Command to Find Current Ubuntu Version

Run this command to find the installed version of Ubuntu.

cat /etc/lsb-release

You will get the following info.

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.3 LTS"

You could also use

cat /etc/issue

Which will display the version only:

Ubuntu 8.04.3 LTS \n \l

How Do I Block an IP Address on My Linux server?

How do I block an IP address or subnet under Linux operating system?

In order to block an IP on your Linux server you need to use iptables tools (administration tool for IPv4 packet filtering and NAT) and netfilter firewall. First you need to log into shell as root user. To block IP address you need to type iptables command as follows:

Syntax to block an IP address under Linux

iptables -A INPUT -s IP-ADDRESS -j DROP

Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:
# iptables -A INPUT -s 65.55.44.100 -j DROP

If you have IP tables firewall script, add above rule to your script.
If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP

The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25.
You can write a shell script to block lots of IP address and subnets.

Web log analysis and statistics for Amazon S3 with S3STAT

I've been using Amazon Web Services for several months now. Like anything else I need to know what's going on with my services - what's being downloaded, how often, from where, etc. In the middle of last month I finally found a service which bridges the gap allowing a good view into what's going on with my S3 buckets. S3STAT is a service that takes the detailed server access logs provided by Amazon's Cloudfront and Simple Storage Service (S3), and translates them into human readable statistics, reports and graphs.

Every night they download my access logs, translate them, sort them, and run them through Webalizer, then they stick the processed log files right back into my Amazon S3 Bucket for me to view.

S3STAT provides the following benefits

• Get Access to your Cloudfront and S3 Web Logs in a format that you can use. S3STAT will set it all up for you automatically.
• Track your Cloudfront and S3 Usage Statistics through graphical reports generated on a nightly basis.
• Identify performance bottlenecks caused by slow loading content. S3STAT keeps statistics on S3 processing time and system latency.
• Consolidate your web usage reports by downloading nightly log files in Common Logfile Format and Combined Logfile Format.
• Industry Standard web statistics provided by Webalizer, the leading web log analysis and reporting package.
• They do all this for only $5 a month!

S3STAT provides two ways to process logs.  This first is to give them direct access to my S3 account, but being the paranoid admin that I am I didn't like this idea.  They even acknowledge this may be an issue, "Don't Trust Us?  If you really don't want to hand over your S3 credentials, it is still possible to use S3STAT in self-managed mode."  I opted for the self-managed mode although it's a pain in the you-know-what to setup.

Enter CloudBerry Explorer for Amazon S3.  The good folks at CloudBerry Labs have integrated the S3STAT self-managed setup and configuration into CloudBerry Explorer.  In CloudBerry Explorer just right-click your S3 bucket you want to use with S3STAT and select properties (you can also get there by right-clicking on the bucket, select Logging, Log Settings).

On the CloudFront Logging tab choose Use S3Stat logging.  Click OK.

Next, logon to your S3STAT account (make sure you set it up to use self-managed mode).  From your main account page select Add an S3 bucket.  Enter your bucket name and click Verify.

Sit back, relax and wait a couple days for the stats to accumulate and to be processed by S3STAT.  Once you have some stats you can access them easily though links (for each bucket) from your S3STAT account page.

This will take you to your stats page, which is actually stored right in your analyzed bucket.

So far I've been fairly pleased with S3STAT, especially considering I haven't paid a dime during the 30-day free trial.  However, I have noticed one issue - on a few of the days I have little to no stats, while I know I've had traffic.  Not sure if this is a bug with S3STAT or just what.  I'm not a huge fan of the Webalizer interface, but I can deal with it.  Otherwise S3STAT has been great and saved me a ton of time by not having to setup my own analytics for my S3 buckets.

One other small drawback - At the moment, there is not a way to configure Cloudfront distributions in self-managed mode.  According to S3STAT, "Cloudfront doesn't yet allow you to change the ACL for delivered logfiles, which means we can't read them unless we have your AWS credentials.  Never fear, though. We're working with the Cloudfront team to make this possible."

I definitely recommend giving it a try!

Securely remove multiple files so they cannot be recovered

Shred utility overwrites a file to hide its contents, and optionally delete it if needed. The idea is pretty simple as it overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. By default file is overwritten 25 times. I've seen cases where law enforcement agencies had successfully recovered data from 5 year old *not so* working hard disk as evidence. Also when you move your rented server you should consider running file shredding; otherwise new owner can get data including passwords.

