This tutorial will guide you through the steps required to browse the web anonymously on your Android phone.

1. Start out by opening up the Android Market. Select Search from the options.



2. Enter the word torproxy in the search field, and run a search for it.



3. You should get two results: TorProxy and Shadow. Install both of them.



4. Once both TorProxy and Shadow are installed, open your applications list and select TorProxy



5. Here you’ll have to set your anonymous preference. Off will leave it turned off until you change that setting, on-demand will turn TorProxy on when an application (Shadow) requires it, and always on will leave it always running. The on-demand option is a good one.



6. Now launch Shadow from your applications list. One thing you’ll notice right away is that a “timer” will appear in your top menu, counting down. This is the TorProxy connection status, and it lets you know how long it’s going to take to make a connection. Once the timer hits 0, you should be connected.



7. Once you’re connected, the “timer” icon will change to an onion – and Shadow will notify you that you’re now browsing anonymously.



8. Shadow is similar to the built in Android browser. Click the menu button on your device, and the Shadow options will appear. Select Go to enter an address.



9. I visited http://whatsmyip.net to find out what IP address web sites believed I was ‘coming from’ (the Tor Proxy).



10. It also confirmed that I was browsing anonymously – the IP address displayed was not the one assigned to my Android device.



11. One thing you’ll notice while surfing with Shadow is that a little Cookies Blocked button will appear fairly often. This lets you know that the page you’re visiting wanted to issue a cookie to you, but Shadow blocked it. Tap that icon..



12. … and you can change the setting to allow cookies for that domain (whitelist).



13. If you bring up the Notification window while TorProxy is running, it will be displayed. Tap its entry.



14. From here you can change the settings, turning TorProxy off etc.

---
Related Articles at Simple Help:

How to surf the web anonymously using OS X
How to take screenshots of your Android based phone from OS X
How to quickly enable or disable Wi-Fi on your Android device
How to take screenshots of your Android based phone from Windows
How to copy music to your Android phone from Windows

If you store important information on your Linux server and want to make sure it is for your eyes only you need to password protect these files. Let’s see how you can do this with Linux.

First, pick a good password. There are a few websites on the Internet that help you generate strong passwords. Try and pick an alphanumeric password. Something such as Rv7fkcxASW8h would be a good choice.

Now check to see if you have the package gpg installed on your computer. Run the following command to check:

# whereis gpg
gpg: /usr/bin/gpg /usr/share/man/man1/gpg.1.gz

If you get an output like the one shown above it means you have the required package installed. If not, check your Linux distribution’s documentation to see how you can install the GPG package.

Say you want to password protect a file called dbbackup.zip with the password Rv7fkcxASW8h here’s how you would go about it:

# gpg -c dbbackup.zip

When you enter this you will be requested to enter a passphrase, which is the password you want to protect the file with. Enter the password twice. Now you should see a file called dbbackup.zip.gpg in the same directory as the original file. This is the encrypted and password protected copy of the original file. You can store this file on your hard drive or ship it to someone on a DVD knowing that it will be very hard and nearly impossible for most people to crack it.

When you want to read the file you will need to remove the password protected encryption. For that execute the following command:

gpg dbbackup.zip.gpg

You will be asked to enter the password using which the file was protected. Enter that and you should be in business. Note that this only works for files and not for folders. You should create a zip or tar archive of the files you want to secure and then add the password protected encryption to it.

---
Related Articles at Simple Help:

How to encrypt your Linux backups
How to recursively copy files from an FTP server with Linux
9 easy ways to secure your WordPress blog
How to post to Twitter from the Linux command line
How to SSH to your remote server without entering a password every time

Ubuntu Linux ships with the tool sudo all setup for you to use to perform any administrative tasks instead of giving you root user privileges. If you have used other flavors of Linux and performed any administrative tasks on them you will quite likely feel a bit constrained by sudo, even though you can do just about anything you can as root with sudo. In such cases you can enable the root user account which has been disabled by Ubuntu by default. Note: this could pose a security risk and is not recommended for beginners.

There are two levels at which you can enable root access – the command line and in the Gnome desktop. To enable the root user login on the command line run the following command:

# sudo passwd root

The command line will prompt you to enter your password, and then the new root user password twice. Enter them correctly and your root command line login should be good to go.

