Getting More Out of Your College Linux System
by Silent Strider
The first day I discovered my college offered Linux and UNIX systems for students to use, I set out to learn more about what security precautions had been taken and what software was available.
Initially I was disappointed: Upon waking the machine, I was greeted with the GNOME Display Manager (GDM) login screen. There was no option to choose a different display manager. In fact, no other display managers were installed! The machines are slow so, like any hacker, I would prefer a lightweight desktop for GUI tasks.
Let's skip the graphical login entirely and log in from a console. Ctrl+Alt+F1 should do nicely. Make a quick check for Trojans by sending a few Ctrl+D and log on.
I assume you have access to compiler tools, but you have one problem. The sysadmin implemented quotas for the average user. Luckily, you are not the average user. You have a higher priority.
Before we start, we should "clear" the machine.
Run w, who, last and look for either users currently connected other than yourself or users who have logged in remotely recently. Assuming this is a single-user machine, you should be the only user logged in.
You may want to run a script that monitors network activity of your machine in real time. The following accomplishes that:
#!/bin/bash while true; do netstat -tn > first sleep 1 netstat -tn > second diff first second doneRun the above in any terminal:
$ ./fsociety.sh 3c3 < tcp 0 3837384 192.168.1.115:934 192.168.1.113:2049 ESTABLISHED --- > tcp 0 0 192.168.1.115:934 192.168.1.113:2049 ESTABLISHED 6d5 < tcp 0 0 192.168.1.115:55384 192.168.1.1:49155 ESTABLISHED 9d7 < tcp 0 0 192.168.1.115:55416 192.168.1.1:49155 ESTABLISHED 12,14d9 < tcp 0 0 192.168.1.115:55436 192.168.1.1:49155 ESTABLISHED < tcp 0 0 192.168.1.115:55400 192.168.1.1:49155 ESTABLISHED < tcp 0 0 192.168.1.115:37095 146.70.72.142:55002 ESTABLISHED 17d11 < tcp 0 0 192.168.1.115:55420 192.168.1.1:49155 ESTABLISHED 29d22 < tcp 0 0 192.168.1.115:55432 192.168.1.1:49155 ESTABLISHED 3c3 < tcp 0 0 192.168.1.115:934 192.168.1.113:2049 ESTABLISHED --- > tcp 0 3882088 192.168.1.115:934 192.168.1.113:2049 ESTABLISHEDChanging the arguments to netstat from -tn to -tev will give you more verbose information.
Now that we've cleared the system, let's continue.
Jump into /tmp and make a directory to work in. Name it something that won't draw attention.
For example, if a lot of users run GNOME/KDE you may have folders of the format orbit-username. Make a directory of a similar format to blend in. Quickly chmod this directory 700 to keep others out.
Inside your new /tmp folder, use Lynx or GNU Wget to download the Fluxbox source code from: fluxbox.sourceforge.net (fluxbox-1.3.7.tar.gz)
Now untar and gunzip the archive. Next, run ./configure --prefix=$HOME/fluxbox to install the application in your home directory.
$ tar xvzf fluxbox-1.3.7.tar.gz fluxbox-1.3.7/ fluxbox-1.3.7/TODO fluxbox-1.3.7/README fluxbox-1.3.7/NEWS ... $ cd fluxbox-1.3.7 $ ./configure --prefix=$HOME/fluxbox checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o ... $ make /src/defaults_tmp.cc ./src/defaults.cc differ: byte 224, line 9 make all-recursive make[1]: Entering directory '/tmp/flux/fluxbox-1.3.7' Making all in nls/C ... $ make installAssuming all goes well, you'll need to write your ~/.xinitrc file. Don't forget to remove your /tmp folder!
My .xinitrc contains:
xterm& xclock& gnome-terminal& exec $HOME/fluxbox/bin/fluxboxAdd whatever applications you like to the top.
Now, maybe you're wondering, if X11 is already running GDM, how do I run startx? The answer is passing one argument: startx -- :1
Now that X Windows is running, you should make a few more changes.
Edit the following files found in your $HOME directory:
.login .profile .bashrc # Your shell configuration fileIf you use GNOME Terminal, I recommend editing your profile and unchecking:
:update utmp/wtmp records when command is launchedThis helps limit the info showing up in the logs about you.
When logging out, exit Fluxbox normally, and remember to always log out of the console and to switch back to the GDM by pressing Ctrl-Alt+F7.
Remember to chmod your home directory 700 to keep others out. If it's 750 all students can view your files, and if it's 755 everyone can view your files.
Using /tmp is my first example of bypassing quotas. But what if you like watching videos or listening to music but can't because of the lack of space?
Take a look at how much RAM your machine has and the size of the swap file. Most machines at my university have 1 GB of RAM, and, I kid you not, one machine has a 20 GB swap partition. Many programs allow the buffering of data in cache/memory/swap. MPlayer for example.
If you run:
$ mplayer -cache 1000000 -cache-min 99 http://location.of.fileit will download 1 GB into RAM!
You can watch your movie and leave no trace of it on the hard drive. Let the cache fill while you work; it'll start playing when it's done.
I'm curious if someone more knowledgeable than me could implement a file system within the swap space? Some systems only go as far as a quota and leave memory usage unlimited.
Another trick to get around quotas is to look for all world writeable folders.
The find command can help you out:
$ find / -type d -perm -o+w -ls 2> /dev/null 1> worldwriteable.txtAll errors go to /dev/null and all world writeable directories will be in worldwriteable.txt. Depending on what you find, you will have considerably more space at your disposal!
Another useful program is locate. You can run:
$ updatedb --output /tmp/MyDBto create a database you can search with locate.
I suggest copying it to a disk or a remote server. You can search your locate database by passing the argument:
$ locate -d MyDBI strongly suggest searching your user ID. In doing so, I discovered my campus has an unpublished backup server that stores every deleted file. I was not informed of its existence and if not for locate I never would have known.
I hope you enjoyed this article.
Remember, you are not an average user. Limits do not apply to you. Look for what they missed, and enjoy.