Getting More Out of Your College Linux System

by Silent Strider

The first day I discovered my college offered Linux and UNIX systems for students to use, I set out to learn more about what security precautions had been taken and what software was available.

Initially I was disappointed: Upon waking the machine, I was greeted with the GNOME Display Manager (GDM) login screen.  There was no option to choose a different display manager.  In fact, no other display managers were installed!  The machines are slow so, like any hacker, I would prefer a lightweight desktop for GUI tasks.

Let's skip the graphical login entirely and log in from a console.  Ctrl+Alt+F1 should do nicely.  Make a quick check for Trojans by sending a few Ctrl+D and log on.

I assume you have access to compiler tools, but you have one problem.  The sysadmin implemented quotas for the average user.  Luckily, you are not the average user.  You have a higher priority.

Before we start, we should "clear" the machine.

Run w, who, last and look for either users currently connected other than yourself or users who have logged in remotely recently.  Assuming this is a single-user machine, you should be the only user logged in.

You may want to run a script that monitors network activity of your machine in real time.  The following accomplishes that:

#!/bin/bash
while true; 
  do 
    netstat -tn > first 
    sleep 1
    netstat -tn > second 
    diff first second
done

Run the above in any terminal:

$ ./fsociety.sh
3c3
< tcp        0 3837384 192.168.1.115:934       192.168.1.113:2049      ESTABLISHED
---
> tcp        0      0 192.168.1.115:934       192.168.1.113:2049      ESTABLISHED
6d5
< tcp        0      0 192.168.1.115:55384     192.168.1.1:49155       ESTABLISHED
9d7
< tcp        0      0 192.168.1.115:55416     192.168.1.1:49155       ESTABLISHED
12,14d9
< tcp        0      0 192.168.1.115:55436     192.168.1.1:49155       ESTABLISHED
< tcp        0      0 192.168.1.115:55400     192.168.1.1:49155       ESTABLISHED
< tcp        0      0 192.168.1.115:37095     146.70.72.142:55002     ESTABLISHED
17d11
< tcp        0      0 192.168.1.115:55420     192.168.1.1:49155       ESTABLISHED
29d22
< tcp        0      0 192.168.1.115:55432     192.168.1.1:49155       ESTABLISHED
3c3
< tcp        0      0 192.168.1.115:934       192.168.1.113:2049      ESTABLISHED
---
> tcp        0 3882088 192.168.1.115:934       192.168.1.113:2049      ESTABLISHED

Changing the arguments to netstat from -tn to -tev will give you more verbose information.

Now that we've cleared the system, let's continue.

Jump into /tmp and make a directory to work in.  Name it something that won't draw attention.

For example, if a lot of users run GNOME/KDE you may have folders of the format orbit-username.  Make a directory of a similar format to blend in.  Quickly chmod this directory 700 to keep others out.

Inside your new /tmp folder, use Lynx or GNU Wget to download the Fluxbox source code from: fluxbox.sourceforge.net  (fluxbox-1.3.7.tar.gz)

Now untar and gunzip the archive.  Next, run ./configure --prefix=$HOME/fluxbox to install the application in your home directory.

$ tar xvzf fluxbox-1.3.7.tar.gz
fluxbox-1.3.7/
fluxbox-1.3.7/TODO
fluxbox-1.3.7/README
fluxbox-1.3.7/NEWS
 ...

$ cd fluxbox-1.3.7
$ ./configure --prefix=$HOME/fluxbox
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
 ...

$ make
/src/defaults_tmp.cc ./src/defaults.cc differ: byte 224, line 9
make  all-recursive
make[1]: Entering directory '/tmp/flux/fluxbox-1.3.7'
Making all in nls/C
 ...

$ make install

Assuming all goes well, you'll need to write your ~/.xinitrc file.  Don't forget to remove your /tmp folder!

My .xinitrc contains:

xterm&
xclock&
gnome-terminal&
exec $HOME/fluxbox/bin/fluxbox

Add whatever applications you like to the top.

Now, maybe you're wondering, if X11 is already running GDM, how do I run startx?  The answer is passing one argument: startx -- :1

Now that X Windows is running, you should make a few more changes.

Edit the following files found in your $HOME directory:

.login
.profile
.bashrc # Your shell configuration file

If you use GNOME Terminal, I recommend editing your profile and unchecking:

:update utmp/wtmp records when command is launched

This helps limit the info showing up in the logs about you.

When logging out, exit Fluxbox normally, and remember to always log out of the console and to switch back to the GDM by pressing Ctrl-Alt+F7.

Remember to chmod your home directory 700 to keep others out.  If it's 750 all students can view your files, and if it's 755 everyone can view your files.

Using /tmp is my first example of bypassing quotas.  But what if you like watching videos or listening to music but can't because of the lack of space?

Take a look at how much RAM your machine has and the size of the swap file.  Most machines at my university have 1 GB of RAM, and, I kid you not, one machine has a 20 GB swap partition.  Many programs allow the buffering of data in cache/memory/swap.  MPlayer for example.

If you run:

$ mplayer -cache 1000000 -cache-min 99 http://location.of.file

it will download 1 GB into RAM!

You can watch your movie and leave no trace of it on the hard drive.  Let the cache fill while you work; it'll start playing when it's done.

I'm curious if someone more knowledgeable than me could implement a file system within the swap space?  Some systems only go as far as a quota and leave memory usage unlimited.

Another trick to get around quotas is to look for all world writeable folders.

The find command can help you out:

$ find / -type d -perm -o+w -ls 2> /dev/null 1> worldwriteable.txt

All errors go to /dev/null and all world writeable directories will be in worldwriteable.txt.  Depending on what you find, you will have considerably more space at your disposal!

Another useful program is locate.  You can run:

$ updatedb --output /tmp/MyDB

to create a database you can search with locate.

I suggest copying it to a disk or a remote server.  You can search your locate database by passing the argument:

$ locate -d MyDB

I strongly suggest searching your user ID.  In doing so, I discovered my campus has an unpublished backup server that stores every deleted file.  I was not informed of its existence and if not for locate I never would have known.

I hope you enjoyed this article.

Remember, you are not an average user.  Limits do not apply to you.  Look for what they missed, and enjoy.
Return to $2600 Index