Posted by gmendoza on June 22, 2007 under Tech Tips | 
An OpenSSH server can be used as a SOCKS compliant proxy, allowing one to tunnel virtually any type of traffic via the SSH protocol. This is very useful when surfing the web on untrusted networks such as hotel internet services and wireless hotspots. You just never know who’s snooping in on your data.
All you need is external access to a trusted OpenSSH server, perhaps the one you have at home, work, etc. If you’re using your laptop to surf the internet at your local coffee shop, you’ll simply need to establish a connection to that external SSH server using the appropriate client variables, and configure your web browser’s proxy settings to connect to a locally defined TCP port. Read more of this article »
Posted by gmendoza on June 17, 2007 under Tech Tips |
NOTE (01-11-2009): This article refers to GRUB Legacy. GRUB 2 is a complete rewrite and it’s configuration is completely different than what is described below. This page will eventually be updated to include both Legacy and version 2 instructions.
If your system is using a default installation of GRUB as it’s boot loader, chances are it has not been set up with a password.
When at the GRUB menu, one can edit the kernel selection by highlighting the menu item, and pressing the “e” button. By editing the “kernel” entry, they can pass any number of boot variables and options. For instance, the options “init 1″ or “single” boot the operating system into “single user” mode (run level 1), which drops you into a root prompt with no authentication necessary.
For example, the kernel option would look like the following:
kernel /boot/vmlinuz-2.6.15-27-686 root=/dev/hda1 ro quiet init 1
or
kernel /boot/vmlinuz-2.6.15-27-686 root=/dev/hda1 ro quiet single
Ubuntu actually installs a “recovery” GRUB menu item already configured for you. How nice of them!
Of course, anyone with prolonged physical access to your server can do a lot more damage. Configuring a GRUB password can be likened to installing and locking your “screen door”. It can slow down or even discourage a potential intruder.
Instructions:
Step 1: Generate an MD5 hashed password using the “grub-md5-crypt” command line utility. Enter the command, and it will prompt you twice for any password of your choice.
grub-md5-crypt
Password: (enter password)
Retype password: (reenter password)
$1$aBQge1$oljHKOKAPuiOkvUTTzPc80
Step 2: Copy the resulting hash into /boot/grub/menu.lst using the following syntax:
password --md5 $1$aBQge1$oljHKOKAPuiOkvUTTzPc80
Step 3: Lock alternative boot options by changing the “lockalternatives” value to “true”. This option will make it mandatory for the administrative password to be entered prior to using the alternative menu item (recovery mode).
# lockalternative=true
Step 4: lock old kernel menu items, as they may have present their own security issues.
# lockold=true
Step 3: Save changes by updating grub, and then reboot to test.
sudo update-grub
You should notice that GRUB now instructs you to press “p” to enter a password in order for you to edit the kernel options, boot into single user mode or older kernels.