Fix FTP active connection issues “Cannot create a data connection: No route to host” on ProFTPD Linux dedicated server


October 1st, 2019

proftpd-linux-logo

Earlier I've blogged about an encounter problem that prevented Active mode FTP connections on CentOS
As I'm working for a client building a brand new dedicated server purchased from Contabo Dedi Host provider on a freshly installed Debian 10 GNU / Linux, I've had to configure a new FTP server, since some time I prefer to use Proftpd instead of VSFTPD because in my opinion it is more lightweight and hence better choice for a small UNIX server setups. During this once again I've encounted the same ACTIVE FTP not working from FTP server to FTP client host machine. But before shortly explaining, the fix I find worthy to explain briefly what is ACTIVE / PASSIVE FTP connection.

 

1. What is ACTIVE / PASSIVE FTP connection?
 

Whether in active mode, the client specifies which client-side port the data channel has been opened and the server starts the connection. Or in other words the default FTP client communication for historical reasons is in ACTIVE MODE. E.g.
Client once connected to Server tells the server to open extra port or ports locally via which the overall FTP data transfer will be occuring. In the early days of networking when FTP protocol was developed security was not of such a big concern and usually Networks did not have firewalls at all and the FTP DATA transfer host machine was running just a single FTP-server and nothing more in this, early days when FTP was not even used over the Internet and FTP DATA transfers happened on local networks, this was not a problem at all.

In passive mode, the server decides which server-side port the client should connect to. Then the client starts the connection to the specified port.

But with the ever increasing complexity of Internet / Networks and the ever tightening firewalls due to viruses and worms that are trying to own and exploit networks creating unnecessery bulk loads this has changed …

active-passive-ftp-explained-diagram
 

2. Installing and configure ProFTPD server Public ServerName

I've installed the server with the common cmd:

 

apt –yes install proftpd

 

And the only configuration changed in default configuration file /etc/proftpd/proftpd.conf  was
ServerName          "Debian"

I do this in new FTP setups for the logical reason to prevent the multiple FTP Vulnerability Scan script kiddie Crawlers to know the exact OS version of the server, so this was changed to:

 

ServerName "MyServerHostname"

 

Though this is the bad security through obscurity practice doing so is a good practice.
 

3. Create iptable firewall rules to allow ACTIVE FTP mode


But anyways, next step was to configure the firewall to be allowed to communicate on TCP PORT 21 and 20 to incoming source ports range 1024:65535 (to enable ACTIVE FTP) on firewal level with iptables on INPUT and OUTPUT chain rules, like this:

 

iptables -A INPUT -p tcp –sport 1024:65535 -d 0/0 –dport 21 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 0/0 –dport 20 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 –sport 21 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 –sport 20 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED,RELATED -j ACCEPT


Talking about Active and Passive FTP connections perhaps for novice Linux users it might be worthy to say few words on Active and Passive FTP connections

Once firewall has enabled FTP Active / Passive connections is on and FTP server is listening, to test all is properly configured check iptable rules and FTP listener:
 

/sbin/iptables -L INPUT |grep ftp
ACCEPT     tcp  —  anywhere             anywhere             tcp spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
ACCEPT     tcp  —  anywhere             anywhere             tcp spts:1024:65535 dpt:ftp-data state NEW,ESTABLISHED
ACCEPT     tcp  —  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  —  anywhere             anywhere             tcp dpt:ftp-data

netstat -l | grep "ftp"
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN    

 

4. Loading nf_nat_ftp module and net.netfilter.nf_conntrack_helper (for backward compitability)


Next step of course was to add the necessery modules nf_nat_ftp nf_conntrack_sane that makes FTP to properly forward ports with respective Firewall states on any of above source ports which are usually allowed by firewalls, note that the range of ports given 1024:65535 might be too much liberal for paranoid sysadmins and in many cases if ports are not filtered, if you are a security freak you can use some smaller range such as 60000-65535.

 

Here is time to say for sysadmins who haven't recently had a task to configure a new (unecrypted) File Transfer Server as today Secure FTP is almost alltime used for file transfers for the sake of security might be puzzled to find out the old Linux kernel ip_conntrack_ftp which was the standard module used to make FTP Active connections work is substituted nowadays with  nf_nat_ftp and nf_conntrack_sane.

To make the 2 modules permanently loaded on next boot on Debian Linux they have to be added to /etc/modules

Here is how sample /etc/modules that loads the modules on next system boot looks like

cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
softdog
nf_nat_ftp
nf_conntrack_sane


Next to say is that in newer Linux kernels 3.x / 4.x / 5.x the nf_nat_ftp and nf_conntrack-sane behaviour changed so  simply loading the modules would not work and if you do the stupidity to test it with some FTP client (I used gFTP / ncftp from my Linux desktop ) you are about to get FTP No route to host errors like:

 

Cannot create a data connection: No route to host

 

cannot-create-a-data-connection-no-route-to-host-linux-error-howto-fix


Sometimes, instead of No route to host error the error FTP client might return is:

 

227 entering passive mode FTP connect connection timed out error


To make the nf_nat_ftp module on newer Linux kernels hence you have to enable backwards compatibility Kernel variable

 

 

/proc/sys/net/netfilter/nf_conntrack_helper

 

echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper

 

To make it permanent if you have enabled /etc/rc.local legacy one single file boot place as I do on servers – for how to enable rc.local on newer Linuxes check here

or alternatively add it to load via sysctl

sysctl -w net.netfilter.nf_conntrack_helper=1

And to make change permanent (e.g. be loaded on next boot)

echo 'net.netfilter.nf_conntrack_helper=1' >> /etc/sysctl.conf

 

5. Enable PassivePorts in ProFTPD or PassivePortRange in PureFTPD


Last but not least open /etc/proftpd/proftpd.conf find PassivePorts config value (commented by default) and besides it add the following line:

 

PassivePorts 60000 65534

 

Just for information if instead of ProFTPd you experience the error on PureFTPD the configuration value to set in /etc/pure-ftpd.conf is:
 

PassivePortRange 30000 35000


That's all folks, give the ncftp / lftp / filezilla or whatever FTP client you prefer and test it the FTP client should be able to talk as expected to remote server in ACTIVE FTP mode (and the auto passive mode) will be not triggered anymore, nor you will get a strange errors and failure to connect in FTP clients as gftp.

Cheers 🙂

Tips & Tricks for Passing CompTIA Security+ Certification Exams with PrepAway Dumps


September 30th, 2019

comptia-security-certifications

Introduction

Many candidates aiming to land a career in IT choose to be certified by CompTIA. This reputable organization is rightly considered to be a leader on the IT market that offers various credentials. And its position is justified. The thing is that CompTIA has been in service for more than 20 years, and in its turn, certified more than 2,000,000 IT specialists all over the world. It offers various vendor-neutral certifications for all tastes Security+, Project+ among many. Their goal is to develop and advance the IT industry.

 

So, since CompTIA aims to serve as a voice of the Information technology industry, it keeps the pace with the rapidly changing IT field and makes its best to equip candidates with the most updated skills.

In this article, we’ll cover one of the exams that leads you to get SECURITY+ certification which allows you to build a successful career in IT and more .

 

Overview of CompTIA SECURITY+ Certification

The CompTIA SECURITY+ certification is one of the core credentials, offered by this vendor. The rest include ITF+, Network+, and Security+. To obtain SECURITY+ credential, you need to pass two exams. They are either 900-series (220-901 and 220-902) or the new ones Core 1 (220-1001) and Core 2 (220-1002).

220-901 exam tests your skills to complete the tasks that deal with hardware and its troubleshooting, peripherals, as well as network connectivity problems. 220-902 test is all about working with operating systems (Windows, Linux, iOS, etc.). As for the new exams, the topics included refer to cloud computing, virtualization and expanded security.

After succeeding and getting the CompTIA SECURITY+ certification, you are eligible to work as a support specialist, field service technician or desktop support analyst and earn annually from $46K to $60K.

 

Details of 220-902 Exam

To gain the SECURITY+ certification, you have to undertake two exams separately. These are 220-901 and 220-902 tests. The CompTIA 220-902 exam verifies your fundamental skills required to install and configure operating systems such as Windows, Apple OS X, Linus, iOS, and Android. The exam also covers security as well as the essentials of cloud computing and operational procedures.

 

Exam 220-902 consists of 90 questions which require 90 minutes to complete. The types of questions included are multiple-choice, drag and drop, and performance-based. To gain the CompTIA SECURITY+ certification you must attain a score of 700. The exam fee comprises $219.


Exam objectives

The CompTIA SECURITY+ 220-902 exam objectives are based on a thorough review made by experts and professionals in the IT field. This is done to make the exam relevant and useful for entry-level IT specialists. The objectives are divided into five domains which are listed below:

  • Windows operating system-29%
  • Other operating systems and technologies-12%
  • Security-22%
  • Software troubleshooting-24%
  • Operation procedures-13%

 

Importance of CompTIA 220-902 Exam

Passing the CompTIA 220-902 exam will equip you with the expertise to do the following;

  • Assemble components as per the customer requirements
  • Effective customer support
  • PCs installation, configuring and maintenance services
  • Basic understanding of networking and securitySkills in troubleshooting
  • Diagnose, resolve, and document normal hardware and software problems
  • Understanding the basics of Virtualization, desktop imaging, and deploying


CompTIA Training material

Since preparation is key to your success, start from checking the CompTIA official website. The vendor offers prep materials that you need to be adequately ready for your exam. The options include virtual labs, e-learning, video training, exam preps, study guides, and instructor-led training. All the options offered contain the study material to hone your skills in taking 220-902 exam and bring your certification goals to fruition. You simply need to choose the method/s that suit/s you best.

PrepAway – the best platform for your Exam preparation

 

In addition to the official study materials offered by CompTIA, you should hunt for the best resources searching the internet to sharpen your skills in order to pass 220-902 exam. For that, you can visit the PrepAway website. It’s a popular provider of the most updated exam dumps to your certification exam/s among test takers.

