Le carnet à Michel / Mike's Blog / ミシェルのブログ

“My computer is slow”“It takes five minutes to start my computer”

“I need to upgrade my computer”

All things I heard about computers from people I know… mostly Windows. I want to give a few tricks to make sure you are running ok. Note that I assume your system is legit, if your Windows is copied, you might run into problems and I don’t really care about your mishaps. Buy your software!

First, left-click Start, right-click on “My Computer” and to the bottom of the menu, left-click on “Properties”. In the window that appears, look at how much RAM you have. If it’s in gigabytes (Gb), you are fine. If it’s in megabytes, you better have 512 or more. If not, that’s your first pit stop: bring your computer to your local repair shop and ask to have up to 1 gigabyte of RAM (more is sometimes useful but not for Mr. Everyone). If you have 256, it should run kind of fine, if you have less than that, here’s your problem. Don’t even think about changing your computer unless you give it a fair chance. You can cancel that window.

Second, make sure your system is properly updated. That means going to Start menu again, “All programs”, and look at the upper-left part of the window. If you see “Microsoft Update”, you are in luck. Click it. Go through all the loops and hoops that they say is required. It might take some time, and might ask for reboots. Do the quick update. If you are asked to update some things, do so, reboot, then do it again, until they say you are good to go. If you only have “Windows Update”, that’s not bad, simply less complete. Click it. Go through all the loops and hoops, same thing.

Third, you need some anti-virus. If you have the choice, Norton Anti-Virus is the most complete, however it’s expensive and does take a lot of computer juice. If you do not have a solution right now, you can see that part by going to Start Menu (again), Configuration Panel, Security Center and see if you have the anti-virus protection activated (Green light), consider using a free one, like Grisoft AVG Anti-Virus Free Edition (link opens a new window). It has no pop-ups, it has no major annoyances and it is easy to install. Simply press “Get AVG Free”, go down the window and download the file there, with the cryptic name ending with .exe. Say you want to execute it, follow up installation, and do a first preliminary virus check. If a virus is found, that might mean game over, that you have to reinstall Windows. Normally no, but sometimes it happens. Another possibility is Avira AntiVir PersonalEdition Classic (new window)… again a very good solution, reputable. The key here is reputability, will you use some anti-virus or anti-spyware that spams everyone simply because they say so? It might even be a spyware itself!

Then, speaking of spywares, you need to remove these pesky spywares that must clog your system. Many good reputable solutions exist, like Ad-Aware Personal (new window). I personally enjoy using Spybot Search&Destroy (new window). Do download the latter, choose your language, press Download, in the Download section below press Download here to the right of the software, then choose a mirror… I personally never had a problem with BN FileForum, so press Download here to the right, finally press Download Now to the right of the window. Execute immediately, follow instructions do a first scan. There will be problems, for sure. They might be simply cookies, but they might be bigger problems. You might again have to reboot, even multiple times. The system might even not be able to clean all of the pests. Then, another game over, and please reinstall Windows. Once it’s done, start the software again and inoculate against all threats.

Last part … Install Firefox (new window) as a default browser. You might like Internet Explorer but everyone tries to attack IE by all possible means. Most web sites support Firefox so why not. You can also go with Opera (new window) as it’s very good, quick, efficient and has nice features. All in all, it’s a matter of taste. However, what’s not a matter of taste is the security issues on Internet Explorer. Sad but true.

Now your system is theoretically clean, it is protected, it has everything you need. Now the cleanup part. Start menu, Configuration panel again, Add/Remove Software. Wait for the list to appear. Then, you are free to remove almost anything and everything that is in this first pane. The exceptions are everything that has the following words in it: “ATI, NVIDIA, Intel, VIA, Drivers, Update, Service Pack”. Use your common sense, if you remove Realtek AC’97 Audio (for example if you have that installed), you will not have sound on your computer anymore. Worst case, if you are unsure, Google the term.

If nothing works, maybe you computer is really too old. Maybe it really needs a good “Spring cleaning”, where you reinstall everything from scratch. Yes, you lose everything, but at least you are totally sure you really need a new computer before doing useless expenses.

Backups, you need them. Oh yes you need them. Better safe than sorry. You got two computers? One to backup and the other one accessible via FTP? Then you can do a backup.

What you need? A shell script, ncftp for FTP transfer, perl (in shell arguments) and tar.

For sake of completeness, FTP is not safe and can be intercepted, it isn’t as fast as other protocols, but it has the main advantage to be there and available. Same for tar, even with -z, you could do better with bzip2 for example, but it has the immense quality of being always there. Why ncftp? Because it tries a few times. Yes, you can do better and faster but this is simple to understand. Oh and the passwords are in plaintext, yes you can do better.

Again, pleasie-no-copy-paste, as wordpress changes characters. You need to type back everything or know what you’re doing.

Here is the shell file to use. First, you need to create a folder in /root named “backup”. This assumes you are root of course. You can always put ~/ instead of root. The best place to put this is also in one of the /etc/cron.* folders, daily if you can, monthly is better than nothing, yearly, well, what’s the point. Or you can call it in standalone.

myfile=/root/backup/backup.$(date -I).tar.gz
startbackupat=2005-01-01
touch $myfile
chmod 600 $myfile
cd /
nice tar -czf $myfile --newer $startbackupat home var/spool/mail > /dev/null
ncftpput -u MyFtpUserName -p MyPassword -DD host.example.com FolderToPutThisIn $myfile

That’s it! Now, this is made for Fedora Core, and tar has the very bad habit of being different depending of its brand, so you will need to tweak it if you’re not using FC. Even there, you want to change “home” and “var/spool/mail” for something else I’m sure of it. Or maybe add to these two lines, don’t forget, you can put many many lines there.

