My Notes

Thursday, February 8, 2018

How to install Raspbian Stretch to SD Card for Raspberry-pi using Windows (bonus how to unlock SD Card using Windows)

You need to download Raspbian Stretch from https://www.raspberrypi.org/downloads/
File 2017-11-29-raspbian-stretch.zip size: 1.64 GB (1,764,972,666 bytes)

Extract it.
File 2017-11-29-raspbian-stretch.img size: 4.58 GB (4,919,918,592 bytes)

Download and install Win32 Disk Imager from https://sourceforge.net/projects/win32diskimager/.

Step to write your Raspbian Stretch image into SD Card:

Put your SD Card into slot and run Win 32 Disk Imager.
Select image files and point device to your SD Card.
Click Write and wait until it finish. It will take some times, the image size is big :).

It takes 5-10 minues on my PC.

In case your SD Card state Write Protect or something like that, and you are sure that your SD Card switch is Unlock please follow these to unlock your SD Card (bonus):

Caution: Use with your own risk! These instructions below may destroy your existing system/data on your hard drive if not careful.

A. Remove SD Card protection policy by running regedit

Open Computer -> HKEY_LOCAL_MACHINE -> System -> Current Control Set -> Control
Create (if not exist) or edit Storage Device Policies to DWORD (32 bit) Value to 0
Restart your windows

B. Unlock and remove any partition on SD Card

Run diskpart
Microsoft DiskPart version 10.0.16299.15
Copyright (C) Microsoft Corporation.
On computer: DEDET2013
List your disk (CAUTION: Please read/select your disk carefully otherwise you may remove partition on your hard drive)
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 451 MB *
Disk 1 Online 7580 MB 3072 KB
Choose/select your sd card
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 451 MB *
* Disk 1 Online 7580 MB 3072 KB
It will mark * for selected disk, now you can unlock and remove any partition on selected disk.
DISKPART> clean
DiskPart succeeded in cleaning the disk.
Exit diskpart by type exit command
DISKPART> exit

Running Raspberry Stretch for first time:

Default user is pi with password raspberry, to change default password for pi user:
$ passwd
Set password for root:
$ sudo passwd root

References:

https://www.raspberrypi.org/documentation/installation/installing-images/
https://www.raspberrypi.org/documentation/installation/installing-images/windows.md
https://www.easeus.com/storage-media-recovery/remove-write-protection-in-windows-10-8-7.html

Sunday, January 21, 2018

Detecting DNS flood using dns-flood-detector

You need to install dns-flood-detector
# apt-get install dns-flood-detector

dns-flood-detector will give you warning in dmesg something like:
[1309426.142779] TCP: request_sock_TCP: Possible SYN flooding on port 53. Sending cookies. Check SNMP counters.

To show where it is come from
# /etc/init<dot>d/dns-flood-detector status
* dns-flood-detector<dot>service - LSB: start and stop the dns-flood-detector daemon
Loaded: loaded (/etc/init<dot>d/dns-flood-detector; generated; vendor preset: enabled)
Active: active (running) since Fri 2018-01-05 14:25:46 WIB; 2 weeks 1 days ago
Docs: man:systemd-sysv-generator(8)
Tasks: 2 (limit: 4915)
CGroup: /system<dot>slice/dns-flood-detector<dot>service
`-475 /usr/bin/dns-flood-detector -d -v -v -t5 -w3
Jan 20 18:09:20 mars dns_flood_detector[475]: source [66<dot>220<dot>156<dot>144] - 3 tc…AA]
Jan 20 18:09:23 mars dns_flood_detector[475]: source [173<dot>252<dot>90<dot>118] - 3 tc…AA]
Warning: Journal has been rotated since unit was started<dot> Log output is incomplete or unavailable<dot>
Hint: Some lines were ellipsized, use -l to show in full<dot>