PrepAway offers you to download free practice questions with answers shared by the recent exam takers. It means that you’ll get the latest exam questions that you can practice. Thus, for exam 220-902 you’ll find a great variety of such dumps.

If you would like to get the practice questions and answers checked by IT experts, 220-902 premium bundle has been designed for such purpose. At an affordable price you can get a bundle that contains an updated premium file, a study guide, and a training course. The files offered at PrepAway are in vce format and can be opened with the help of the VCE Software. This modern exam simulator has been created by Avanset team and helps you practice exam questions in the interesting and interactive manner. Moreover, the VCE testing engine resembles the real exam environment and equips you with skills to tackle any type of question, as well as ability to manage your time wisely. Besides, you can track your results, define the weak areas and focus on them before taking the real 220-902 exam. You can download the files in VCE Player anytime you wish and practice on the go as well. Note that the download is limited to a maximum of 15 files to prevent commercial selling which is prohibited.

So, the benefit of using 220-902 premium bundle is because it contains the updated file verified by IT experts, who have worked in this field for long and feel themselves like a duck to water. And extremely informative video course along with a study guide will complete your thorough preparation to the CompTIA 220-902 exam.

 

Conclusion

This article has taken you through the necessity of passing 220-902 exam and earning the SECURITY+ certification. You get a detailed picture of the benefits waiting for you afterwards. Since the proper preparation is key to your success, utilize the materials offered on the CompTIA website and PrepAway online platform, choose the study options that suit you best, and you won’t have a reason to fail. Wish you luck!
 

Fix KDE Plasma fails to load: “All shell packages missing. This is an installation issue, please contact your distribution” in Kubuntu Linux


September 27th, 2019

Kubuntu_Linux-logo_and_wordmark-fix-plasma-graphical-environment

I've been called yesterday by a friend who has referred me to a friend of him Zvezdomir from Gabrovo who had installation of Kubuntu Desktop Linux by some other colleague but then suddenly the colleague decided to leave the country thus the Kubuntu become completely unmanaged.
In the spirit of Murphy's laws soon after it broke and as the HDD was filled with a lot of important pictures data I received the call with a beseech to help him fix his existing broken Kubuntu installation on the relatively old IBM thinkpad notebook. 
No problem,  I switched the role of a Linux Desktop user tech support  as it is part of daily job of every system admini to be on the hotline for computer medication and never say no to incoming requests 🙂

It seems the guy had messed up his Graphical Environment when as a Linux novice user decided to experiment with changing environments, he used to be using GNOME and then due to some issues with some of the Image Viewer eog – Eye of Gnome / Shotwell / Gpaint whose borders was not showing properly or something he decided to Switch to KDE Plasma. This was successful but as he continued to try out things on the Linux he broke it up badly so after the machine booted he was getting the error after boot of Xorg  Plasma was producing below error.

All-shell-packages-missing-This-is-an-installation-issue-please-contact-your-distribution

"All shell packages missing. This is an installation issue, please contact your distribution"

 


After spending about 30 minutes on the phone explaining him how to switch to Console as he had even no basic concepts about how to manage his Linux box, the problem was solved below are few steps taken to fix All shell packages missing issue

1. Press Ctrl + Alt + F2 Simultaneously

Usually historically switching to console on GNU / Linux was possible with CTRL + ALT + F1 but this was changed as often newer Linux distros do use TTY1 console to launch the X GUI environment.
Here we had some struggles to explain him where F1 as he thought he is supposed to press CTRL + ALT + S + 2 (perhaps misheard on the phone …) and was panicing how he is supposed to press 4 buttons simultaneously after a while it was cleared it is CTRL + ALT + F2 …
PS. In some of the other Ubuntus Lubuntu or older Ubuntus if CTRL + ALT + F2 doesn't work,

some of the other Virtual Text Consoles should be accessible with CTRL + ALT + F3CTRL + ALT + F4 etc.

2.  Login with your user login name

Once the login: field appears I had to explain him about 10 times how he should type his non-privileged user as it is always the case with computer novice. I had to stress here he should press Enter after the username / login is typed …

3. Become root (superuser) after standard login with:

 

sudo su

 

3. If the machine is not connected to internet (this might be the case if errors are produced on below 4. 5. steps)

Assuming you're already superuser (root) and you have no internet because the Network Manager is unable to connect due to failure of KDE Plasma to start, in order to connect to lets say already configured WI-Fi home wireless router,
restart networking with

 

service NetworkManager restart

 

Since internet connectivity will be required in order to be able to install the missing packages and update the package repositories, next test whether internet is reachable.

 

ping google.com
PING google.com (172.217.169.110) 56(84) bytes of data.
64 bytes from sof02s31-in-f14.1e100.net (172.217.169.110): icmp_seq=1 ttl=56 time=15.2 ms
64 bytes from sof02s31-in-f14.1e100.net (172.217.169.110): icmp_seq=2 ttl=56 time=11.5 ms
64 bytes from sof02s31-in-f14.1e100.net (172.217.169.110): icmp_seq=3 ttl=56 time=6.00 ms
^C
— google.com ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 6.003/10.892/15.220/3.783 ms

N.B.! We had stumble blocks here too, as the Wi-Fi router seemed to be far away from the room where the PC was, after he moved to the other room where Signal was fine and re-issuing the service NetworkManager restart ping worked.

4. Next to get the latest list with available installable packages on the Ubuntu run the usual

 

apt-get update


5. Do install / reinstall kubuntu-desktop meta package

 

Finally to Fix the broken desktop GUI (that is not appearing instead of the Plasma login

 

apt-get install –yes kubuntu-desktop

 

Finally reboot the Laptop with reboot cmd:

reboot

On next boot Kubuntu's usual login screen should be as it used to be until you have broken your package system with tampering with the packages.

And Hooray ! It works again 🙂

By the way as I googled a bit to investigate futher, the problem seems to be common and the solution with a lot of fuzzling is given also pointed as an bug in Ubuntu's launchpad here

 

A day in a Nun Skete saint Ambrose of Optina in Rusakovo village near Zhyrovichi monastery – Biggest monastery in Belarus


September 20th, 2019

What is a Scete?

The skete (Scetis) as a form of cohabitant has been among the 4 types of early Christian hobatiation along with eremitic (hermet life), lavritic from laura (Greek: Λαύρα; Cyrillic: Ла́вра) is a type of consisting of a cluster of cells or caves for hermits, with a church and sometimes a refectory at the center. and coenobitic (another monastic tradition based on community life).

Origins of scete communities

A skete (from Coptic ϣⲓ(ϩ)ⲏⲧ via Greek σκήτη) is a monastic community in Eastern Christianity that allows relative isolation for monks, but also allows for communal services and the safety of shared resources and protection.

Skete communities usually consist of a number of small cells or caves that act as the living quarters with a centralized church or chapel. These communities are thought of as a bridge between strict eremitic lifestyle and communal lifestyles since it was a blend of the two. These communities were a direct response to the ascetic lifestyle that early Christians aspired to live. Skete communities were often a bridge to a stricter form of hermitage or to prepare for a martyrdom in times of persecutions.
 

Hitchiking to Zhyrovichi and Rosakovo Scetes


As I've been with my wife for a 2 weeks trip to her home country Belarus, staying in Krasnoselsk a small 7000 inhabitants town, near the bigger Valkovoysk, one of the local Church serving friends of mine Evgeni offered that we go for a pilgrimage to Zhyrovichi monastery. We took the road as a hitchhikers and on our way to Zhirovichy after changing 4 cars to reach a gas station nearby Slonim, the idea come that instead of directly going to Jirovichi to go instead and visit a Nun skete at village of Rosakovo consting of 9 nuns just about 5-6 km distance from Zhirovichy.
To reach there we were taken as hitchikers by a kind guy riding on a classical world famous Belarusian track MAZ (Minskiy Avtomobilnij Zavod literaly translated as Minsk Automobile Factory). This trip was my first trip on a MAZ truck quite an exciting adventure to be honest, as so far I never had the chance to ride on an old Soviet style truck 🙂

We reached in Rusokovo about 16:30 just to be amazed of the beauty of the beautiful Russian style Eastern Orthodox skete Church.

Saint-Ambrose-of-Optina-Church-Skete-of-Rosakovo
The skete of Rusakovo started its existence just 14 years ago in 2005 with the blessing of Zhirovychi monastery abbot archibishop Guriy (Gurij) – archibishop Novogrudskij and Lidskijy.

archibishop-Guriy-Apalyko-Novogrudskij-and-Slonimski

Archibishop Guriy Apalyko Novogrudskij and Slonimski
(Архиепископ Гурий Новогрудский и Слонимский (Апалько)

Skete started to build in the dying village of Rusakovo left with just few inhabitants very near some of the post-communist abandoned buildings of a Kolhoz (collective ownership) so popular in the times of communism across USSR and its satellites, which stemmed from the Jewish Kibbutz used by Jews before the official establishment and official recognition of Israel.

The idea of the Skete is to create a more ascetic place, where the many volunteer ladies who often are helping in the works of the Zhyrovichi Men (Monks) monastery and desired to become a novice nuns and nuns to be able to live and pray incessantly in their own sisterhood.

Rusakovo-skete-schyth-near-Zhyrovichi-monastery-Belarus

The village of Rusakovo is situated just about 6 km from the Village of Zhyrovichi and Zhyrovici monaster which is at the moment the biggest monastery in Belarus by number of monks (currently the monastery consists of about 34 monks and few novices).
Local people of Zhirovichy and the region say because of Zhirovichy's monastery and the appearance of the Holy Theotokos Virgin Mary the Mother of God, Zhirovichy and all its regions are under her spiritual protection.
This believes by locals could be feeled for sure in the Skete of Rusakovo as my Soul their felt like being in heaven in an inexplainable peace and joy.