To enable the root user to now log into Gnome, open the file gdm.conf which will most likely be at /etc/X11/gdm/gdm.conf and change the AllowRoot condition to:

AllowRoot=true

Save the file. Log out of Gnome and log back in to activate your new settings.

---
Related Articles at Simple Help:

How to automatically sign in to Ubuntu
How to stop Ubuntu from asking for your sudo password
An introduction to the sudo command and configuration file
How to reset a lost MySQL root password
How to install, setup and use Google Desktop Search in Ubuntu

If you use Ubuntu Linux it is quite likely that at some point or another you may have been frustrated at its asking for your password when trying to perform an administrative tasks, such as installing programs or changing system settings. Ubuntu uses the sudo tool to manage administrative rights rather than letting users easily log in as the root user. This is actually a good security measure. However, if you need to perform administrative tasks frequently it can get rather annoying. Here’s how you can set Ubuntu to not prompt for your password when using sudo.

Note: this is something that is not recommended if you are using your computer in a public place or at your work, as this will compromise the security of your data. You’re better off setting this at your home desktop where you are likely to trust more people.

Launch a terminal window and enter the following command:

# sudo visudo

Visudo is a tool used to edit the configuration file of sudo . The command will prompt your for your password. Enter it one last time. The configuration file will open in a text editor, most likely Nano. Scroll down to the end of the document and add the following line:

username ALL=NOPASSWD: ALL

Replace username with the username of the user you want to allow a passwordless sudo. So if the user is calvin, you would enter:

calvin ALL=NOPASSWD: ALL

Save and exit the file. Log out, log in as the user calvin and test out your new passwordless sudo.

---
Related Articles at Simple Help:

An introduction to the sudo command and configuration file
How to enable the root user account in Ubuntu Linux
How to change the default web browser in Ubuntu
How to increase the screen resolutions available to Ubuntu while running in Parallels for OS X
How to install, setup and use Avant Window Navigator (Awn) in Ubuntu Feisty

When people throw away important documents they usually use a shredder to make sure that these documents can’t be read by unauthorized people. Similarly companies run a shredding process on computers before either discarding or donating them. This is a good practice even for individuals. You don’t want someone getting hold of your personal data such as photographs, emails, bank documents, etc. Let’s look at how you too can clean up a hard drive before junking it or giving it away.

We’ll use the Linux program shred for this. Shred is a tool that usually ships out of the box with most Linux distributions. If you don’t have it installed just use your Linux distribution’s package manager to to get it. Shred is a pretty useful tool. It can be used to securely delete individual files or even complete drives. Note that if you are trying to shred the hard drive on which your operating system is running you will need to use a Live CD distribution such as Knoppix or the Ubuntu Live CD for this.

Say you have a hard drive located at /dev/hda on your Linux computer and you want to shred it’s contents completely run the following command:

# shred -fzv -n 100 /dev/hda

Here’s the breakup of the command shown above. We’re asking the shred command to forcefully (-f) overwrite the disk with zeros (-z) and display the output in a verbose (-v) manner. We’re asking shred to overwrite the disk with the these zeros a hundred times (-n 100) over.

Checkout the shred command’s man page for more information on how to use it. There are a few other options shown there that you might find useful.

---
Related Articles at Simple Help:

How to determine your free disk space in Linux
How to completely wipe all of the data from your hard drive
How to format and mount a USB hard drive in Linux
How to REALLY erase files and folders in Windows
How to wipe the data from your BlackBerry Pearl

These days there are a number of really cool MySQL front-end tools available for all platforms. Some are web based and can be installed on the MySQL server, while there are others which need to be installed on your local laptop or desktop computer. If you have a MySQL server running somewhere outside your local network you will most likely need to access it over the Internet to allow your super cool MySQL desktop client talk to it. You might be tempted to allow the MySQL server to run openly over the Internet to allow you access. That would be an extremely bad idea. Here’s a much better solution to allow you access without compromising much on security.

