Опасная зона

Опасная зона

Monday, February 28, 2011

Have I been hacked?

I have this odd feeling that hacking attempts are surging in the recent months. Recently our university server was compromised and sourceforge.net was hacked twice. On my own little home server I have no valuable contents, but still it can be used by botnets for illicit activities. So I ran chkrootkit :
(...)
Checking `asp'...         not infected
Checking `bindshell'...   INFECTED (PORTS:  600)
Checking `lkm'...         chkproc: nothing detected
                          chkdirs: nothing detected
Checking `rexedcs'...     not found
Checking `sniffer'...     lo: not promisc and no packet sniffer sockets
                          eth0: not promisc and no packet sniffer sockets
(...)


Hmm.... ? UDP port 600 open?

Asking google, led me to this post...

http://www.linuxquestions.org/questions/linux-security-4/chkrootkit-checking-%60bindshell-infected-ports-600-a-653981/

This sounds very strange. My router is only forwarding ssh, http, https requests, and no UDP traffic at all, so even if a malicious demon was listening on UDP 600, outside traffic would never reach it.

What process is listening on port 600?
netstat -pane | grep 600
tells me that my portmapper rpc.statd is running and listening on that port. However, strangely enough port scanning UPD ports with nmap resulted in:

sakkub:/etc# nmap 127.0.0.1 -sU

Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-05 22:40 CET
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 994 closed ports
PORT     STATE         SERVICE
111/udp  open|filtered rpcbind
123/udp  open|filtered ntp
631/udp  open|filtered ipp
1900/udp open|filtered upnp
2049/udp open|filtered nfs
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.60 seconds

What is going on? Next I copied my rpc.statd to a safe pc, and ran a md5sum on it. It was identical to the file from the uncompromised system.

I found a better explanation here:

http://www.webservertalk.com/message163183.html


which suggests it might be some orphaned port which was temporarily opened by nfs. A fix is to restart nfs:

/etc/init.d/nfs-common restart

and this eventually reassigned that port and the false positive from chkrootkit went away. So far so good.

While I was at it, I took a look at my /var/log/auth file, and was aghast on the many intrusion attempts! My poor little ssh-daemon has to cope with roughly 2000-3000 intrusion attempts per day from multiple IP numbers all over the word. Most of them try to login as root:

If you've got a root server, you're never alone. You'll have plenty of friends, from all over the world!
 
This calls for some security hardening of my sshd. For that reason I blocked root logins by setting

PermitRootLogin no
AllowUsers xxxxxx
ServerKeyBits 2048

in the /etc/ssh/sshd_config file, and restarted sshd. This link gives some more hints on how to harden sshd to the brutal world beyond the firewall:
http://www.rackaid.com/resources/how-to-harden-or-secure-ssh-for-improved-security/


In other words, I have not been hacked. But “they” are queuing in long lines, prying the door.

Saturday, February 26, 2011

Rsync magic: rsync vs. scp

Accessing computers remotely is commonly made via ssh encrypted lines. In an earlier post on my (and Roy's) willworkforscience blog, I mentioned the blessings sshfs where you could mount a remote filesystem if the remote computer has an ssh daemon running.

Here I want to honor a very old program which is called "rsync" which can be used for fast copying of files to/from remote computers. Rsync has been extended with plenty of new functionalities, and generally I prefer rsync to scp when I have to copy more than one file. Let me give a few examples:

Example 1): speed

In my last post I presented a little script which generates an arbitrary amount of files with random contents. For this test I generated 1000 files which were 1k large each. Copying them from my home PC kepler to the remote computer lululu (via a 10/2Mbit ADSL line) will be signifcantly slower with scp than rsync:

bassler@kepler:~/test$ time scp * lululu:test/.
bassler@lululu's password:

real   1m19.619s
user   0m0.188s
sys   0m0.204s

bassler@kepler:~/test$ time rsync * lululu:test/.
bassler@lululu's password: 

real    0m14.780s
user    0m0.048s
sys    0m0.032s


That is 80 seconds for scp and 15 seconds for rsync. (Yes, the target directory was wiped empty before I issued the rsync command.) The overhead of scp becomes significant if many files are to be copied. If I copy a single 1M file instead of 1000 1k files, then there is no noticeable speed difference.

Example 2: transferring very large files

Rsync has a nice resume option for transferring large files, if transfer for some reason is interrupted. Basically what your options should look like:
rsync -rvv --inplace --append --progress  /disk1/Movies/* lululu:Movies/.
afaik, this is not possible with scp in a straightforward way.