Skete-Rusakovo-village-Belarus

The unusual bus stop of Rusakovo village Grodnenskaja Oblast, (common for villages in Belarus)

The existence of such a Skete exactly in Rusakovo village was also not a coincidence as in the past this village was famous for having a people with a very strong faith in God as well as the village was famous for many of its inhabitants serving in the Church altar as "panamari" / hipodeacons many of whom are being buried in the small graveyard near the end of the village.

saint_Ambrosius-of-Optina-desert-colored-picture

Elder Saint Ambrose of Optina Desert

 

Short History on how Rusakovo Scete was build

As a first living breath to Rusokovo Skete St. Ambrious of Optina Desert (a Russian saint from the, several nuns were transferred from the Slonim Holy Annunciation Monastery, here they settled in an old decrepit wooden house. There were cracks in the floor, the water froze, slept on folding beds, there was no money and bread, and the only income the nuns had was their own grown potatoes, tomatoes, cucumbers, pepper, cabbage, garlic, onion etc. …

 

The nuns started building the Skete's Church on top of old abandoned village home, sitting on elevated place.

During the Church construction works the nuns learned a lot of subtleties and wisdom of builder mastery. A lot of people relatives and close friends to the nuns and the few novices nuns joined and helped with the construction of the Church and the monastic cells building. A good hearted benefitors were found that has sacrificied in the name of Christ and donated the Church Bells, gave money and materials for the creation of Church Domes and one good hearted man even made a donation of the whole iconostasis Church wall !

View to Rusakovo Skete Main Church

Skete-Rusakovo-village-Belarus

The multiplication of Breads – Icon painted with the Blessing of Saint Elder Ambrose of Optina Desert
 

Rusakovo-saint-Ambrose-skete-Church

The Church built in honour of saint Ambrose of Optina looks very beautiful as a temple of the true God should look like, the coupols are gold-plated as it is in many Russian Church, the reason for that is to accent that the Holy Spirit of Almighty God is descending over this domes to the the Church alter.

Inside the Church the atmosphere could be best described with the words warm and welcoming, entering the Church building, feels like really entering home. On the Church entrance, we had the blessing to meet the serving priest which as of time of writting this article is father Georgij, inside the Church we found one of the nuns mother Tatiana which had the obedience to sell Church candles and the monastery produced herbal medicines.

The magnificence of the outlook of the Church is hard to be described in words.

Rusakovo-dveri-view

View to Church Alter Doors (Dveri) a symbol reference to the Heavens Gates -ХВ stands for Христос Воскресе / Christ is Risen

saint-Ambrose-of-Optina-icon-with-embedded-holy-reclics-Rusakovo-Zhyrovichi-skete-belarus

Saint Ambrose of Optina icon with embedded holy relics Rusakovo Zhyrovichi skete Belarus notice on the back the bricks – this is a Russian Petch (Петчь) / Petchka. This was how Russians heated their homes and cooked for centuries, in the Church "The Petch" is used to heat the Church in the Cold Belarusian Winters.

Zhyrovichi-Rusakovo-skit-saint-Ambrose-Optina-view-to-alter-dveri

Saint Nicolas icon and the usual feast Church icon which of this day was for the Beheading of Saint John The Baptist

Evgeni-in-Rusokovo-garden

Skete-Rusakovo-village-Belarus

Heaven like Church Garden near the Rosakovo village Belarus

Skete-Rusakovo-village Belarus

A Big bad guardian dog nearby the Church

Nuns and voluntery workers work hard in the skete a lot as just like in the ancient monasteries the skete nourishes itself mainly on their own production and the small financial help that comes from Zhirovichy Monastery when current official person in charge (a kind of Abbess) – Nun Mother Maria requests it in cases of unexpected events which can't be covered by the incomes of the monastery.

elder-nun-Maria-Rusakovo-skete-Belarus

Elder sister (nun) abbess Maria Rusakovo Scete (skit) Belarus

Talking about incomes its main income is mainly from creation and selling of mixtures of Monastery prepared ointments of Healing Herbs, Olive Oil and other Oils.

Herbal natural medicines preparation is perhaps the main unique product for ordinary layman the monastery offers.
Here sister nun Anatolia who graduated bio-faculty higher education in her worldly life, compiles herbs, makes ointments, infusions and oils. This includes herbal health recovery cream (ointment) that is anti-inflammatory, analgesic, antiviral ointment, ointment for diseases of the veins, joint, skin diseases, anti-alcohol and anti-toxic infusions. The list is so large that you can’t name everything, I recommend you go alone and choose whatever you need …

The monastic farm is large, besides the many season grown vegetables and fruits and the hothouses which are used to raise vegetables in harsh Belarusian winters, they have about 100+ hens used to produce eggs and even among the hens could be seen an ancient breed of hensthe Russian Pavlovian hens, which was almost destroyed in Soviet times.

breed-of-rare-hens-The-Russian-Pavlovian-hens-animal

Ancient Russian Pavlovian Hen rarely to be seen in Russia and Belarus nowadays

Miraculously few of the Pavlovian hens survived. These chickens are different in that their eggs and meat have less cholesterol (but as the Sketes rule prohibits nuns and visitors to eat meet this chickens are only used as a source of eggs.

View-of-Rusakovo-flower-beauties
Another common source for feeding the Scetes are Mushrooms collection from the near Woods in which there is a strong tradition here in Belarus as mostly all people in villages and towns are riding and collecting eatable mushrooms together with healing herbs which are collected by the novice nuns, sketes voluntary workers and sometimes with a blessing by the nuns. Cats and dogs are walking all around the yards and the long village one straight street  (which nowadays is consisting of a line of village old beautiful colored and well maintained wooden houses, most of which gradually become uninhabitant already due to most of Rusakovo's population was consisting of old people who passed away and their younger offspring choose to live already in big cities as Minks, Homel, Mogilov, Grodno, Vitebsk etc.).

To prevent this beautiful abondoned houses in Rusakovo from gradual ruin due to being uninhabitant, mother Maria along with the rest of Nuns decided to gradually buy some of the houses, some of which were turned as normal living places where visitors are usually being accomodated in Summer, the Belarusian Church is also organizing there a Summer School camps and those bught and restavrated houses are used as accmodation for the teenagers.


Once we arrived the Skete, we worshipped the holy relics in the Church and we want around the yard of the monastery where we met once again father Georgij with whom we had a few minutes talk after which he offered us to stay for the Night Vigil Liturgy that was organized in the monastery in honor of the feast of Saint Alexander Nevski (a great warrior saint that is highly venerated in Russia and all across the Orthodox countries that were part of the USSR), in honour of saint Alexander Nevski is named the Second Biggest Cathedral in the Balkans and Eastern Europe in city of Sofia Bulgaria. I do venerate saint Alexander Nevski thus it was a great joy for me the opportunity to stay for that Liturgy and respectively sleep in the skete.
After we were invited to stay by fr. Georgij with the blessing of matushka nun Maria whose blessing he requested by calling her over the mobile, we were brought for a Dinner in the scetes dining room, the dinner was humble but very delicious, where mother Tatiana (the nun) that was assigned to bring us to the dining room has prayed and blessed the food with a holy water. The dinner consisted of some boiled potatoes, tomatoes, bread, cucumbers and a sweet kind of jar cakes but perhaps due to the fact it was made with a lot of love it was more delicious by the worldly food we consume daily.

After the dinner novice monk Alexander brought us to the pilgrimage house and accomodated us. I have to say this man was very kind and a good hearted man. Even seeing each other for a first time the interaction with him was so opened and easy that it felt like we knew each other all our lives.

Midnight Liturgy started in 11:30 and continued until almost 02:00 a.m.. and after the Night Liturgy we went home and slept just to wake up in the morning in 09:00 full of joy and energy (perhaps due to the prayers of the nuns, the vigil itself the clean air and most importantly because of abundant God's grace that was filling up this blessed place).


Rusakovo-one-eyed-dog

Upper picture you see one of the friendly dogs (though it apeared different on the picture) that was following us all the time in the monastery, the mind association I got this dog follows us very much resembling our Guardian Angel who is always following us and helping us in our daily deeds, the very same Holy Angel we Orthodox Christians believe to receive during baptism.

It is common here that a car flies past and an animal is thrown out of it. Just recently the next in line unwanted animal that was left in Rusakovo is  one-eyed dog. In the same way, the Marquise cat a victim of car hit was saved from sure death thanks to the nuns, who brought the animal for medication in near place animal hospitals. Marquese now have the chance to live a normal life after intensive care from the good hearted nuns.

To survive the harsh winter in Belarus the Skete inhabitants are preparing conservated jars with whatever vegetables and fruits have been locally grown during the summer as it is being done almost all across Russia, Belarus and mostly all Eastern Orthodox countries (Bulgaria, Serbia, Moldavia, Romania) etc.
The skete's private houses bought has currently a capacity to accomodate about at least 50 – 80 people, sometimes for a great Orthodox feasts as many as 27 individuals came and was accomodated in the Skete.

