Con un enfoque paternalista Ubuntu de entrada no da acceso a la cuenta de root, sino que los comandos privilegiados se deben ejecutar usando sudo. Since most Ubuntu documentation asks you to use sudo even with graphical applications, Why recommend gksudo or kdesudo for graphical applications instead of sudo.

For example, a lot of guides (including the first book ever published about Ubuntu) will ask you to type this sort of command:

sudo gedit /etc/apt/sources.list

I will always recommend, however, that people use instead this sort of command:

gksudo gedit /etc/apt/sources.list

And reserve sudo for command-line applications, like so:

sudo nano /etc/apt/sources.list

Why is it an issue?
Well, to be perfectly honest, most of the time it isn’t. For a lot of applications, you can run them the improper way—using sudo for graphical applications and see no adverse side effects.

1. There are other times, though, when side effects can be as mild as Firefox extensions not sticking or as extreme as as not being able to log in any more because the permissions on your .ICEauthority changed. You can read a full discussion on the issue here.

These errors occur because sometimes when sudo launches an application, it launches with root privileges but uses the user’s configuration file.

Referencias

USB drive Ubuntu install using VirtualBox

There are many ways to create a live USB drive carrying an operating system like Ubuntu, but the method I will describe further is mainly based on using SUN’s VirtualBox.

While the method described on the Ubuntu documentations implies installing a Live CD image on a USB flash drive, which would then need to extract and load the operating system in the RAM, the method described on this page implies installing a fresh operating system on a bootable flash drive that will work the same way as from a real HDD (except the speed, of course). Thus, you should have a good bootable USB 2.0, with decent I/O data processing speeds, with at least 4GB (considering that the operating system itself weighs ~2GB, Karmic Koala).

(assuming you’ve already installed guest additions)

Click on Settings for your virtual machine, go to USB tab. Check the two boxes, since you do want USB 2.0 support. In theory, this is all, but there’s one step we will need to do afterwards to get this really working. True for Windows, Linux needs a bit more sweat.

You also need to set USB filters so that the USB devices get sent to the guest OS. USB filter is a nice feature that allows you to automatically connect USB devices to your virtual machine. Any device listed in the filter box will be plugged in when you power the guest operating system. Other devices will require that you manually connect them.

From the main Virtualbox window open the Settings dialog, then the USB section, then click the little “add filter” button on the right side of the screen. You should be able to create a filter from any currently connected USB devices.

Much like VMware Tools for VMware products, the Guest Additions expose additional functionality in the virtual machine, boost performance, enhance sharing, and more. We’ve had a long tutorial, which explains how to achieve this in both Windows and Linux virtual machines. You will need to add your user to the VirtualBox group to be able to share USB resources. You can do this from the command line or try the GUI menus.

All right, so we’re running Ubuntu with Gnome desktop. Therefore, go to System > Administration > Users and Groups. In the menu that opens, click on Manage Groups. Scroll and look for the vboxusers group. Click on the Properties button. Make sure your user is listed and checked in the Group Members field. You will need to logout and login back into the session for the effects to take change. Now, power on the virtual machine once more and see what happens.

I had the same problem and fixed it by clicking in the VirtualBox group of my user. You can access it installing gnome-system-tools (it does not come with Ubuntu 12.04 Precise Pangolin), either via the Ubuntu Software Center, Synaptic or by typing in the terminal:

sudo apt-get install gnome-system-tools

Then you head to your Dash home and type users. You will see two applications. The good one is Users and Groups.

You then have to click on Advanced settings for your user and enter your password.

Now you will be shown a window with three tabs. Click on User Privileges. Find the line that says Use Virtualbox virtualization solution and then OK.

After you’ve done this (maybe restart to be sure the host OS isn’t capturing any of the USB devices for itself–Ubuntu will try to automount the flash drive so you might also want to check and make sure that it is unmounted too) then boot into the guest OS and you should see your USB devices.

Good luck.

Edit: note on USB filters

It’s my understanding that a device being used by a guest OS with a USB filter will not be accessible by the host OS while the guest OS is running. Therefore, one should choose carefully what usb devices to create filters for.

You should create USB filters for things that you plan on only using with the guest OS (often peripherals that don’t work with the host OS and will only work with the guest OS) and when you won’t require being able to access the device from the host OS while the guest OS is running. For example I have a USB banking dongle from my bank, ICBC, that is not compatible with Linux so I use a virtualized installation of Windows XP for banking and use a USB filter to grab the USB dongle.