Let’s see how we can do this using an SSH tunnel based connection to your MySQL server. There are two steps to do this. The first is to create an SSH tunnel connection from your computer to your MySQL server while piping the data to and from the MySQL server though the SSH tunnel. The next step is to make a MySQL connection to a local port and gain access to your remote MySQL server. The following command will create an ssh tunnel from remoteserver.net to your local computer. It will forward the incoming and outgoing traffic to that computer’s port 3306 to your local computer’s port 6666.

ssh user@remoteserver.net -L 6666:localhost:3306

Modify the command shown above, replacing the user@remoteserver.net part with the credentials of your remote server, and -L 6666 with the port on which you want to access MySQL on your local machine. Once you have run this command you will be asked to enter the password for the user you used to log in as on the remote server. After you successfully enter the password your ssh tunnel should be up and running.

Now launch your favorite MySQL client and make a connection with you remote MySQL server using the ssh tunnel you just created. Assuming you setup the tunnel on port 6666 you will need to use the following credentials to connect.

host: 127.0.0.1
port: 6666

You will need to use the database authentication that you use with your remote server. If you did everything right you should now be able to see your remote databases in your MySQL client. You are now on a secure remote connection. Remember to close the ssh tunnel when you are done with using MySQL by quitting the ssh session you setup initially.

---
Related Articles at Simple Help:

How to setup slow query logging in MySQL
How to reset a lost MySQL root password
Bash one liner – how to compress, move, and extract a directory
How to SSH to your remote server without entering a password every time
How to monitor MySQL in real-time with mytop

We ran an article on How to block an IP address in iptables in Linux a few days ago. Here’s a complimentary article that shows you how to detect the IP addresses of attackers in case of a a denial of service (or DOS) attack.

To do this we will use free software called psad. psad works in sync with iptables and monitors the iptables logs and checks for port scans and other suspicious traffic which are usually signs of someone trying to break into your Linux server.

To begin, install psad. If you are running a flavor of Linux that has a fancy package management system like Ubuntu or Fedora you should be able to use either of the following commands to get psad on your system:

# sudo apt-get install psad
or
# yum install psad

If this doesn’t work for you head to the psad download page and download the format that works for you.

As I use an Ubuntu Linux server the rest of this tutorial will be Ubuntu specific. However, with some minor tweaking you should be able to make it work on other flavors of Linux. Open the syslog.conf file with your favorite text editor:

# vim /etc/syslog.conf

Add the following line at the end of the of the file:

kern.info |/var/lib/psad/psadfifo

You can use the following command to accomplish the same thing:

# echo -e 'kern.info\t|/var/lib/psad/psadfifo' >> /etc/syslog.conf

Now restart the sysklogd and klog daemons:

/etc/init.d/sysklogd restart
/etc/init.d/klogd restart

The way psad works is that it will detect and instruct iptables to block any suspicious IPs. Sometimes this might result in the blocking of an IP which you use. To overcome this issue you should create a file containing a list of safe IP addresses. Create a file like this one:

# vim /home/calvin/safeiplist.cfg

Enter the IP addresses that you need psad to whitelist:

127.0.0.0/24
192.168.0.0/24
122.164.34.240

No use a script like following one to configure iptables with the necessary rules. Note that this script will remove all previous settings from your iptables setup. Copy and paste the following script on your Linux server, and replace the variables WORKDIR and SAFEIPLIST with the correct settings from your setup.

WORKDIR="/home/calvin/"
INTERVAL="5"
HITCOUNT="5"
SAFEIPLIST="safeiplist.cfg"

iptables -A INPUT -m state –state NEW -m recent –set
iptables -A INPUT -m state –state NEW -m recent –update –seconds $INTERVAL –hitcount $HITCOUNT -j LOG

What the script does is that it logs an IP address if it makes five or more attempts at making a connection in the span of five seconds. I would suggest you use the script as is unless you know what you are doing while modifying it. One you are done, give it executable permissions and run it.

# chmod +x /home/calvin/ipblock.sh

# /home/calvin/ipblock.sh

Now back to psad. Open the psad configuration file and edit it. These are the changes I suggest you make. Feel free to go through the psad documentation and make other changes:

EMAIL_ADDRESSES you@yourdomain.com;

Set machine’s hostname:

HOSTNAME yourdomain.com;

If you have only one network interface on this server, set HOME_NET to:

HOME_NET NOT_USED;

You can also need to adjust danger levels for psad, and define a set of ports to ignore, for example to ask psad ignore udp ports 80 and 8080, make the following change:

IGNORE_PORTS udp/80, udp/8080;

Save and close the file. Then restart psad:

# /etc/init.d/psad restart

You are now good to go. To monitor psad’s reports run the following command:

# psad -S

To remove automatically clocked IPs run the following command:

# psad -F

psad is a very versatile and powerful tool. If you know how to use it it can do wonders for you, but if you don’t you can really mess up your computer. So please use psad with caution.

