and interactive quizzes into one complete tutorial.” Delivered in zip format it’ll run in any HTML 5 compatible web browser. And to top that off, they are letting me play with the one that goes with this subject, “Sams Teach Yourself HTML5 Mobile Application Development in 24 Hours (Learning Kit)“, which is freaking awesome, because I surely need it.

This stuff is the distance learning wave of the suture my friends and my only hope is they keep remembering me when they need a review πŸ™‚ Thanks again, Pearson!

Thursday, October 10th, 2013

Boo

ghost
OK, so it’s October and once again there is an onslaught of spooky movies and ghost hunting shows all over the digital media outlets. Although I have LONG been a fan of such things, I have a few questions to pose to the ghost hunters out there. Leave it to me to go interjecting logic into all this, but some questions just scream for an answer.

Why is it that all ghosts are presumed to be telling the truth? So assuming that you actually get to talk to a ghost that has been harassing you or your family by haunting and scaring the crap out of you, WHY do you believe a word they say? I mean, I hardly believe anyone living I meet in person, let alone some dead guy that has been hiding for 100 years in my closet.

Speaking of closets, why do all ghosts seem to live in the closet, attic or basement? Presumably, while alive, most people live in their living room, at work, etc.. Why such a change? I mean if you are invisible and stuff, what’s to stop you from hanging on the couch and watching Oprah? What is the allure of the closet? And what the heck are they *doing* in there all day? I assume they don’t need to sleep?

What’s the deal with the dark? You will see countless paranormal investigators tell you that “spirits require a lot of energy to manifest”, but in the same breath, they turn off all the power. Do they *not* want to find them? I also notice that normal people see these ghosts during the day, or while watching tv or doing laundry (again in the basement). So why not follow the scientific method and try and duplicate that and do wash with the lights on instead of bump into walls in the dark while trying to “see” something?

If you have a haunted house and you are terrified enough to seek help. WHY go to a paranormal group? These groups come into your house, declare it haunted and then leave, leaving you with the problem (at least the ones on tv do). I mean, don’t you already know your house is haunted in the first place?

Paranormal groups that use psychics? Seriously? Why not use two psychics, have them write down their impressions independently and then compare notes. Otherwise you have 1 that says whatever they want with no verification, or two at the same time that just agree with each other. And how come they all head straight for the basement, closet or attic πŸ™‚

Cleansing your haunted house with burning weeds. This I do not understand other than the fact that it probably smells up your house. I mean if that makes ghosts go away then great, but what happens when you plug the air fresheners back in? Go and get some *actual* clergy and not some emo chick ringing a bell and throwing rock salt on your floor.

Are there “good” ghosts? Time and time again, I see these paranormal groups saying “there is nothing here to worry about”, “they won’t harm you” or even “the ghost of your -insert relative here- is here to protect you from -insert evil ghost-“. EXCUSE ME?! If there is some invisible person making noises rummaging around in my basement or playing with my dishes and “manifesting” themselves in front of me when I am waking to the bathroom to pee, THAT is not harmless. It is trying to frighten you to death. People actually do get scared to death you know, not to mention the stress that kind of thing could put a person or family through.

Exactly what are they saying? This is probably one of my biggest beefs. Aside from believing whatever unverified malarkey your resident psy”chick” tells you, your options are some kind of one sided conversation like light this light for “yes” kinda thing (what if they want to light it for no?), or EVPs, which to me mostly sound like overdubbed intestinal gas recorded on an 8-track player.

I am sure there is more but I will stop here and leave room for what I hope is the barrage of interesting comments!

Haunt ya later!

Tuesday, October 8th, 2013

Advanced Programming in the Unix Environment 3/ed

Good gracious this is a big book! What’s funny is I KNOW I have read and reviewed a previous edition of this book and I spent a half an hour looking for it this morning, but it must have been before I moved and on my old Blog. That being the case, well it’s high time you heard about this monster!

This book, Advanced Programming in the Unix Environment, by Stevens and Rago, is the 3rd edition of what is, essentially, the Unix Programming Bible. In fact, so much so that I cannot imagine any serious Unix/Linux/**ux contributor that doesn’t own a copy or at least know what it is.

This is *not* light reading. It is a reference book. This is the stuff geek dreams are coded in and you are going to want to be familiar with the C language to get a lot of this.

All the internal workings and ideas about this kind of operating system, how it works, or is supposed to work and code examples are included here. The least technical chapter in here is the 1st, which is the overview chapter. This goes over things like input/output, files/directories, processes, error handling, and system calls. From there, the chapters narrow in more on specific subjects like Process control, Daemons, Signals, Threading, etc.. Like I said, there is a LOT of very specific information in here. That being said, if you are developing anything more than some scripting, this has what you want to know. This is not to say that those are the only folks that can get anything out of this book, though. Even without understanding the code examples, a person could get a good understanding and overview of how this fantastic type of operating system works, and why. This is the category I find myself in more than any other. Although I have done some C programming, I find myself using this book to help me conceptualize how things are working the background.

No self respecting Unix/Linux geek should be without this book in one format or another. The hard copy I have was sent to me by Pearson Education for the purpose of review. They sell this in book in dead tree format for $70 and $45 for the electronic version. That may sound like a far bit of money, however, remember this is not a story book you read once, this is going to be something you turn to for the right information when you need it. I almost always give away my review books after I read through them, but this one is sticking around. In fact, I am just going to take it to work with me so I can have it handy where I would normally need the information anyway.

Saturday, September 7th, 2013

Knock Knock…

Is anyone in there?
Well, admittedly I thought it was time to get in here and blow the virtual dust off. It has been a while and once again, RL has gotten in the way of VL. I have been carrying a bit more burden at work with some issues and projects of late and I have been volunteering my digital skillz lately to help some friends out with their website in the miniscule amount of free time I do have. That left precious little time for anything else. Many of those projects have come to some sort of culmination or at least leveling off a bit, so here I am πŸ™‚

I know a lot of you like my reviews and I do have some lined up with (I hope) more on the way:
On the Techie end of things I have several new books released by Pearson Ed that are currently staring me down. I am also planning on going to the Ohio Linux Fest for some much needed geeking out and R&R in a little over a week. That should provide some content here as well.
You E-Cig junkies won’t have to wait long either. There are a bunch of things I have purchased in the past couple months that I have some strong opinions on and I am happy to share. If I am lucky, I will also be able to do a nice review on a really high end mod shortly as well. Stay tuned for that stuff.

Wednesday, September 4th, 2013

BashPodder: A new update

BashPodder

BashPodder


Yes it certainly has been a while since I have done *anything* with BashPodder. I have, however, received a few requests for things and some for access to the code on GitHub so it could be worked into some actual distribution packages. Queue this post. BashPodder – the original, now on GitHub. https://github.com/lincgeek/bashpodder

Have at it folks!

Saturday, June 29th, 2013