or
# service dns-flood-detector status
* dns-flood-detector<dot>service - LSB: start and stop the dns-flood-dete
ctor daemon
Loaded: loaded (/etc/init<dot>d/dns-flood-detector; generated; vendor preset: ena
bled)
Active: active (running) since Fri 2018-01-05 14:25:46 WIB; 2 week
s 1 days ago
Docs: man:systemd-sysv-generator(8)
Tasks: 2 (limit: 4915)
CGroup: /system<dot>slice/dns-flood-detector<dot>service
`-475 /usr/bin/dns-flood-detector -d -v -v -t5 -w3
Jan 20 18:09:20 mars dns_flood_detector[475]: source [66<dot>220<dot>156<dot>144] -
3 tcp qps : 3 udp qps [1 qps A] [5 qps AAAA]
Jan 20 18:09:23 mars dns_flood_detector[475]: source [173<dot>252<dot>90<dot>118] -
3 tcp qps : 3 udp qps [1 qps A] [5 qps AAAA]
Warning: Journal has been rotated since unit was started<dot> Log output is incomple
te or unavailable<dot>

Lets we find out who they are
# whois 66<dot>220<dot>156<dot>144
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=66<dot>220<dot>156<dot>144?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 66<dot>220<dot>144<dot>0 - 66<dot>220<dot>159<dot>255
CIDR: 66<dot>220<dot>144<dot>0/20
NetName: TFBNET3
NetHandle: NET-66-220-144-0-1
Parent: NET66 (NET-66-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS32934
Organization: Facebook, Inc<dot> (THEFA-3)
RegDate: 2009-02-13
Updated: 2012-02-24
Ref: https://whois<dot>arin<dot>net/rest/net/NET-66-220-144-0-1
...

and
# whois 173<dot>252<dot>90<dot>118
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=173<dot>252<dot>90<dot>118?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 173<dot>252<dot>64<dot>0 - 173<dot>252<dot>127<dot>255
CIDR: 173<dot>252<dot>64<dot>0/18
NetName: FACEBOOK-INC
NetHandle: NET-173-252-64-0-1
Parent: NET173 (NET-173-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS32934
Organization: Facebook, Inc<dot> (THEFA-3)
RegDate: 2011-02-28
Updated: 2012-02-24
Ref: https://whois<dot>arin<dot>net/rest/net/NET-173-252-64-0-1

Ops they are Facebook.inc :D

Lets we block it
# ipset add mynetrules 66<dot>220<dot>156<dot>144
# ipset add mynetrules 173<dot>252<dot>90<dot>118
# iptables -L | grep mynetrules
DROP all -- anywhere anywhere match-set mynetrules src

These are how to block class C
Jan 21 10:11:31 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>119] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>125] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>126] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>123] - 3 t…AA]

Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>124] - 3 t…AA]

Just check one of them
# whois 173<dot>252<dot>124<dot>124
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=173<dot>252<dot>124<dot>124?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 173<dot>252<dot>64<dot>0 - 173<dot>252<dot>127<dot>255
CIDR: 173<dot>252<dot>64<dot>0/18
NetName: FACEBOOK-INC
NetHandle: NET-173-252-64-0-1
Parent: NET173 (NET-173-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS32934
Organization: Facebook, Inc<dot> (THEFA-3)
RegDate: 2011-02-28
Updated: 2012-02-24
Ref: https://whois<dot>arin<dot>net/rest/net/NET-173-252-64-0-1

Lets we block it
# ipset add mynetrules 173<dot>252<dot>124<dot>0/24

Friday, January 12, 2018

Using incron to monitor/watch a directory/folder

Requirement:

kernel 2.6.13 or later

Note:

"Note: It is important to know that incron is not recursive, so you need to manually add all sub-directories you want it to watch"
"There are two categories of tables: system tables (with root privileges) and user tables (with user privileges)."
"Each user has their own table, and commands in any given incrontab will be executed as the user who owns the incrontab. System users (such as apache, postfix, nobody etc.) may have their own incrontab."
"Please remember that the same path may occur only once per table (otherwise only the first occurrence takes effect and an error message is emitted to the system log)."

