Over the past few weeks, we have consistently had an hour or two free each day. As efforts to get some online training haven't yet been approved, we've decided to take matters into our own hands and train ourselves as best as possible.
Around my work area, there are a number of "disposed" workstations and old servers. I have taken the initiative to salvage what can be salvaged, and to turn these workstations into a training server environment. The object was to create a Windows Server 2008 environment, which would be a hands on area to learn and practice server administration. It should simulate real client networks, but be effectively isolated from the real world. (read: a safe place to make mistakes, and to learn both what happens when the mistake is made, and how to correct the mistake, without actually knocking down a client site).
In light of this, I can share a few lessons already learned.
http://sourceforge.net/projects/itjc-10key/
This is a small program I wrote a few years ago, while I still worked in auditing. Casting financials was still a manual process (at least when double checking the final printed copy of financials), and many hedge funds reporting requirements involved Schedules of Investments and Condensed Schedules of Investments with thousands of lines. To cast these efficiently, dexterity and proficiency on the 10 key keypad was required. However, I was unable to locate any typing programs that actually had any drills focusing solely on the 10 key.
To meet this deficiency, I wrote a simple program to display sets of numbers, and let me practice typing them in. I uploaded the code to sourceforge, as primitive as it was, so that others would be able to benefit as well. I didn't expect much of a following, as it meets a very niche need.
One of the many side projects I've been tinkering away at recently is in setting up an Android development environment. I had a few ideas for some interesting apps, and kept telling myself that I wanted to develop them.
Knowing nothing about writing Android apps, and knowing little about developing in general, I simply started reading at the first logical place: android.com. After locating their dev guide, I started following through the guide, step by step, and downloading and installing the required packages. The process took a few days, and there were a few hiccups along the way. Most of them were accounted for in the guides themselves, so that's the first place you should go for a tutorial on the process.
The recommended IDE is Eclipse, which the SDK installation guide will tell you about. Since it is 32bit, you will need to make sure that the relevant 32bit libraries are in place. This is only relevant if you use 64bit Linux. If you use Ubuntu or a Debian based distro, there were a few tutorials that were easy to find.
I use Archlinux, and so the steps were a little different.
I needed to enable the multilib repository, by uncommenting the relevant line in the /etc/pacman.conf file.
Then, I installed lib32-glibc, lib32-glib, and lib32-gcc-libs.
After this, the weird errors about the file not being found went away, so it appears that these packages contained the necessary 32bit compatibility libraries.
Again, this is mainly to point you in the right direction, and will only apply to a few people. If it doesn't mean anything to you, you're not one of those people.
Edit: Once this was complete, and Eclipse had the ADT plugins and such, I was able to create an Android Virtual Device. However, I got another error message to the effect that SDL was missing. Therefore, I also needed to install lib32-sdl.
My linux distro of choice is Archlinux, for a number of reasons I won't repeat here. Security best practice requires using full disk encryption (in combination with other best practices of course).
Like most linux distros, Archlinux has a wealth of knowledge in their documentation. Even though the learning curve for Arch might be steeper than, say, Ubuntu Debian, in most case there are only two requirements to getting a particular goal accomplished.
If the answer to both those questions is yes, detailed step by step guide to just about anything Archlinux is just a few keystrokes away.
Here's an example. My Arch install is on a LUKS encrypted LVM partition. This means that there is a tiny boot partition, and the rest of the drive is supposed to look like random data. It should be impossible to tell the difference between the root partition, the home partition, and the swap partition, which are logical partitions within the LVM group.
When I set this up, I made a mistake in the partition sizes, which didn't become apparent until a few weeks later, when my home directory started running out of disk space.
The gnome GTK utilities for partition management are not encryption friendly.
# lvdisplay
This will tell you the names and sizes of your logical volumes, just in case you've forgotten.
# vgdisplay
This will tell you the names and stats of your volume groups.
# lvextend -L 20G VolGroup00/lvolhome (or lvresize -L +5G VolGroup00/lvolhome)
# resize2fs /dev/VolGroup00/lvolhome size
These two commands will let you extend first the logical volume, and then resize the filesystem to match. Simply replace the size with the size you want, within the limits of the freespace in your volume group. Replace the path with the path of your own volume group and logical volumes if they weren't setup with the default names.
I give all credit the the Archlinux wiki, https://wiki.archlinux.org/index.php/LVM, who have helped me out many many times. They not only tell you the commands, they also explain the why and how.
If you've spent much time with your Linux box, hopefully you already know how to keep it up to date. Thankfully, its really easy to do from the command line. This post will show how to do this on Debian based systems, which use "aptitude", and the cli gui "apt-get". It will also show the command for ArchOS based systems, which use "pacman". Red Hat and like systems such as CentOS use "yum". I don't remember the syntax, but you can easily look it up with "man".
Note the common convention, commands preceded by $ are run by the user, while commands preceded by # must be run as root. I beleive that system update and upgrades must be run as root.
Arch:
# pacman -Syu
This command both updates the package list,and installs all updates, in one clean and simple command.
Debian based (Such as Ubuntu, or any of its derivatives):
# apt-get update
This will update the package lists.
# apt-get upgrade
This will upgrade all packages to the newest version.
# apt-get dist-upgrade
This will upgrade the Os to the latest major release.
Backtrack is based on Ubuntu. Therefore, the commands to update are the same. However, there are usually some other things you want to keep updated as well on Backtrack, and so I generally write the following script on each clean backtrack install I make:
#!/bin/bash
apt-get update
apt-get upgrade
apt-get dist-upgrade
msfupdate
cd /pentest/exploits/set && svn update . && cd ~
echo "done"
This will update the system, as well as keep the SET and Metasploit frameworks up to date. You can call the script whatever you want, as long as it has the ".sh" extension. Then you can call it via "sh script.sh", and it will run all the commands for you.
