HOWTO : Lightening your browsing speed on a slow internet connection under Ubuntu 8.10

I am using my IBM ThinkPad T23 with Ubuntu 8.10 in my office. However, the signal of the wireless connection in my office is very weak. In addition to the weak power of the laptop, the browsing speed is very slow and nearly halt.

We can solve this problem by doing some hacking.

Step 1 :
Type “about:config” at the Firefox address bar.
Type “pipelining” in the “Filter” text box.
Double click “network.http.pipelining” to turn its value from “false” to “true”.
Do the same to “network.http.proxy.pipelining“.
Double click “network.http.pipelining.maxrequests” to change from “4” to “30”.

Step 2 :
Still at the Firefox of “about:config”.
Type “ipv6” in the “Filter” text box.
Double click “network.dns.disableIPv6” to turn its value from “false” to “true”.

Restart the Firefox and feel the different.

Step 3 :
I use OpenDNS and the service is reliable and faster which compares with slow DNS in my office’s ISP. To cache the DNS is one of the solution to speed up the surfing speed.

sudo apt-get install pdnsd resolvconf

Select “resolvconf” when you are prompted.

Step 4 :
sudo nano /etc/pdnsd.conf

Insert the following lines below the “global { ....}“.

server {
label="OpenDNS";
ip=208.67.222.222,208.67.220.220;
proxy_only=on;
timeout=10;
}

Step 5 :
sudo /etc/init.d/pdnsd restart

Step 6 :
sudo nano /etc/dhcp3/dhclient.conf

Append the following line to the document :
prepend domain-name-servers 208.67.222.222,208.67.220.220;

Reboot your computer.

Now, your browsing speed is faster than before a lot.

Updated on 2008-DEC-30 :
If you encountered problem in VirtualBox with NAT, you just disabled the pdnsd by the following command :
sudo /etc/init.d/pdnsd stop

HOWTO : Avoid to drop to busybox in Ubuntu 8.10

Some systems, like mine (nForce 570 Ultra chipset with SATA hard drives), will drop to busybox when booting up Ubuntu 8.10 in some occasion. The reason is Ubuntu 8.10 do not have enough time to load the essential modules before mounting the root filesystem of a SATA hard drive. This may happen to some systems only.

Method 1 :
To solve this problem, just add “bootdelay=90” at the end of “kernel” tag of /boot/grub/menu.lst

Reboot and the problem gone!

Method 2 :
Wait 1-2 seconds at the busybox screen. Type “exit” and the boot process continue. The Ubuntu 8.10 then booted up.

HOWTO : Protect your data in Ubuntu 8.10

To protect your data in a directory is easy with Ubuntu 8.10.

Step 1 :
sudo apt-get update
sudo apt-get install ecryptfs-utils

Step 2 :
ecryptfs-setup-private

Step 3 :
For the first question that asking for login passphrase, please enter your login password.

Step 4 :
For the second question that asking for mount passphrase, please let the system generate one for you and copy the passphrase to a safe place.

Step 5 :
Log out and Log in again. Save your sensitive data in the ~/Private directory.

Step 6 (Optional) :
If you want to encrypt the data of Firefox or Evolution, for example. Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running

ps -ef | grep evolution

Move the application’s data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory

mv ~/.evolution ~/Private

Establish a symbolic link from the old location to new location

ln -s ~/Private/.evolution ~/.evolution

Remarks :
If you put all of .ssh in ~/Private, you won’t be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest in the clear.

HOWTO : Intrusion Prevention System (IPS) with ZeroShell, EasyIDS and Guardian

Part A : Router – ZeroShell
To setup a Gigabit router, please follow the link below :
https://samiux.wordpress.com/2008/08/17/howto-home-made-wired-and-wireless-router-with-zeroshell/

Part B : IDS – EasyIDS
To setup a Intrusion Detection System (IDS), please follow the link below :
https://samiux.wordpress.com/2008/10/02/howto-intrusion-detection-system-made-easy/

Part C : IPS – Guardian

Step 0 :
ssh to EasyIDS.
ssh 192.168.0.200 -l root

Step 1 :
Go to http://www.chaotic.org/guardian/ to download Guardian. The current version as at this writing is version 1.7.
wget http://www.chaotic.org/guardian/guardian-1.7.tar.gz

Step 2 :
Untar the package.
tar -xzvf guardian-1.7.tar.gz

Step 3 :
cd guardian-1.7
cp guardian.pl /usr/local/bin/
cp scripts/iptables_block.sh /usr/local/bin/guardian_block.sh
cp scripts/iptables_unblock.sh /usr/local/bin/guardian_unblock.sh
cp guardian.conf /etc/snort/
touch /etc/snort/guardian.ignore
touch /etc/snort/guardian.target
touch /var/log/snort/guardian.log

Step 4 :
vi /etc/snort/guardian.conf

Make the file looks like this (the IP address of HostIpAddr may be different from yours).
HostIpAddr 218.190.113.253
Interface ETH01
HostGatewayByte 75
Logfile /var/log/snort/guardian.log
AlertFile /var/log/messages
IgnoreFile /etc/snort/guardian.ignore
TargetFile /etc/snort/guardian.target
TimeLimit 86400