Examples of good devices to create filters for:

USB banking dongles that only work with guest OS
e-readers (Kindle,Nook,etc.) that you plan on using only (or primarily) with the guest OS.
external soundcards that only work with the guest OS or require the guest OS for full functionality

Examples of bad devices to create filters for:

USB input devices (mouses or keyboards) that you would like to use with the host and guest OSes. Virtualbox will allow the guest OS access to these devices by default so there is no need for the guest OS to directly control them (well, I could think of some specialized reasons but I will digress…).
USB storage devices that you want the guest and the host OSes to both be able to access at the same time. Instead, mount the drive on the host OS and use shared folders to share the drive to the guest OS.

Remember that to paste in the terminal you have to use CTRL+SHIFT+V, as opposed to CTRL+V

You will probably have to enter your password to allow the installation and add a Y (as in yes) to finish installing the packages.
Press alt-f2 and type ccsm (do you have compiz settings manager installed?) Scroll to the bottom and find the “move windows” icon and click on it. There is an option “constrain Y”; uncheck this and you can pull the windows where you want. If you are useing “advanced desktop settings” and dont have compiz-config-settings installed open a terminal and digit;

sudo apt-get install compizconfig-settings-manager

Ubuntu Malware Removal Toolkit

Ubuntu Malware Removal Toolkit is an Ubuntu-based LiveCD focused on Windows malicious software removal. The purpose of this distribution is to create a portable environment that will make it easier to remove malware from infected Windows systems.

Features

Detect and clean Windows malware directly from the LiveCD using the best free tools
Easy to use even for Linux novice users
Custom Nautilus scripts to make easier tasks like scanning or hashing multiple files or folders
Find online informations surfing the web with Firefox directly from the LiveCD
Windows network protocols support: Ubuntu MRT can browse Windows networks, resolve Windows hostnames, mount Windows shared folders and use RDP to remotely control Windows Servers
Easily create an Ubuntu MRT Persistent LiveUSB directly from the LiveCD
Browse and query the Windows registry files, detect NTFS timestamp artifacts and much more…
Easily search online for multiple file hashes with a single mouse clic (Virustotal.com, Team Cymru MHR and others services)
Analyze network traffic using preinstalled tools like ntop and BotHunter

Continue reading “Ubuntu Malware Removal Toolkit”

REMnux

REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

John H. Sawyer March 22, 2012

In my last blog about Linux Live Environments, I mentioned REMnux, an environment specifically built for malware analysis. I’d spent a little time with REMnux when it first came out, but decided to take the latest version (3.0) for a test drive.

Since I just received the new “Practical Malware Analysis” book from No Starch Press, the detailed lab exercises seemed like a perfect way to test out the tools included in REMnux. While most of the tools in the book are Windows-based, there are Linux-based equivalents found on REMnux.

The first task was downloading the lab files linked from http://practicalmalwareanalysis.com/labs and extracting them.

If you have issues try https://sourceforge.net/projects/labs-encryptzip/ for an encrypted zip download.

WARNING: The lab binaries contain malicious code and you should not install or run these programs without first setting up a safe environment.

Compatibility: The labs are targeted for the Microsoft Windows XP operating system. Many of the labs work on newer versions of Windows, but some of them will not. The labs are designed to mimic realistic malware. Some of them are well-written code that runs reliable and some of them (just like real malware) are poorly written code that may crash, contain memory leaks, or otherwise behave unexpectedly.

Practical Malware Analysis Labs Web Site

My plan to solely use REMnux was immediately thwarted by the self-extracting Windows executable that contained the lab files. There was a EULA (end user license agreement) wrapper as part of the executable that had to be accepted before the files could be extracted — a problem solved with a quick boot of a Windows XP virtual machine. Ideally, the authors will replace or supplement the self-extracting executable with a standard zip file.

After a quick and easy read through the first few chapters, I started to dig into the lab examples using REMnux’s tools. Chapter 1’s labs want you to upload the example binaries to VirusTotal to see whether any antivirus products detect them as possible malware. While I could have used Firefox to upload the files, I chose to use pyew’s “vt” plugin that searches VirusTotal using the MD5 hash of the file instead of uploading the actual file.

