Using RPM as an intrusion detection system

to use the Red hat package manager as an intrusion detection system

Some of the commands in the following list require the importation of the Red Hat GPG public key into the system’s RPM keyring. This key verifies that packages installed on the system contain an Red Hat package signature, which ensures that the packages originated from Red Hat. The key can be imported by issuing the following command as root (substituting with the version of RPM installed on the system):

rpm –import /usr/share/doc/rpm-/RPM-GPG-KEY

rpm -V package_name

The -V option verifies the files in the installed package called package_name. If it shows no output and exits, this means that none of the files have been modified in anyway since the last time the RPM database was updated. If there is an error, such as the following

S.5….T c /bin/ps

then the file has been modified in some way and you need to assess whether to keep the file (such as with modified configuration files in the /etc/ directory) or delete the file and reinstall the package that contains it. The following list defines the elements of the 8-character string (S.5….T in the above example) that notifies of a verification failure.

. ? The test has passed this phase of verification

? ? The test has found a file that could not be read, which is most likely a file permission issue

S ? The test has encountered a file that that is smaller or larger than it was when originally installed on the system

5 ? The test has found a file whose md5 checksum does not match the original checksum of the file when first installed

M ? The test has detected a file permission or file type error on the file

D ? The test has encountered a device file mismatch in major/minor number

L ? The test has found a symbolic link that has been changed to another file path

U ? The test has found a file that had its user ownership changed

G ? The test has found a file that had its group ownership changed

T ? The test has encountered mtime verification errors on the file

rpm -Va The -Va option verifies all installed packages and finds any failure in its verification tests (much like the -V option, but more verbose in its output since it is verifying every installed package).

rpm -Vf /bin/ls

The -Vf option verifies individual files in an installed package. This can be useful when performing a quick verification of a suspect file.

rpm -K application-1.0.i386.rpm

The -K option is useful for checking the md5 checksum and the GPG signature of an RPM package file. This is useful for checking whether a package about to be installed is signed by Red Hat or any organization for which you have the GPG public key imported into a GPG keyring. A package that has not been properly signed triggers an error message similar to the following:

application-1.0.i386.rpm (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#897da07a)

Exercise caution when installing packages that are unsigned as they are not approved by Red Hat, Inc. and could contain malicious code.

RPM can be a powerful tool, as evidenced by its many verification tools for installed packages and RPM package files. It is strongly recommended that the contents of the RPM database directory (/var/lib/rpm/) be backed up to read-only media, such as CD-ROM, after installation of Red Hat Enterprise Linux. Doing so allows verification of files and packages against the read-only database, rather than against the database on the system, as malicious users may corrupt the database.

Floppy to Floppy copy with only one drive

Floppy to Floppy Copy with only one drive

#Floppy to floppy copy with only one floppy drive
#Copy this script to a file and give it a name eg. floppycopy
#Make it executable with the command :- chmod +x floppycopy
#In a terminal,
#cd to the directory containing floppycopy, su to root, and type ./floppycopy
#insert the disk to be copied when asked, and press enter
#insert the disk to be copied to when asked, and press enter
#remove disk when ‘disk copied’ message appears

#clear the terminal


#warn user

echo “This command will delete all files on the target disk before copying!!!”

#prompt user to insert source disk

echo -n “Insert source disk and hit …return”

read Response

mount /dev/fd0 /mnt/floppy #mount target disk

dd if=/dev/fd0 of=diskcopy.swp #copy contents of source to swap

umount /mnt/floppy #prepare for switching of disks

echo “WARNING!!!! All files currently on target disk will be deleted!”

echo -n “Insert target disk and hit …” #prompt user to switch disks

read Response

mount /dev/fd0 /mnt/floppy #mount target disk

rm -rf /mnt/floppy/* #remove any files on target

dd if=diskcopy.swp of=/dev/fd0 #copy files from swap to target

rm -rf diskcopy.swp #remove swap file

umount /mnt/floppy

echo “Disk copied.”


Getting rid of the Linux dual boot menu in the master boot record

Getting rid of the Linux dual boot menu in the master boot record and preparing to install windows.


***Windows 98 bootable installation disk

=== Using a win98 installation disk. ===

Insert disk into cd drive and (re)start machine.

When the machine starts, the menu will offer two options:-

**Boot from hard disk
**boot from cd rom drive

***choose boot from cd rom drive.

The next menu offers:-

**start windows 98 setup from cd rom
**start computer with cd rom support
**start computer without cd rom support

***choose start the computer with cdrom support.

You will now get the a: prompt on the screen, which looks like this:-


type fdisk /mbr then press enter.