Example 3: tunnel your way past firewalls and gateways

This is probably the coolest feature of rsync! If I am at home and want to update the files on my office PC baslup I face the problem that the PC is hidden behind the university firewall/gateway lululu. So with scp I would have to copy the files to lululu first, and from there again copy it to my office PC baslup.
Now, if rsync is installed on all PCs in the chain, I can issue a very simple command which will establish a link directly to my office PC.
rsync -va -e "ssh lululu ssh" test/* baslup:test/

You can add several PCs in the chain. Here fufufu is added:
rsync -va -e "ssh lululu ssh fufufu ssh" test/* baslup:test/
the only annoying thing is, you have to enter your password multiple times, (unless you add the ssh keys for password less logins).

Ok, finally a list of the most important options for rsync:

 -v verbose
 -r recurse into dirs (you might just as well use -a instead)
 -a archive: recurse into dirs, preserves symlinks, permissions, timestamps, group and owner.
 -u update: don't overwrite newer files on receiver
 -n dry run, copies no files, but shows what would be done
 --del delete files/dirs from remote server which do not exist locally
  -z enable compression. Yes, if you have files with lots of air in them, you can achieve dramatic transfer speedups. Works well for uncompressed scientific data, bitmap files, large textfiles etc, but is much slower when transferring mp3, jpg, gz, zip, pdf and similar compressed files...


Thank you, developers of rsync! This has saved me alot of hassle.

Syntax highlighting of code in blogger

I have not been too happy with the lack of code highlighting in blogger. For example, here is a little script I wrote "mkfile.sh" which creates a bunch of files with random contents. Switching to the HTML editor and encapsulating the code in <pre> </pre> html tags results in:

#!/bin/bash

if [ $# != 3 ]
then
  echo "Create a bunch of files with random contents."
  echo "Usage:"
  echo "$0 filename number size"
  echo "  filename: basename of the file"
  echo "  number  : number of files to be created"
  echo "  size    : file size in bytes"
  exit   
fi

for (( i = 0 ; i < $2 ; i++ ))
do
  echo "Writing $3 bytes to $1.$i"
  dd if=/dev/urandom of=$1.$i bs=$3 count=1 > /dev/null
done

which is not all that readable. There are code viewers on the web which converts the code to nicely formatted HTML, a quick googeling directs to e.g. this one:
http://codeformatter.blogspot.com/2009/06/about-code-formatter.html




 #!/bin/bash  
 if [ $# != 3 ]  
 then  
  echo "Create a bunch of files with random contents."  
  echo "Usage:"  
  echo "$0 filename number size"  
  echo " filename: basename of the file"  
  echo " number : number of files to be created"  
  echo " size  : file size in bytes"  
  exit    
 fi  
 for (( i = 0 ; i < $2 ; i++ ))  
 do  
  echo "Writing $3 bytes to $1.$i"  
  dd if=/dev/urandom of=$1.$i bs=$3 count=1   
 done  

Right, formatting has improved, but there is still no syntax highlighting. The best solution I could find is the one at http://tohtml.com

#!/bin/bash

if [ $# != 3 ]
then
  echo "Create a bunch of files with random contents."
  echo "Usage:"
  echo "$0 filename number size"
  echo "  filename: basename of the file"
  echo "  number  : number of files to be created"
  echo "  size    : file size in bytes"
  exit   
fi

for (( i = 0 ; i < $2 ; i++ ))
do
  echo "Writing $3 bytes to $1.$i"
  dd if=/dev/urandom of=$1.$i bs=$3 count=1 
done

which looks the way I wanted it!

Now I just have to figure out what to do with thousands of 1k garbage files flocking around in my directory.

Saturday, February 19, 2011

A few notes on Andrei Tarkovsky

One of the most famous russian film directors is inevitably Andrei Tarkovsky. During his career he only shot 7 films, most noteworthy the autobiographic movie Зеркало "The Mirror" and the two science fiction movies Солярис "Solaris" and Сталкер "Stalker".

Tarkovsky tries to emphasize the cinema genre as an art form. Generally you can consider his movies as paintings with a time dimension added to it. For instance in "The Mirror" Tarkovsky let a famous paintings by the flasmish painter Bruegel come alive. "The Mirror" is a complicated film though, and personally I like "Stalker" the most with its strong meditative and post-apocalyptic feeling. This is not only expressed by the photography and the story line, but also by the sound design: in the scene shown below, the three main characters enter the zone on a motorized draisine:



Note, how the engine sound fades away, and only the sound of the rail joints remains, slightly electronically modified. Epic: their wrinkled faces, and a very characteristic Solonitsyn dozing off. The black and white shooting adds contrast emphasizing every little fold and the battered souls. When they finally enter the zone, the movie switches from B/W to colour:



"Urban Exploration" is about visiting recent ruins of our civilization, and that concept has surged during the last 5 years, becoming widely popular among people on my age. Arranged trips can be bought places such as Chernobyl. I prefer the term “Industrial Wasteland Tourism".

