Friday, 21 October 2016

NETBEANS: Installing tmc plugin in existing netbeans installation (for mooc.fi java dev course)

Recently I discovered a gem of a website from a comment in reddit recommending a source for learning JAVA programming interactively. The exercises look really amazing, and free too! Massive open online course (MOOC) allows you to follow Java exercises, preform them in your own desktop IDE (NetBeans) and submit you code against the server to progress though the various exercises.

However, the directions how to get started only described a method which requires you to download a bundled version NetBeans with the TMC (test my code) plugin. The problem is i already have NetBeans installed and configured.

After doing some googling I found an easy method of installing TMC plugin onto my existing installation of NetBeans without having to download the bundle. So if you use this way of installing the plugin, on Ubuntu just go to the software center, download NetBeans, and follow the steps bellow. Simple.

The reason I am re-posting it here is because the GitHub page I used recently 404'd, and i want the infomation to be still available as I found it very usefull myself. If you interested in the original page, it is still in the google cache here. It was marked "DEPRECATED", however the part of the tutorial for the plugin method worked great for me. ¯\_ᵔ ͜ʖᵔ_/¯

Just keeping this info available to others who may need it.

Source address. (404)
User/credit: jamox


INSTALLING TMC-PLUGIN TO EXSISTING NETBEANS INSTALLATION, do this in paja. 

Open NetBeans. Make sure that version you are using is at least 7.2.1. (7.3 or newer is recommendend)

Go to Tools -> Plugins


Select tab Settings click Add.
Set name to TMC
Url to http://update.testmycode.net/tmc-netbeans_hy/updates.xml

 Select tab Available Plugins, search for TMC It should show only one result. Check checkbox on its row and and select Install


Click Next

Check Accept the terms in all license agreements


Click continue, when instaler complains that these plugins are not signed.

When installation is complete restart NetBeans

When you start TMC/NetBeans for the first time, the below window should open. If it does not open, you can find it from the TMC-part of the NetBeans menu bar.

Give the Username and Password that you gave during registration.

Press the button "refresh list" and select from "Current course"

By pressing "ok" the assignment "projects" are downloaded to your computer.



Note: for the mooc.fi course, the server address is "https://tmc.mooc.fi/mooc". You must register via their website for login details, see here.

Saturday, 10 September 2016

My favourite Chrome privacy extensions


These are my favourite five chrome privacy extensions...

WOT: Web Of Trust
removed
  • "The Web Of Trust (WOT) extension is a website reputation rating tool that helps you make informed decisions about whether to trust a website or not when you are searching, shopping or browsing online."
 uBlock Origin

  • "An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there."

ScriptSafe
  • "A Chrome extension that gives users control of the web and more secure browsing while emphasizing simplicity and intuitiveness."
HTTPS Everywhere
  • "HTTPS Everywhere is an extension created by EFF and the Tor Project which automatically switches thousands of sites from insecure "http" to secure "https".  It will protect you against many forms of surveillance and account hijacking, and some forms of censorship
Flashcontrol
  • "Have more control of flash content by preventing it from loading in webpages until you allow it."

WORKAROUND: HTTPS Everywhere is extension 'corrupted' fix



The HTTPS Everywhere extension doesn't seem to be working correctly in the latest Chrome and Chromium. The problem is, once it is installed or after the Chrome update, the extension is being disabled and labelled as 'corrupted, with the Repair not working and reinstalling also.. 

This is a workaround i found on the Chrome extension page which surfaced a few days ago...


Corruption bug appears to have a workaround. Posted by Anand Bhat:
For all those having issues with the latest version showing as corrupt, try these steps: 
1. Install extension.
2. Once it shows "This extension may have been corrupted", go back to the Chrome store and open up this extension's page (https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp). 
3. The top of the page will have this text -- "This item has been disabled in Chrome. Enable this item". Click it.
4. Extension will get activated! 
The developers of this extension are aware of this and it is due to bug in Chrome. More details can be found at https://github.com/EFForg/https-everywhere/issues/5874#issuecomment-245493840
There should be a fix by the developers or on Chrome's site in the near future.