Restart the machine, again choose boot from cd, but then choose start win98 setup, and allow setup to configure the hard disk.

This will require another restart, after which, the hard disk will be formatted, and the install will start.

Removing the dual boot menu in the MBR can also be achieved with a win 98 floppy. Boot the floppy and type:- fdisk /mbr at the A:> prompt.

Vista access to samba pre V3

Vista was not able to connect to Samba versions earlier than v3 without this workaround.
in vista:
open the run command and type secpol.msc
click continue when prompted
click on local policies –> security options
navigate to the policy “Network security:Lan manager authentication level” and open it
the default policy is NTVLM2 change this to “LM and NTLM – use NTVLM2 session security if negotiated
once this is done, vista will be able to view network drives on samba severs

Samba Passwords W95 W98
How to use Samba with encrypted and unencrypted passwords simultaneously,
thereby allowing access to both Win95 (unencrypted) and Win98 (encrypted)
Samba Server: Sun Sparc 5, Solaris 2.5.1 (patched)
Clients: Windoze 95 and 98 machines
Here is my short summary. Following are instructions for disabling
encrypted passwords on a Windows 98 machine, and the Microsoft
KnowledgeBase?? document which is quite helpful (I do not have the
details for implementing their option #1…sorry).
Some others were amazed, as was I, that I did not receive any responses
about this issue on the Samba newsgroup.
Some suggested using smbpasswd to generate password file for current
users, and I had already done that; this was a good suggestion,
especially given the *very* unclear documentation in the Samba distribution
concerning this issue. One person claimed to having solved this problem
by creating such a Samba password file, but this did not work for me nor
for several others who responded.
Many felt that using both encrypted and unencrypted passwords together
was not possible. One solution would be to turn off encryption in
Samba and add a registry key to the Win98 boxes to turn off encrypted
passwords (see below). Another more secure option would be to apply
SP1 to Windows 95 machines, which will enable encrypted passwords for
these boxes, so they will be consistent with Win98 boxes; then you
turn encrypted passwords “on” in Samba.
There was one suggestion that the only way to truly solve this problem
is to upgrade to 2.0.3 (I thought I *had* the latest and greatest!),
according to Tim Carlson.
I will first upgrade to 2.0.3 (if I can find it), and if the problem
persists then I will apply the SP1 patches to Windows 95 boxes and
enable encrypted passwords.
Thanks to:
Mark Neill Igor Schein Jamie Lawrence Charlie Mengler Harvey Wamboldt Roger Fujii Dan Anderson Michael J. Connolly Tim Carlson MARK ZANDER Marco Greene Bruce Bowler Bill Shorter Margaret Cobleigh Jeff Kennedy Daniel Prieto Stephen Oxley Kelvin White Mike Ghicas Yura Pismerov
Disabling/Enabling?? Encrypted Passwords in Samba:
In the smb.conf file add/modify the following line:
encrypt passwords = no/yes
Disabling Encrypted Passwords on Win98 Machines:
Edit the system registry in Windows with this following entry:
The “For Dummies” version (which suits me just fine! 🙂 ):
> >To enable unencrypted (plain text) passwords modify the registry in this way. > >WARNING: Using Registry Editor incorrectly can cause serious, system-wide >problems that may require you to reinstall Windows NT to correct them. >Microsoft cannot guarantee that any problems resulting from the use of >Registry Editor can be solved. Use this tool at your own risk. > >1. Run Registry Editor (REGEDT32.EXE). > >2. From the HKEY_LOCAL_MACHINE subtree, go to the following key: > > \system\currentcontrolset\services\rdr\parameters > >3. From the Edit menu, select Add Value. > >4. Add the following: > > Value Name: EnablePlainTextPassword?? > > Data Type: REG_DWORD > > Data: 1 > >5. Choose OK and quit Registry Editor. > >6. Shutdown and restart Windows NT. >
Microsoft KnowledgeBase?? Document:
Unable to Connect to a Samba Server with Windows 98
The information in this article applies to:
Microsoft Windows 98
When you attempt to connect to a Samba server or a LanManager?? server from
your Windows 98-based client computer, the following error message may be
Incorrect Password.
This error message may occur even though you provide the correct user
account and password.
This behavior occurs because Windows 98 does not send plain text
passwords to Server Message Block (SMB) servers by default.
To resolve this issue, use either of the following methods:
Method 1
Configure the Samba server to support Challenge-Handshake
Authentication Protocol (CHAP) password encryption. Please refer to
your Samba documentation for information on how to configure a Samba SMB
NOTE: This is the preferred method to resolve this issue because it is
more secure than sending unencrypted passwords over the network.
Method 2
You can enable Password Authentication Protocol (PAP) plain text
password use in Windows 98. To do so, use the following steps.
WARNING: If you enable plain text password use in Windows 98, all
passwords are sent on the network in an unencrypted format. These passwords
may be viewed by anyone using a network monitoring program. If security is
a concern for your network environment, do not enable plain text passwords.
1. Insert your Windows 98 CD-ROM into the CD-ROM drive.
2. Click Start, and then click Run.
3. In the Open box, type “:\tools\mtsutil” (without the quotation
marks), where is the letter of the CD-ROM drive that contains
the Windows 98 CD-ROM, and then click OK.
4. Right-click the Ptxt_on.inf file, and then click Install.
5. Restart your computer.
Method 3
You should use the following method only if you do not have access to
the Windows 98 CD-ROM. These steps enable PAP password use without the
CD-ROM as mentioned in method 2.
1. Start Regedit.exe.
2. Locate the following key in the registry:
3. Change the data value for the EnablePlainTextPassword?? value to “1”
(without the quotation marks).
4. Restart your computer.
Note that this issue may also occur with other non-Microsoft SMB
servers, such as VAX or Pathworks NOS.
Keywords : 3rdpartynet win98
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbprb
Original Question:
I have SAMBA 1.9.18p10 installed on a Sun Sparc 5 box. Everything > works great with Win95 host connections, but when I try to connect from > a Win98 box it complains about encrypted passwords.
This is because win 95 does not use encrypted passwords, and win 98 does.
Followed the instructions > in ENCRYPTION.txt, and put: > > encrypt passwords = yes > > in the smb.conf file (full contents below). But now when I try to > connect from a Windows 95 or UNIX host I get:
> > 12 smbclient ‘\\remote-host\username’ > Added interface ip=132.239.***.*** bcast=132.239.***.*** nmask= > Server time is Thu Jan 21 09:52:26 1999 > Timezone is UTC-8.0 > Password: > Domain=[DOMAINNAME] OS=[Unix] Server=[Samba 1.9.18p10] > security=share > SMBtconX?? failed. ERRSRV – ERRbadpw (Bad password – name/password pair in a Tree > Connect or Session Setup are invalid.) >
You have now switched the problem around the other way. You need all your clients to either use encrypted passwords (like win 98) or clear (like win 95)
Perhaps you are using the wrong sharename, username or password? > Some servers insist that these be in uppercase > > This works fine if I comment out “encrypt passwords = yes”. So how do I > allow both Win98 connections and non-encrypted passwords simultaneously?
Why do that? if you are going to use non-encrypted passwords, an easier (but not secure)way to get everything working is to disable encrypted passwords on the w98 box(es). There is a utility on the win98 install disc to do this, or you can edit the registry.