The usual day of the Rusakovo Scete is seen on the Door of the pilgrim accomodation room and is relatively easy perhaps because the goal of the Skete after all is to leave its visitors more time for thinking over their life and God's providence and to pray

Schedule-of-a-standard-day-in-Rusakovo-skit-skete-Belarus-1

The daily Schedule of the Scete looks like so (transslated from Above text which is in Russian):

07:00 – Wake up
07:45 – 09:00 – Night Vigil with 12 Psalms
09:00 – 09:30 – Breakfast
09:30 – 14:00 – obediences (work on things ordered)
14:00 – 14:30 – Monastic Lunch
14:45 – 17:00 – obediences
18:00 – Monastic Dinner
18:30 – 20:00 – Compline (Malko Povecherie) End of the day prayers
20:00 – 23:00 – Free Time
23:00 – Sleep hour

On Big Sunday – The day of resurrection which is the biggest feast commemorating the glorious events of Christ's Resurrection from the grave and victory over death the schedule is even lighter

08:30 – Canonical Hours
09:00 – Holy Liturgy
17:30 – Lunch
18:00 – Horologion
– 
Greek: ὠρολόγιον (Chasoslov / Часослов in church slavonic )

Alexander-novice-monk sent from Zhyrovichi monastery

Novice Monk and monastic worker Alexander sent from Zhyrovichi monastery together with brother Evgeny (a graduated Theologician who graduated Jirovichi Minsk spiritual academy 5 years course)

The pilgimage house was a standard but well and cozy old Belarusian wooden house with all the comforts you might dream for, e.g. – a bed, a blanket and even an old stove, that is used in times of cold in Winter, late autumn and cold spring times.

pilgrim-accomodation-room-Rusakovo-skete

pilgrim-accomodation-room-Rusakovo-improvised-home-iconostatis

The prayer corner situated East as it is in every Orthodox Chapel

pilgrim-accomodation-room-Rusakovo-skete-bed

One of the room beds note the Upper right corner situated Icon this is a traditional place where Belarusians who are generally very pious people place their icons

To obtain a drinkable water each of the pilgrimage accomodation houses has its own well. As Belarus is a country rich in Lakes 11 000+ lakes it is a country generally rich in water. And most people in villages are digging about 50 to 90 meters to have their own well – a free of charge source of water.

 


Graveyard at the end of Rusakovo village (that has buried many of old village inhabitants and a lot of good christians.
One thing I've noticed in Belarus is many of the Graveyards places in this country are placed on the highest heighted place (hillock) in the region, perhaps they do this because they expect the dead to be nearer to heaven to which each of the resurrected bodies should be taken on the Resurrection day as we believe in Christian faith.

Rusakovo-skete-pilgrims-prepared-houses

View of Rusakovos nature and a pilgrim accomodation house

Rusakovo-on-eof-the-beautiful-village-houses

This is how the pilgrimage accomodation houses of Rusakovo Scete looks like

Skete-Rusakovo-village-Belarus

Few of the nuns of St. Ambrose of Optina Skete

Rusakovo Skete has a vkontakte group where you can contact them and if you like you can ask for a blessing to stay a couple of days if you're ready to work for free like 4-5 hours a day and feel the atmosphere of this blessed place.

On the next day after we woke up, we were brought by the novice monk Alexander again to the dinner room and they gave us a delicious fasting breakfast in 11:00. After that we thanked them and hitchiked to see another smaller skete in Sceniavichi the next village inhabitated with only 3 nuns vowed themselves to follow a harsh ascetism.

kit-sceniavichi-Belarus

Bus stop of Sceniavichi Skete village Belarus

Finding the Skete took us about 10-15 minutes walk from the bus stop, we had to walk like 3 minutes in direction of entering the village and then turn right and walk for some time until we reached the big fance as in below pic.

fence-Scenavichi-skit

Skete Sceniavichi fence wall

House-Church-scenavichi-skit

The house type of Church of Sceniavichi skete
skit-sceniavichi-Belarus

Church bells

Inside-Scenavichi-Church-1

Inside the Sceniavichi Skete Church view to Iconostasis

All-Belarusian-Saints-Icon

Icon of All New Confessors of Eastern Orthodox Faith of Belarus

House-belonging-to-the-skete

Skete of Sceniavichi monk cell house

We were received in the Scete by a sister nun Olga a kind young nun which showed us the Church and offered us a coffe with some traditional belarusian fried dought (called draniki). Nun Olga happened to be a zograph (icon painter). The lady was mostly kind to us and even give us a gift of a small Calendar with the famous Prayer of Saint Ambrose of Optina and the last Elders of Optina below is the prayer itself:
 

The Prayer of the Last Elders of Optina

O Lord, grant that I may meet all that this coming day brings to me with spiritual tranquility. Grant that I may fully surrender myself to Thy holy Will.

At every hour of this day, direct and support me in all things. Whatsoever news may reach me in the course of the day, teach me to accept it with a calm soul and the firm conviction that all is subject to Thy holy Will.

Direct my thoughts and feelings in all my words and actions. In all unexpected occurrences, do not let me forget that all is sent down from Thee.

Grant that I may deal straightforwardly and wisely with every member of my family, neither embarrassing nor saddening anyone.

O Lord, grant me the strength to endure the fatigue of the coming day and all the events that take place during it. Direct my will and teach me to pray, to believe, to hope, to be patient, to forgive, and to love. Amen.

sister Olga was so kind to show us her icon painting atelier and after further talk with her we found out some interesting details, like the fact the 3 sisters living in Sceniavichi scete has given vows to not eat any meat or any animal products while they're in the scete and since 1.5 years we found this ascetic nuns were fed only with vegetable food.

Joyfully we had from their to Zhyrovichi monastery farm where monastery property consists of cows, sheep, pigs, caprines, goats, horses, ducks, turkeys, hens which is about 2 kilometers away from Zhyrovichi.
The farm is functioning based on the monastic system of blessings over each of the workers just like any monastery functions based on obediences and I have to say it works pretty well. The horses in the farm are breeded as an attraction for the groups of young pupils that ride to visit the monastery regularly for a Summer Orthodox Christian Schol Camps.

Below are some pictures taken from the monastic collective farm – there is no question this is definitely interesting for youngsters nowdays most of whom have raised in the cities and never had a chance to ride on a horse or see most of the animals that each of our grandma and grandpa had in their own village house in the short past.

farm-of-Zhirovichy-monastery

A near view to monastic farm Zhyrovichi Dormition of Virgin Mary Monastery

a-herd-of-animals-near-Zhirovichy-farm

Cows pasture near farm

kolhoz-collective-farm-Zhyrovichi-monastery

kolhoz-collective-farm-Zhyrovichi-monastery

Moooooo !

pigs-mother-with-little-pigs-farm-Zhirovichy

Mamma pig with the piggies 🙂

Bale piles used for food and floor cover in the animal cells

kolhoz-collective-farm-Zhyrovichi-monastery

Belarusian Seeding Machine Traktor in the farm

Zhyrovichi-farm-turkeys
 

Getting Console and Graphical hardware system information on Linux with cpuinfo, neofetch, CPU-X (CPU-Z Unix alternative), I-nex and inxi


September 17th, 2019

getting-console-information-and-graphical-hardware-system-information-Linux-cpuinfo-neofetch-cpu-x-i-nex-1

Earlier I've wrote extensive article on how to get hardware information on Linux using tools such as dmidecode, hardinfo, lshw, hwinfo, x86info and biosdecode but there are few other hardware reporting tools for Linux worthy to mention that has been there for historical reasons such as cpuinfo as we as some new shiny ones such as neofetch (a terminal / console hardware report tool as well the CPU-X and I-Nex  which is Linux equivalent to the all known almost standard for Windows hardware detection CPU-Z worthy to say few words about.
 

1. cpuinfo

 

Perhaps the most basic tool to give you a brief information about your Processor type (model) number of Cores and Logical Processors is cpuinfo

I remember cpuinfo has been there since the very beginning on almost all Linux distributions's repository, nowadays its popularity of the days when the kings on the Linux OS server scenes were Slackware, Caldera OpenLinux and Redhat 6.0 Linux and Debian 3.0  declined but still for scripting purposes it is handy small proggie.

To install and run it in Debian  / Ubuntu / Mint Linux etc.:

 

aptitude install -y cpuinfo

/usr/bin/cpu-info

 

Linux-get-processor-system-info-in-console-cpu-info

 

2. neofetch

 

The next one worthy to install and check is neofetch (a cross-platform and easy-to-use system information
 command line script that collects your Linux system information and display it on the terminal next to an image, it could be your distributions logo or any ascii art of your choice.)

The cool thing about neofetch is besides being able to identify the System server / desktop hardware parameters, it gives some basic info about number of packages installed on the system, memory free and in use, used kernel and exact type of System (be it Dell PowerEdge Model XX, IBM eSeries Model / HP Proliant Model etc.

neofetch-OS-hardware-information-Linux-ascii-system-info-desktop-notebook

neofetch info generated on my home used Lenovo Thikpad T420

neofetch-OS-hardware-information-Linux-ascii-system-info-pcfreak-home-server
neofetch info from pc-freak.net running current machine

neofetch even supports Mac OS X and Windows OS ! 🙂

To install neofetch on Mac OS X:
 

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"


or via Mac ported packages using brew

brew install neofetch


neofetch-screenshot-from-Mac-OS-X

neofetch is even installable on Windows OS that has the scoop command line installer tool installer manager with below PowerShell code in cmd.exe (Command line):

powershell Set-ExecutionPolicy RemoteSigned -scope CurrentUser
iex (new-object net.webclient).downloadstring('https://get.scoop.sh')
scoop install git
scoop install neofetch

neofetch-microsoft-windows-hardware-command-line-report-tool-screenshot


By the way Scoop was quite a finding for me and it is pretty handy to install plenty of useful command line Linux / UNIX tools, such as curl, wget, git etc. in the same easy straight forward way as a standard yum or apt-get on Windows (without explicitly installing things as GnuWin and CygWin).
 

3. CPU-X graphical user interface hardware report Linux GUI alternative to Windows CPU-Z


The packages for CPU-X are a bit outdated and even though there are rpm packages for Fedora, OpenSuSE and .deb package for Debian for Debian, Ubuntu and ArchLinux (pacman), there is no up to date version for Debian 10 and the package builds distributed for different Linux distros are a bit outdated.