Searching just using the MD5 could have backfired if no one had uploaded the file to VirusTotal yet, but given the popularity of the book, the lab files had already been uploaded many times. It doesn’t appear that REMnux currently comes with a command-line tool to upload files to VirusTotal, so here are a couple of options (#1 and #2) that simply require that you get a free API key from VT first.

A few other tasks in the first few “Practical Malware Analysis” labs include looking at executables’ import/export functions, compile date, and packer identification. Pescanner works pretty well to figuring out those answers, but not all of them. For example, pescanner identifies suspicious import functions but does not list them all, and it incorrectly identified some of the executables as having been packed when they weren’t. Pyew faired better by being able to list all imports and exports and correctly identifying the packer, but it did not have an obvious way to show the compile date. But when used together, you can get the exact answers you need.

The last lab in Chapter 1 asks you to use Resource Hacker to look for resources that are stored in the file. To accomplish the same task on Linux, a command-line tool can be used called hachoir-subfile. Running hachoir-subfile against the Lab 1-4 executable will extract the embedded in PE file.

I’m looking forward to digging into the book more and using REMnux further to see just what I can do without having a Windows virtual machine. It’s not that I have anything against Windows — I just like to find alternative Linux-based tools that do the same thing as Windows-based tools. There’s definitely an advantage to having both platforms available for analysis with the plethora of tools to use.

I highly recommend taking a look at the “Practical Malware Analysis” if you’re interested in the topic, as it is one of the best books I’ve seen on subject and the labs are great. I suspect I’ll have more blogs in the future about the book and tools as I spend more time with it and find alternative tools to use for the analysis.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at johnhsawyer@gmail.com and found on Twitter @johnhsawyer.

Ubuntu Unity .desktop

In order to add your launcher to the Unity Launcher on the left, you have to place your .desktop file at /usr/share/applications/ or at ~/.local/share/applications/. After moving your file there, search for it in the Dash (Windows key -> type the name of the application) and drag and drop it to the Unity Launcher. Now your launcher (.desktop file) is locked on the Unity Launcher! If your desktop file cannot be found by doing a search from the Dash, you may need to read on…

To be more certain that your .desktop file will work properly, use the desktop file validator, which will notify you of any errors or omissions. If there are no errors, desktop-file-validator will exit silently.

Once the file validates correctly, install it to the default location (probably /usr/share/applications) using the desktop-file-install program. This step may require superuser privileges. The desktop-file-install program may add some lines of its own to your .desktop file. There is no need to have the .desktop file be executable by anyone.

Please note that desktop-file-validate tends to be oversensitive at times, which means that it can output error messages on perfectly working .desktop files. Those error messages should be better seen as warnings rather than anything else. For more information on desktop entry specification please refer to http://standards.freedesktop.org/desktop-entry-spec/latest/

To create a simple custom .desktop you will need to add these entries to a .desktop file of your choice in ~/.local/share/applications/

nano ~/.local/share/applications/your_application_name.desktop

[Desktop Entry]
Name=the name you want shown
Comment=
Exec=command to run
Icon=icon name
Terminal=false
Type=Application
StartupNotify=true

For extra options for your .desktop file you can visit this site. All the options available are very well described there.

You can also copy a existing application’s .desktop file from /usr/share/applications/to your ~/.local/share/applications/ and edit it to fit your needs.

ie: this will copy gedit .desktop file to the folder where the .desktop files should be saved for a user

cd ~/.local/share/applications
sudo cp /usr/share/applications/gedit.desktop .

After that open that location using nautilus ~/.local/share/applications/ and drag n drop the file you have just created to the Unity launcher.

Has an option instead of drag n dropping the file you can open dconf-editor (install it with sudo apt-get install dconf-tools or look for it in the USC) and navigate to desktop.unity.launcher and edit the key favorites by double clicking on the entries to the right of the key.

To add your custom launcher add it at the position you want with this format ‘/home//.local/share/applications/.desktop’. Don’t forget to respect the , and the spaces in that line and make sure that the line starts and ends with [ and ]respectively.

With this method you will need to log off and back in for the change in favorites to take effect. This will make it appear in the dash

Ubuntu Repositories

On systems like Ubuntu, most software is packaged in nice .deb (or .rpm, like in Red Hat) files which contain the programs and libraries you need. These files can be downloaded or come in CDs (Ubuntu’s CD is full of them). Repositories are servers which contain sets of packages. You generally access them with tools like Synaptic.