---
Related Articles at Simple Help:

How to block an IP address in IPTables in Linux
How to block someone on Facebook
Comcast: Another chapter of lies, misdirection and ps. good luck using bittorrent
How to use the OR operator in grep
How to determine where all your hard drive space has gone in Windows

If you are responsible for a Linux server, security becomes a big concern. Some of the biggest threats to a server’s security are DDOS attacks and repeated attempts to enter the server using automates bots. There are a number of ways by which you can detect the IP address of a potential intruder. But what do you do after you have located his/her IP address? Well, you block it. Here’s how you do it using IPTables which is the firewall that ships with most flavors of Linux.

If you have just one IP address that you want to block you can use the following method:

# iptables -I INPUT -s 122.174.12.228 -j DROP

This command will add an entry into your iptables configuration file, instructing it to drop any packets that come from the IP 122.172.9.222. If you face numerous attacks you are better of using a slightly more automated method to add the IPs from your ban list. To do that create the following script:

#!/bin/sh
for i in $(< banned_IPs.cfg) ; do
iptables -I INPUT -i eth1 -s "$i" -j DROP
done

Save the script into a file named something like banned_IPs.sh and grant it executable privileges:

# chmod +x banned_IPs.sh

Now create a file called banned_IPs.cfg and enter the list of IP addressed you want to block, each in a new line:

122.174.12.228
129.122.10.23
111.154.84.130

Now run the script banned_IPs.sh to have the IP addresses you want blocked added to the list of banned IPs in iptables:

# ./banned_IPs.sh

---
Related Articles at Simple Help:

How to redirect traffic to another machine in Linux
How to block DDOS attacks in Linux
Getting started with iptables in Linux
How to block someone on Facebook
How to delete an individual site from the address bar's list of previously viewed sites in Firefox

This brief tutorial will take you through the steps required to disable Windows Defender in Windows 7.

If you’d rather use your own spyware and trojan remover, having Windows Defender also running can be a bit of a moot point. This tutorial will show you how to disable it.

1. If you open the Windows Task Manager and select the Services tab, you’ll notice WinDefend is running. This is Windows Defender. There are a couple ways to disable it, but the one I outline will show you how to re-enable it should you need/want to.


click to enlarge

2. Click the “Start Orb” and type in defender into the text box. Select Windows Defender from the items that appear in the window above.



3. Select Tools from the main Windows Defender screen.


click to enlarge

4. Select Options from the Settings section.


click to enlarge

5. From the left navigation pane, select Administrator.


click to enlarge

6. Now remove the check mark from the box labeled Use this program. Click the Save button in the bottom right corner.


click to enlarge

7. Click Yes when prompted to make the change.


click to enlarge

8. And now Windows Defender is turned off. You can use the “click here to turn it on” link if you want to re-enable it (just launch Windows Defender the same way you did in step #2 above).



9. Now if you check the Services section of the Task Manager you’ll see that Windows Defender has been stopped.


click to enlarge

10. That’s it – you’re done!

---
Related Articles at Simple Help:

How to disable Windows Defender from starting when Vista boots
Improving Windows Vista with TweakVI
How to disable the system sounds in Windows XP
How to disable Remote Assistance and Remote Desktop in Windows XP
How to disable the balloon tips in Windows XP

We covered the creation and extraction of compressed archives such as tar on a Linux machine. A lot of Linux users use these compression formats for backups purposes. Although this compresses pretty well it does not secure the backup. To do that you need to add a password, or to encrypt it. Let’s look at a simple form of securing your backup when you create an archive.

Note: these steps apply to files and folders of any kind – not just ‘backups’.

