How to Setup SSH Server in Windows with freeSSHd

Friday, February 5, 2010 by BBTUNA

Have you ever wanted to control your Windows remotely using the command line? With the SSH network protocol, you can! Telnet is another way to achieve this, but it is not as secure as SSH. In this simple guide, I will tell you on how to setup a SSH server in Windows with freeSSHd.

With this setup, you can now access and manage your PC from another computer using the Windows command line. That means that you can copy, edit, move and delete files inside your home computer from another computer in the office, for example. Furthermore, the SSH network protocol secures the connection between the two connected computers! If you are interested, you can read more on SSH .

setup-ssh-sshd-server-windows

Step 1: Setup SSH Server in Windows with freeSSHd

This is an absolute noob guide , so I’ll explain in detail. If you are an advanced user (boo!), you are welcome to skip the installation steps.

1- freeSSHd is the easiest software to use to get SSH working in Windows. Download freeSSHd before proceeding any further.

2- Double click the freeSSHd installer that you have downloaded to get started.

freesshd-windows-ssh-server

3- Click Next -> Click Next (or you can change the default installation directory) -> Click Next (Full Installation) -> Click Next (Start Menu Folder) -> Click Next (Create a desktop icon) -> Click Install (ready to install) -> Wait until installation has been finished -> Click Close (Try other products…)

setup-freesshd-first-screen

4- “Do you want to run freeSSHd as a system service?” I choose “No” so I can start freeSSHd manually. This is a good security practice because you don’t want to have running applications in the background if you are not using it. Only turn freeSSHd on when the need for remote connections arise!

start-ssh-as-system-service-option

5- Click Finish to complete freeSSHd installation.

Step 2: Run freeSSHd

6- Double click the freeSSHd icon on the desktop to load your SSH server. You can see the freeSSHd icon on your system tray.

7- Right click on the icon and click Settings.

go-to-freesshd-settings

8- Make sure that the freeSSHd settings page (Server Settings tab) shows that your“SSH server is running”.

check-running-freesshd-server

Step 3: Create a New SSH User

9- Click on the Users tab. You need to create at least one user account that will act as your SSH remote user account.

add-ssh-users

10- Click “Add” to create a new user. Fill in the user details, following the example shown below (with your own unique username and password, duh!). Click OK and make sure it appear on the Users tab list.

ssh-users-created

Step 4: Test SSH Access with Putty (Local)

11- Using the same computer that you install freeSSHd previously, download Putty. Putty is a desktop command line client that you can use to access SSH servers.

12- Double click the Putty installer to run it. Fill in the details as shown in the diagram below. 127.0.0.1 means that you are testing the SSH access from a local connection.

test-ssh-with-putty

13- Press “Yes” on the security alert screen. Insert your SSH username and password that you have created previously.

accept-sha-key-putty

test-ssh-with-putty-2

14- If you get a Windows command prompt, you have successfully access your SSH server! Congratulations!

test-ssh-with-putty-3

15- Connect your computer to the Internet / local network and take note of your computer’s IP address.

Step 5: Test SSH Access with Putty (Remote)

16- Using another computer e.g. your office computer, download Putty again.

17- Repeat step 12 to 13 above but this time, use your SSH server IP address (type it inside Host Name or IP Address field).

18- If you get a Windows command prompt, you have successfully access your SSH server from a remote computer! Double congrats to you!

test-ssh-with-putty-4

There you go, a complete noob guide to setup a SSH server in Windows, using the super simple freeSSHd application. Be geeky and try it today!
Posted in | 0 Comments »

Bypass Windows Vistas and Windows 7’s Reduced Functionality Mode and Get Your Data

by BBTUNA

So you use Windows 7 or Vista and you have encountered the now famous “Reduced Functionality Mode.” You can either throw up your arms and cry or bypass it and get to your data.

Here is how to temporarily remove the “Reduced Functionality” mode and resture your computer back to a (semi) normal state.

