Thursday, October 25, 2007

set up webcam for home security under CentOS 4


1. yum install *sdl*
this will install DSL and devel-DSL and a lot of xorg-x11 rpm packages if you don't have X11 installed

2. modprobe video

3. install kernel devel rpm packages for compiling spca5xx

4. download spca5xx driver and spcaview package from
then do 'make; make install ' for them

5. modprobe spca5xx

6. ssh -X
spcaview (default device is /dev/video0)

7. install libjpeg-devel* using yum

8. download motion tar file from
then compile it

9. cd /usr/local/share/doc/motion-3.2.8/examples
cp /usr/local/share/doc/motion-3.2.8/examples/motion.init-RH to /etc/init.d/motion
chkconfig motion on

cd /usr/local/etc/
cp /usr/local/etc/motion-dist.conf to /usr/local/etc/motion.conf
vi /usr/local/etc/motion.conf to change
webcam_quality 300
webcam_localhost off
control_localhost off

10. service motion restart

11. point your firefox to

Tuesday, October 23, 2007

afick and chkrootkit

1. define alias in configuration file which is linux.conf
2. running fick
#afick -c linux.conf -i
#afick -c linux.conf -k
#crontab -e
#afick -c linux.conf -u

0 1 * * * rot /path/to/afick.cron


Monday, September 17, 2007

lockdown an account

# passwd -l webserv
# usermod -s /bin/false webserv

# grep webserv /etc/shadow
# grep webserv /etc/passwd
# login webserv

enable syn_cookies

# echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# echo "net.ipv4.tcp_max_syn_backlog = 1" >> /etc/sysctl.conf
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# echo "net.ipv4.tcp_syncookies =1 " >> /etc/sysctl.conf

Wednesday, September 12, 2007

useful security tools

  • - web server fingherprint tool
  • logwatch - log file analysis daily
  • swatch - simple logfile watcher
  • portsentry
  • - host intergrity tool
  • ssldump
Forensic Analysis
Permanently delete files or hard disk
  • shred -n 3 -vz filename (-u)
note: random data for 3 pass ( -n 3), be verbose (-v) and write a final pass of zeros over the file after completing the random overwrite passes (z),
if you don't specify -n 3, it will overwrite 25 times by default.
In most cases, when you shredding a file, you would also use -u option to tell shred to truncate the delete the file after overwriting it.

Monday, September 10, 2007

How to setup Nessus 3 under CentOS 5

  • download Nessus server and command line tool 'nessus', it should be binary rpm package. After you registered, it will provide a link to download.
  • For running a GUI client, you need to download NessusClient (a GUI client for Linux/Windows Nessusd), it's rpm package too
  • Automatic plug-in update
  1. run the following command to check whether you registered or not
# /opt/nessus/bin/nessus-fetch --check
You should obtain the following output:
nessus-fetch is properly configured to receive a direct feed or
nessus-fetch is properly configured to receive a registered feed

2. after registeration, you should receive activation code for the Nessus plugin feed through email, follow the instruction in email to activate your installation, you can register online or offline

3. use the following command to auto update plugin
/opt/nessus/sbin/nessus-update-plugins -v
4. make sure option 'auto_update' is set to yes in /opt/nessus/etc/nessus/nessusd.conf (this is the default)
  • generate SSL certification
# cd /opt/nessus/sbin
# ./nessus-mkcert
answer questions to generate SSL keys
# ./nessus-adduser

  • start up NessesClient
# cd /opt/nessus/bin
# ./NessusClient
note: edit server to specify the username and password you typed in above 'nessus-adduser' command.

  • command line mode
# cd /opt/nessus/bin
# ./nessus -q -T html localhost 1241 nessus nessus /tmp/target /tmp/result.html

Thursday, September 6, 2007

Snort related OSS tools

  • snort - IDS
  • snort inline (google search it - IPS)
  • snortsam (IPS works with PF)
  • snortalog (command line log generator)
  • nessus (Linux and Windows, beat commercial ones)
  • nikto - web server scanner
  • acid/base (base is better)
  • aanval (commercial one, but has one sensor free version)
  • apache/php/pcre/mysql/adodb
  • olinkmaster - autoupdate snort rules
  • loghog (google search)
  • swatch (google search)