Installation
# apt-get install incron

General use
<path> <mask> <command>

<mask>
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
Special Events
IN_ALL_EVENTS Combines all of the above events
IN_DONT_FOLLOW Don't dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Wildcard Event
IN_NO_LOOP Disable monitoring of events until the current event is handled completely (until its child process exits – avoids infinite loops)

Wildcards
$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)

Add/edit user
# vi /etc/incron.allow
myuser

Status incron
# service incron status
* incron.service - file system events scheduler
Loaded: loaded (/lib/systemd/system/incron.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-01-12 07:44:06 WIB; 33min ago
Process: 7935 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
Main PID: 7936 (incrond)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/incron.service
`-7936 /usr/sbin/incrond

Test using user myuser

Create folder testincron under directory /home/myuser
$ mkdir testincron
$ ls /home/myuser/testincron

Create script to log change in testincron directory
$ vi testincron.sh
#!/bin/bash
echo "wildcard test: $1 $2 $3 $4 $5" >> /home/myuser/myincron.log

Make script to run
$ chmod u+x testincron.sh

Ereate/edit incrontab
$ incrontab -e
/home/myuser/testincron IN_ALL_EVENTS /home/myuser/testincron.sh $$ $@ $# $% $&

Create and delete example.txt in directory /home/myuser/testincron and see the log file
$ touch /home/myuser/testincron/example.txt
$ rm /home/myuser/testincron/example.txt
$ cat /home/myuser/myincron.log
wildcard test: $ /home/myuser/testincron example.txt IN_CREATE 256
wildcard test: $ /home/myuser/testincron example.txt IN_OPEN 32
wildcard test: $ /home/myuser/testincron example.txt IN_ATTRIB 4
wildcard test: $ /home/myuser/testincron example.txt IN_CLOSE_WRITE 8
wildcard test: $ /home/myuser/testincron IN_OPEN,IN_ISDIR 1073741856
wildcard test: $ /home/myuser/testincron IN_ACCESS,IN_ISDIR 1073741825
wildcard test: $ /home/myuser/testincron IN_CLOSE_NOWRITE,IN_ISDIR 1073741840
wildcard test: $ /home/myuser/testincron example.txt IN_DELETE 512

To display date in yyyymmdd hh:mm:ss edit testincron.sh:
$ vi testincron.sh
#!/bin/bash
echo "$(date +%Y%m%d' '%H:%M:%S): $1 $2 $3 $4 $5" >> /home/myuser/myincron.log

References:

http://www.linux-magazine.com/Issues/2014/158/Monitoring-with-incron
https://linux.die.net/man/5/incrontab
https://www.linux.com/learn/how-use-incron-monitor-important-files-and-folders
https://www.garron.me/en/linux/use-incron-rsync-dropbox-backup.html

Friday, January 5, 2018

Debian Stretch: Install Genymotion

Requirement: VirtualBox 5.0.28

To install Genymotion:

Download genymotion from https://www.genymotion.com/ (you need account to access download page).
$ ./Downloads/genymotion-2.11.0-linux_x64.bin
Installing for current user only. To install for all users, restart this installer as root.

Installing to folder [/home/username/genymotion]. Are you sure [y/n] ? y

- Trying to find VirtualBox toolset .................... OK (Valid version of VirtualBox found: 4.3.36_Debianr105129)
- Extracting files .....................................
OK (Extract into: [/home/username/genymotion])
- Installing launcher icon ............................. OK

Installation done successfully.

You can now use these tools from [/home/username/genymotion]:
- genymotion
- genymotion-shell
- gmtool
To run genymotion
$ ./genymotion/genymotion
Logging activities to file: /home/dedetok/.Genymobile/genymotion.log

Note: You don't need root access to run genymotion.

References:

https://www.genymotion.com/

Debian Stretch: install virtual box from virtualbox.org repository

These are steps to install virtualbox from virtualbox.org repository:

Add virtualbox.org repository into system:
# echo 'deb http://download.virtualbox.org/virtualbox/debian stretch contrib' > /etc/apt/sources.list.d/virtualbox.list
Download and install virtualbox.org key
# wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
# apt-key add oracle_vbox_2016.asc
Update your system
# apt-get update
Install latest virtualbox (currently version 5.2)
# apt-get install virtualbox-5.2

References:

https://wiki.debian.org/VirtualBox