A quick recap of the compression and extraction of the tar.gzformat. To compress a directory called todays_backup do the following:

# tar -zcf todays_backup.tar.gz todays_backup

This command will compress the directory todays_backup into the compressed file todays_backup.tar.gz. To decompress it use the following command:

# tar -zxf todays_backup.tar.gz

Now to the fun part. Let’s look at how we can add a basic level of encryption to the process we used above. To compress the directory todays_backup with protection do the following:

# tar -zcf – todays_backup|openssl des3 -salt -k yourpassword | dd of=todays_backup.des3

Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.des3. This file can only be decompressed using this password.

To extract your protected archive file todays_backup.des3 use the following command:

# dd if= todays_backup.des3 |openssl des3 -d -k yourpassword |tar zxf -

Make note of the trailing - at the end. It is not a typo, but a requirement for this command to work. Replace yourpassword with the password you used while encrypting the file. Executing the above command will extract the compressed file todays_backup.des3 into a directory todays_backup. Use this encryption with care. As I said earlier, the only way you can retrieve your data once secured is by using the password, so do not lose this password under any circumstances.

---
Related Articles at Simple Help:

How to password protect files in Linux
How to encrypt your email using freenigma
How to format and mount a USB hard drive in Linux
How to turn your N95 into a wireless access point
How to add your Alarm information to your Windows Mobile home screen

Netstat is an extremely useful Linux command line tool that allows you to check which service is connecting to a port on your machine. It is very useful to analyze what’s going on on your machine when you are facing or trying to to prevent an attack on it. You can find information such as how many connection are being made on a port, which IP addresses these connections originate from, and much more. Netstat ships with most distributions of Linux so it should already be installed on yours.

Launch a shell terminal on your machine and run the following command:

# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ::ffff:192.168.1.19:80 ::ffff:192.168.1.240:63049 TIME_WAIT
tcp 0 0 ::ffff:192.168.0.19:80 ::ffff:192.168.1.240:62793 TIME_WAIT
tcp 0 0 ::ffff:192.168.1.19:80 ::ffff:192.168.1.240:62795 TIME_WAIT

The output will most likely be very long. I’ve just given a snapshot of the output above. As you can see in the data above there is a connection made from 192.168.1.240 to my server’s port 80 using the TCP protocol and the connection in the a state of TIME_WAIT. The out put that you get for your server will have information about all the ports on your machine, not just port 80.

The first thing you realize is that an output this big is not of too much use. So let’s organize it a bit. Here are a few tricks I use to analyze the nature of the connections being made to of from my server. the first thing I do is figure out which services I want to analyze. Usually it is port 80 as that’s the default port for the web server to run on, and port 3306 which is the default port for MySQL to run on. So i use the following query to see what’s going on on port 80:

# netstat -ant | grep 80

Again I get big list of connections, smaller than the first, but still too big to grasp. So I use the “wc -l” command to count the number of lines in the output to see approximately how many connections I have on my port 80:

# netstat -ant | grep 80 | wc -l
625

And then I do the same for MySQL:

# netstat -ant | grep 3306 | wc -l
61

Now, if I want to get a complete picture of what’s going on on my server in terms of the nature of connections here’s what I do:

# netstat -ant | awk ‘{print $6}’ | sort | uniq -c | sort -n

1 established)
1 Foreign
4 FIN_WAIT2
8 LISTEN
16 CLOSE_WAIT
134 ESTABLISHED
409 TIME_WAIT

This tells me how many connections of different types of state I have on my machine. I can run a similar command to see a complete picture of the state of all the connections made to my web server:

netstat -ant | grep 80 | awk ‘{print $6}’ | sort | uniq -c | sort -n

1 FIN_WAIT1
4 LISTEN
6 FIN_WAIT2
17 CLOSE_WAIT
94 ESTABLISHED
534 TIME_WAIT

You can perform a lot more complex things using Netstat along with other Linux command line tools. It can be helpful to be familiar with some tricks to get this kind of information using Netstat, particularly when you are facing an attack on your server.