Thus to install CPU-X on any Linux distribution it is perhaps best to use the portable version (static binary) of CPU-X.
It is currently available on https://github.com/X0rg/CPU-X/releases

To install latest portable version of CPU-X

wget https://github.com/X0rg/CPU-X/releases/download/v3.2.4/CPU-X_v3.2.4_portable.tar.gz

mkdir CPU-X
cd CPU-X

tar -zxvvf CPU-X_v3.2.4_portable.tar.gz
-rwxr-xr-x yohan/users 4563032 2019-01-13 22:15 CPU-X_v3.2.4_portable.bsd64
-rwxr-xr-x yohan/users 5484968 2019-01-13 22:15 CPU-X_v3.2.4_portable.linux64

 

cp -rpf CPU-X_v3.2.4_portable.linux64 /usr/local/bin/
ln -sf /usr/local/bin/CPU-X_v3.2.4_portable.linux64 /usr/local/bin/cpu-x


Next run as superuser (root)
 

hipo@jeremiah:~$ su -c 'cpu-x'

 

As seen from below screenshots cpu-x reports a lot of concrete specific hardware data on:

  • Processor
  • Motherboard
  • Memory
  • System
  • Graphic card
  • Performance

cpu-x-cpu-cpu-z-alternative-linux-screenshot-CPU-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-caches-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-Motherboard-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-memory-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-system-info

cpu-x-cpu-cpu-z-alternative-linux-screenshot-graphics-info

CPU-X can be installed also on FreeBSD very easily by just installing from BSD port tree sysutils/cpu-x/
It is also said to work on other *BSDs, NetBSD, OpenBSD Unixes but I guess this will require a manual compilation based on FreeBSD's port Makefile.

4. I-Nex another GUI alternative to CPU-Z for UNIX / Linux

I-Nex is even more useful for general hardware reporting as it reports many hardware specifications not reported by CPU-X such as Battery type and Model Name  (if the hardware report is on a laptop), info on USB devices slots or plugged USB devices brand and specifications, the available Network devices on the system (MAC Addresses) of each of it, Installed and used drivers on Hard Disk (ATA / SATA / SCSI / SSD), HW Sector size, Logical Block size, HDD Sectors count and other specific Hard Drive data as well as information on available Audio (Sound Blaster) devices (HDA-Intel), used Codecs, loaded kernel ALSA driver, Video card used and most importantly indicators on Processor reported CPU (temperature).

 

To install I-nex

Go to https://launchpad.net/i-nex or any of the mirror links where it resides and install the respective package, in my case, I was doing the installation on Debian Linux, so fetched current latest amd64 package which as of moment of writting this article is i-nex_7.6.0-0-bzr977-20161012-ubuntu16.10.1_amd64.deb , next installed it with dpkg
 

dpkg -i i-nex_7.6.0-0-bzr977-20161012-ubuntu16.10.1_amd64.deb

 

As the package was depending on some other .deb packages, which failed to install to install the missing ones I had to further run
 

apt –fix-broken install

i-nex-cpu-info-linux-hardware-info-program

 

hre

I-Nex thermal indicators about CPU temperature on a Linux Desktop notebook

i-nex-gpu-info-linux-hardware-info-program

i-nex-mobo-info-linux-hardware-info-program

i-nex-audio-info-linux-hardware-info-program

i-nex-drivers-info-linux-hardware-info-program

i-nex-system-info-linux-hardware-info-program

i-nex-battery-info-linux-hardware-info-program

 

There are other Hardware identification report tools such as CUDA-Z that are useful to check if you have Nvidia Video Card hardware Installed on the PC to check the status of CUDA enabled GPUs, useful if working with nVidia Geforce, Quadro, Tesla cards and ION chipsets.

If you use it however be aware that CUDA-Z is not compatible with 3rd-party linux drivers for NVidia so make sure you have the current official Nvidia version.

 

5. Inxi full featured system information script

 

Inxi is a 10000 lines mega bash script that fetches hardware details from multiple different sources in /proc /sys and from commands on the system, and generates a beautiful looking console report that non technical users can read easily.

inxi-10-k-mega-bash-shell-script-reporting-on-installed-system-computer-hardware

 

inxi -Fx

 

 

inxi-report-on-installed-hardware-on-my-lenovo-thinkpad-home-laptop

Each of the pointed above tools has different method of collection of Hardware information from various resources e.g. – kernel loaded modules, dmesg, files like /proc/meminfo /proc/version /proc/scsi/scsi /proc/partitions.
Hence some of the tools are likely to report more info than otheres, so in case if some information you need regarding the system plugged in hardware is missing you can perhaps obtain it from another program. Most Linux distribution desktop provided GNOME package are including Hardinfo gui tool, but in many cases above mentioned tools are likely to add even more on info on what is inside your PC Box.
If you're aware of others tools that are useful not mentioned here please share it.

The beheading of Saint John the Baptist feats in Eastern Orthodox Church – A short history of saint John Forerunners Holy Relics


September 14th, 2019

Beheading_of_St_John_the_Baptist_Icon_IX-century

Saint John the Baptist (The Forerunner of Christ) is all known for being the baptizer of the Lord Jesus Christ in Jordan's river in Israel.

However as nowadays most people are away from the Church and from traditions, that many generations of our ancestors used to follow, little know the details of his beheading and the meaning of why he is venerated so much by so many generations in the last 2000 years.

Thus In this small article, I'll try to shed some light on the Saint John Beheading feast known in Church Slavonic world as Oseknovenie (Осекновение) = beheading and is considered a day of sorrow for the Church for the reason the biggest Old Testamental prophet, a hermit and a man of Gigantic spiritual significance Saint John the Baptist has been beheaded unfairly for having no fault at all but this happened so his righteousness raise up even more and be clear for the generations to come.

The feast of Saint John the Baptist is celebrated on 29 of August in Eastern Orthodox Church, where old Calendar Churches celebrate the feast (13 days) later on 11 of September – I'll not get into details about calendars as this is a long discussion for a separate article.

It should be said in the Church saint John the Baptist is considered the highest saint among all“the first among martyrs in grace”, venerated next in glory to Virgin Mary.

The Martyrdom of Saint John happened in the 32 years after the Nativity (The Birth) of Christ as this is said in the Gospel of Mathew 14:1-12 and Gospel of Mark (6:14-29) in New Testament.

Saint-John-The-Baptist-Orthodox-Bulgarian-icon

Many of the small details, we know about saint John and his earthly living are not given in the Gospel however, but are instead given in the Chuch Tradition (that is kept in the main books and the Living of the Saints, as well as all the books written by the officially canonized saints over the years that used for Eastern Orthodox Church services Singing for many centuries).

From there we know the beheading of Saint John happened short time before the Crucifixion of Christ. After the death of Herode the Great, Romans divided the territory of Province of Palestine in 4 parts and on top of each placed his governor.

Herodos Antipa received by Emperor Augustus Galilea as a territory of Governance. He had a law binded marriage, who was a daughter of king Arepha. Herod left her and cohabited (unlawfully) with Herodias who was his mistress and brother's wife.

As Herodos was a governer and recpetively example for all his subordinate in his Kingdom and was living unlawfully with that woman saint John who knew him personally rebuked him multiple times publicly advising him to leave that woman and live with his lawfully marriaged one as it was written in God's law – that such people are worthy for death just like moreover this was the unwritten law followed by all kind of peoples of his time from noble to smallest and poorest.

Herodoes did not listened and wanted to get rid of saint Johns somehow but he was scared to accuse him for some kind of kingdom lawlessness as the knew saint John was a true prophet of God and feared the people who recognized him as a true prophet  as well as feared he might be put off throne for his evil deed if he finds an excuse to kill the prophet of God.

As the critics on Herodoes living with a concubine while being in marriage, eventually not finding any other way to shut Saint John's mouth, king Herodoes put saint John in Prison with the excuse Saint John was a rebel and preaching things against established authority (About this event is said in Bible Gospel of Luke 3, 19-20).

For his birthday Herodoes prepared enormous banquet in which in front of the many invited guests danced (Salome / Salomia) – the daughter of Herod II and Herodias and her dancing was so much pleasing for the already drunk Herod and in his drunkenness he promised to give her anything she desired up to half of his kingdom.
Salome was still young woman and as it was the tradition then not knowing what would be the best to ask for, she asked her Mother and the Mother being in unlawful relations with Herod in her hatred for the rebuking prophet saint John asked, the head of Saint John the Baptist on a platter.

The-Beheading-of-Saint-John-The-Baptist-Salomnia-dance-in-front-of-Herodos-Sv.-Ioan-Krastitel

The dance of Salome with Saint John's head on a Platter Orthodox icon

Even though Herod was appaled by this strange request, he had to reluctanly agree to keep his word as he was a ruler of a great power and for that time, not keeping a word publicly given would make him though weak, a fraudulant and eventually this will be reason for a rumors for his unseriousness to circulate the kingdom, thus unwillingly he agreed sent soldier to the prison to behead Saint John and the Head of the saint was brought to the perverted Solome and the harlot mother of hers Herodias.

Due to Church tradition when the Head of the 'Biggest in Spiritual Power' of Man born after Christ, as the Gospel speaks was brought to the lecherous feast, the Head even in the platter continued to rebuke, the unwalfullness of Herod.
 

The Jewish famous Historian Flavius Josiphus in his historical book Antiques of the Jews wrote, the reason for beheading of Saint John was:

"lest the great influence John had over the people might put it into his [John’s] power and inclination to raise a rebellion, (for they seemed ready to do any thing he should advise), [so Herod] thought it best [to put] him to death."

Flavius also states that many of the Jews believed that the military disaster that fell upon Herod as his throne fall a by the hands of Aretas his (father-in-law) was God's immediate punishment for unrighteous behaviour.
There is no exact date when behading of Saint John occured but the historians place it somewhere in year 28 or 29 A. D. (Anno Dommini).

Execution_of_John_the_Baptist_orthodox-icon


The body of saint John was buried immediately (separately from the body) as Herodias for her hatred for the prophet ordered the body to be buried separately from the head, it was buried in the small Palestinian Village (Sebaste), while Herodias took his holy head and buried it in a dung heep. 
Later Joanna (canonized later by saint known as Saint Joanna) – a wife of Herods steward, secretly went to place took the head and buried in the Mount of Olives, where it remained hidden for many centuries.

But the wrath of God is never late soon after Salome was passing a frozen river and while walking on it the ice collapsed and her body up to the head fall hanging in the water, while her head was sitting still over the water.
Just as she used to kick her feet on the ground, she was now, like dancing, making helpless movements in icy water.
 