Step 5 :
vi /usr/local/bin/guardian_block.sh

#———— CUT HERE ——————#
#!/bin/sh

# this is a sample block script for guardian. This should work with ipchains.
# This command gets called by guardian as such:
# guardian_block.sh
# and the script will issue a command to block all traffic from that source ip
# address. The logic of weither or not it is safe to block that address is
# done inside guardian itself.
source=$1
interface=$2
firewall_ip="192.168.0.75"

ssh root@$firewall_ip "iptables -I INPUT -s $source -i $interface -j DROP"
ssh root@$firewall_ip "iptables -I FORWARD -s $source -i $interface -j DROP"
echo "$source is blocked!" | mail -s "Snort alert is blocked" snort.alert.samiux@gmail.com

#————-CUT HERE —————–#

Step 6 :
vi /usr/local/bin/guardian_unblock.sh

#————-CUT HERE —————–#
#!/bin/sh

# this is a sample unblock script for guardian. This should work with ipchains.
# This command gets called by guardian as such:
# unblock.sh
# and the script will issue a command to remove the block that was created with # block.sh address.
source=$1
interface=$2
firewall_ip="192.168.0.75"

ssh root@$firewall_ip "iptables -D INPUT -s $source -i $interface -j DROP"
ssh root@$firewall_ip "iptables -D FORWARD -s $source -i $interface -j DROP"
echo "$source is blocked for 24 hours! It is released!" | mail -s "Snort alert is released" snort.alert.samiux@gmail.com

#————-CUT HERE ——————#

Step 7 :

vi guardian.sh
#————— CUT HERE —————–#
#!/bin/bash

start()
{
export PATH=$PATH:/usr/local/bin
/usr/local/bin/guardian.pl -c /etc/snort/guardian.conf
}

stop()
{
ps aux | grep 'guardian.pl *-c' 2>&1 > /dev/null
if [ $? -eq 0 ];
then
kill `ps aux | grep 'guardian.pl *-c' | awk '{print $2}'`
else
echo "Guardian is not running ....."
fi
}

status()
{
ps aux | grep 'guardian.pl *-c' 2>&1 > /dev/null
if [ $? -eq 0 ];
then
echo "Guardian is Running ....."
else
echo "Guardian is not Running ...."
fi
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
esac

#————— CUT HERE —————–#

chmod +x guardian.sh
cp guardian.sh /usr/local/bin/guardian.sh

Usage : guardian.sh [start|stop|restart|status]

Step 8 :
vi /etc/rc.d/rc.local

Append the following line.
/usr/local/bin/guardian.sh start

Part D : Making them work together

Step a :
SSH to your ZeroShell and login as “admin” then go to shell by selecting “s“.

In the /Database directory, create a directory namely “startup“.

Copy /etc/ssh/sshd_config to /Database/startup/sshd_config.

Edit /Database/startup/sshd_config. Comment out “AllowUsers admin” and uncomment “#AuthorizedKeysFile .ssh/authorized_keys“.

Looks like this :
#AllowUsers admin
AuthorizedKeysFile .ssh/authorized_keys

Step b :

SSH to the sensor (EasyIDS). Run “ssh-keygen -t rsa” to generate a public/private key pair in /root/.ssh/.

DO NOT ENTER A PASSPHRASE.

Copy the content of /root/.ssh/id_rsa.pub to ZeroShell “/Database/startup/.ssh/authorized_keys” with text editor and make sure you have /root/.ssh directory at the ZeroShell.

mkdir /root/.ssh

Step c :
Create a startup script at /Database/startup/rc.local.

vi /Database/startup/rc.local

#———- CUT HERE —————-#
#!/bin/sh
/bin/cp /Database/startup/sshd_config /etc/ssh/sshd_config
/bin/cp -Rp /Database/startup/.ssh /root/.ssh
echo "root:YOUR_ROOT_PASSWORD" | /usr/sbin/chpasswd
/sbin/service sshd restart

#———– CUT HERE —————#

chmod 755 /Database/startup/rc.local

Step d :
Login to your ZeroShell and go to “Setup” and then “Startup“.
Enable the startup configuration and add “/Database/startup/rc.local” to the startup script and save it. Reboot the Zeroshell.

Make sure you add 192.168.0.200 with ETH00 to the SSH of ZeroShell.

Step e :
Go to EasyIDS by ssh. Edit /etc/snort/guardian.target to make guardian to detect the alert from that IP.
vi /etc/snort/guardian.target
Add :
218.190.113.253

vi /etc/snort/guardian.ignore
Add :
127.0.0.1

Step f :
vi /etc/snort/snort.conf
uncomment “output alert_syslog: LOG_AUTH LOG_ALERT”

service snort restart

Step g :
Finally, when everything is setup and okay, you should stop and start the guardian.sh to activate the blocking feature.
guardian.sh stop
guardian.sh start

Now you can SSH from EasyIDS to ZeroShell without password.

Step g :
You can also tune the EasyIDS as Ubuntu that described in this blog – “Performance tuning”.

Remarks : After observation and experiment, the EasyIDS requires some time to make it work. May be to capture some traffic before to detect the alert.

Part E : Testing
Step I :
Download idswakeup and nmap to test the IPS.
sudo apt-get update
sudo apt-get install idswakeup
sudo apt-get install nmap

For example :
sudo idswakeup 111.222.333.444 218.190.113.253 1 10
sudo nmap -v -sS 218.190.113.253

Step II :
Log in to the Zeroshell and check the firewall if the 111.222.333.444 was blocked or not. If yes, your IPS is setting up sucessfully.

Remarks :
If you restarted the Snort, you should also restart Guardian at once also. Otherwise, the Guardian cannot block the suspicious IPs.