---
Related Articles at Simple Help:

How to monitor your Internet bandwidth usage in Windows
How to set the date on your Linux machine
How to use dstat to monitor your Linux/UNIX server
How to monitor your Mac laptop's battery health
How to redirect traffic to another machine in Linux

According to the ClamXav home page -

Today, the number of viruses actively attacking OS X users is…NONE! However, this doesn’t mean we should get complacent about checking incoming email attachments or web downloads, for two reasons. Firstly, there’s no guarantee that we Mac users will continue to enjoy the status quo, but more importantly, the majority of the computing world use machines running MS Windows, for which an enormous quantity of viruses exist, so we must be vigilant in checking the files we pass on to our friends and colleagues.

So – do you even need anti-virus software on your Mac? That’s up to you to decide. If you do decide you want anti-virus software on your Mac, this tutorial will guide you through installing and using ClamXav – a free (and frequently updated) virus scanner for OS X.

1. Start out by downloading ClamXav. Once the download has completed, open the DMG file, and drag ClamXav to your Applications folder.


click to enlarge

2. ClamXav isn’t very large, so it won’t take long to copy/install.


click to enlarge

3. Open up an instance of Finder. Select your user name from the left navigation window, and go to Library -> Contextual Menu Items. Back in the opened DMG window, drag ScanWithClamXav.plugin to the Contextual Menu Items folder. Sign out of your Mac (or restart, but signing out and back in will do the trick). Signing out and back in again will activate the “Scan with ClamXav” plugin.


click to enlarge

4. Now launch ClamXav from your Applications folder. You’ll be prompted to install the Clam Anti-Virus engine. Click the Install button.



5. On the Introduction screen, click Continue.


click to enlarge

6. Review the Software License Agreement and once again, click Continue.


click to enlarge

7. Click Agree to accept it, again.


click to enlarge

8. Now click Install.


click to enlarge

9. Enter your password when prompted, and click OK.


click to enlarge

10. And now the scanning engine will install.


click to enlarge

11. Click Close once the process has completed.


click to enlarge

12. Now launch ClamXav from your Applications, again. Before you start the scan, click the Update virus definitions button.



13. Once completed, you should see a Virus definitions updated successfully status message.



14. Now click the Preferences button.



15. On the General tab, make the selections that are appropriate for you. I opted to quarantine infected files rather than outright delete them, in case of any false positives (ClamXav flagging a file as being infected with a virus, when it in fact isn’t).


click to enlarge

16. Depending on which settings you opt for, you may receive a message telling you not to turn on certain features if you plan on having your email scanned or watched. This wasn’t an issue for me as I use Gmail (via the web) but it is something to consider if you use Mail or Entourage for email.



17. Select the Internet tab, and again, make any changes you see fit. I opted to have ClamXav check for all possible updates each time it starts.


click to enlarge

18. Select the Schedule tab, and if you’d like to schedule virus scans, this is the place to create them.


click to enlarge

19. Select the Folder Sentry tab. From here you can add folders to be constantly monitored for viruses (eg. your Downloads folder). Review the other options and make any changes you see fit. Click OK when you’re done.


click to enlarge

20. Back in the main ClamXav window, click the Choose what to scan… button.


click to enlarge

21. If you attempt to select your entire startup disk (as indicated in the screenshot below)…


click to enlarge

22. you’ll get an error.



23. So instead, just select all of the folders (hold down the Apple Key to select multiple items) on the drive you want to scan. Then click Open.


click to enlarge

24. Finally, click the Start Scan button.


click to enlarge

25. ClamXav will do a “quick” (it’s not that fast) scan of your drive to determine how many files it’s going to check.


click to enlarge

26. And then they actual scan will begin.


click to enlarge

27. At this point, you might as well settle in for the long haul. Depending on the size of your hard drive, the number of files on it, and the speed of your Mac, the process can take quite a long time. As indicated in the screenshot below, it took ClamXav 172 min and 31 seconds to complete on my MacBook Pro (an older one). With all of that said, I was able to work on my Mac the entire time without much of a noticeable slowdown. However, I kept my tasks to the relatively ’safe’ – the last thing I wanted was a crash in the middle of the scan, forcing me to start over again. Running the scan overnight while you’re sleeping is probably a good idea.


click to enlarge

28. And that’s it. Now you may want to scan your Mac for spyware, malware and tracking cookies.

---
Related Articles at Simple Help:

How to use AVG Anti-Virus (free) to check your PC for viruses
How to scan your Mac for spyware, malware and tracking cookies
How to remove Spyware from your PC (part 1)
How to determine where all of your free disk space has gone in Windows
How to read and create "barcodes" (Mobile Codes) on the Nokia N95

