Sascha Tayefeh's Homepage

I’ve been looking for a way to prevent ssh brute force attacks. Although they are not particularly dangerous if you have prohibited password login (which you should have done under any circumstances), they had been spamming my log files. Asking the almighty search engine for relief, I found a number of interesting articles about attack blocker, such as DenyHost.

I’ve just installed the package on my private OsX server via MacPorts. However, it took me a while until I found the installation location of all required files. After having touched /etc/hosts.deny (the file used by denyhosts to store suspicious ips for tcp_wrappers to block them), copied /opt/local/share/denyhosts/denyhosts.cfg-dist to somewhere reasonable (e.g. /etc/denyhosts.cfg), modified it to my needs (added E-Mail etc.), I was able to test start DenyHost with:

sudo /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/denyhosts.py --config=/etc/denyhosts.cfg

I’ve got a nice email telling me that, deducing from my /var/log/secure.log some IPs were now added to hosts.deny. Furthermore, some interesting data have been stored in /opt/local/share/denyhosts/data.

However, I prefer DenyHost to be running in daemon mode and to synchronize with data collected from the cloud, so I inserted  SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 into denyhosts.cfg and started DenyHost with some additional options:

sudo /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/denyhosts.py --config=/etc/denyhosts.cfg --sync --daemon

And now I feel much more comfortable now.

Related Links:

• Preventing SSH Dictionary Attacks With DenyHosts
• Denyhost
• Debian Linux Stop SSH User Hacking / Cracking Attacks with DenyHosts Software

The tutorials at http://www.gimp.org/tutorials/ are very useful. You may come to astonishing results following them. My favourite ones are

• http://www.gimp.org/tutorials/Color2BW/ (How to create good grayscale images from coloured ones)
• http://www.gimp.org/tutorials/Film_Grain/ (How to add film grain to make the image look somewhat vintage)
• http://www.gimpguru.org/Tutorials/FilmGrain/ (dito)

Another nice tutorial that deals with creating vintage look using The Gimp is here:

http://www.linuxjournal.com/article/6750

It focuses on more subtle filtering.

When trying to get MPICH2 working on two Debian Lenny machine, I ran into a problem. Actually, /etc/hosts was misconfigured. It was necessary to turn

127.0.1.1    myMachine.myDomain    myMachine

which caused heavy problems when trying to connect from a slave node to the master node using

mpd –host [masterhost] –p [masterport] &

on the slave into

192.168.1.39    myMachine.myDomain    myMachine

which was the actual IP address given to that machine by my DHCP server. I had to repeat this for all nodes using the appropriate IP of the node.

I figured out this problem by reading chapter “Troubleshooting MPDs -> Debugging host/network configuration” of the mpich2-installationguide.pdf – which is worth reading anyway. I learned that running into trouble in such a situation, the command

mpdcheck

or even

mpdcheck -l

is a great tool, since it determines potential host of network configuration problems. There is plenty of debugging information in that manual, so you should always give it a try before searching the internet.

So here is what I did in order to build MPICH2 from scratch:

1. First, I configured ssh in such a manner, that I was able to logon to any host without using I password. In order to achieve this condition, I created a secret key using ssh-keygen and copied the public key to all slaves. I did not use an empty passphrase, but I started ssh-agent in order to enable quite logon
2. I got the source from the MPICH2 project homepage and unzip/tar-ed to some temporary directory
3. cd there and build it using ./configure –prefix=/opt/mpich2 . (However, I preferred building MPICH2 using the Intel Compilers, thus, I set environmental variables CC and CXX: export CXX=icpc && export CC=icc . This step is, of course, not necessary if you build MPICH2 using GNU Compilers)
4. make && sudo make install
5. Next, I copied the whole /opt/mpich2 directory to the slave nodes calling scp -r /opt/mpich2 sascha@myslavenode
6. The PATH and the LD_LIBRARY_PATH must contain the paths to /opt/mpich2/bin and /opt/mpich2/lib
7. 4. and 5. was  carried out for all nodes, i.e. all nodes had the mpich2 directory physically on their HDs and the paths were set as of 5.
8. Next, ~/mpd.conf needs to be created. This file contains a list of hosts to be connected to (for example, refer to my mpd.conf file)
9. On the master, I executed mpdboot -n 2 -f ~/mpd.hosts which establishes connection between 2 hosts for 6 processors (see mpd.conf)
10. I used mpdringtest 10000 and mpdtrace -l and mpiexec -n 6 hostname respectively in order to validate the connection
11. Finally, I ran mpdallexit on one machine in order to kill the whole ring

