Posts Tagged ‘character’

How to disable Debian GNU / Linux (Squeeze) Apache 2 version reporting to improve security – Hide Apache server version

Friday, October 5th, 2012

Debian GNU / Linux's Apache default behavior is to report Apache server name, version and Linux distribution version and codename.
This is shown as a minor security leak in many Security Scanner (audit) software like Nessus. It reveals a vital information which could help malicious attacker later to use exploit if the version number in question is vulnerable.

The quickest way to check, either Apache versioning and distro info is disabled is with telnet:

hipo@noah:~/Desktop$ telnet pc-freak.net 80
Trying 83.228.93.76…
Connected to pc-freak.net.
Escape character is '^]'.
HEAD / HTTP/1.0

Connection closed by foreign host.
hipo@noah:~/Desktop$ telnet pc-freak.net 80
Trying 83.228.93.76…
Connected to pc-freak.net.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 05 Oct 2012 10:48:36 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze14
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

Disabling this Distro version codename and version number reporting on Debian is done by changing in file /etc/apache2/conf.d/security directives:


ServerTokens OS
ServerSignature On

to


ServerSignature Off
ServerTokens ProductOnly

Here important note to make is if you try adding:

ServerSignature Off and ServerTokens Prod straight in Debian general config /etc/apache2/apache2.conf, but did not change the settings set for the vars through /etc/apache2/conf.d/security; settings from /etc/apache2/conf.d/security will overwrite ServerSignature / ServerTokens settings set in /etc/apache2/apache2.conf

I tried this myself (forgotting about /etc/apache2/conf.d/security) and adding both variables straight in apache2.conf. After Apache restart Apache version number and type of distribution continued be returned by the WebServer.
I thought something specific changed in Debian Squeeze – Apache/2.2.16 so this two variables are probably not working so I did a quick research online seing other people complaining also unable to disable Apache ver and Linux distro version and looking for a reason why. Well anyways if you happen to also ponder, why ServerSignature Off and ServerTokens ProductOnly does not take effect keep in mind it is due to overwritten settings via /etc/apache2/conf.d/security, changing the values there and restarting Apache and you're done 🙂

To make sure 100% Apache is no longer returning exact version number and host installed distro type, use telnet again:

hipo@noah:~/Desktop$ telnet pc-freak.net 80
Trying 83.228.93.76…
Connected to pc-freak.net.
Escape character is '^]'.
HEAD / HTTP/1.0

Connection closed by foreign host.

Can you believe this Animal really exists – OLM !!! ;)

Monday, January 16th, 2012

Olm Salamander one of the weirdest creatures to be seen in Slovenian Caves

No this is not Aliens, like monster character!
It is a real existing creature that even up to this day lives on earth.
Olm Salamander one of the weirdest creatures in Slovenia

I though OLM is a joke, but actually its real. IT lives in Slovenian Mountain caves 😉

Shining OLM weird earthly creature ling

Looking at the Olm one can be stunned on the great diversity of God's creation.

Olm even shines 😉

Olm Proteus Anguinus Postojnska Jama Slovenia
 

Abe’s Amazing Adventure, A Dangerous Dave 2 like GNU Linux / FreeBSD Arcade Game substitute

Wednesday, December 14th, 2011

Abe's Amazing Adventure Game menu screenshot, A Dangerous Dave like Linux arcade game
While looking over the installable packages in System -> Administration -> Software Center on my my Debian powered notebook, I’ve accidently rolled over a game called Abe’s Amazing Adventure , as a big oldschool arcade game fan, I’ve immediately clicked on Install being impatient to see the overall game atmosphere and gameplay as well as storyline.

Abe’s Amazing Adventure is available under the debian package name abe and can be installed by issuing:

debian:~# apt-get install abe I was pleasently surprised to find out the gameplay and the overall game feels like the golden classical arcade game Dangerous Dave

For youngsters who never played the amazing absolute killing arcade ! as well as for people who feel nostalgic about Dangerous Dave 2 here is a nice gameplay screenshot:

Dangerous Dave 2 screenshot

Here is also a screenshot of Abe’s Amazing Adventure gameplay:

Abes Amazing Adventure Dangerous Dave like Linux / BSD Arcade Game like screenshot

You can see the great resemblense between the two games even by the screenshot; In both games you have to collect keys to open doors and diamonds which gives you points. Of course there are some differences as you can see Abe’s Amazing Adventure ‘s graphics has some additional items like Baloons with which your main character can fly over distances (for a limited time). There is also more diversity in the enemy types you face on the road to unlock the different doors. The game has also a red stars which while taken saves the game so if you quit the game on next game load up starting the game automatically starts you from the last save point.