So Salome hung until the sharp ice cut through her neck. Her head, cut off with a sharp ice, then her head was brought to Herod and Herodias, as John the Baptist's head had once been brought to them, and her body had never been found. The king of Arif of Arabia, in revenge for the dishonor of his daughter – the wife of Herod the four-owner – moved his troops against the wicked king and defeated him. The Roman emperor Guy Julius Caesar Caligula (37-41) in anger sent Herod, together with Herodias, into captivity to Gaul, and then to  . There they were consumed by the sprawling earth.


By a divine revelation the head of Saint John has been found in the 4th century (Celebrated in the Church with a special feast known as The First Finding of Saint John's the Baptist head by a governing official of Eastern Roman empire district who eventually choose to become a monk (monk Inokentij / Innocent). The head of saint John has been found by both divine revelation and the testimony of an Old Jew who confirmed the Jewish oral tradition for the burial of John the Baptist head on that exact place .
Innocent decided to build a Church and a monastic Cell in glory of Saint John the Baptist as the place was holy and sanctified by the graceous head of St. John.
Fearful that holy relics of such a high importance, might be soon stolen and sold, mocked over by unbelievers or destroyed, he immediately hide (burid) the St. John on the very same place, where he found it in the same vessel it was orginally.
Unfortunately on monk Innocent dead the Church fell into ruin was abandoned due to its desert location and eventually as it always happened in that times with old buildings, people used its construction stones for fortifying their own near village houses.

The Second Finding of the Head of Saint John the Baptist, happened some years later in 452 A.D. , during the days of Constantine the Great by two Christian monks who went for a Jerusalem for pilgrimage.who had God given revelation (Saint John himself appeared in a kind of a Vision to the two) and hsa indicated for the same hidden location where Innocent found it (laying under the Church ruins altar).
After digging on the place, the holy relic was found placed in a sack and brought with them to heir home land. On the way back they've met a potter not telling him what was inside the bag and asked him the bag to carry being lazy to do. Saint John the Baptist appeared the potter and told him to take his head and bring it away from this careless lazy monks immediately. The potter took Saint John's head home, and kept it there praying fervently to saint John the Baptist daily, soon before his death he put the head in a container and gave it to his sister.
The 1st and 2nd finding of saint Johns head is established as a feast celebrated yearly in Eastern Orthodox Church on 24 of February.

beheading-of-saint-John-icon

The feast of Beheading of Saint John in the Church is always observed in the Eastern Orthodox Churches Bulgarian, Russian, Serbian, Greek, Romanian, Georgian etc. with a strict fasting as a sign for the great sorrow we Christians have for the beheading of the Greatest of Prophets and Highest in sight of God born of man.

In some cultures, the pious will not eat food from a flat plate, use a knife, or eat round or red food (such as tomatoes, watermelon, red peppers etc.) on this day.

A short time after a Hieromonk Eustathius (considered by Church historians) to be part of the Arian heretical division happen to have th chance to possess the holy head and he used it frequently to attract followers to the Heretical teachings of Arius (a Lybian heretic presbyter who was condemned in 325 A.D. on the First Council of Nicea convened by Saint Emperor Constantine The Great. Being in a hardships Eustathius buried the head in a cave near Emesa (circa 810 – 820) and soon after a monastery was built on that place by God's providence.

In the year 452, St. John the Baptist appeared to Archimandrite Marcellus of this monastery and indicated where his head was hidden in a water jar buried in the earth. The relic was brought into the city of Emesa and was later transferred to Constantinople.

Saint_John_Head_Holy-relics-Caput-Sti-Joannis-Baptistae-Praecurssoris-Domini-1

The current pressumable relics of head of Saint John the Baptist kept in San Silvestro in Capite Rome

The head of John Baptist disappeared once again after it was transferred from Comana of Cappadocia during a period of Muslim raids (about 820) and was again hidden in the ground during a period of iconoclastic persecusion.
After the veneration of icons was restored in year 850, A vision was revelead by God to patriarch Ignatius of Constantinople (ruling on patriarchial throne in 847 – 857) saw a vision revealing the place where the head of saint John was hidden around y. 850. The patriarch as the order was then communicated about his vision to emperor Michael III, who sent a delegation to Comana, where the head was found. Soon after the head was transferred to city of Nyc and here on 25 of May it was placed in a church in emperor court in Constantinople. The Church feast of the Third Finding of Saint John Baptist head is established for celebration in the Eastern Orthodox Church on 25 of May.

Third-finding-of-Saint-John-the-Baptist-head-holy-relics-orthodox-icon

Currently many small particles of Saint John Head are available for generation among many Eastern Orthodox and Roman Catholic Churches.

The-Face-of-saint-John-the-Baptist-in-Cathedral-of-Our_Lady-in-Amiens-Cathedral

The head  is claimed to be in San Silvestro (Saint Silvester) in Capite in Rome or in Amiens Cathedral, said to have been brought from Constantinople by Wallon de Sarton as he was returning from the Fourth Crusade.
There are also some sources claiming that the real head of John the Baptist is buried in Turkish Antioch or Southern France.

Amiens_-_Cathedrale_Notre-Dame_France

Amiens Cathedrale Notre Dame France – one of most magnificent Gothic edifice in Europe.

During the French Revolution the kept Head in Amiens has been secretly hidden by the Amiens city Mayor in his own home to protect this sacred relic from the destruction (as many holy relics saints disappeared or have been destroyed) by the rebellious enraged crowds fighting for the rights of "Liberty, Equality, Fraternity" being the goals of the Masonic bortherhoods and many secret societies in France in that time.

Also a reliquary at the Residenz in Munich, Germany, is labeled as containing the skull of John the Baptist by Catholics. In history some sources claim the St. John used to be owned by Knight Templars
А piece of Saint John Baptist skull is held at the Eastern Orthodox Romanian skete Prodromos on Mount Athos.

Further on according to Church tradition saint Luke the Evangelist went to the city of Sebaste bringing with him the right hand of Saint John the Forerunner which was conducting numerous of miracles.

Some of the Relics of John the Baptist are said to be in the possession of the Coptic Orthodox Monastery of Saint Macarius the Great in Scetes, Egypt.
It is said John the Baptist's arm and a piece of his skull can be found at the Topkapı Palace in Istanbul, Turkey.

the_Holy-head-of-saint-John-the-Baptist-relics

It is said John the Baptist's arm and a piece of his skull can be found at the Topkapı Palace in Istanbul, Turkey.
At the time of Mehmed the Conqueror, the skull was held in Topkapı, while after his death, his stepmother Mara Branković, a Serbian princess, brought it to Serbia. It was then kept a while at the Dionisios monastery at Mount Athos, then the skull fragment was sent to a nearby island in order to prevent the outbreak of a plague; however, the Ottoman fleet seized it and delivered it to Hasan Pasha of Algeria, who held it in his home until his death. It was then returned to Topkapı. The skull is kept on a golden plate decorated with gold bands with gems and Old Serbian inscriptions. The plate itself is stored in a 16th-century rock crystal box.

The-Face-of-saint-John-the-Baptist-in-Cathedral-of-Our_Lady-in-Amiens-Holy-Relics

The face of St. John the Baptist, in the Cathedral of Our Lady in Amiens.

St. John's arm was brought from Antioch to Constantinople at the time of Constantine VII. It was kept in the Emperor's chapel in the 12th century, then in the Church of the Virgin of the Pharos, then in the Church of Peribleptos in the first half of the 15th century. Spanish envoy Clavijo reported that he saw two different arms in two different monasteries while on a visit to Constantinople in 1404. With the Fall of Constantinople, the Ottomans seized possession of it. In 1484, Bayezid II sent it the knights of Rhodes, while they held his brother Cem captive in return. In 1585, Murad III had the arms brought from Lefkosia castle to Constantinople (henceforth known as Istanbul). The arm is kept in a gold-embellished silver reliquary. There are several inscriptions on the arm: "The beloved of God" on the forefinger, "This is the hand of the Baptist" on the wrist, and "belongs to (monk) Dolin Monahu" on the band above the elbow.

In July 2010, a small reliquary was discovered under the ruins of a 5th-century monastery on St. Ivan Island, Bulgaria. Local archaeologists opened the reliquary in August and found bone fragments of a skull, a hand and a tooth, which they believe belong to st. John the Baptist, based on their interpretation of a Greek inscription on the reliquary.The remains have been carbon-dated to the 1st century. Currently The found relics are being placed for veneration in the sea resort town  of Sozopol, Bulgaria in the Church of saint saint Cyril and Methodius.

The_Holy_Relics-of-Saint-John-The-Baptist-kept-in-Saint-Cyril-Church-Sozopol

Saint John the Baptist Holy Relics in Sozopol Bulgaria

 

Sozopol-Lithia-Lity-with-the-holy-relics-of-saint-John-the-Baptist
 A Lity (Orthodox Vespers) in front of Saint Cyril and Methodius Church in Sozopol resort Bulgaria

There is much to be said in Saint Johns beheading and many great Theology books have been written on the topic however I hope the goal of this article to give a very brief overview for the ordinary people to know our human history over the last 2000 which is highly entangled with Christian faith  succeeded to give a very brief overview on the history of the beheading of saint John the Baptist and the deep history across his holy relics veneration over the centuries.

As a closure for the Article I find worthly to share the sung troparion in the Church services glorifying of saint John the Forerunner in Old Bulgarian / Church Slavonic, Greek and English

TROPARION IN CHURCH SLAVONIC

Па́мять пра́веднаго с похвала́ми, тебе́ же довле́ет свиде́тельство Госпо́дне, Предте́че: показа́л бо ся еси́ вои́стинну и проро́ков честне́йший, я́ко и в струя́х крести́ти сподо́бился еси́ Пропове́даннаго. Те́мже за и́стину пострада́в, ра́дуяся, благовести́л еси́ и су́щим во а́де Бо́га, я́вльшагося пло́тию, взе́млющаго грех ми́ра и подаю́щаго нам ве́лию ми́лость.

