Kansloze Bagger

I am proud to announce a new site called Breaking Systems for Fun and Profit. There you will find lots of little commandline and configfile nuggets to brighten your day (but not your cow-orkers).

Here are some long overdue updates for sphinX. We now have tooltips when you hover above the different meters! (Thanks Martin!).

The bzr repo is still http://kanslozebagger.org/sphinX and an updated RPM for Fedora Core 6/RHEL 5 is here.

I am pleased to announce the first pre-alpha of sphinX. A funky bling-bling graphical system-monitor for systems using cairo and a compositing window-manager.

sphinX requires python, pygtk and pycairo to run.
From top-to-bottom the meters include:

• cpu frequency scaling
• memory usage
• wifi-strength and time
• swap usage
• cpu usage

You can drag the display around with the left mouse-button, and resizing should work with the middle mouse-button. The right mouse-button will popup a quit menu.

Availability

You can download sphinX.py here, or you can branch the bzr archive by running “bzr branch http://kanslozebagger.org/sphinX”

packages

You can grab a rpm for fc6 here
You can grab a tarball here

Bug-reports can be mailed to me here

If you are anything like me you hate your logfiles filling up with ssh denied message from script-kiddies trying to guess passwords. Wouldn’t your life be just a bit easier if the connection would just get rejected when they attempted to do so?
Let’s get some netfilter-magic in here to rescue us. Some excerpts from my /etc/sysconfig/iptables¹:


*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:VUURMUUR - [0:0]
:SSHD - [0:0]
:SSHD-REJECT - [0:0]

First we declare some new chains. VUURMUUR is where all the normal firewall stuff happens. SSHD to do the accounting and SSHD-REJECT to do the blacklisting.


-A INPUT -j VUURMUUR
-A FORWARD -j VUURMUUR
-A VUURMUUR -p tcp --dport 22 -m state --state NEW -j SSHD

Now we send all incoming and forward traffic to the VUURMUUR chain, then we add our new SSHD chain as the target for all NEW connections to port 22 (ssh). If we didn’t specify the NEW state here all our connections would die after the first few packets…


-A VUURMUUR -m state --state ESTABLISHED,RELATED -j ACCEPT
...
-A VUURMUUR -j REJECT --reject-with icmp-host-prohibited

This is where your `normal’ rules would go. Using REJECT as target on a final rule for all traffic you didn’t explicitly ACCEPT is always nice, as this will inform the other end of a closed port instead of letting them timeout on dropped packets.


-A SSHD -m recent --set --name SSHD --rsource

The first thing we do in our SSHD chain is add/increase a packet-counter for the source of our new connection using the recent module and SSHD as a name for our counter.


-A SSHD -m recent --rcheck --seconds 60 --hitcount 4 --name SSHD --rsource -j SSHD-REJECT

Now we check if we’ve had four or more new connections from the same host in the past minute. If so we’ll jump to the SSHD-REJECT chain.


-A SSHD-REJECT -m recent --set --name SSHD-REJECT --rsource

In the SSHD-REJECT chain we only add our source-ip (and timestamp) to a second counter: SSHD-REJECT


-A SSHD -m limit --limit 5/hour -m recent --rcheck --seconds 3600 --hitcount 1 --name SSHD-REJECT --rsource -j LOG --log-prefix SSH-BLACKLIST:
-A SSHD -m recent --rcheck --seconds 3600 --hitcount 1 --name SSHD-REJECT --rsource -j REJECT --reject-with icmp-port-unreachable

Now we check if this host has been put in our SSHD-REJECT counter in the past hour (3600 seconds). If so we log a message to syslog (but limited to a maximum of 5 messages per hour) and we reject the connection.


-A SSHD -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
COMMIT

And finally we accept the connection.

More information about the iptables recent module can be found at snowman.net
More information about netfilter/iptables can be found at netfilter.org

1: This is where “service iptables save” will store your firewall config on RHEL/Fedora systems. If you’re using Debian or Ubuntu you can put all of this in your own firewall-script by doing the chain-creation with “iptables -N <chainname>” and prefixing the rest of the lines with “iptables”

Moet… Hebben…
Helaas is er nog niks bekend over wanneer je dit ding eigenlijk zou kunnen kopen, of hoeveel het gaat kosten. Maar dat mag natuurlijk de voorpret niet bederven. Niks meer geen fleptop rondsjouwen of je PDA kwijtraken, gewoon je computer om je pols dragen alsof het je horloge is. En met usb, irda, bluetooth en 802.11b kun je je ook nog lekker uitleven in multiplayer doom ;-)

wbQuiz comes hot off the press!
Originally requested by Heather as a change/extension to wbExam it evolved into a complete new plugin.
Visit a demonstration, or download it now!

Features included are:

• As many questions as you like
• Three types of questions
  • Open
  • Multiple Choice – select one
  • Multiple Choice – select many
• Customizable
• Weighted scoring: different answers give different scores
• Multiple rankings, as many as you like

Een zeer ruime meerderheid (648 tegen 14) in het Europees Parlement heeft zojuist het voorstel voor Software-patenten verworpen.
Tijd voor een feestje dus…

wbExam 0.2.2 is released, nothing big, just a little bugfix.
If you didn’t experience any problems you can just sit back and stick with 0.2.1. If you were experiencing problems (php errors) download the latest version (0.2.2) here.

Thanks to Jonathan for finding the bug