Linux machines are known to be pretty secure. Studies have shown that Linux has been designed in a secure manner. Yet, despite all the security features that come bundled with a Linux installation, you need to configure these features correctly to make them work for you. I’ll guide you through the process of setting up of one of the tools that help secure your machine – the firewall. We will use the iptables firewall for this exercise. I am assuming that you are using a server running Red Hat Enterprise Linux 4 or similar. However, most of the steps should work fine on other Linux distributions as well. In this article we will setup a firewall on a Linux server running the Apache Web Server, FTP, and SSH.

Let us first see what ports these applications use and which of them need to have a port open on the firewall.

The Apache web server runs on port 80 by default. Apache is going to server all our web content on this port, therefore we need to keep this port open on the firewall. The SSH service runs on port 22. We need to be able to remotely connect to our server to work, so we keep it open. FTP runs on port 21 and it too needs the port to be open to communication.

Next, make sure you have iptables installed. Run this command as the root user:

# rpm -qa | grep iptables

If you have iptables installed the system should give you the version of iptables you have installed. In case you don’t you can try something like the following to get it and start it:

# yum install iptables

# /etc/init.d/iptables start

To check what kind of configuration iptables is currently running with:

# iptables –list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

This command will list out all the firewall rules that have been set currently. I will proceed with the assumption that you do not have any firewall rules in your iptables configuration. Let’s now configure the firewall to allow open communication on the ports 80 for your web server, 22 for SSH, and port 21 for FTP. We’ll also make sure that we block communication to any port other than specified.

Here’s a firewall script configuration script. Create a new file and call it iptable-firewall.sh. Copy the following text into it:

#!/bin/sh

ANY=”0/0″
OPEN_PORTS=”21 22 80″

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# Flush (-F) all specific rules
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT

for port in $OPEN_PORTS
do
iptables -A INPUT -i eth0 -p tcp -s $ANY -d $ANY –destination-port $port –syn -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -s $ANY -d $ANY –destination-port $port –syn -j ACCEPT
done

iptables -A INPUT -i eth1 -p icmp -s $ANY -d $ANY -j ACCEPT

#Allow any related/established connections
iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -m state –state ESTABLISHED,RELATED -j ACCEPT

#Kill everything else
iptables -A INPUT -i eth0 -j DROP
iptables -A INPUT -i eth1 -j DROP

#write for boot
iptables-save > /etc/sysconfig/iptables

Now save the above file, grant it executable permissions and then run it:

# chmod +x iptable-firewall.sh

# ./iptable-firewall.sh

Now check your firewall rules:

# iptables –list

All your firewall rules should now be set. Your server is now secure. To make any modification or additions to this set of rules, edit the line where the OPEN_PORTS parameter is defined and add or remove ports form the list. Remember to run the script again after making any changes to it.

If all of this command line stuff has you a bit leery, see the tutorial How to setup Firestarter – an easy to use Linux Firewall – which has an easy to use graphical interface.

---
Related Articles at Simple Help:

How to redirect traffic to another machine in Linux
How to block an IP address in IPTables in Linux
How to block DDOS attacks in Linux
How to schedule tasks on Linux using the 'at' command
How to download files from the Linux command line

This is a guest post by Devicepedia – if you like this article consider subscribing to the Devicepedia RSS feed.

This tutorial will show you how to hide .rar files within .jpg files – so that anyone who opens the picture would never know there was another file hidden within it.

1. Select the RAR file that you want to hide. For this example the file I want to hide is called files.rar and the picture I’m going to hide it in is called warren.jpg. Copy both the files into the same folder.



2. Then open the command prompt by selecting Start -> Run -> in the space provided enter cmd and click OK.
3. Navigate to the the folder that you stored the files in. I kept them in the Downloads folder found within my My Documents folder, so I issued the commands cd “My Documents” and then cd Downloads. Now type the following command: copy /b warren.jpg + files.rar warren2.jpg Remember – replace warren.jpg, files.rar and warren2.jpg with the names of your files.


click to enlarge

4. This will embed the archive thus hiding it. You can open warren2.jpg with a picture viewer and there will be no indication that there’s a .rar file hidden within it.
5. To open the hidden archive (.rar file), simply open warren2.jpg (your picture) with WinRAR, or the RAR decompression utility of your choice.