Tarkovsky truly was ahead of his time with the post-apocalyptic scenography in Stalker. Along with the absence of special effects which tend to look cheap after some time, this makes the footage timeless.

Our most noteworthy contemporary danish director Lars von Trier ("Antichrist", "Dogville") is heavily inspired by Tarkovsky (also his "Europa" trilogy). Checkout this scene from "Antichrist" :



the scenography, even the colour balance is very Tarkovsky-ish, there is a similar scene in "The Mirror", but I could not find it on youtube. :-/

Last year there was a one-day course dedicated to my favourite director, arranged by FOF in Aarhus. The program involved a lecture on Tarkovskys life and creative portfolio and watching the movie "The Mirror" followed by a discussion. "The Mirror" is probably the movie which is most difficult to understand. It is full of biblical references and encrypted symbolism, I have real trouble to uncover all layers. However, this is of course challenging and makes the movie even more interesting. So, this course seemed very promising, and I signed up. Did some preparations and tried to group all the questions I wanted to discuss.

Of course, if you have high expectations, chances are high you get disappointed. Apart of me, 6 people attended. The lecturer was a teacher of a Russian language course, and all participants (except me) where students of her class. Unfortunately, I was the only one who had seen more than just one movie (and more than just once...). The discussion part was therefore rather halting.

Yet, what I found very interesting was what the teacher said about how the films were received in Soviet Russia at that time. She was a teenager during the 70ies, and generally what was shown in movie theaters was daft simple minded movies. (I.e. imagine all you were allowed to see was mainstream hollywood movies! Gaaaahh...!) The Tarkovsky movies tended to be very controversial, they were not banned though. Instead they where rarely shown, but if they were, people flocked to the movie theatres. She and her friends brought paper and pencil into the cinema and took notes in the dark of the poems occuring in Tarkovskys movies.

As mentioned earlier, Tarkovsky tried to emphasize the art element in cinematography. The pool scene (yeah, we had it in an earlier post, music is by Artemiev) then must represent the classic still life discipline in painting!




All Tarkovskys movies can be watched here for free:

http://www.openculture.com/2010/07/tarkovksy.html

Later I plan to add a post about the STALKER computer game series made by Ukranian GSC. They are based on the very same movie, and certainly worth a closer investigation.

Thursday, February 3, 2011

"Brechungen"

Take a look at this blurry picture:




and try to guess where and when it was taken.

I showed it to some of my colleagues, and got answers like “Aarhus, 1970” and “Detroit, 1950’s”.


Your call...?


The answer is: Bucarest, 1941. The picture was taken by Willy Pragher (1908-1992), who was a German-Romanian photographer. Recently an exhibition of his photography “Brechungen” was touring across Europe, and I had a chance to visit it in December (yeah, I was the only one who came that day. And by the surprised look of the lady at the reception, I might have been the only visitor during the entire week).

Bucarest, 1937

Pragher captures the burgeoning industrialization and urbanization in the capital city of Romania along with the agricultural life on the countryside. Heavy industry such as oil processing, steel mills, smelters and mining are contrasted with the rural existence. The concept by itself may sound trivial, yet this exhibition covers the late 20’s and early 40’s of Romania, and is today accepted as a significant contribution to the country’s photographic treasury. Pictures themselves are categorized in the post-expressionistic “Neue Sachlichkeit” genre, and generally try to reflect contemporary views without imposing any opinion on them -  that is something I fancy.

But, what hit me, was feeling of imagining what the (by then) prosperous country could potentially have been today if it was not by the disaster of the Second World War and the succeeding communist era - later ruled by the mad dictator Nicolae Ceausescu. There was a reason why Bucharest was called “the Paris of Eastern Europe” - before Ceausescu started to pull down the city so he could spell his name with precast concrete slabs.

Even the 1989 “revolution” (or some may say coup d’etat) helped little, as the new government was constituted of former apparatchiks, leaving a corrupt system and a disillusioned population behind.


The same feeling explained above occasionally overcomes me when I view old photographs of eastern Europe. Worth mentioning is the rather timeless and pioneering experimental movie Человек с киноаппаратом “Man with a movie camera” by the famous director Dziga Vertov. It is a B/W silent film, but a few years ago the British band “Cinematic Orchestra” added some great music to it, making the movie even more enjoyable. Here is my favourite excerpt ("The Awakening of a Woman"):



Most of the move was filmed in (thriving and socialistic) Odessa during 1929. The full one-hour movie can be viewed here, and is certainly worth watching.