  • On the Windows Activation, click on Access your computer with reduced functionality option.
  • Once the Internet Explorer loads, click on File on menu bar and then select Open on the pull-down menu.
  • On the Open dialog window, type in C:\Windows\Explorer.exe and then click OK.
  • Click OK button on “IE needs to open a new window to open this webpage” confirmation prompt.
  • Click Run button on “File Download – Security Warning” dialog prompt.
  • Click on Run button on “File Download – Security Warning” warning dialog related to unknown and not verified publisher.
  • User shell will load, and the desktop, taskbar, start menu and etc will be restored.
  • The computer has recovered from Reduced Functionality for this session. To permanently stop RFM to happen again, Windows has to be rearmed.
  • Click on the Windows Start button.
  • Type Cmd in Start Search box.
  • A program shortcut will show up in the Start panel search results. Right click on the shortcut and select Run as Administrator.
  • In the Command Prompt window, type in the following command and then hit Enter: slmgr.vbs -rearm
  • Restart your computer.

Now obviously something must have went awry for that dialog box to pop up, any I think it would be recommended that you reinstall Windows after you backup all your data.
Posted in | 0 Comments »

Setup Linksys Router With Radius Server Authentication

by BBTUNA

Configuring The Linksys Router

login to your Linksys router and on the Setup tab make sure you set the following configurations:

  1. Internet Connection type : Automatic Configuration – DHCP
  2. Router Name: anything
  3. Host Name : anything
  4. Domain Name : anything
  5. MTU : Auto
  6. Local IP Address: Enter an IP address from your network here
  7. DHCP Server : Disable

Linksys Router setup tab

Click on Save Settings after making the changes.

note. your settings could be different, but just make sure you enter a local network IP address for local IP, and disable DHCP server. otherwise your router won’t work.. also don’t forget to plug-in the Ethernet cable on the router on one of the LAN ports, not the WAN port, otherwise you won’t be able to connect using the new IP address.

now, click on the Wireless tab, and set the following settings:

  • Wireless Network Mode : Mixed

  • Wireless Network Name (SSID): type your chosen SSID here

  • Wireless Channel: Leave the default if you want, otherwise change it to something else.

  • Wireless SSID Broadcast : Enable Click on the Save Settings after making the changes.

wireless network

Now click on the Wireless Security option. and make sure you have the following settings:

  1. Security Mode : WPA Enterprise
  2. WPA Algorithms : TKIP
  3. RADIUS Server Address: enter the IP address of your radius server here
  4. RADIUS Port: Leave the 1812 port there
  5. Shared-key : enter your shared key here.
  6. Key Renewal Timeout: leave the default value (3600 seconds)

Wireless Security

click on the Save Settings button after you finish changing the settings.

Configuring The Radius Server

now, that we have setup the Linksys router, we need to configure the Internet Authentication service to talk back to the Linksys router.

On your Windows Server, go to Administrative Tools and open the Internet Authentication Service and select the Radius Clients folder on the left panel:

radius clients

then right-click on an empty area on the right panel, and select New Radius Client:

new radius client

as Friendly name type something easy to identify for you, and for Client Address ( IP DNS ) type the IP address of the Linksys router.

New radius server

click on Next.

on the next screen, select Radius Standard on the Client-Vendor option. enter the Shared secret key. this key is the shared key we entered on the Linksys router wireless security window . make sure the option Request must contain the message authentication attribute is unchecked.

radius server standard

click on the Finish button after you have entered all the settings.

that’s it, that should take care of the radius server and the router communication. on the next post we will setup the group policy to authenticate our domain users.
Posted in | 0 Comments »

Twitter Security Cam

by BBTUNA

So its Saturday afternoon and you have nothing to do. As you glance around your room you spot a half full beer, a webcam, and that linux box that you have been wondering what you were going to do with. Seriously, why did you buy that piece of crap webcam anyway? A quick google search reveals that you might have a hard time even getting that thing working in XP, let alone your preferred OS of choice, OSX. =)

Ok, I know what to do. First dont drink that beer.. Its old. Throw it away and clean up your room a little bit. Then go get another beer -- and lets try to finish this one Nancy. As you sit back and nurse your new beer you notice that your Asus EEE with BackTrack4 is in a somewhat different place than you left it. Instead of simply plotting your revenge on who ever you feel deserves the blame, lets try catching them next time red-handed.

The following will walk you through setting up a video-surveillance system that will detect motion, enable your webcam, take pictures of the intruder, and upload the pics online and notify your cell phone via an twitter SMS message.