These tools can list all the packages you have installed (from your kernel to your favorite application with all the libraries in between) and the packages that are available in the repositories that you have configured the tool to have access to. They also let you search for simple things like “image editor”.

These tools provide a simple, centralized method of software installation and give the distributors (who set up the repositories) a centralized way to send you updates(1) to your software.

In Ubuntu you generally want to have at least Ubuntu’s repositories (which may include the install CD) but it is not uncommon to have other repositories (from other packagers) set up.

It’s important to know that most of the tools you’ll want to use in Ubuntu are already in Ubuntu’s repositories. You can go search the internet for packages, or even source code, for others, but these will be more difficult to install and won’t, most of the time, integrate as well with your system.

So now you know: no more endless searching looking for spyware-infested shareware and freeware. The vast majority of useful software available for Linux is pre-packaged for you.

Components

Software in Ubuntu’s repository is divided into four categories or components – main, restricted, universe and multiverse.

Most people will use the Ubuntu Software Centre to install the software they want. But if you’re interested in learning more about the different categories of software we include, read on! Software is grouped according to our ability to maintain it and by how well it meets the goals of our free software philosophy. The standard Ubuntu installation is a collection of software from the main and restricted components. You can install additional software from the Ubuntu Software Centre.

Main

The main component contains applications that are free software, can be freely redistributed and are fully supported by the Ubuntu team. This includes the most popular and most reliable open-source applications available, many of which are included by default when you install Ubuntu. Software in main includes a hand-selected list of applications that the Ubuntu developers, community and users feel are most important, and that the Ubuntu security and distribution team are willing to support. When you install software from the main component, you are assured that the software will come with security updates and that commercial technical support is available from Canonical.

Restricted

Our commitment is to only promote free software – or software available under a free licence. However, we make exceptions for a small set of tools and drivers that make it possible to install Ubuntu and its free applications on everyday hardware. These proprietary drivers are kept in the restricted component. Please note that it may not be possible to provide complete support for this software because we are unable to fix the software ourselves – we can only forward problem reports to the actual authors. Some software from restricted will be installed on Ubuntu CDs but is clearly separated to ensure that it is easy to remove. We will only use non-open-source software when there is no other way to install Ubuntu. The Ubuntu team works with vendors to accelerate the open-sourcing of their software to ensure that as much software as possible is available under a free licence.

Universe

The universe component is a snapshot of the free, open-source, and Linux world. It houses almost every piece of open-source software, all built from a range of public sources. Canonical does not provide a guarantee of regular security updates for software in the universe component, but will provide these where they are made available by the community. Users should understand the risk inherent in using these packages. Popular or well supported pieces of software will move from universe into main if they are backed by maintainers willing to meet the standards set by the Ubuntu team.

Multiverse

The multiverse component contains software that is not free, which means the licensing requirements of this software do not meet the Ubuntu main component licence policy. The onus is on you to verify your rights to use this software and comply with the licensing terms of the copyright holder. This software is not supported and usually cannot be fixed or updated. Use it at your own risk.

A Quick, Tongue-in-cheek Description of the Ubuntu Repositories

$release: Don’t touch it, I like consistency, even with my bugs.
$release-security: I’ll accept patches to existing versions (and very rare version upgrades if absolutely necessary) in the process of keeping my system secure.
$release-updates: Okay, some bugs are worth fixing, and I trust you this much (holds up two fingers like Maxwell Smart).
$release-backports: I have something akin to technology ADHD, needing the latest of everything I can possibly get, but I can’t handle running the development branch.
$devel: I can take it. Seriously. If you break my X, I shall become more powerful than you could possibly imagine. I’ll file and maybe even fix the bugs and I’ll do it even if power management is not so much ‘managed’ as vomited all over the wall. Come get some.
Debian: We do the work so you don’t have to.

Source: Jeff Waugh, “Understanding the Ubuntu Package Repositories” (modestly edited, as recommended by Waugh)

Managing Repositories

Managing Repositories in Ubuntu
This page explains how to manage repositories in Ubuntu using a graphical user interface.
Managing Repositories in Kubuntu
This page shows you how to manage repositories in Kubuntu
Managing Repositories from the Command Line
If you prefer to use the command line, this page has the details
Managing Personal or Local Repositories
If there are packages you want to load outside of the supported repositories, this page explains a way to ease package dependency issues.

Tag: ubuntu

stop a process under Ubuntu

Ubuntu root