Voila! I’ve got my cluster up and running now

This is meant to be a walkthrough rather than a tutorial, thus, this is no good for absolute C++ / Eclipse beginners (you may get lost too soon).

Step I: Create the Shared Library

1. File -> New -> Project
2. C/C++ -> C++ Project
3. Shared Library -> Empty Project (remember to give it a name. Here I use "testlib")
4. Create a class for Testing: File -> New -> Class. Name it “TestClass“. Also create a simple public method: prototype
   void testWrite(void);
   within TestClass.h and implement something like
   void TestClass::testWrite(void) { std::cout << "From Shared Lib" << std::endl; }
   within TestClass.cpp. Remember to include iostream somewhere
5. Only if you would like to create a 64bit build: Advanced Settings -> GCC C++ Compiler -> Miscellaneous -> All Options: Add -fPIC
6. Ctrl+B for build. There should be no errors

Step II: Create some executable that uses the dynamic library

1. File -> New -> Project
2. C/C++ -> C++ Project
3. Executable -> “Hello World C++ Project”
4. Name it “UseDLL”
5. Next -> Next -> “Advanced Settings”
6. GCC C++ Compiler -> Directories ->Add (Button to the right top)
7. Workspace -> testlib (or enter: ${workspace_loc:/testlib})
8. Should look like this:
9. GCC C++ Linker -> Libraries
10. Add Library (-L): ${workspace_loc:/testlib/Debug}
11. Add Library search PATH (-l): ${workspace_loc:/testlib/Debug}
12. Should look like this:
    
13. Finally select “Paths and Symbols” from the left -> References and select “testlib”:
    
14. However, this counts for “debug”. Repeat step 10 to 13 for “release” choosing “release” from the upmost tab and replacing “debug” by “release”
15. OK -> Finish
16. Ctrl+B should build, however, let’s include the library and do something:
17. From the Project Explorer, DoubleClick on UseDLL -> src -> UseCPP.cpp and include "TestClass.h"
18. Also add two lines within main() that create the TestClass object and call its testWrite() method:
    TestClass ti;
19. ts.testWrite();

Step III: Run (debug) the executable from within Eclipse

1. First, you must set the environmental variable LD_LIBRARY_PATH: From the Project Explorer Tab, choose UseDLL -> Right-Click -> Debug As -> Debug Configurations
2. Environment -> New
   Name = LD_LIBRARY_PATH
   Value = ${workspace_loc:/testlib/Debug}
3. Apply -> Close
4. Press “F11″ key for Debug -> Select “Use configuration specific setting” -> “Standard Create Process Launcher” -> OK
5. Now the debug view should appear
6. Set a break point (Ctrl+Shift+B) at the UseDLL.cpp line that contains “ts.testWrite();“:
   
7. Press “F8″ to “Resume”
8. When the above mentioned line is reached, press “F5″ to “Step Into” the method
9. Voila! You’re within the code of you dll:
   

PGP relies on the principle of the “Web Of Trust“. It also offers a service that allows for signing your key by PGP itself. It is called “PGP Global Directory Verification Service” and is quite easy to handle:

1. Go to http://keyserver1.pgp.com/vkd/ and upload your key.
2. You’ll receive an e-mail by PGP. Open this e-mail and click on the provided link to finalize the verification process.
3. Check the fingerprint and continue.
4. Now download the verified key and click on o.k.
5. Import the key.
6. Update the public key-servers

Your done.