You will need:

  • USB Webcam
  • Linux installed on a machine (I will use Ubuntu "Gutsy Gibbon" in my example, but should be similar for other Linux distros)
  • All ways on internet connection

Before we begin, you will want to make sure your webcam is supported by your Linux distro. First lets check to see if it works out of the box. Turn on your machine and login. Plug in your USB video camera and open a terminal window. Type:

lsusb

to determine if your webcam was detected. Your output should look something simiar to:

hevnsnt@linuxbox:~/motion$ lsusb
Bus 003 Device 001: ID 0000:0000
Bus 002 Device 007: ID 045e:0039 Microsoft Corp. IntelliMouse Optical
Bus 002 Device 006: ID 0553:0002 STMicroelectronics Imaging Division (VLSI Vision) CPiA WebCam Bus 002 Device 001: ID 0000:0000

(Although of course your output will match your configuration)

Record the bus location and device id of your webcam. (Bus 002 Device 006 in this example.) Now open "Ekiga Softphone" (installed by default in Ubuntu under Applications / Internet / Ekiga Softphone).

We are going to use this application to make sure that your USB camera is working (so far without ANY WORK!) You might have to click the camera icon, and if everything works, you should be getting a live picture. If not, check your Ekiga Preferences (Edit/Preferences/Video Devices) and change your input device to the device you discovered earlier. If this doesn't work you should Google for the device ID plus Linux driver. (eg 0553:0002 linux driver) Come back to this tutorial when you get it working. If you cant get it working check craigslist.org for a newer camera, but I doubt you will need to. Seriously If I got this crusty old zoom 1595 camera working, I am sure you can get yours working.

Detecting Motion:

In order to detect motion, we are going to use a software motion detection package appropriately titled "motion". Now since I know you probably are on a debian Ubuntu machine, so you are thinking "Oh this will be easy, apt-get install motion". Well you did get one thing right, it will be easy, but we are not going to use apt-get. The ubuntu repositories still have a much older version of "motion" than we want. To get the latest version (this tutorial was written using build 3.2.11) open a terminal window and type the following commands: (note this will download and install a .deb, you could always install from source)

mkdir ~/motion
cd ~/motion
wget http://prdownloads.sourceforge.net/motion/motion_3.2.11-1.ubuntu.hardy_i386.deb?download
sudo dpkg -i motion_3.2.11-1.ubuntu.hardy_i386.deb

Congratulations, you have installed motion. Yeah Ubuntu! Now you just need to configure it. And let me tell you, there is A TON of configuration options, luckily it comes with a very well commented configuration file located at /etc/motion/motion.conf. Should you want to tweak your installation later, I would start with this configuration file.

However, for the sake of quicky-ness, I will share my configuration file that I spent a lot of time tuning and testing for my setup. Save it to ~/motion/motion.conf

# TwitterSecuritySystem motion.conf
# This config file was created for motion 3.2.11

############################################################
# Daemon
############################################################

# Start in daemon (background) mode and release terminal (default: off)
daemon on

# File to store the process ID, also called pid file. (default: not defined)
process_id_file /var/run/motion/motion.pid

###########################################################
# Capture device options
############################################################

# Videodevice to be used for capturing (default /dev/video0)
videodevice /dev/video0
v4l2_palette 8

# The video input to be used (default: 8)
# Should normally be set to 0 or 1 for video/TV cards, and 8 for USB cameras
input 8

# The video norm to use (only for video capture and TV tuner cards)
# Values: 0 (PAL), 1 (NTSC), 2 (SECAM), 3 (PAL NC no colour). Default: 0 (PAL)
norm 1

# Rotate image this number of degrees. The rotation affects all saved images as
# well as mpeg movies. Valid values: 0 (default = no rotation), 90, 180 and 270.
rotate 0

# Image width (pixels). Valid range: Camera dependent, default: 352
width 320

# Image height (pixels). Valid range: Camera dependent, default: 288
height 240

# Maximum number of frames to be captured per second.
# Valid range: 2-100. Default: 100 (almost no limit).
framerate 2

# Minimum time in seconds between capturing picture frames from the camera.
# Default: 0 = disabled - the capture rate is given by the camera framerate.
# This option is used when you want to capture images at a rate lower than 2 per second.
minimum_frame_time 3

auto_brightness off
brightness 0
contrast 0
saturation 0
hue 0

############################################################
# Motion Detection Settings:
############################################################