6. NOTE: you may need to select All Files when opening your picture file with WinRAR, otherwise it won’t be listed in the directory view.



7. Now you can extract the “hidden” files from your “hidden” RAR file.


click to enlarge

---
Related Articles at Simple Help:

How to embed hidden messages in picture files (OS X)
How to hide BlackBerry apps from your Applications screen
Sequential – a better image viewer for OS X
How to download files using Bittorrent (Mac OS X version)
Setting Up Mail in OS X (Tiger) – POP version

Have you ever forgotten your MySQL root password? It’s one of those things that just happens despite the numerous precautions one might take. As a result, you are locked out of your database server. You can’t create new databases and are left with little control over the state of your database server. In such situations knowing how to regain root access to your database server comes in handy. So here’s what you can do to reset the password for the root user in MySQL on both Windows and Linux.

Windows Users:

Log on to your server as the Administrator. Kill the MySQL server if it’s running. To do this you need the Windows Services Manager, so click on the Start Menu, then go to the Control Panel, then to the Administrative Tools, and select Services. Here look for the MySQL server and stop it. If it’s not listed there and MySQL is till running it means that MySQL is not running as a service. In that case you need to load the Task Manager which you should be able to access using the key combination of Ctrl+Alt+Del. Now kill the MySQL process.

With the MySQL process stopped you need to force a change of passwords on MySQL using a combination of the UPDATE and FLUSH options. So launch your favorite text editor and create a new file. Enter the following text into the file replacing “NewMySQLPassword” with your new password:

UPDATE mysql.user SET Password=PASSWORD(”NewMySQLPassword”) WHERE User=’root’;
FLUSH PRIVILEGES;

What the first line does is that it updates the value of the field “Password” in the table mysql.user for the user “root” to “NewMySQLPassword”. The second line flushes the old set of privileges and makes sure your new password is used everywhere. Save this text as C:\mysql_reset.txt.

Next, you need to start your MySQL server passing this file as a configuration parameter. Launch a terminal by going to the Start Menu, then to Run, and then type cmd and hit Enter. Now enter the following command:

C:\mysql\bin\mysqld-nt --init-file=C:\mysql_reset.txt

Once the server is done starting delete the file C:\mysql_reset.txt. Your MySQL root password should be reset now. Now restart your MySQL server again. Go back to the Windows Services Manager again to do that. Your new MySQL root password should work for you now.

Linux Users:

Log on to your Linux machine as the root user. The steps involved in resetting the MySQL root password are to stop the MySQL server, restart it without the permissions active so you can log into MySQL as root without a password, set a new password, and then restart it normally. Here’s how you do it. First, stop the MySQL server:

# /etc/init.d/mysql stop

Now start the MySQL server using the --skip-grant-tables option, which will run the server without loading the permissions settings:

# mysqld_safe --skip-grant-tables &

The & option at the end makes the command you have executed run as a background process. Now log on to your MySQL server as root:

# mysql -u root

It should allow you in without prompting for a password. The following steps will set the new password:

mysql> use mysql;
mysql> update user set password=PASSWORD(”NewMySQLPassword”) where User=’root’;
mysql> flush privileges;
mysql> quit

Replace “NewMySQLPassword” with your own password. Here’s what happens here. The first line selects the MySQL configuration tables. The second line updates the value of the field “Password” for the user “root” to “NewMySQLPassword”. The third line flushes the old set of privileges and makes sure your new password is used everywhere. Now, the last step is to restart the server normally and use your new root password to log in:

# /etc/init.d/mysql stop
# /etc/init.d/mysql start
# mysql -u root -pNewMySQLPassword

Congratulations, your new MySQL root password is set and your MySQL server is ready to be used again. Remember to update all your applications to use this password if you are using it anywhere.

---
Related Articles at Simple Help:

How to remotely access your MySQL in a secure manner
How to setup slow query logging in MySQL
Bash one liner – how to compress, move, and extract a directory
How to enable the root user account in Ubuntu Linux
How to install and setup Apache, MySQL and PHP in Windows