Mỗi tuần một tiện ích

English | Vietnamese

Rules

Main Forum

Portal

Member Listing

Statistics

Search

Reading Room
[Register]

Login [ | https ]

Forum Index

Thảo luận hệ điều hành Windows

Mỗi tuần một tiện ích

[Question] Mỗi tuần một tiện ích	23/07/2011 17:48:35 (+0700) \| #61 \| 243993

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ tên: Nepenthes
+/ chức năng: versatile tool to collect malware by emulating widespread vulnerabilities
+/ mô tả:
Nepenthes is a low interaction honeypot which emulates known vulnerabilities
to collect information about potential attacks. It is designed to emulate
vulnerabilities worms use to spread, and to capture these worms. As there are
many possible ways for worms to spread, Nepenthes is modular. There are
module interface to
* resolve dns asynchronous
* emulate vulnerabilities
* download files
* submit the downloaded files
* trigger events (sounds abstract and it is, but is still quite useful)
* shellcode handler
+/ homepage, doc, down: http://nepenthes.carnivore.it/

1/ LÀM ƠN "Đọc kĩ hướng dẫn sử dụng trước khi dùng".
2/homepage: trước khi hỏi thì LÀM ƠN tìm kiếm. Vì để biết nhiều hơn thì ai cũng phải đọc "VỪNG ƠI MỞ RA"
Hỏi FAQ thì lên asking.vn mà hỏi

[Question] Mỗi tuần một tiện ích	24/07/2011 09:55:49 (+0700) \| #62 \| 244020

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ tên : metche
+/ chức năng - google key: configuration monitor to ease collective administration
+/ mô tả:
metche monitors changes made to a "system state" composed of:
- a "watched" directory (typically: /etc)
- one or more user maintained changelog files
(e.g. /root/Changelog)
- the state of Debian packages and versions (using apt-show-versions)
by periodically:
- saving backups of the corresponding files
- emailing the changes in the system state to your administrators'
mailing list
+/download: trên repository của ubuntu, debian.
+/ tài liệu; đọc man, đọc trên /usr/share/doc/metche
ps: ngoài ra còn có logtail, log-analysis, splunk, logtools ....v...v..

[Question] Mỗi tuần một tiện ích	03/08/2011 07:12:00 (+0700) \| #63 \| 244500

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ tên - chức năng : Bless - A full featured hexadecimal editor
Bless is a high quality, full featured hex editor.
It is written in mono/Gtk# and its primary platform is GNU/Linux. However it should be able to run without problems on every platform that mono and Gtk# run.
+/ mô tả :
Bless currently provides the following features:

Efficient editing of large data files and block devices.
Multilevel undo - redo operations.
Customizable data views.
Fast data rendering on screen.
Multiple tabs.
Fast find and replace operations.
A data conversion table.
Advanced copy/paste capabilities.
Highlighting of selection pattern matches in the file.
Plugin based architecture.
Export of data to text and html (others with plugins).
Bitwise operations on data.
A comprehensive user manual.

+/home page, document, download:
http://home.gna.org/bless/
có trên apt repository của ubuntu.
*/ To build and run the latest version of Bless you need:
Mono >= 1.1.14 and Gtk#2 >= 2.8: http://www.mono-project.com

[Question] Mỗi tuần một tiện ích	03/08/2011 07:20:49 (+0700) \| #64 \| 244501

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ Tên - chức năng : fwsnort - Snort-to-iptables rule translator
+/ Mô tả:
Fwsnort translates Snort rules into equivalent iptables rules and
generates a shell script that implements the resulting iptables
commands.

This allows network traffic that matches Snort signatures to be logged
and/or dropped by iptables directly without putting any interface into
promiscuous mode or queuing packets from kernel to user space.