# Threshold for number of changed pixels in an image that
# triggers motion detection (default: 1500)
threshold 1500

# Automatically tune the threshold down if possible (default: off)
threshold_tune off

# Noise threshold for the motion detection (default: 32)
noise_level 32

# Automatically tune the noise threshold (default: on)
noise_tune on

# Despeckle motion image using (e)rode or (d)ilate or (l)abel (Default: not defined)
# Recommended value is EedDl. Any combination (and number of) of E, e, d, and D is valid.
# (l)abeling must only be used once and the 'l' must be the last letter.
# Comment out to disable
despeckle EedDl

# Ignore sudden massive light intensity changes given as a percentage of the picture
# area that changed intensity. Valid range: 0 - 100 , default: 0 = disabled
lightswitch 0

# Picture frames must contain motion at least the specified number of frames
# in a row before they are detected as true motion. At the default of 1, all
# motion is detected. Valid range: 1 to thousands, recommended 1-5
minimum_motion_frames 1

# Specifies the number of pre-captured (buffered) pictures from before motion
# was detected that will be output at motion detection.
# Recommended range: 0 to 5 (default: 0)
# Do not use large values! Large values will cause Motion to skip video frames and
# cause unsmooth mpegs. To smooth mpegs use larger values of post_capture instead.
pre_capture 0

# Gap is the seconds of no motion detection that triggers the end of an event
# An event is defined as a series of motion images taken within a short timeframe.
# Recommended value is 60 seconds (Default). The value 0 is allowed and disables
# events causing all Motion to be written to one single mpeg file and no pre_capture.
gap 60

############################################################
# Image File Output
############################################################

# Output 'normal' pictures when motion is detected (default: on)
# Valid values: on, off, first, best, center
# When set to 'first', only the first picture of an event is saved.
# Picture with most motion of an event is saved when set to 'best'.
# Picture with motion nearest center of picture is saved when set to 'center'.
# Can be used as preview shot for the corresponding movie.
output_normal center

# The quality (in percent) to be used by the jpeg compression (default: 75)
quality 75

############################################################
# Text Display
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second, %T = HH:MM:SS,
# %v = event, %q = frame number, %t = thread (camera) number,
# %D = changed pixels, %N = noise level, \n = new line,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event - do not use with text_event!
# You can put quotation marks around the text to allow
# leading spaces
############################################################

# Locate and draw a box around the moving object.
# Valid values: on, off and preview (default: off)
# Set to 'preview' will only draw a box in preview_shot pictures.
locate on

# Draws the timestamp using same options as C function strftime(3)
# Default: %Y-%m-%d\n%T = date in ISO format and time in 24 hour clock
# Text is placed in lower right corner
text_right %Y-%m-%d\n%T-%q
text_event %Y%m%d%H%M%S

# Draw characters at twice normal size on images. (default: off)
text_double off

############################################################
# Target Directories and filenames For Images And Films
# For the options snapshot_, jpeg_, mpeg_ and timelapse_filename
# you can use conversion specifiers
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second,
# %v = event, %q = frame number, %t = thread (camera) number,
# %D = changed pixels, %N = noise level,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event
# Quotation marks round string are allowed.
############################################################

# Target base directory for pictures and films
# Recommended to use absolute path. (Default: current working directory)
target_dir ~/motion/

# File path for snapshots (jpeg or ppm) relative to target_dir
# Default: %v-%Y%m%d%H%M%S-snapshot
# Default value is equivalent to legacy oldlayout option
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-snapshot
# File extension .jpg or .ppm is automatically added so do not include this.
# Note: A symbolic link called lastsnap.jpg created in the target_dir will always
# point to the latest snapshot, unless snapshot_filename is exactly 'lastsnap'
snapshot_filename %v-%Y%m%d%H%M%S-snapshot

# File path for motion triggered images (jpeg or ppm) relative to target_dir
# Default: %v-%Y%m%d%H%M%S-%q
# Default value is equivalent to legacy oldlayout option
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-%q
# File extension .jpg or .ppm is automatically added so do not include this
# Set to 'preview' together with best-preview feature enables special naming
# convention for preview shots. See motion guide for details
jpeg_filename %v-%Y%m%d%H%M%S-%q

############################################################
# Live Webcam Server
############################################################