TROPARION IN GREEK

Μνήμη Δικαίου μέτ' ἐγκωμίων, σοὶ δὲ ἀρκέσει ἡ μαρτυρία τοῦ Κυρίου Πρόδρομε· ἀνεδείχθης γὰρ ὄντως καὶ Προφητῶν σεβασμιώτερος, ὅτι καὶ ἐν ῥείθροις βαπτίσαι κατηξιώθης τὸν κηρυττόμενον. Ὅθεν τῆς ἀληθείας ὑπεραθλήσας, χαίρων εὐηγγελίσω καὶ τοῖς ἐν ᾍδῃ, Θεὸν φανερωθέντα ἐν σαρκί, τὸν αἴροντα τὴν ἁμαρτίαν τοῦ κόσμου, καὶ παρέχοντα ἡμῖν τὸ μέγα ἔλεος.

TROPARION (TONE 4)
O Prophet and Forerunner of the coming of Christ, in spite of our eagerness to render you due honor, we fall short when singing your praise. Your glorious birth saved your mother from the shame of barrenness, returned to your father the power of speech, and proclaimed to the world the Incarnation of the Son of God.

KONTAKION (TONE 3)
The woman who had been barren becomes fertile and gives birth today to the Forerunner of Christ. He is the greatest and last of the prophets, for standing in the waters of the Jordon River, he placed his hands on Christ whom all the prophets had announced, and in so doing he became a prophet himself, a preacher and a forerunner of the Word of God.

How to Avoid the 7 Most Frequent Mistakes in Python Programming


September 9th, 2019

python-programming-language-logo

Python is very appealing for Rapid Application Development for many reasons, including high-level built in data structures, dynamic typing and binding, or to use as glue to connect different components. It’s simple and easy to learn but new Python developers can fall in the trap of missing certain subtleties.

Here are 7 common mistakes that are harder to catch but that even more experienced Python developers have fallen for.

 

1. The misuse of expressions as function argument defaults

Python allows developers to indicate optional function arguments by giving them default values. In most cases, this is a great feature of Python, but it can create some confusion when the default value is mutable. In fact, the common mistake is thinking that the optional argument is set to whatever default value you’ve set every time the function argument is presented without a value. It can seem a bit complicated, but the answer is that the default value for this function argument is only evaluated at the time you’ve defined the function, one time only.  

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-3

 

2. Incorrect use of class variables

Python handles class variables internally as dictionaries and they will follow the Method Resolution Order (MRO). If an attribute is not found in one class it will be looked up in base classes so references to one part of the code are actually references to another part, and that can be quite difficult to handle well in Python. For class attributes, I recommend reading up on this aspect of Python independently to be able to handle them.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-2

 

3. Incorrect specifications of parameters for exception blocks

There is a common problem in Python when except statements are provided but they don’t take a list of the exceptions specified. The syntax except Exception is used to bind these exception blocks to optional parameters so that there can be further inspections. What happens, however, is that certain exceptions are then not being caught by the except statement, but the exception becomes bound to parameters. The way to get block exceptions in one except statement has to be done by specifying the first parameter as a tuple to contain all the exceptions that you want to catch.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-1
 

4. Failure to understand the scope rules

The scope resolution on Python is built on the LEGB rule as it’s commonly known, which means Local, Enclosing, Global, Built-in. Although at first glance this seems simple, there are some subtleties about the way it actually works in Python, which creates a more complex Python problem. If you make an assignment to a variable in a scope, Python will assume that variable is local to the scope and will shadow a variable that’s similarly named in other scopes. This is a particular problem especially when using lists.

 

5. Modifying lists during iterations over it

 

When a developer deletes an item from a list or array while iterating, they stumble upon a well known Python problem that’s easy to fall into. To address this, Python has incorporated many programming paradigms which can really simplify and streamline code when they’re used properly. Simple code is less likely to fall into the trap of deleting a list item while iterating over it. You can also use list comprehensions to avoid this problem.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-8

       

6. Name clash with Python standard library

 

Python has so many library modules which is a bonus of the language, but the problem is that you can inadvertently have a name clash between your module and a module in the standard library. The problem here is that you can accidentally import another library which will import the wrong version. To avoid this, it’s important to be aware of the names in the standard library modules and stay away from using them.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-5

 

7. Problems with binding variables in closures


Python has a late binding behavior which looks up the values of variables in closure only when the inner function is called. To address this, you may have to take advantage of default arguments to create anonymous functions that will give you the desired behavior – it’s either elegant or a hack depending on how you look at it, but it’s important to know.

 

 

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-6

Python is very powerful and flexible and it’s a great language for developers, but it’s important to be familiar with the nuances of it to optimize it and avoid these errors.

Ellie Coverdale, a technical writer at Essay roo and UK Writings, is involved in tech research and projects to find new advances and share her insights. She shares what she has learned with her readers on the Boom Essays blog.

Scanning ports with netcat “nc” command on Linux and UNIX / Checking for firewall filtering between source and destination with nc


September 6th, 2019

scanning-ports-with-netcat-nc-command-on-Linux-and-UNIX-checking-for-firewall-filtering-between-source-destination-host-with-netcat

Netcat ( nc ) is one of that tools, that is well known in the hacker (script kiddie) communities, but little underestimated in the sysadmin world, due to the fact nmap (network mapper) – the network exploratoin and security auditing tool has become like the standard penetration testing TCP / UDP port tool
 

nc is feature-rich network debugging and investigation tool with tons of built-in capabilities for reading from and writing to network connections using TCP or UDP.

Its Plethora of features includes port listening, port scanning & Transferring files due to which it is often used by Hackers and PenTesters as Backdoor. Netcat was written by a guy we know as the Hobbit <hobbit@avian.org>.

For a start-up and middle sized companies if nmap is missing on server usually it is okay to install it without risking to open a huge security hole, however in Corporate world, due to security policies often nmap is not found on the servers but netcat (nc) is present on the servers so you have to learn, if you haven't so to use netcat for the usual IP range port scans, if you're so used to nmap.

There are different implementations of Netcat, whether historically netcat was UNIX (BSD) program with a latest release of March 1996. The Linux version of NC is GNU Netcat (official source here) and is POSIX compatible. The other netcat in Free Software OS-es is OpenBSD's netcat whose ported version is also used in FreeBSD. Mac OS X also comes with default prebundled netcat on its Mac OS X from OS X version (10.13) onwards, on older OS X-es it is installable via MacPorts package repo, even FreeDOS has a port of it called NTOOL.

The (Swiss Army Knife of Embedded Linux) busybox includes a default leightweight version of netcat and Solaris has the OpenBSD netcat version bundled.

A cryptography enabled version fork exists that supports that supports integrated transport encryption capabilities called Cryptcat.

The Nmap suite also has included rewritten version of GNU Netcat named Ncat, featuring new possibilities such as "Connection Brokering", TCP/UDP Redirection, SOCKS4 client and server support, ability to "Chain" Ncat processes, HTTP CONNECT proxying (and proxy chaining), SSL connect/listen support and IP address/connection filtering. Just like Nmap, Ncat is cross-platform.

In this small article I'll very briefly explain on basic netcat – known as the TCP Army knife tool port scanning for an IP range of UDP / TCP ports.

 

1. Scanning for TCP opened / filtered ports remote Linux / Windows server

 

Everyone knows scanning of a port is possible with a simple telnet request towards the host, e.g.:

telnet SMTP.EMAIL-HOST.COM 25

 

The most basic netcat use that does the same is achiavable with:

 

$ nc SMTP.EMAIL-HOST.COM 25
220 jeremiah ESMTP Exim 4.92 Thu, 05 Sep 2019 20:39:41 +0300


Beside scanning the remote port, using netcat interactively as pointing in above example, if connecting to HTTP Web services, you can request remote side to return a webpage by sending a false referer, source host and headers, this is also easy doable with curl / wget and lynx but doing it with netcat just like with telnet could be fun, here is for example how to request an INDEX page with spoofed HTTP headers.
 

nc Web-Host.COM 25
GET / HTTP/1.1
Host: spoofedhost.com
Referrer: mypage.com
User-Agent: my-spoofed-browser

 

2. Performing a standard HTTP request with netcat

 

To do so just pype the content with a standard bash integrated printf function with the included end of line (the unix one is \n but to be OS independent it is better to use r\n  – the end of line complition character for Windows.

 

printf "GET /index.html HTTP/1.0\r\nHost: www.pc-freak.net\r\n\r\n" | nc www.pc-freak.net 80

 

3. Scanning a range of opened / filtered UDP ports

 

To scan for lets say opened remote system services on the very common important ports opened from UDP port 25 till, 1195 – more specifically for:

  • UDP Bind Port 53
  • Time protocol Port (37)
  • TFTP (69)
  • Kerberos (88)
  • NTP 123
  • Netbios (137,138,139)
  • SNMP (161)
  • LDAP 389
  • Microsoft-DS (Samba 445)
  • Route BGP (52)
  • LDAPS (639)
  • openvpn (1194)

 

nc -vzu 192.168.0.1 25 1195

 

UDP tests will show opened, if no some kind of firewall blocking, the -z flag is given to scan only for remote listening daemons without sending any data to them.

 

4. Port Scanning TCP listening ports with Netcat

 

As prior said using netcat to scan for remote opened HTTP Web Server on port 80 an FTP on Port 23 or a Socks Proxy or MySQL Database on 3306 / PostgreSQL DB on TCP 5432 is very rare case scenario.

Below is example to scan a Local network situated IP for TCP open ports from port 1 till 7000.