Trên trang chủ: http://www.cipherdyne.org/fwsnort/
fwsnort accepts command line arguments to restrict processing to any particular class of snort rules such as "ddos", "backdoor", or "web-attacks". Processing can even be restricted to a specific snort rule as identified by its "snort id" or "sid". fwsnort makes use of the IPTables: smilie

arse module to translate snort rules for which matching traffic could potentially be passed through the existing iptables ruleset. That is, if iptables is not going to pass, say, HTTP traffic, then fwsnort will not include HTTP signatures within the iptables rule set that it builds. Because iptables - being a firewall - runs inline to network traffic by definition, fwsnort can build an iptable rule set that not only logs attacks but also drops packets and resets connections as well.

fwsnort was the subject of a featured security article "Basic Intrusion Prevention using Content-based Filtering" on linuxsecurity.com, and has also appeared in SysAdmin Magazine in the article "Content Filtering and Inspection with fwsnort and psad". fwsnort is also featured in the book " Troubleshooting Linux(R) Firewalls" by Michael Shinn and Scott Shinn, and published by Addison Wesley, and a complete treatment of fwsnort can be found in " Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort" published by No Starch Press.

Data replacement patches for the iptables string match extension can be found here (2.4 kernels only): libipt_string patch, ipt_string kernel patch. Together these patches emulate the replace keyword in Snort_inline by adding two new iptables command line options, "--replace-string" and "--replace-hex-string". All data replacement is performed within the kernel. See my DEFCON 12 presentation for more information.

Here is an example of a translated Snort ® rule from the /etc/fwsnort/fwsnort.sh script that fwsnort builds. This is a basic Snort ® rule that looks for attempts to execute the gcc compiler via a webserver, and note how fwsnort uses the string match extension as well as the iptables comment match (so that the rule ID is included whenever the iptables policy is listed from the command line):

### alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-ATTACKS /usr/bin/gcc command attempt"; flow:to_server,established; content:"/usr/bin/gcc"; nocase; classtype:web-application-attack; sid:1341; rev:5
$IPTABLES -A FWSNORT_FORWARD_ESTAB -p tcp --dport 80 -m string --string "/usr/bin/gcc" --algo bm -m comment --comment "sid:1341; msg:WEB-ATTACKS /usr/bin/gcc command attempt; classtype:web-application-attack; rev:5; FWS:1.0.2;" -j LOG --log-ip-options --log-tcp-options --log-prefix "[5] SID1341 ESTAB "
$IPTABLES -A FWSNORT_INPUT_ESTAB -p tcp --dport 80 -m string --string "/usr/bin/gcc" --algo bm -m comment --comment "sid:1341; msg:WEB-ATTACKS /usr/bin/gcc command attempt; classtype:web-application-attack; rev:5; FWS:1.0.2;" -j LOG --log-ip-options --log-tcp-options --log-prefix "[5] SID1341 ESTAB "

+/ download: http://www.cipherdyne.org/fwsnort/download/
+/ document: http://www.cipherdyne.org/fwsnort/docs/
+/ source code : http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwsnort.git;a=summary
* Chú ý: cần đọc thêm về snort, iptables. Sẽ không chịu bất cứ trách nhiệm nào nếu bạn đọc không kĩ hay làm ẩu với chương trinh này.

[Question] Mỗi tuần một tiện ích	03/08/2011 07:35:28 (+0700) \| #65 \| 244503

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ Tên - Chức năng: xtail : like "tail -f", but works on truncated files, directories, more
+/ Mô tả:
xtail watches the growth of files. It's like running a "tail -f" on
a bunch of files at once. It notices if a file is truncated and starts
from the beginning. You can specify both filenames and directories on
the command line. If you specify a directory, it watches all the files
in that directory. It will notice when new files are created (and
start watching them) or when old files are deleted (and stop watching
them).

Note that xtail isn't a graphical (X11) program, it runs on a plain tty.
The name likely comes from "eXtended tail" or such.
+/ Download: http://linux.softpedia.com/get/Utilities/xtail-20045.shtml, debian repository
tài liệu đọc trong file manual, helpme.