# The mini-http server listens to this port for requests (default: 0 = disabled)
webcam_port 0
webcam_quality 50
webcam_motion off
webcam_maxrate 1
webcam_localhost on
webcam_limit 0

############################################################
# HTTP Based Control
############################################################

# TCP/IP port for the http server to listen on (default: 0 = disabled)
control_port 0
control_localhost on
control_html_output on

############################################################
# External Commands, Warnings and Logging:
# You can use conversion specifiers for the on_xxxx commands
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second,
# %v = event, %q = frame number, %t = thread (camera) number,
# %D = changed pixels, %N = noise level,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event
# %f = filename with full path
# %n = number indicating filetype
# Both %f and %n are only defined for on_picture_save,
# on_movie_start and on_movie_end
# Quotation marks round string are allowed.
############################################################

# Do not sound beeps when detecting motion (default: on)
# Note: Motion never beeps when running in daemon mode.
quiet on

# Command to be executed when a picture (.ppm|.jpg) is saved (default: none)
# To give the filename as an argument to a command append it with %f
# on_picture_save echo I would have said on save %f
on_picture_save perl ~/motion/updateTwitter.pl --username YOURUSERNAME --password YOURPASSWORD --message "At %H:%M:%S Motion Was Detected" --picture %f

# Command to be executed when a camera can't be opened or if it is lost
# NOTE: There is situations when motion doesn't detect a lost camera!
# It depends on the driver, some drivers don't detect a lost camera at all
# Some hang the motion thread. Some even hang the PC! (default: none)
on_camera_lost perl ~/motion/updateTwitter.pl --username YOURUSERNAME --password --message "WARNING Camera Was Not Detected"


Notification of Motion:

Now for the fun part, if you used the above configuration file at this point your system is configured to detect motion, and then snap a picture. It also is configured to save the "best" picture, and outline the movement that it captured. Yeah so what. Lets use kick it up a notch by using Web2.0 tools to notify us so that we can take appropriate action.

First create ANOTHER (assuming you already have a twitter account) twitter account, naming it something like mySECURITY or something that is specific to you. You will not give this name out to anyone so feel free to name it whatever you want. I gave my new twitter account an profile image of a security monkey.

In order to upload the motion-detected captured picture utilizing twitter (and more specifically twitpic) we are going to need call a script written by rtadlock at http://rtadlock.blogspot.com via the motion.conf. (these lines are bolded above) Save the following as ~/motion/updateTwitter.pl

#!/usr/bin/perl

use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Getopt::Long;

# Values to use when uploading to TwitPic
# You can change these defaults and you can
# override them with the command line options
my $picture;
my $username = 'USERNAME'; # This has to be your twitter username, not your email
my $password = 'PASSWORD'; # Twitter password
my $message = 'New Motion Detected'; # message you'd like to post
my $uploadOnly = 0; # Upload only, don't update Twitter
my $verbose = 0;

# These can be changed if the TwitPic API
# locations change
my $uploadAndPostSite = "http://twitpic.com/api/uploadAndPost";
my $uploadOnlySite = "http://twitpic.com/api/upload";

GetOptions( "help|h|?" => sub { Usage() && exit( 0 ) },
"picture=s" => \$picture,
"username=s" => \$username,
"password=s" => \$password,
"uploadOnly" => \$uploadOnly,
"verbose" => \$verbose,
"message=s" => \$message ) or Usage() && exit( -1 );

if( !$picture || !$username || !$password )
{
print "ERROR: Please provide all required arguments\n";
Usage() && exit( -1 );
}

if( ! -e $picture || ! -f $picture )
{
print "ERROR: The picture you specified $picture doesn't seem to exist\n";
exit( -1 );
}

if( $verbose )
{
print "Attempting to upload pic to TwitPic with the following options:\n";
print "Picture: $picture\n";
print "Username: $username\n";
print "Password: $password\n";
print "Message: $message\n";
print "Upload only: ";
if( $uploadOnly )
{
print "Yes";
}
else
{
print "No";
}
print "\n\n";
}

my $response;
my $ua = LWP::UserAgent->new( env_proxy => 1,
keep_alive => 1,
timeout => 30 );
if( $verbose )
{
print "Uploading picture to TwitPic.com...\n";
}

if( $uploadOnly )
{
$response = $ua->request( POST $uploadOnlySite,
Content_Type => 'multipart/form-data',
Content => [
media => ["$picture"],
username => $username,
password => $password ] );
}
else
{
$response = $ua->request( POST $uploadAndPostSite,
Content_Type => 'multipart/form-data',
Content => [
media => ["$picture"],
username => $username,
password => $password,
message => $message ] );
}

if( !$response->is_success )
{
print "ERROR: There was a problem while trying to contact to TwitPic\n";
die $response->status_line;
}

if( $verbose )
{
print "Done trying to uploading picture, checking response for errors\n";
}