Shred a single file

Securely delete a file called /home/vivek/login.txt:
$ shred -u ~/login.txt

You can add a final overwrite with zeros to hide shredding:
$ shred -u -x ~/login.txt
Where,

• -u : Remove file after overwriting
• -x : Add a zero to hide shredding
• -n NUM : Overwrite NUM times instead of the default 25

Shred a multiple files

Let us say you have 100 subdirectories and just wanted to get rid of all files:
$ find -t f . -exec shred -u '{}' \;

If you have many files consider a running job in background using nohup - (execute commands after you exit from a shell prompt over ssh session):
$ nohup find -t f /var/www/ -exec shred -n30 -u '{}' \; &

Shred drawbacks

• Shred doesn’t go well with log-structured or journaled file systems, such as JFS, ReiserFS, XFS, Ext3, etc.
• Compressed file systems
• RAID-based file systems
• NETApps (Network Appliance’s) NFS server

So how do I wipe on journaling file systems?

There is no simple solution. I’ve tried different techniques.
You can store sensitive data on ext2 or fat32 file system and easily delete files. According to shred man page:

In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount).

Someone suggested to use disk encryption to store data that needs to be wiped.
Run shred on entire partition:
# shred -n 30 -vz /dev/hdb2

On remote computer, use nohup:
# nohup shred -n 30 -vz /dev/sdb1 &

Output:

shred: /dev/sdb1: pass 1/26 (random)...
shred: /dev/sdb1: pass 1/26 (random)...1013MiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...1014MiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...1.9GiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...2.0GiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...3.0GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...3.1GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...4.0GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...4.1GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...5.0GiB/234GiB 2%
shred: /dev/sdb1: pass 1/26 (random)...5.1GiB/234GiB 2%
shred: /dev/sdb1: pass 1/26 (random)...6.1GiB/234GiB 2%
......
..
...

And finally you can always destroy hard disk physically, perhaps through a hard drive in hot melting metal.  If you just need to securely wipes the hard disks use dban - Derik's Boot and Nuke.

Adjust Ubuntu Linux Timezone from Command Line

sudo dpkg-reconfigure tzdata

Text-only "What is my IP Address"

Text-only "whatismyip" address?

checkip.dyndns.com

How to keep your email safe from sniffing

Every time you use public internet facilities and hotspots you may be at risk where others are able to "sniff" or listen in to the wireless network traffic within range and from that, determine account names, servers and passwords from anyone who happens to check email while the "hacker" is looking.

The simplest solution is to use webmail, making sure that it's on an "https", secure, connection. This ensures the data is encrypted and safe from any sniffers that happen to see it.

But for many of us, that's not as optimal as we'd like. We'd like to keep using our regular email program and POP3/IMAP/SMTP servers.

Enter "SSH Tunneling".

Now, one of the requirements for SSH tunneling is that you have SSH (Secure SHell) access to your mail server. If you do not (and if you don't know, you probably don't), you can stop reading now. Check with your ISP if you like, to see if you can get it, but this technique relies on SSH being available on your server.

The good news is that once you have SSH access, there's no further server-side configuration.

The technique works like this:

• Using your SSH client or other tools, set up a "tunnel" for ports 25 and 110 on your machine to those same ports on your mail server. This does require that the client or tool be kept running.
• Configure your mail client to send to and fetch from "localhost" instead of your mail server.

That's really all there is to it.

Let's walk through the details for Windows users.

Start by getting PuTTY. Get the ZIP file that contains all the tools, because we'll be using more than just the PuTTY client.

One of the tools is called "plink". In a command shell, run the following:

plink -v -L 110:mailserver:110 -L 25:mailserver:25 -2 you@mailserver -N -pw yourpassword

Where:

• -v: verbose - optional, but it will show you what plink is doing setting up the tunnel, and as long as the tunnel is active.
• -L 110:mailserver:110: defines a tunnel of port 110 on your local machine to go to port 110 on the mailserver. Port 110 is the POP3 mail service. You would replace "mailserver" with the name of your pop3 server.
• -L 25:mailserver:25: defines a tunnel of port 25 on your local machine to port 25 on the mailserver. Port 25 is the outgoing SMTP mail port. Again, you would replace "mailserver" with the name of your pop3 server.
• -2: force ssh v2 protocol only. Optional, but slightly more secure. Use it unless your remote server doesn't support it.
• you@mailserver: your ssh login account name @ your mailserver.
• -N: no shell. Normally plink will also open up an interactive shell. For our purposes here we don't need one.
• -pw yourpassword: your password for your ssh login account name. You can also leave this off to be prompted instead.

Leave plink running once it connects.

Now, in your email client (Outlook, Eudora, whatever), change both the POP3 and SMTP servers to "localhost".

