Firefox Stop Home Calls

During my last Network Monitoring found out that MANY of „free“ Software calls home permanent

Article:
https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

.. if you want to be safe, block all OUTGOING Traffic by a Firewall or local DNS Server and use a Proxy with Auth Mechanism!

Major Bug: UFW stopped thru logrotate

On Debian Sid i have seen that ufw service is stopped on logrotate!!

Its a bad known bug!

Workaround:

  • Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet
  • Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2)
  • Disable unneeded Services ! like Samba, FTP…
  • move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !!
  • edit /etc/ufw/ufw.conf set LOGLEVEL to „off“
  • restart the Server and check open Ports next Days from outside with:

$sudo nmap -PN my.server.com

Split Files on embedded Linux Systems

If you run a embedded Linux PC like raspi often some Linux Commands fail without error messages, cause the hardware performance is low tech.

Same i have seen on the split command..

to split a 50GB Photos-Archive File to 4Gb on a USB Drive i found out that:

sudo split -b 4096m -d -u Photos.tgz Photos-Archive_

fix the job..
Cause option -u disable IO-Caching over the 2.0 USB Port to the RAM of the raspi that the Data of the Output Stream is written direct to the Drive.

FastGlacier Client on Linux AWS Cloud Backup

If you are a Newbie on AWS Glacier Cloud Backup you want to use a simple Backup Uploader you can use FastGlacier inside Wine!

Major Info: Glacier puts only Files up to 4GB size, split 50GB Tar/Zip Files to 4GB!!

  1. Setup AWS free Account !!
  2. Go to IAM create User, set User Role to Glacier full access
  3. Write down User and Password key at IAM
  4. now go right to you loved Cloud Area like Frankfurt or Asia
  5. Setup new vault, logout..
  6. install wine
  7. install winetricks dotnet40 Framework
  8. install FastGlacier
  9. have fun..

sudo apt-get install wine 
sudo apt-get winetricks

Run winetricks installer now via X-Desktop it needs X-Output!! for the Dialog to you!
inside terminal from GUI
winetricks dotnet40

Download free FastGlacier search on Google..
Double klick at the FastGlacier.exe
Setup your Client with AWS User+KEY
…enjoy..

Remark: Glacier need often 3-4 hours between updates !! (retrieve Inventory and Delete Folders) If Popups shows Erros try it hours later again!! Glacer is slow but cheap backup solution against lost Hardware thru fire!

Don’t upload confidential data without ENCRYPTION !!

Smartmontools unlisted Devices

If you use a Toshiba Canvio 3tb Drive at a raspi then smartmontools will not see the usb drive.

Try:

sudo smartctl -t long -d sat -s on /dev/sdb

-t test long or short
-d drive protocol sata = sat
-s enforce smart which is off by the usb drive firmware
wait XXX Minutes then:
sudo smartctl -H -d sat -s on /dev/sdb

get status..

Apache MEMCACHED UDP Protection

Current a lot of sites blogging about memcached attacks on Servers here some details:

  • Memcached Servers need a installed and running Service called „memcached“
  • Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service
  • The Memcached Service uses a own Config File at debian /etc/memcached.conf
  • By default it MUST listen to localhost or socket
  • Admins MUST setup a FIREWALL like „ufw“ (iptables) and MUST check own Server for OPEN PORTS with nmap
  • The Problem is that Attackers can run Scripts against to your Server in a 10^6 Range like a BOTNET !! with ONE PC cause MEMCACHED supports this high count of REQUESTS without going down.
  • DO NEVER HOLD CONFIDENTIAL DATA ON WEBSERVERS!!!

Test to open Port using nmap Port Scan with UDP Option NOT TCP:

sudo nmap -sU -p 11211 www.myserver.xyz

If the scan echo this YOU MUST check or install a FIREWALL!:
Host is up (0.10s latency).
PORT      STATE         SERVICE
11211/udp open|filtered unknown

if Echo shows this you are safe:
PORT      STATE    SERVICE
11211/udp filtered unknown

check your current Apache PHP Modules:

$sudo php -m

if memcached listed, the php api is active time to check more..

check for memcached service:

$sudo dpkg -l |grep mem

is memcached listed the service is installed, then do:
$sudo ps aux|grep mem

if the echo shows:
memcache ... /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1 -P /var/run/memcached/memcached.pid

the Service is active an listening..

Sample Config:
/etc/memcached.conf

# memcached default config file
# 2003 - Jay Bonci <jaybonci@debian.org>
# This configuration file is read by the start-memcached script provided as
# part of the Debian GNU/Linux distribution.

# Run memcached as a daemon. This command is implied, and is not needed for the
# daemon to run. See the README.Debian that comes with this package for more
# information.
-d

# Log memcached's output to /var/log/memcached
logfile /var/log/memcached.log

# Be verbose
-v

# Be even more verbose (print client commands as well)
-vv

# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
-m 128

# Default connection port is 11211
-p 11211

# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u memcache

# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
-l 127.0.0.1

# Limit the number of simultaneous incoming connections. The daemon default is 1024
-c 300

# Lock down all paged memory. Consult with the README and homepage before you do this
# -k

# Return error when memory is exhausted (rather than removing items)
-M

# Maximize core file limit
# -r

# Use a pidfile
-P /var/run/memcached/memcached.pid

Setup Firewall (ufw):

$sudo apt-get install ufw
$sudo ufw allow 80/tcp
$sudo ufw allow 443/tcp
$sudo ufw enable

Retest with NMAP Port Scan your OPEN Ports! Do this monthly! Cause sometimes the Firewall can have unknown Problems!!

Check the Memcached Log at /var/log/memcached.log for Events

ENFORCE Google to DuckDuckgo SEARCH

If you want to enforce the use of DuckDuckgo.com instead of google.com do:

Edit at the PC the „hosts“ File on:

Linux /etc/hosts
Windows C:\Windows\System32\drivers\etc

insert at last:

54.229.105.92  google.com  #ip of duckduckgo or 176.34.131.233
54.229.105.203 google.com #ip of duckduckgo
176.34.131.233 bing.com #ip of duckduckgo or 176.34.131.233
176.34.131.233 yahoo.com #ip of duckduckgo or 176.34.131.233

..reboot and test on a Browser Session after google.com you see duckduckgo.com

Remark:

  • Most DSL Routers do offer the edit of the hosts File too, do same there and ALL devices redirected!
  • Don’t forget to reboot!
  • This Solution works only on IPv4 Networks, to enforce the local net, disable IPv6 forwarding on your ISP Router!
  • Test the „addressbar“ search, there the redir does not work, cause compiled in IP’s or IPv6 broadcast, then remove uneeded Search Engines on the Browser Settings!
  • Use the free fork of Firefox named icecat Browser