# I guess we could actually use XML::Parser to parse this, but it's kind of
# over kill in this situation
if( $response->content =~ /stat="fail"/ )
{
$response->content =~ /msg="(.*)"/;
print "\nERROR: There was an error uploading your picture to TwitPic\n";
print "INFO: $1\n";
exit( -1 );
}

# If verbose, print out the response, so the user can access the picture
if( $verbose )
{
print "\nUploade successful, here are the details:\n";
$response->content =~ /(.*)<\/mediaid>/;
print "Media id: $1\n";
$response->content =~ /(.*)<\/mediaurl>/;
print "Media url: $1\n";

}

sub Usage()
{
print "\n";
print "updateTwitter.pl --username user --password pass --picture pathToPicture [--message messageToTwitter] [--uploadOnly]\n\n";

print "--username\tYour Twitter.com username\n";
print "--password\tYour Twitter.com password\n";
print "--picture\tPath to the picture you want to post\n";
print "--message\tOptional message to Tweet with your picture\n";
print "--uploadOnly\tUpload to TwitPic.com only and don't Tweet. This will ignore any message passed in\n";

}

Putting it all together

At this point you should have:

  • motion installed
  • motion.conf located in your ~/motion/ folder
  • updateTwitter.pl located in your ~/motion/ folder
  • A new twitter account created, and all relevant user/pass information updated in both motion.conf and updateTwitter.pl

In your terminal type the following:

motion -n -c ~/motion/motion.conf

(-n does not allow it to go into daemon mode, and -c passes a custom configuration)

If everything goes right, you should start capturing images, storing them into your ~/motion/ directory, and updating your new twitter feed. Now all you need to do is simply follow your new twitter account with your original one, and allow for device updates.

Now whenever somone comes into range of your camera, it will take a picture, upload to twitpic, and then send your cell phone a SMS message notifying you. If you have a web enabled phone, you can see the pictures in real time!
Posted in | 0 Comments »

Connect USB Drive to VMware ESX Server

by BBTUNA
Steps to be followed : (NOTE : I is my USB drive)
  1. Plug in your USB flash disk and format it in dos using the following command: FORMAT I: /FS:FAT
  2. From Windows Explorer, find the boot.iso file in the /images directory on the ESX 3.x CD-ROM. Copy boot.iso into a temporary directory on your hard drive.

  3. Using your ISO extraction or mount program, extract the contents of the boot.iso file to your USB flash drive.
  4. Delete the isolinux.bin and updatecd.cfg files from the USB disk.
  5. Rename the isolinux.cfg file on the USB flash disk to syslinux.cfg
  6. Using WordPad (not Notepad), open the syslinux.cfg file and add the keyword usb to the end of every line that begins with append. Here's what the file should look like when you're done:
    • default esx
    • prompt 1
    • timeout 600
    • display boot.msg
    • F1 boot.msg
    • F7 snake.msg
    • label debug
      • kernel vmlinuz
      • append initrd=initrd.img noapic nomediacheck debug usb
    • label esx
      • kernel vmlinuz
      • append initrd=initrd.img usb
    • label text
      • kernel vmlinuz
      • append initrd=initrd.img text usb
    • label expert
      • kernel vmlinuz
      • append expert initrd=initrd.img usb
    • label ks
      • kernel vmlinuz
      • append ks initrd=initrd.img usb
    • label lowres
      • kernel vmlinuz
      • append initrd=initrd.img lowres usb
  7. Extract the syslinux.zip file into another temporary directory on your hard drive.
  8. Open up a command prompt and navigate into the win32 directory. For example: C:\temp\syslinux-3.36\win32
  9. Now, run the syslinux program to apply the boot loader and boot sector to the USB flash drive: syslinux -s –ma I:
  10. Copy the ESX 3.x ISO image onto the USB drive root
  11. Confirm that your USB flash drive contains the following files:
    • boot.cat
    • boot.msg
    • initrd.img
    • snake.msg
    • splash.lss
    • vmlinuz
    • syslinux.cfg
    • esx-X.iso

  12. Your ready to go, ensure your bios on the server you want to install too is setup to boot from USB or select USB from the alternate boot menu.
  13. The ESX installer will detect the USB device and whatever SCSI / disk controllers you have. When the installer asks you what the installation source will be, choose Hard Disk.