 

# nc -v -n -z -w 5 192.168.1.2 1-7000

           nc: connect to host.example.com 80 (tcp) failed: Connection refused
           nc: connect to host.example.com 20 (tcp) failed: Connection refused
           Connection to host.example.com port [tcp/ssh] succeeded!
           nc: connect to host.example.com 23 (tcp) failed: Connection refused

 

Be informed that scanning with netcat is much more slower, than nmap, so specifying smaller range of ports is always a good idea to reduce annoying waiting …


The -w flag is used to set a timeout to remote connection, usually on a local network situated machines the timeout could be low -w 1 but for machines across different Data Centers (let say one in Berlin and one in Seattle), use as a minimum -w 5.

If you expect remote service to be responsive (as it should always be), it is a nice idea to use netcat with a low timeout (-w) value of 1 below is example:
 

netcat -v -z -n -w 1 scanned-hosts 1-1023

 

5. Port scanning range of IP addresses with netcat


If you have used Nmap you know scanning for a network range is as simple as running something like nmap -sP -P0 192.168.0.* (to scan from IP range 1-255 map -sP -P0 192.168.0.1-150 (to scan from local IPs ending in 1-150) or giving the network mask of the scanned network, e.g. nmap -sF 192.168.0.1/24 – for more examples please check my previous article Checking port security on Linux with nmap (examples).

But what if nmap is not there and want to check a bunch 10 Splunk servers (software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.), with netcat to find, whether the default Splunk connection port 9997 is opened or not:

 

for i in `seq 1 10`; do nc -z -w 5 -vv splunk0$i.server-domain.com 9997; done

 

6. Checking whether UDP port traffic is allowed to destination server

 

Assuring you have access on Source traffic (service) Host A  and Host B (remote destination server where a daemon will be set-upped to listen on UDP port and no firewall in the middle Network router or no traffic control and filtering software HUB is preventing the sent UDP proto traffic, lets say an ntpd will be running on its standard 123 port there is done so:

– On host B (the remote machine which will be running ntpd and should be listening on port 123), run netcat to listen for connections

 

# nc -l -u -p 123
Listening on [0.0.0.0] (family 2, port 123)


Make sure there is no ntpd service actively running on the server, if so stop it with /etc/init.d/ntpd stop
and run above command. The command should run as superuser as UDP port 123 is from the so called low ports from 1-1024 and binding services on such requires root privileges.

– On Host A (UDP traffic send host

 

nc -uv remote-server-host 123

 

netcat-linux-udp-connection-succeeded

If the remote port is not reachable due to some kind of network filtering, you will get "connection refused".
An important note to make is on some newer Linux distributions netcat might be silently trying to connect by default using IPV6, bringing false positives of filtered ports due to that. Thus it is generally a good idea, to make sure you're connecting to IPV6

 

$ nc -uv -4 remote-server-host 123

 

Another note to make here is netcat's UDP connection takes 2-3 seconds, so make sure you wait at least 4-8 seconds for a very distant located hosts that are accessed over a multitude of routers.
 

7. Checking whether TCP port traffic allowed to DST remote server


To listen for TCP connections on a specified location (external Internet IP or hostname), it is analogous to listening for UDP connections.

Here is for example how to bind and listen for TCP connections on all available Interface IPs (localhost, eth0, eth1, eth2 etc.)
 

nc -lv 0.0.0.0 12345

 

Then on client host test the connection with

 

nc -vv 192.168.0.103 12345
Connection to 192.168.0.103 12345 port [tcp/*] succeeded!

 

8. Proxying traffic with netcat


Another famous hackers use of Netcat is its proxying possibility, to proxy anything towards a third party application with UNIX so any content returned be printed out on the listening nc spawned daemon like process.
For example one application is traffic SMTP (Mail traffic) with netcat, below is example of how to proxy traffic from Host B -> Host C (in that case the yandex current mail server mx.yandex.ru)

linux-srv:~# nc -l 12543 | nc mx.yandex.ru 25


Now go to Host A or any host that has TCP/IP protocol access to port 12543 on proxy-host Host B (linux-srv) and connect to it on 12543 with another netcat or telnet.

to make netcat keep connecting to yandex.ru MX (Mail Exchange) server you can run it in a small never ending bash shell while loop, like so:

 

linux-srv:~# while :; do nc -l 12543 | nc mx.yandex.ru 25; done


 Below are screenshots of a connection handshake between Host B (linux-srv) proxy host and Host A (the end client connecting) and Host C (mx.yandex.ru).

host-B-running-as-a-proxy-daemon-towards-Host-C-yandex-mail-exchange-server

 

Host B netcat as a (Proxy)

Host-A-Linux-client-connection-handshake-to-proxy-server-with-netcat
that is possible in combination of UNIX and named pipes (for more on Named pipes check my previous article simple linux logging with named pipes), here is how to run a single netcat version to proxy any traffic in a similar way as the good old tinyproxy.

On Proxy host create the pipe and pass the incoming traffic towards google.com and write back any output received back in the named pipe.
 

# mkfifo backpipe
# nc -l 8080 0<backpipe | nc www.google.com 80 1>backpipe

Other useful netcat proxy set-up is to simulate a network connectivity failures.

For instance, if server:port on TCP 1080 is the normal host application would connect to, you can to set up a forward proxy from port 2080 with

    nc -L server:1080 2080

then set-up and run the application to connect to localhost:2080 (nc proxy port)

    /path/to/application_bin –server=localhost –port=2080

Now application is connected to localhost:2080, which is forwarded to server:1080 through netcat. To simulate a network connectivity failure, just kill the netcat proxy and check the logs of application_bin.

Using netcat as a bind shell (make any local program / process listen and deliver via nc)

 

netcat can be used to make any local program that can receive input and send output to a server, this use is perhaps little known by the junior sysadmin, but a favourite use of l337 h4x0rs who use it to spawn shells on remote servers or to make connect back shell. The option to do so is -e

-e – option spawns the executable with its input and output redirected via network socket.

One of the most famous use of binding a local OS program to listen and receive / send content is by
making netcat as a bind server for local /bin/bash shell.

Here is how

nc -l -p 4321 -e /bin/sh


If necessery specify the bind hostname after -l. Then from any client connect to 4321 (and if it is opened) you will gain a shell with the user with which above netcat command was run. Note that many modern distribution versions such as Debian / Fedora / SuSE Linux's netcat binary is compiled without the -e option (this works only when compiled with -DGAPING_SECURITY_HOLE), removal in this distros is because option is potentially opening a security hole on the system.

If you're interested further on few of the methods how modern hackers bind new backdoor shell or connect back shell, check out Spawning real tty shells article.

 

For more complex things you might want to check also socat (SOcket CAT) – multipurpose relay for bidirectional data transfer under Linux.
socat is a great Linux Linux / UNIX TCP port forwarder tool similar holding the same spirit and functionality of netcat plus many, many more.
 

On some of the many other UNIX operating systems that are lacking netcat or nc / netcat commands can't be invoked a similar utilitiesthat should be checked for and used instead are:

ncat, pnetcat, socat, sock, socket, sbd

To use nmap's ncat to spawn a shell for example that allows up to 3 connections and listens for connects only from 192.168.0.0/24 network on port 8081:

ncat –exec "/bin/bash" –max-conns 3 –allow 192.168.0.0/24 -l 8081 –keep-open

 

9. Copying files over network with netcat


Another good hack often used by hackers to copy files between 2 servers Server1 and Server2 who doesn't have any kind of FTP / SCP / SFTP / SSH / SVN / GIT or any kind of Web copy support service – i.e. servers only used as a Database systems that are behind a paranoid sysadmin firewall is copying files between two servers with netcat.

On Server2 (the Machine on which you want to store the file)
 

nc -lp 2323 > files-archive-to-copy.tar.gz


On server1 (the Machine from where file is copied) run:
 

nc -w 5 server2.example.com 2323 < files-archive-to-copy.tar.gz

 

Note that the downside of such transfers with netcat is data transferred is unencrypted so any one with even a simple network sniffer or packet analyzier such as iptraf or tcpdump could capture the file, so make sure the file doesn't contain sensitive data such as passwords.

Copying partition images like that is perhaps best way to get disk images from a big server onto a NAS (when you can't plug the NAS into the server).
 

10. Copying piped archived directory files with netcat

 

On computer A:

export ARIBTRARY_PORT=3232
nc -l $ARBITRARY_PORT | tar vzxf –

On Computer B:

tar vzcf – files_or_directories | nc computer_a $ARBITRARY_PORT

 

11. Creating a one page webserver with netcat and ncat


As netcat could listen to port and print content of a file, it can be set-up with a bit of bash shell scripting to serve
as a one page webserver, or even combined with some perl scripting and bash to create a multi-serve page webserver if needed.

To make netact serve a page to any connected client run in a screen / tmux session following code:

 

while true; do nc -l -p 80 -q 1 < somepage.html; done

 

Another interesting fun example if you have installed ncat (is a small web server that connects current time on server on connect).
 

ncat -lkp 8080 –sh-exec 'echo -ne "HTTP/1.0 200 OK\r\n\r\nThe date is "; date;'

 

12. Cloning Hard disk partitions with netcat


rsync is a common tool used to clone hard disk partitions over network. However if rsync is not installed on a server and netcat is there you can use it instead, lets say we want to clone /dev/sdb
from Server1 to Server2 assuming (Server1 has a configured working Local or Internet connection).

 

On Server2 run:
 

nc -l -p 4321 | dd of=/dev/sdb

 

Following on Server2 to start the Partition / HDD cloning process run

 

dd if=/dev/sdb | nc 192.168.0.88 4321

 


Where 192.168.0.88 is the IP address listen configured on Server2 (in case you don't know it, check the listening IP to access with /sbin/ifconfig).

Next you have to wait for some short or long time depending on the partiiton or Hard drive, number of files / directories and allocated disk / partition size.

To clone /dev/sda (a main partiiton) from Server1 to Server2 first requirement is that it is not mounted, thus to have it unmounted on a system assuming you have physical access to the host, you can boot some LiveCD Linux distribution such as Knoppix Live CD on Server1, manually set-up networking with ifconfig or grab an IP via DHCP from the central DHCP server and repeat above example.


Happy netcating 🙂