• Recently Written

  • Filtering mac address using IPTables in Linux
  • FreeBSD Time/Clock Synchronization with NTP server
  • Increase security by Locking Admin screen/console
  • NTFS-3G has just gone 1.0
  • Finally, an easy way to install your Video Card!
  • Download the Linux kernel v0.01 — It’s only around 10,000 lines
  • Sending a Message to Windows Workstation
  • Sending a Message to All Users on a System
  • Sending a Message to an Individual User
  • How to export display from Linux to FreeBSD

• Categories

  • Bash
  • File / Filesystem
  • FreeBSD
  • General
  • Linux
  • NetBSD
  • Network
  • OpenBSD
  • Samba
  • Solaris
  • UNIX

• Archives

  • June 2007
  • March 2007
  • February 2007

• Blogroll

  • Yeah Directory - Free Hand submitted Directory of Forums, Web Hosting, Developers and Blogs

• Admin

  • Register
  • Login
  • Wordpress
  • XHTML

  Search

A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc

If you want to filter packets on the basis of mac address, it is possible on linux with iptables.

Iptables comes with MAC module. this matches packets traveling through the firewall based on their MAC (Ethernet hardware) address. It offers good protection against malicious users who spoof or change their IP address. Remember that mac filtering only makes sense for packets coming from an Ethernet device and entering the chains:

1. PREROUTING
2. FORWARD
3. INPUT

iptables blocking with mac address
Drop all connection coming from mac address 00:0F:EA:91:04:08 (add command to your firewall script)

iptables -A INPUT -m mac –mac-source 00:0F:EA:91:04:08 -j DROP

iptables allowing with mac address
Allow port 22 for mac address 00:0F:EA:91:04:07

iptables -A INPUT -p tcp –destination-port 22 -m mac –mac-source
00:0F:EA:91:04:07 -j ACCEPT

Read man page of iptables for more information.

FreeBSD use the Network Time Protocol (NTP) for synchronising the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123. If you have one computer or single server then you can easily synchronization time with other NTP servers. All you need is ntp client called ntpdate. It is use to set the date and time via NTP servers.

Step # 1: Install NTP

# pkg_add -rv  ntp

OR

# cd /usr/ports/net/ntp
# make; make install

Step # 2: Pick appropriate NTP Servers
Visit public ntp timeserver list to pick up your NTP server.

Step # 2: Open UDP port 123 at firewall

If you are running FreeBSD ipfilter firewall then you need to open the UDP port 123. Just add following rule to your firewall script:

pass out quick on lnc0 proto udp from YOUR-SERVER to any port = 123
keep state

OR

pass out quick on lnc0 proto udp from YOUR-SERVER to
TIME-SERVER-IP port = 123 keep state

For example, my FreeBSD workstation IP is 192.168.1.16 and 61.246.176.131 is IP of NTP server then my rule is in ipf.conf file as follows:

pass out quick on lnc0 proto udp from 192.168.1.16
to 61.246.176.131 port = 123 keep state

Step # 4: Test clock Synchronization
Just run ntpdate command as follows to see you can set date and clock via NTP:
a) Set wrong date (Mon Dec 13 4:27 pm)

# date 0412131627

b) Now set correct date with ntp:

# ntpdate -v -b in.pool.ntp.org

13 Dec 16:27:50 ntpdate[997]: ntpdate 4.2.0-a Thu Nov 3 07:34:22 UTC 2005 (1)
25 Jan 12:35:47 ntpdate[997]: step time server 61.246.176.131 offset 35237275.965726 sec

c) You can verify that correct data is setup:

# date

Wed Jan 25 12:36:21 IST 2006

Step # 5 : Enable date and time/ clock Synchronization at boot time
You need to set ntpdate via /etc/rc.local file.

# vi /etc/rc.local

Append following line to it:
ntpdate_enable=”YES”
ntpdate_hosts=”asia.pool.ntp.org”

Save the file. Make sure you have correct ntpdate_hosts server entry.

This is especially useful for Linux/BSD/Unixish system which have multiple users with access to the console. One user may lock his or her session while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled. This is really a good idea to lock your workstation which is use to control other servers in your network environment. Both FreeBSD and Linux support locking the screen option. Generally, KDE and Gnome include a locking feature. The idea is very simple secure your terminal from unwanted people.

Shell variables to auto-logout
Almost all-modern shell support some sort of auto logout option. Under BASH you need to use TMOUT variable. You can setup TMOUT in seconds, bash terminates after waiting for that number of seconds if input does not arrive. For example if you setup TMOUT 60 seconds:

$ export TMOUT=60

So, if no input (command typed) arrived it will terminate shell with following message:
timed out waiting for input: auto-logout

You can add TMOUT to your shell configuration file ~/.bash_profile file.

