Learn from my mistakes as I figure out how to gather forensics data on an ext4 filesystem.

One great thing about writing technical articles is that you have a nice collection of documentation you can turn to. I tell people that I probably reference my books and articles more than anyone else, because although I may not always remember specific steps to perform a task, I do always remember whether I wrote about how to do it.

One article I find myself referring to now and then is the "Introduction to Forensics" article I wrote in Linux Journal back in the January 2008 issue (my first feature article in Linux Journal). In that article, I walk through how to use Autopsy, a front end to Sleuthkit, to perform your own forensics investigation on a server that has been hacked. Recently, I had to perform an investigation on a server that fell victim to an SSH brute-force attack (use SSH keys!) and discovered that my personal documentation no longer worked. In this article, I walk through the symptoms of this problem and ultimately how I was able to work around it.

SSH is a protocol for authenticating and encrypting remote shell sessions.

But, using SSH for just remote shell sessions ignores 90% of what it can do.


# ssh home -L 80:reddit.com:80
This article covers less common SSH use cases, such as:

using passwordless, key-based login;
setting up local per-host configurations;
exporting a local service through a firewall;
accessing a remote service through a firewall;
setting up a SOCKS proxy for Firefox;
executing commands remotely from scripts;
transfering files to/from remote machines;
mounting a filesystem through SSH; and
triggering admin scripts from a phone.

File Vault 2 and embedded 'Recovery HD' disk are new additions to OS X in Lion release.

A fresh OS X Lion installation creates 'Recovery HD' by live re-partitioning 'Macintosh HD'. The recovery disk is 650MB in size (as of 10.7.2), of partition type Apple_Boot, and therefore, will be hidden during normal usage by OS X user interface. It does not show up in Finder, and not even 'Disk Utility.'

If the recovery disk 'Recovery HD' is proper, booting up a Mac without File Vault 2 while holding down the Option key will result in listing 'Recovery HD' as an alternative to 'Macintosh HD' for booting the machine up. For Macs with File Vault 2, only holding down the Cmd+R key combination will boot 'Recovery HD.'

The 'Recovery HD' of a Mac without File Vault 2 contains 'Base System Install', which is a minimal OS X kernel plus useful utility applications (Disk Utility, Time Machine, Network Utility, Pasword Utility). The main purpose is to allow partitioning a hard disk and restoring the system from a Time Capsule via the Time Machine application.

The 'Recovery HD' of a Mac with File Vault 2 does not contain 'Base System Install,' but only CoreStorage components and a minimal kernel for authenticating a user to Core Storage, to get a File Vault 2 (Whole-Disk-Encryption) protected disk mounted. Therefor, once File Vault 2 is turned on, your Mac will loose the ability to boot 'Base System Install'. The only way to start a Time Capsule restore is to boot from a Lion Installation DVD (or USB), if you had one made from the downloaded Lion installation app from the AppStore (instructions are widely written in web articles, please search the web).

When a Lion Mac is restored from Time Capsule via the Time Machine application, as of 10.7.2, the 'Recovery HD' will NOT be recreated. A Mac with File Vault 2 previously enabled will also be restored with File Vault 2 disabled; i.e. the disk will NOT be encrypted (this is right thing to do IMO). Without 'Recovery HD', File Vault 2 cannot be enabled anymore. This is a BIG problem for Mac owners who need stronger assurance of data security.

This article is a collection of my experiences in fixing this plight I had to face after restoring my Mac after my Seagate Momentus 500GB (G-Shock) crashed badly.

2011 Session documentation.

Follow these twelve steps, so that you might never stray from the path.

Simian is an enterprise-class Mac OS X software deployment solution with App Engine-based hosting to scale with the needs of your growing enterprise, and a future proof client based on the Munki open-source project.
Here are some example features of Simian:
Deploy new or updated software by targeting a single Mac or tens of thousands.
Push security patches, whether the Mac is on an internal network/VPN or not.
Force mandatory installation of some packages, while allowing others to be optional.
Tightly manage Apple-provided updates.
Scale without deploying and maintaining additional server infrastructure.
Obtain reports on all of this and the fleet overall.
Much of this and more is due to the outstanding work of Greg Neagle and the Munki community. To read more about the other features Munki offers please visit the Munki code.google.com project page.

munki is a set of tools that, used together with a webserver-based repository of packages and package metadata, can be used by OS X administrators to manage software installs (and in many cases removals) on OS X client machines.
munki can install software packaged in the Apple package format, and also supports Adobe CS3/CS4/CS5 Enterprise Deployment "packages", and drag-and-drop disk images as installer sources.
Additionally, munki can be configured to install Apple Software Updates, either from Apple's server, or yours.
munki is currently in use at organizations all over the world, managing software for thousands of Macs.

I've 10Mbps server port dedicated to our small business server. The server also act as a backup DNS server and I'd like to slow down outbound traffic on port 80. How do I limit bandwidth allocation to http service 5Mbps (burst to 8Mbps) at peak times so that DNS and other service will not go down due to heavy activity under Linux operating systems?

Chef is a systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

The AVG Rescue CD is a powerful must-have toolkit for the rescue and repair of infected machines. It provides essential utilities for system administrators and other IT professionals and includes the following features:

Comprehensive administration toolkit
System recovery from virus and spyware infections
Suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems)
Ability to perform a clean boot from CD or USB stick
Free support and service for paid license holders of any AVG product
FAQ and Free Forum self-help support for AVG Free users

linuxjournal: Tech Tip: Periodically Update Your MOTD with update-motd - This tech tip provides you with information on how to cu... http://ow.ly/169u44