Monday, December 31, 2012

The Linux Auditing System: auditd

The Linux Auditing System provides system call auditing. The auditing is performed by a server called auditd, with logs saved to the /var/log/audit directory. It is designed to complement SELinux, which saves its messages to the auditd log in the /var/log/audit/audit.log file. The audit logging service provides specialize logging for services like SELinux. Logs are located at /var/log/audit. To refine the auditing, you can create audit rules to check certain system calls like those generated by a specific user or group. Configuration for auditd is located in both the /etc/auditd.conf and the /etd/sysconfig/auditd files. Primary configuration is handled with /etc/auditd.conf, which holds such options like the log file name, the log format, the maximum size of log files, and actions to take when disk space diminishes. See the auditd.conf manual page for a detailed description of all options. The /etc/sysconfig/auditd file sets server startup options and locale locations such as en_US.
The audit package includes the auditd server and three commands i.e. autrace, ausearch and auditctl. You use ausearch to query the audit logs. You can search by various IDs, by process, user, group, or event, as well as by filename or even time or date. Check the ausearch manual page for a complete listing. autrace is a specialized tool that lets you trace a specific process. It operates similar to strace, recording the system calls and actions of a particular process.
Fig. Auditd components

You can control the behavior of the auditd server with the auditctl tool. With auditctl,
you can turn auditing on or off, check the status and add audit rules for specific events.
Check the auditctl manual page for a detailed description.
Audit rules are organized into predetermined lists with a specific set of actions for
system calls. Currently there are three lists: task, entry, and exit, and three actions: never, always, and possible. When adding a rule, the list and action are paired, separated by a comma, as in: exit, always.
To add a rule you use the -a option. With the -S option you can specify a particular
system call, and with the -F option you can specify a field. There are several possible fields you can use, such as loginuid (user login ID), pid (process ID), and exit (system call exit value). For a field you specify a value, such as loginuid=510 for the user with a user login ID of 510. The following rule, as described in the documentation, checks all files opened by  a particular user: 

auditctl -a exit,always -S open -F loginuid=510

Place rules you want loaded automatically in the /etc/auditd.rules. The sample.rules
file in the /usr/share/doc/auditd* directory lists rule examples. You can also create a specific file of audit rules and use auditctl with the -R option to read the rules from it.


Basically computer virus is set of instruction which copies itself continuously as soon as it is executed. Computer virus occupies whole space in main memory (RAM) results in no space for executing other programs, thus system performance degrades drastically. This is general example of how virus works. Virus will not affect the system performance every time; it basically depends on what code the virus program has been written.
To understand the virus behavior we will create a virus for UBUNTU (UNIX) using C program. Look at the code given below, make the same in Ubuntu and run using the following steps.

int main()
system("gcc filename.c");
return 0;

It will not cause damage to your system. It is just simulating program for understanding the virus behavior.
 Steps to run virus:
1. Make the same C file with above code.
2. To Compile type “gcc  filename.c –o virus” in terminal.
3. To run type“./virus ” and look what happens.

You have to execute it once then look what happens. It will never stop executing until the whole space of memory is not occupied by it. We cannot stop the execution of this program. Because it will not leave space in main memory to execute other programs. Now we will look what happened after execution of this file shown in fig 1. 
Fig 1. output after running above code

Friday, December 28, 2012


In current era, Windows users are migrating from Windows os to Linux Operating System. Because everything which we had in windows, are also available in all Linux distros, with some great features. And if we don’t have sort of things available in Linux os then we can easily install it in Linux and also we can access Windows software’s through Wine.
Most probably when Windows users are migrated to Linux they have problem with fonts, which are available in Windows but not in Linux. This problem can be solved in two ways. First way is that we can directly download the required fonts and second way is that we can install those fonts through Linux Terminal.

First Way: - Download and Install Fonts. (Install Book-Antiqua font in Ubuntu 11.10)

Step 2: - Open .Zip file with Archive Manager.
Fig1 : Opening of .zip file
 Step 3: - Extract .Zip file as shown below. 
Fig2 : Extracting file
 Step 4: - Select Location to extract file.
Fig3: Selection of Location
 Step 5: - Extract file. (Wait until its shows extraction complete successfully)

Fig4: After Extracting a file

 Step 6: - Open Font file and Click on Install font and wait for some time, after installation of font, it will show “Installed”.

Fig5: Installing of font
 Step 7:- For checking font is installed or not open Libre Office Writer and check font in your font List.

Fig : Libre Office Writer

Second way:-

I will recommend you to install the Microsoft TrueType core fonts. To install them type the following command on a terminal:

              sudo apt-get install msttcorefonts
This will install fonts like Arial, Times New Roman and other Microsoft proprietary fonts. It will not however install Tahoma. Sometimes this server is really busy or down so be patient.
Also there are some Java fonts like Lucida that you can install. This requires the 1.5 JRE to be installed. To install them type the following in a terminal.

             sudo apt-get install sun-java5-fonts

All the fonts you will use in Ubuntu are stored in two places:-
2-> ~/.fonts

I recommend you install them in the First Location. Reason behind is that if you install them to your /home directory they will not be accessible from another account on the computer. So you can directly install all your fonts in above locations. I hope it will help you.


VHD (Virtual Hard Disk) is the type of the file which represents a virtual hard drive (HDD). It has all those features which we find on our normal hard drive. It includes features like disk partitions & file systems, which consists of files and folders. This format was created by Connectix, later was modified by Microsoft, for what is now known as Microsoft virtual machine. A Virtual Hard Disk (VHD) allows multiple operating systems to reside on a single host machine. Creating VHD helps us in securing the data on our hard disk.

Steps for Creation of Virtual Hard Disk on Windows 7:

Step1. This process creates virtual disks in the .VHD format where the minimum size is 3MB. To begin, Right-click on My Computer and select to Manage. Alternately, you can type diskmgmt.msc into the Start search box and enter.

Fig.1. Manage option

Step 2. The Computer Management screen opens then click on Disk Management and then Action and Create VHD

Fig 2. Action menu

Step3.Browse to the directory you want the disk to reside, choose the size you want it to be, and select dynamic or a fixed. If you want the disk to expand in size as you add files to it, then pick dynamically expanding. Check Fixed size if you want a specific size and for it to stay that way.

      Fig 3. Action menu
step4: In Disk Management you will see the virtual drive listed as unallocated space.        
step5: To begin using it you’ll need to Right-click and select Initialize Disk.

3vhd1      Fig 4. Initialize option

Step6: In the initialize disk box just keep MBR selected and hit OK.
Step7: Creating a New Volume
To create a volume by Right-clicking the unallocated space and select New Simple Volume.
Step8: Choose the amount of space you want to use for the volume.

10vhd                                                          Fig 5. Volume size window

Step9: Assign it a drive letter that is not currently being used.
Step10: Format the new volume as NTFS, FAT32, or FAT. Check if you want a quick format and file compression.
12vhdFig 6. Format volume window

Step 10: The wizard is complete, click on Finish.
Step 11: If you have AutoPlay enabled, it should pop up for you to open up your new virtual hard disk.

sshot20091021013653         Fig 7. Autoplay window

Step 12: It will be listed with the other disks in Disk Management.

14vhd                                                     Fig 8. New volume will be added

Follow the above steps and your VHD (virtual hard disk) is ready.