Abes Amazing Adventure Star gameplay Screenshot on Debian

The ( 6 ) baloons seen in the screenshot on the left upper corner can be used occasionally to fly some distance by pressing Enter .
There are health recovery kits one can take to recover, some health damaged by hitting obstacles on the way.
The game story is short but entertaining, just like the general game feel:

Abes amazing adventure game storyThe game music is relaxing and more or less in the spirit of arcade games, the keyboard interactivety is pretty good as well.One thing I see can be improved to make the game better are the graphics, they’re a bit childish and too cubical, where sometimes some more general characters and obstacles animation will give the game a better look. Anyways for the year 2003 and for a free software arcade the game is not bad. For children and growing kids the game is just perfect, even for big kids like me its good to spend an hour of jump and run fun 😉

How to list and exclude table names from a database in MySQL (exclude table names from an show tables in MySQL) by using information_schema

Wednesday, March 30th, 2011

Listing all table names from a MySQL database is a very easy and trivial task that every sql or system administrator out there is aware of.

However excluding certain table names from a whole list of tables belonging to a database is not that commonly used and therefore I believe many people have no clue how to do it when they have to.

Today for one of my sql backup scripts it was necessary that certain tables from a database to be excluded from the whole list of tables for a database I’m backupping.
My example database has the sample name exampledatabase and usually I do list all the table contents from that database with the well known command:

mysql> SHOW tables from exampledatabase;

However as my desire was to exclude certain tables from the list (preferrably with a certain SQL query) I had to ask around in irc.freenode.net for some hints on a ways to achieve my exclude table goals.

I was adviced by some people in #mysql that what I need to achieve my goal is the information_schema mysql structure, which is available since MySQL version 5.0.

After a bit of look around in the information_schema and the respective documentation on mysql.com, thanksfully I could comprehend the idea behind the information_schema, though to be honest the first time I saw the documentation it was completly foggy on how to use this information_schema;
It seems using the information_schema is very easy and is not much different from your normal queries syntax used to do trivial operations in the mysql server.

If you wonder just like I did what is mysql’s information_schema go and use the information_schema database (which I believe is a virtual database that is stored in the system memory).

For instance:

mysql> use information_schema;
Database changed
mysql> show tables
+---------------------------------------+
| Tables_in_information_schema |
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
17 rows in set (0.00 sec)

To get a general view on what each of the tables in the information_schema database contains I used the normal SELECT command for example

mysql> select * from TABLES limit 10;

I used the limit clause in order to prevent being overfilled with data, where I could still see the table fields name to get general and few lines of the table to get an idea what kind of information the TABLES table contains.

If you haven’t got any ecperience with using the information_schema I would advice you do follow my example select and look around through all the listed tables in the information_schema database

That will also give you a few hints about the exact way the MySQL works and comprehends it’s contained data structures.

In short information_schema virtual database and it’s existing tables provides a very thorough information and if you’re an SQL admin you certainly want to look over it every now and then.

A bit of playing with it lead me to a command which is actually a good substitute for the normal SHOW TABLES; mysql command.
To achieve a SHOW TABLES from exampledatabase via the information_schema info structure you can for example issue:

select TABLE_NAME from TABLES where TABLE_SCHEMA='exampledatabase';

Now as I’ve said a few words about information_schema let me go back to the main topic of this small article, which is How to exclude table names from a SHOW tables list

Here is how exclude a number of tables from a complete list of tables belonging to a database:

select TABLE_NAME from TABLES where TABLE_SCHEMA='exampledatabase'
AND TABLE_NAME not in
('mysql_table1_to_exlude_from_list', 'mysql_table2_to_exclude_from_list', 'table3_to_exclude');

In this example the above mysql command will list all the tables content belonging to exampledatabase and instruct the MySQL server not to list the table names with names mysql_table1_to_exlude_from_list, mysql_table2_to_exclude_from_list, table3_to_exclude

If you need to exclude more tables from your mysql table listing just add some more tables after the …’table3_to_exclude’, ‘new_table4_to_exclude’,’etc..’);

Of course this example can easily be adopted to a MySQL backup script which requires the exclusion of certain tables from a backed up database.

An example on how you can use the above table exclude command straight from the bash shell would be:

debian:~# echo "use information_schema; select TABLE_NAME from TABLES where
TABLE_SCHEMA='exampledatabase' AND TABLE_NAME not in
('mysql_table1_to_exlude_from_list', 'mysql_table2_to_exclude_from_list', 'table3_to_exclude',);"
| mysql -u root -p

Now this little bash one-liner can easily be customized to a backup script to create backups of a certain databases with a certain tables (e.g. with excluded number of tables) from the backup.

It’s seriously a pity that by default the mysqldump command does not have an option for a certain tables exclude while making a database dump.
I’ve saw the mysqldump exclude option, being suggested somewhere online as a future feature of mysqldump, I’ve also seen it being reported in the mysql.com’s bug database, I truly hope in the upcoming releases we will see the exclude option to appear as a possible mysqldump argument.