  14. You will need to choose the right disk device (ie. /dev/sda, /dev/sdb) that corresponds to your USB disk. Chances are it will be /dev/sdb.

  15. Finally, the installer will ask you what directory to find the ESX installation CD image in. Just use / and it will find the .ISO image for you.
Posted in | 0 Comments »

How to Create an Internet Kiosk in 10 Easy Steps on Windows XP

by BBTUNA

If you own a business and would like to provide an “Internet Cafe” to your customers but do not want to worry about them trashing your computer or snooping around your network, there are some things you can do to create a more secure environment. This secure internet browsing mode is commonly referred to as an Internet Kiosk.

Disclaimer: This article is designed to cover most angles but does not claim to be conclusive in securing Windows (if there is such a thing!) What we will essentially do is create an automatically updating machine that grants the user access only to Internet Explorer by changing the shell value for that user and
by applying local Group Policy to restrict the user.

Steps to Create Your Own Internet Kiosk:

  1. Install Windows XP (Pro is recommended, but not required. This how-to is based on Pro edition) on a NTFS formatted hard drive.
  2. Install all updates via windowsupdate.microsoft.com and set automatic updates to install automatically in the future on a daily basis
  3. Install your anti virus software of choice and set it to auto update
  4. Install Flash, Macromedia, and acrobat reader if you so choose
  5. create a new user account with admin privileges, set the password to never expire and to not be able to be changed by the user
  6. log in with that user and make the following registry change:
    • click Start -> Run and type regedit and click OK
    • Once the Registry Editor opens, click File and Export… to create a backup of the registry (in case something goes wrong). Place this in the C:\Windows folder.
    • Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current
      Version\Winlogon
    • Create a new string value called shell (Edit -> New -> String Value)
    • in the Data portion of this new string value type: C:\Program Files\Internet Explorer\IEXPLORE.EXE
  7. Close the Registry Editor and logout of Windows
  8. Log back in with your original admin account
  9. Reduce the privileges of the new user account you created earlier to user
  10. Click Start -> Run -> Type “mmc” without the quotes. On the File menu click “Add/Remove Snap-in“. Click Add.
    Under Available Stand-alone Snap-ins, click Group Policy, and then click Add. This will open the Group Policy editor where you can limit user rights to your heart’s content. I would recommend dis-allowing control panel access, Active Desktop options, Task Manager from Ctrl-Alt-Del, and other obvious settings to ensure that your users can only
    do what you say.

There you have it, 10 easy steps to create your own secure Internet
Kiosk. When your newly created restricted user logs in, they will only get an Internet Explorer window. No start menu or desktop options.
Posted in | 0 Comments »

Install Squid Proxy Server on CentOS

by BBTUNA

Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Install Squid on CentOS / RHEL 5

Use yum command as follows:
# yum install squid
Output:

Loading "installonlyn" plugin Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated --> Running transaction check  Dependencies Resolved  =============================================================================  Package                 Arch       Version          Repository        Size ============================================================================= Installing:  squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M  Transaction Summary ============================================================================= Install      1 Package(s) Update       0 Package(s) Remove       0 Package(s)           Total download size: 1.2 M Is this ok [y/N]: y Downloading Packages: Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction   Installing: squid                        ######################### [1/1]   Installed: squid.i386 7:2.6.STABLE6-4.el5 Complete!

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start
Output:

init_cache_dir /var/spool/squid... Starting squid: .       [  OK  ]

Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:

tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:

Flushing firewall rules:                                   [  OK  ] Setting chains to policy ACCEPT: filter                    [  OK  ] Unloading iptables modules:                                [  OK  ] Applying iptables firewall rules:                          [  OK  ] Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Client configuration

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.
Posted in | 0 Comments »
Subscribe to: Posts (Atom)

About Me

BBTUNA
View my complete profile

Blog Archive