However, I liked tcsh shell (the default shell under FreeBSD) autologout variable. Genral syntax is as follows:
$ set autologout = (VAL1 VAL2)

Where,
VAL1 : The number of minutes of inactivity before automatic logout
VAL2 : The number of minutes of inactivity before automatic locking will take place this is optional.
For example, you can set autologout as follows.

$ set autologout = (5 10)

You can add autologout to your shell configuration file ~/.cshrc OR ~/.tcshrc.

Using vlock under Linux to lock screen
vlock is a program to lock one or more sessions on the Linux consol. Install it using apt-get or yum:

# apt-get install vlock

OR if you are a Fedora user

# yum install vlock

Now to lock your console or screen just type vlock command at shell prompt:

$ vlock

This TTY is now locked.
Please enter the password to unlock.
admins's Password:

Using lock command under FreeBSD/OpenBSD
The lock command requests a password from the user, reads it again for verification and then will normally not relinquish the terminal until the password is repeated.

$ lock

Key:
Again:
lock: /dev/ttyp0 on fbsd6.unix.org.in. timeout in 15 minutes.
time now is Tue Jan 31 20:46:14 IST 2006
Key:

It looks like NTFS-3G has just hit 1.0. The release history page today said: “Stable Version 1.0 (February 21, 2007) change: document and release version update to stable status” Readers are reminded at this point that 1.0 (which in the Windows world often means “little better than beta”) has a very near magical meaning in Linux-land.

“Envy” is a command line application for Ubuntu Linux written in Python which will:
1) detect the model of your graphic card (ATI and Nvidia cards are supported)
2) download the right version of the proprietary driver for your ATI or Nvidia card from ATI or Nvidia’s websites
3) handle the dependencies (compilers, OpenGL, etc.) required to build the module
4) install the driver
5) set up your xorg.conf (i.e. the configuration file of the Xserver) for you
6) restart the Xserver for you (if you wish so)

Brief explanation of the name of my script:
The Italian for “envy” is “invidia” ( I guess you can see the play on words)

This project is also registered on Launchpad


NOTE: Envy will NOT REMOVE your RESTRICTED MODULES ANY MORE. Therefore you can use it even if you connect to the Internet through your wireless card.


STABLE VERSION (0.8.2-0ubuntu1, released on February 19 2007)

Licence: GPL

Package for Ubuntu Edgy Eft 6.10/Dapper Drake 6.06

envy_0.8.2-0ubuntu1_all.deb

Source code
(only developers might want to download this)

envy_0.8.2-0ubuntu1.dsc

envy_0.8.2-0ubuntu1.tar.gz

envy_0.8.2-0ubuntu1_i386.changes


UNSTABLE VERSION (0.6.1-0ubuntu1, released on October 29 2006)
Envy Unstable installs the beta driver 9626 but which IS NOT SUPPORTED IN ANY WAY and might be DANGEROUS to use (since it installs a BETA driver. It contains only the Nvidia driver. You SHOULD NOT ask for help about this unstable release on my thread in the forum).

Licence: GPL

Package for Ubuntu Edgy Eft 6.10/Dapper Drake 6.06

envy_0.6.1-0ubuntu1_all.deb

Source code
(only developers might want to download this)

envy_0.6.1-0ubuntu1.dsc

envy_0.6.1-0ubuntu1.tar.gz

envy_0.6.1-0ubuntu1_i386.changes

____________________________________________

Requirements

* Ubuntu Dapper Drake 6.06 (32bit or 64bit) or Ubuntu Edgy Eft 6.10
(PPC is NOT supported)
* An Internet connection (better if broadband)

Instructions


NOTE: Make sure you have all the repositories enabled (also universe and multiverse) in your /etc/apt/sources.list
If you do not know how to enable those repositories, please take a look at this page:
enabling_extra_repositories

How to Install the package

1) Download and install the deb package

2) Log out and press CTRL+ALT+F1 (so as to get out of the Desktop Environment, i.e. you’ll see ONLY the command line)

3) Log in (if required)

4) Run “envy” by opening Terminal or Konsole and typing (quite obviously):

envy

5) Choose to install or uninstall the driver (from the textual interface)

WARNING: if “Envy” seems to hang on Ubuntu’s splash screen you will have to press Alt+F1. (this usually happens on Kubuntu)

How to update the package to a newer version

1) Remove the older version of envy:

sudo aptitude purge envy

2) Download and install the deb package

Known Issues

A user reported that after typing “envy” and choosing the “install” option, envy hangs on Ubuntu’s splash screen. To solve that problem press Alt+F1

Support

You can find more information and get support at the following address:

Thread for Ubuntu Dapper Drake 6.06:
HOWTO: Latest Nvidia Drivers- Testers needed

Thread for Ubuntu Edgy Eft 6.10:
HOWTO: Install the Nvidia driver on Edgy Eft

The 0.01 kernel downloads to about 10,000 lines of C and assembler, which is fairly manageable. Note that it’s a barely functional UNIX with tons of bugs, but that doesn’t stop it being useful. Many people use it as the first step when learning to hack the Linux kernel.