This will backup all files starting at 2005-01-01, and create files named backup.THEDATE.tar.gz, using a low-priority process (hence the “nice” before), transfer it using ncftpput, and delete the file automatically once it has been copied (the -DD option).

If you want to start the backup at the time of a file, you can use the following line: startbackupat=$(date -r /root/backup/anotherbackupfile +'%Y-%m-%d') (hint hint, that does incremental if you tweak it enough).

If you want to backup your mysql database, add the following lines before the tar line:

touch /root/backup/mysql.dump
chmod 600 /root/backup/mysql.dump
mysqldump -A -f --password=MySqlRootPassword > /root/backup/mysql.dump

Don’t forget to add the file in the tar line (simply add root/backup/mysql.dump before the > )

And I suggest you delete the dump file after its copy (next line after tar: rm /root/backup/mysql.dump)

Why the touching of file and chmod? To be a little bit more secure, don’t forget anyone getting this file would have access to your full backup contents, probably the most sensitive info you got. That’s also why I haven’t used /tmp to put the files.

What else. You can put --exclude lines in your tar line. For example, if you want to copy all your files except one folder, you would use --exclude='home/pr0n' and it will not copy that folder.

Like I said, this is very crude backuping system. It is not meant to replace a full-fledged system but it works well and doesn’t take a genius to understand, hence it doesn’t take a genius to tweak.

Iptables tables are located in /etc/sysconfig/iptables in Fedora Core.

As root, you can use the iptables-save command like this:

• iptables-save > /etc/sysconfig/iptables

And your precious iptable will be secured.

These days, there are gazillion of zombie drone computers whose only goal is to try out passwords on your poor little server. Usually, they will start tons of connections with random passwords attempts until they find a good one. Although you could ban these forever, you can always simply hinder their progress by limiting the number of trials they can do in one minute. Using this iptables chain, you can limit to 3 tries per minutes, then their connection will be dropped for a good minute. Usually, this piss them off and they will look elsewhere.The iptables is the following:

ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 3/min burst 3
LOG tcp -- anywhere anywhere LOG level notice prefix `[RATELIMIT] '
DROP (or reject) tcp -- anywhere anywhere

And you create it using these lines:

iptables -N ratelimit
iptables -A ratelimit -p TCP -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A ratelimit -p TCP -j ACCEPT --syn -m limit --limit 1/minute --limit-burst 3
iptables -A ratelimit -p TCP -j LOG --log-level "NOTICE" --log-prefix "[RATELIMIT] "
iptables -A ratelimit -p TCP -j REJECT (or DROP, the difference being REJECT gives instant information to the user the system does not accept your connection, while DROP simply drops the request, leaving the original system in the dark. I prefer DROP but for debugging and to get a valid feedback from your users, it’s better REJECT as they will nag you “the system rejected my logging!”)

(Update: Thanks to Mike, modified –limit 3 to 1, it reflects what I am saying best)
And finally, you need to connect this iptable chain to the ssh protocol (the most used for passwords attacks these days) or telnet, or any other TCP protocol you know is being attacked (no, web doesn’t work and e-mail is not a good idea )

So if you have a iptables line to accept ssh protocol as destination port, modify it to call the chain instead. For example:

iptables -L INPUT (this will show the list of current input filters - count the number of lines up to the ssh line, starting at one for the first line. If you don’t have a line specific to SSH, consider adding one, you simply don’t have to -D the previous one, but then it’s a totally different topic so you’re on your own )

iptables -D INPUT linenumber (this will delete the line “linenumber” from the table)

iptables -I INPUT linenumber -p TCP –dport 22 -j ratelimit (this will add the new line “linenumber” to the table)

Then, verify with another iptables -L INPUT and if everything is fine, you should have a rate limiting system in place! Save it and you’re done.

I still suggest you do all this with Webmin, the only detail being the --syn is replaced by “TCP Flags equals SYN out of SYN, RST and ACK”.

Remember: do not copy-paste the lines from my site, Wordpress changes the accent characters like the quotes!

To get files from FTP or HTTP in Linux, there are many small useful tools you should have on your computer.

First, you need either apt-get (debian), up2date (red hat), fink (darwin) or yum (independant). For ease of use, I suggest you install yum but that’s up to you. I will give the examples using that one.

You need the following files:

• ncftp, to retrieve stuff in FTP using the ncftp command. yum install ncftp
• lynx, to retrieve stuff in HTTP using the lynx command. yum install lynx
• wget, to retrieve stuff either in FTP or HTTP using the wget command. yum install wget

Once you have these tools, you are free to go. If you require a file that’s on a web page, and you know the file is a direct link, use the following command:

wget “http://www.example.com/myfile.tar.gz” . Don’t forget the quotes, or else if you have a weird character in your string, you’ll execute commands. You can use wget to get files from a FTP server using the same principles.

The two other tools are harder to use, ie: not one-liners. You can get a ftp file from ncftpget the same way you use wget, or you can get a http file from lynx the same way you use wget again. Then, if you want to get a file from a ftp server using the good old FTP protocol, you type ncftp, the server name and you move around in ftp. Same for lynx, you type an address and you’ll have a text-only web browser.