[Question] Mỗi tuần một tiện ích	03/08/2011 15:18:58 (+0700) \| #66 \| 244524

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ Tên - chức năng: Cherokee - Very fast, flexible and easy to configure web server
+/ Mô tả:
Cherokee is a very fast, flexible and easy to configure Web Server.
It supports the widespread technologies nowadays: FastCGI, SCGI, PHP,
CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication,
on the fly encoding, Apache compatible log files, HTTP Load Balancing,
Data Base Balancing, SSI, Reverse HTTP Proxy and much more.

Cherokee also provides an easy to use configuration interface that
allows to configure the server from top to bottom without having to
edit a text configuration file.

This package contains the server and essential handlers.
+/ home page, document, download:
http://www.cherokee-project.com/
wiki: http://en.wikipedia.org/wiki/Cherokee_%28webserver%29
+/ license: GPL

[Question] Mỗi tuần một tiện ích	18/10/2011 05:06:59 (+0700) \| #67 \| 248789

conmale
Administrator

Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline

Clonezilla (http://clonezilla.org/) là một open source "Ghost" software (tương tự như Symantec Ghost). Nó hỗ trợ các file systems sau:

1. ext2, ext3, ext4, reiserfs, reiser4, xfs, jfs trên GNU/Linux
2. FAT, NTFS trên Windows
3. HFS+ trên Mac OS
4. UFS trên FreeBSD, NetBSD và OpenBSD
5. VMFS3/4 trên VMWare ESX

Hệ điều hành: Windows và Linux

Download: http://clonezilla.org/downloads.php

Tài liệu hướng dẫn: http://drbl.org/faq/

Chú ý: đọc kỹ tài liệu hướng dẫn trước khi dùng. Bạn hoàn toàn chịu trách nhiệm cho bất cứ sự cố nào xảy ra do tắc trách và do không tham khảo tài liệu cẩn thận.

What bringing us together is stronger than what pulling us apart.

[Question] Mỗi tuần một tiện ích	12/04/2012 11:04:12 (+0700) \| #68 \| 261236

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ Tên - mô tả, chức năng:
iplist - iplist is a Linux application for blocking connections to and from a specified range of hosts using the netfilter netlink-queue library. Iplist is an open source IP filtering program similar to PeerGuardian for Linux.
+/ document: http://iplist.sourceforge.net/documentation.html
+/ trang chủ: http://iplist.sourceforge.net/
ps: ngoài ra còn có freeware tương tự tìm với google key: ipblock
Ipblock: http://downloadsquad.switched.com/2007/12/26/ipblock-a-peerguardian-alternative-for-linux/

[Question] Mỗi tuần một tiện ích	15/04/2012 22:18:52 (+0700) \| #69 \| 261450

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ Chức năng và google key word: Copy utility ignoring errors
+/ Tên: safecopy.
+/ Mô tả:
Safecopy is a data recovery tool which tries to extract as much data as
possible from a seekable, but problematic (i.e. damaged sectors) source - like
floppy drives, harddisk partitions, CDs, ..., where other tools like dd would
fail due to I/O errors.
+/ Home page, download, doc:
http://safecopy.sourceforge.net/
ps: googling ra rất nhiều apps tương tự: http://linuxappfinder.com/backupandrecovery/recovery

[Question] Mỗi tuần một tiện ích	15/04/2012 22:33:11 (+0700) \| #70 \| 261453

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ Trang chủ, mô tả, document: http://code.google.com/codejam/
+/ tên: jam, code jam
+/ mô tả sơ lược:
Software-build tool, replacement for make
Perforce's Jam (formerly called Jam/MR) is a powerful and highly
customizable utility to build programs and other things, that can run
on Un*x, Nt, VMS, OS/2 and Macintosh MPW, using portable Jamfiles.
It can build large projects spread across many directories in one
pass, and can run jobs in parallel where make would not.

It takes some time to fully apprehend, especially when one's already
accustomed to make(1), but there's no comparison in power when
comparing these two tools.