Here's what happens now: when you reload your email client, it will attempt to, for example, fetch POP3 mail from "localhost, port 110". Plink is listening to port 110 on your local machine, encrypts the data and sends it to the ssh server running on the mail server. There, the ssh server decrypts the data, and forwards it on to port 110 on the mail server. Data coming back is handled similarly, as is the SMTP port 25 conversation we defined as well.

A couple of additional notes...

You can tunnel other protocols (like mySql, imap, etc...) by adding "-L port:server:port" parameters to the plink line.

You can perform the port forwarding in PuTTY itself, the interactive client if you like - there is a section in the options for that, and it can be saved with the profile for that connection.

Remember that while your email is configured to use "localhost" as the mail server, the tunnel must be running (the plink command must be active). If it is not, email will fail.

This is yet another use for the great FREE utility PuTTY.

Whois Windows Command Line Utility

WhoisCL is a simple command-line utility that allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. It supports both generic domains and country code domains.

Runs on all Windows platforms (XP, Vista, Windows 7, 2000, 2003, 2008) & uses TCP/IP port 43.

Download WhoisCL

Whois IP Windows Command Line Utility

WhosIP is a simple command-line utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

Runs on any Windows operating system: Windows 95/98/ME/NT/2000/XP/2003/Vista/Windows 7, etc.

Download WhosIP

Internet Safety: How to keep your computer safe on the Internet

Here are some things you can, and should, do to stay safe.

• Stay Up-To-Date - Most virus infections don't have to happen. Software vulnerabilities that the viruses exploit usually already have patches available by the time the virus reaches a computer. The problem? The user simply failed to install the latest patches and updates that would have prevented the infection in the first place. The solution is simple: enable automatic updates, and visit Windows Update periodically. Keeping Windows and other software up-to-date is the most important (and easiest) thing you can do to protect your computer.
• Get Educated - To be blunt, all the protection in the world won't save you from yourself. Don't open attachments that you aren't positive are okay. Don't fall for phishing scams. Don't click on links in email that you aren't positive are safe. Don't install "free" software without checking it out first - many "free" packages are free because they come loaded with spyware, adware and worse. When visiting a web site, did you get a pop-up asking if it's ok to install some software you're not sure of because you've never heard of it? Don't say "OK". Not sure about some security warning you've been given? Don't ignore it. Choose strong passwords, and don't share them with others.
• Use a Firewall - A firewall is a piece of software or hardware that sits between your computer and the Internet and only allows certain types of traffic to crossl. For example, a firewall may allow checking email and browsing the web, but disallow things that are commonly not as useful such as RPC or "Remote Procedure Calls".
• Virus Scan - Sometimes, typically via email, virii are able to cross the firewall and get to your computer anyway. A virus scanner will locate and remove them from your hard disk. A real time virus scanner will notice them as they arrive, even before they hit the disk, but at the cost of slowing down your machine a little. Important: because new virii are arriving every day, it's important to keep your virus definitions up-to-date. Be sure to enable the scanning software's automatic-update feature and have it do so every day.
• Kill Spyware - Spyware is similar to virii in that they arrive unexpected and unannounced and proceed to do something undesired. Normally spyware is relatively benign from a safety perspective, but it can violate your privacy by tracking the web sites you visit, or add "features" to your system that you didn't ask for. The worst offenders are spyware that hijack normal functions for themselves. For example, some like to redirect your web searches to other sites to try and sell you something. Of course some spyware is so poorly written that it might as well be a virus, given how unstable it can make your system. The good news is that, like virus scanners, there are spyware scanners that will locate and remove the offending software. 
• Secure Your Mobile Connection - if you're traveling and using internet hot spots, free Wifi or internet cafes, you must take extra precautions. Make sure that your web email access is via secure (https) connections, or that your regular mail is over an encrypted connection as well. Don't let people "shoulder surf" and steal your password by watching you type it in a public place. Make sure your home Wifi has WEP or, preferably WPA security enabled if anyone can drive or walk within range.
• Don't forget the physical - an old computer adage is that "if it's not physically secure, it's not secure." All of the precautions I've listed above are pointless if other people can get at your computer. They may not follow the safety rules I've laid out. A thief can easily get at all the unencrypted data on your computer if they can physically get to it. The common scenario is a laptop being stolen, but there are many reports of people who've been burned because a family member or roommate accessed their computer without their knowledge. 

It all might seem overwhelming, but it's not nearly as overwhelming as an actual security problem if and when it happens to you. While we might want it to be otherwise, the practical reality of the internet, and computing today, is that we each must take responsibility for our own security online.