Linux Hardware Diagnostics

Hardware Diagnostics

* In order to configure a Driver for some Hardware, we first need to identify it properly.
* Often, the name of the product we bought is unknown, or is too generic.
* What we are most interested in, is the name of the manufacturer and model of the chips (chip-sets) found on our Hardware Device…
* … Because this is what the Driver eventually communicates with.

The lspci Command

* Allows us to identify the type of Hardware we have on our system.
* Provided that these are PCI cards (not older ISA cards).

Example output of lspci

00:00.0 Host bridge: VIA Technologies, Inc.: Unknown device 3189
00:01.0 PCI bridge: VIA Technologies, Inc.: Unknown device b168
00:0a.0 Communication controller: Conexant HSF 56k HSFi Modem (rev 01)
00:0b.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C (rev 10)
00:0c.0 Multimedia audio controller: Creative Labs SB Live! EMU10k1 (rev 0a)
00:0c.1 Input device controller: Creative Labs SB Live! MIDI/Game Port (rev 0a)
00:10.0 USB Controller: VIA Technologies, Inc. USB (rev 80)
00:10.1 USB Controller: VIA Technologies, Inc. USB (rev 80)
00:10.2 USB Controller: VIA Technologies, Inc. USB (rev 80)
00:10.3 USB Controller: VIA Technologies, Inc. USB 2.0 (rev 82)
00:11.0 ISA bridge: VIA Technologies, Inc.: Unknown device 3177
00:11.1 IDE interface: VIA Technologies, Inc. Bus Master IDE (rev 06)
00:13.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C (rev 10)
01:00.0 VGA compatible controller: nVidia Corporation NV17 [GeForce4 MX440] (rev a3)

A modem, 2 sound cards, 2 network cards, a USB interface, an IDE controller and a screen controller.