Standard rules:
- can automatically extract header dependencies for C/C++ (you can
customize for you own language)
- provide for automatic "clean", "install", "uninstall" rules,
so that an automake-like tool is not needed

[Question] Mỗi tuần một tiện ích	25/04/2012 11:02:58 (+0700) \| #71 \| 262033

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

Chắc nginx là reverse proxy quá nổi tiếng rồi nhưng thêm 1 cái tương tự cho ae so sánh, test thì càng tốt smilie

+/ tên: haproxy
+/ chức năng:
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. It features connection persistence through HTTP
cookies, load balancing, header addition, modification, deletion both ways. It
has request blocking capabilities and provides interface to display server
status.
+/ home, doc, download:
http://haproxy.1wt.eu/
thêm 1 trang document nữa k0 biết có phải haproxy k0:
http://code.google.com/p/haproxy-docs/
+/ guide cho debian lenny:
http://www.howtoforge.com/setting-up-a-high-availability-load-balancer-with-haproxy-keepalived-on-debian-lenny
+/ so sánh qua nginx vs haproxy:
còn lại có thê google thêm: nginx vs haproxy
http://affectioncode.wordpress.com/2008/06/28/another-comparison-of-haproxy-and-nginx/

[Question] Mỗi tuần một tiện ích	02/05/2012 21:32:42 (+0700) \| #72 \| 262327

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/ tên: slack
+/ trang chủ: http://code.google.com/p/slack/
mô tả trên trang chủ:
slack is an evolution from the usual "put files in some central directory" that is fairly common practice. It's descended from an earlier system its author also wrote, called "subsets", and uses a multi-stage rsync to fix some of the problems he had there.

Basically, it's a glorified wrapper around rsync.
+/ mô tả trong synaptic của ubuntu 11.10:
configuration management program for lazy admins

slack tries to allow centralized configuration management with a bare
minimum of effort. Usually, just putting a file in the right place
will cause the right thing to be done. It uses rsync to copy files
around, so can use any sort of source (NFS directory, remote server
over SSH, remote server over rsync) that rsync supports.

[Article] Mỗi tuần một tiện ích	04/05/2012 21:32:27 (+0700) \| #73 \| 262467

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

thấy thằng này lâu rồi nhưng bận linh tinh chưa kịp mò thông tin về nó smilie

trang chủ: https://launchpad.net/arkose
trên trang chủ: Desktop application containers made user friendly.

Arkose is currently made of:
- arkose: Command line utility with C helper
- arkose-gui: GUI for integration in the gnome desktop (Similar to the Run dialog)
- arkose-nautilus: Nautilus integration
- arkose-wrapper: Wrapper for regular apps to have them start in a container

It basically lets you start any installed binary in a configurable container. You can choose how much disk space you want to give it, if it should have network access and if it should be able to access your /home.
Changes are stored through copy-on-write using aufs2, so the sandboxed application won't notice it's not running directly on your laptop but you'll be protected from most harm it could make.

Ban nãy update cho lubuntu 11.10 mirror vn.ubuntu.archive.com search sandbox thấy có thằng này trong synaptic.
Arkose - Desktop Application Sandboxing

arkose is a tool which lets you easily create
containers with copy-on-write support using the
namespace capabilities of recent Linux kernels.
This package contains the command line tool.
ps: mong chờ đã lâu cuối cùng thì linux, ubuntu cũng có sandbox smilie

[Question] Mỗi tuần một tiện ích	02/07/2012 13:05:40 (+0700) \| #74 \| 265943

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

+/tên, trang chủ: zerowine - http://zerowine.sourceforge.net/

+/ mô tả:

Zero wine is an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program.

The output generated by wine (using the debug environment variable WINEDEBUG) are the API calls used by the malware (and the values used by it, of course). With this information, analyzing malware's behavior turns out to be very easy.
+/Download: có thể down từ trang chủ, hay cài từ git cũng được.

ps: Thích cái này hơn cuckko vì e thích qemu hơn virtual box, qemu benchmark kiểu gì cũng cao điểm hơn virtual box nhiều.

[Question] Mỗi tuần một tiện ích	02/07/2012 13:06:44 (+0700) \| #75 \| 265942

m3onh0x84
Member

Joined: 29/11/2007 15:22:21
Messages: 467
Location: lang thang 4 biển
Offline

Go to:

Users currently in here
1 Anonymous