Friday, April 13, 2012

Use SnoopyLogger to audit Linux

When it comes to security you better audit what is going on in your linux box. This is not intended to be a recipe for success on securing Linux boxes, you will be secure only if you are stronger than your enemies and that translates to "Do not stop here" when it comes to learning. We live in a world of "knowledge war".

So let us call it the poor sysadmin weapons as they are free like in beer and simple enough to install and use. The acct package is the first to have. Between others you have the lastcomm command available. But as you might have noticed it does not give you the whole command including parameters and options. SnoopyLogger to the rescue. I have tested all this in Ubuntu BTW.

Here is a recipe for you to install and check the power of this tiny C Open Source code.

You can install all this in your servers following the instructions from https://github.com/a2o/snoopy.

At this point you can review any command inspecting the proper log file. In Ubuntu:
tail -f  /var/log/auth.log
Note that acct and snoopy logger are different packages/programs. While you can use the acct package to look into the history of commands with commands like 'lastcomm -f /var/log/account/pacct' or point to a previous rotated pacct file you do not get the full command including parameters.

When it comes to security I also recommend using Logwatch

Tuesday, April 03, 2012

RDP with Dual Monitor from OSX

From time to time you need to support a MAC user that needs remote connection to existing Windows servers. The below procedure applies with little differences to Linux users as well. The open source project called rdesktop is a simple and yet powerful command line tool to open a Remote Desktop Connection (RDC) using the Remote Desktop Protocol (RDP)

Arguable dual monitors are supported except for the fact that when you maximize a MS program window you get it spread across the two screens. So if you are happy with manual resizing you should definitely give it a try.
  1. Download and install Xquartz
  2. Open XCode and make sure to agree to install additional components.
  3. From Terminal run:
    xcode-select --install
    
  4. Download the gzipped distribution for rdesktop/
  5. Uncompress it
  6. Open Applications/Utilities/Terminal.app
  7. Type the below classical commands. You will be prompted for your password when you run the third command
    ./configure
    make
    sudo make install
    
  8. Run the command to connect to your windows server. It will prompt you for your Windows user password and then it will open the Remote Windows Desktop across your both monitors.
    rdesktop -f -d myWindowsDomain -u myWindowsUserName -p - my.windows.server.address
    
    Alternatively you can create a command which you can double click. Just create a file named my.windows.server.address.command with the below content:
    #!/bin/bash
    # my.windows.server.address.xrdp
    /usr/local/bin/rdesktop -f -d myWindowsDomain -u myUser myComputer.fqdn &
    exit 0
    
    Then and make it executable:
    chmod +x my.windows.server.address.xrdp
    
    Note that once the script exits the terminal screen will remain there unless you have configured your Terminal to close after an exit command is issued (Terminal Menu/Preferences/Settings/Shell/When the shell exists:Close the window)

    You could also use Applications/Automator option "Run Shell Script" and save the result as my.windows.server.address.app which you can then have in your dock as a handy icon to quickly access your remote server.
To be honest I have documented all this just because there are still people using an extended monitor in addition to their small screen MACs or just two monitors instead of their MAC but with huge monitors in the market I guess this is not needed for many MAC users out there.

Followers