Verification Via The /proc Directory

* The /proc directory is a virtual directory, allowing direct interaction with the running Linux Kernel.
* When we try to print one of its files, the Kernel generates its contents on-the-fly. There are no real disk files under this directory.
* Some files interesting for Hardware diagnostics (view them with cat ):
o /proc/interrupts – a list of interrupt numbers (IRQs) currently in use by different Drivers.
o /proc/ioports – a list of I/O addresses currently in use by Drivers.
o /proc/pci – info about PCI Devices.
o /proc/cpuinfo – info about our CPU.

The /dev directory

* The standard location for all Device files in the system…
* …But one can create Device files in other directories (e.g. in RedHat’s installation process, the Device files for the hard disks are created in the /tmp directory).
* Examples of conventional file names:
o hda – first (a) IDE Device (hard disk, CDROM).
o hdb3 – 3rd (3) partition of second (b) IDE Device (must be a hard disk. CDROMs have no partitions).
o ttyS0 – first serial port (“COM1”).
o sda1 – 1st (1) partition of first (a) SCSI Device (hard-disk, an emulated SCSI Device, etc.).
o lp0 – first parallel port (LPT1).

Character Device Vs. Block Device

* A Character (‘c’) Device is one with which the Driver communicates by sending and receiving single characters (bytes, octets).
* A Block (‘b’) Device is one with which the Driver communicates by sending entire blocks of data.
* Examples for Character Devices: serial ports, parallel ports, sounds cards.
* Examples for Block Devices: hard disks, USB cameras, Disk-On-Key.
* For the user, the type of the Device (block or character) does not matter – you just care that this is a hard disk partition or a sound card.

Listing Loaded Modules With lsmod

In order to see the list of currently loaded Modules, use the lsmod command:

Module Size Used by Not tainted
ppp_synctty 6368 0 (unused)
ppp_async 8032 1
ppp_generic 23692 3 [ppp_synctty ppp_async]
slhc 6220 0 [ppp_generic]
ipt_LOG 4384 19 (autoclean)
ipt_TCPMSS 3168 1 (autoclean)
iptable_nat 19668 1 (autoclean)
ip_conntrack 20268 1 (autoclean) [iptable_nat]
iptable_filter 2464 1 (autoclean)
ip_tables 13632 6 [ipt_LOG ipt_TCPMSS iptable_nat iptable_filter]
vfat 11804 1 (autoclean)
fat 36184 0 (autoclean) [vfat]
ext3 64800 3 (autoclean)
jbd 47924 3 (autoclean) [ext3]
emu10k1 60832 1
ac97_codec 12256 0 [emu10k1]
sound 69260 0 [emu10k1]
soundcore 6212 7 [emu10k1 sound]
mousedev 5024 1
hid 20608 0 (unused)
input 5696 0 [mousedev hid]
ehci-hcd 16864 0 (unused)
usb-uhci 24292 0 (unused)
usbcore 71104 1 [hid ehci-hcd usb-uhci]

The /lib/modules Directory

* Contains the Modules for the different Kernel versions we have installed.
* One directory per Kernel, named after the Kernel’s version number.
* Modules are split into directories, based on categories:
o pcmcia – PCMCIA Drivers, for laptops.
o kernel/net – network-related Modules (firewall, extra protocols support, etc.)
o kernel/drivers – Drivers for various types of Hardware (including network Drivers).
o kernel/fs – file-systems support (ext3, vfat, etc.)
o kernel/arch – Architecture-specific support (e.g. Drivers to handle features of a a specific CPU or motherboard).

Loading And Unloading Kernel Modules – insmod/rmmod

* Module loading and unloading may only be performed by root.
* To load a Kernel Module, use the insmod command:

insmod eeprom
Using /lib/modules/2.4.18-17.7.x/kernel/drivers/sensors/eeprom.o

Check with lsmod that the Module was indeed loaded.
* To un-load a Kernel Module, use the rmmod command:

rmmod eeprom

Check with lsmod that the Module was indeed un-loaded.

Handling Kernel Module Dependencies – depmod and modprobe

* Modules could depend on each other. For example, to load the Module ‘lm78’, we need to first load ‘i2c-core’ and ‘i2c-proc’.
* The depmod command builds a list of Module dependencies – i.e. for each Module, which other Modules it needs, in order to load. Run it as:

depmod -a

depmod: *** Unresolved symbols in
depmod: *** Unresolved symbols in
depmod: *** Unresolved symbols in

* In order to have the system take care of these loading dependencies automatically, load a Module using the modprobe command:

modprobe lm78

or, for a more verbose output:

modprobe -v lm78

/sbin/insmod /lib/modules/2.4.18-17.7.x/kernel/drivers/i2c/i2c-core.o
Using /lib/modules/2.4.18-17.7.x/kernel/drivers/i2c/i2c-core.o
Symbol version prefix ”
/sbin/insmod /lib/modules/2.4.18-17.7.x/kernel/drivers/i2c/i2c-proc.o
Using /lib/modules/2.4.18-17.7.x/kernel/drivers/i2c/i2c-proc.o
/sbin/insmod /lib/modules/2.4.18-17.7.x/kernel/drivers/sensors/lm78.o
Using /lib/modules/2.4.18-17.7.x/kernel/drivers/sensors/lm78.o

The /etc/modules.conf file

* Contains ‘default’ parameters for Modules we use often (e.g. network Drivers, sound cards, etc.)
* commonly used lines:
o alias – specifies that a given Module (Driver) should be used for a given Hardware Device. example:

alias eth0 8139too

o options – specifies options to supply to a given Module, when it is loaded. example:

options sb io=0x220 irq=5 dma=1 dma16=0 mpu_io=0x310

* Note: module options may also be supplied as parameters to the insmod and modprobe commands.

Getting Information About A Kernel Module – modinfo

* In order to get information about a Module (author, supported options), we may use the modinfo command.
* For example, information about the ‘mousedev’ Module:

/sbin/modinfo mousedev

filename: /lib/modules/2.4.18-17.7.x/kernel/drivers/input/mousedev.o
description: “Input driver to PS/2 or ImPS/2 device driver”
author: “Vojtech Pavlik “
license: “GPL”
parm: xres int, description “Horizontal screen resolution”
parm: yres int, description “Vertical screen resolution”

* The source code of the Module can also be used to get information about it. In some cases, there are interesting comments at the top of the source file.

Standard Kernel Drivers

* Many Drivers come as part of the distribution’s Kernel. Use Them.
* These Drivers are stored, as we saw, in the /lib/modules/ directory.
* Sometimes, the Module file name will imply about the type of Hardware it supports.
* Often, a search on Google would give the Module’s name, assuming we looked for the chip-set, not for the marketing name of the Hardware.
* Finally, looking on the web page of the company that manufactures the product, or the chip-set, might come up with a Driver. If we’re lucky, this Driver is already part of our Kernel, and we don’t need to download it.

What If Our Driver Is Not Compiled?

* Some Drivers might come as part of our Kernel’s sources, but still not be compiled in the distribution’s default Kernel.
* We can see this by looking for the Driver in the Kernel source tree…
* … Or by reading about its existence on the web, or in the Kernel source documentation (/usr/src/linux/Documentation).
* To compile this Driver, we will need to perform a full Kernel compilation and then compile the Driver.
* Usually, the second time around, we will not need to re-compile the entire Kernel – just the 2nd Driver.

Dell inspiron ATI radeon hd2600 twin-head drver for Lin

ATI Catalyst™ Display Driver

Linux x86; Linux x86_64 

Products Supported


var slwp; if (slwp == null) slwp = new Array(); slwp[‘ctl00_PlaceHolderMain_SummaryLinkFieldControl1_SummaryLinkFieldControl1’] = “WebForm_DoPostBackWithOptions\u0028new WebForm_PostBackOptions\u0028\u0022ctl00$PlaceHolderMain$SummaryLinkFieldControl1$SummaryLinkFieldControl1\u0022, \u0022SLWPToken\u0022, false, \u0022\u0022, \u0022\u0022, true, true\u0029\u0029”;


By clicking the download button, I agree to the Terms and Conditions.

Name File Size Revision Number Release
ATI Catalyst™ 9.4 Proprietary Linux x86 Display Driver 82.6 MB 9.4 4/17/2009 Download
Automated installer and Display Drivers for X.Org 6.7, 6.8, 6.9, 7.0, 7.1, 7.2, 7.3, or 7.4

The drivers above support English only.
The display driver requires POSIX shared memory to be enabled on the system.
Kernal Sources package is no longer required if Kernel Header package is installed.
32-Bit packages must be installed for 64-Bit Linux drivers to install or work.

*These sites are community resources, and are not supported by, or affiliated with AMD in any way.

Radeon HD 2600XT

download the above file, then:-

sh ./

for dual head


 sudo aticonfig –initial=dual-head  –screen-layout=right

 sudo aticonfig –initial=dual-head  –screen-layout=right