Enjoi this marvellous extension!

Saturday, 3 September 2016

LINUX HOWTO: Limiting SSH access to specific IP addresses

Intro:

This is a simple way to permit a select few IP addresses to access your raspberry pi though SSH and deny any others. By white listing certain IP addresses from networks you know you are adding a layer of security helping prevent others from accessing your machine. This is handy if you only access your machine from a few set locations, such as on the LAN and at work.

There are a few methods you could go about doing this, but i find this the most easy to implement, allowing you do accomplish basic permit and deny without iptables.

The two files needed to be edited are /etc/hosts.allow and /etc/hosts.deny

Step 1) 

Enter:
sudo nano /etc/hosts.allow

The file should be empty. At this point just add the ip addresses or subnets which you want to permit, for example:
sshd: 10.0.0.0/255.255.255.0 
sshd: 192.168.0.0/255.255.255.0
TIP: For specific IP addresses, just enter the address without the subnet.

Step 2)

Enter:
sudo nano /etc/hosts.deny

By entering the following you will deny all other addresses which were not explicitly defined before (everyone else).
sshd: ALL

Conclusion:

Now only those ip addresses or subnets defined will be able to get ssh access to your ssh server, others will not be able to connect.

LINUX HOWTO: Adding SSH login messages


This will display a message to those who connect to you ssh server before logging on.

Steps:

sudo nano /etc/ssh/sshd_config
- Open this file in terminal. Then find the line "#Banner /etc/issue.net" and remove comment so that it reads "Banner /etc/issue.net". Then save.

sudo nano /etc/issue.net
- Secondly open this file and enter your message in this file, then save. ASCII looks good here.


sudo service ssh restart
- Restart ssh, and then the message will be displayed to users.


                  _==|
             _==|   )__)  |
               )_)  )___) ))
              )___) )____))_)
         _    )____)_____))__)\
          \---__|____/|___|___-\\---
  ^^^^^^^^^\   oo oo oo oo     /~~^^^^^^^
    ~^^^^ ~~~~^^~~~~^^~~^^~~~~~
      ~~^^      ~^^~     ~^~ ~^ ~^
           ~^~~        ~~~^^~


For ascii art like this check out:

LINUX FIX: Gigabyte 990X - USB 3.0, 2.0 and Ethernet disabled after Ubuntu install.



After installing Ubuntu on my new computer I realised that only two of my USB 2.0 ports were working an non of the USB 3.0 ports or Ethernet network card. This seems to be a problem with many similar Gigabyte boards to mine. However there is a quick easy (revealingly so) solution to this.

In terminal run the following command: sudo nano /etc/default/grub
Find the line GRUB_CMDLINE_LINUX="" and replace with GRUB_CMDLINE_LINUX="iommu=soft"
save the file
open up another terminal and run: sudo update-grub
exit and restart computer


After applying this, every port; both 3.0, 2.0 and ethernet should work perfectly.


SOURCE: Credits go to Willyweasel, ozcyto, oldfred, linux-hardware-guide

RASPI: Installing and configuring fail2ban on the RaspberryPi

Wikipedia:
Fail2ban operates by monitoring log files (e.g. /var/log/auth.log/var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Fail2ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.
Fail2ban is an intrusion protection software which will prevent brute force attempts from accessing your ssh service. This is accomplished by logging the failed attempts and banning the offending ip addresses in iptables.


In this short tutorial i will show you how to install and configure fail2ban on Raspbian in four easy steps.



Step 1) Update

First thing to do is update your repositories...
sudo apt-get update

Step 2) Install

Secondly install fail2ban...
sudo apt-get install fail2ban

After installing, fail2ban will now protect ssh with default settings, so it will work after installing. Section three will show you how to customize these configurations.

Step 3) Configure

3.1)

Now take a look in this file at the default configurations, focusing on the defaults at the top and those under [ssh]. Don't change anything, just take a look around as our configurations will not be added here.
sudo nano /etc/fail2ban/jail.conf


The default configurations are stored in the jail.conf file, however changes should not be directly  here, instead they should be added to the jail.local file. - By adding our amendments to the .local, we can avoid adding everything and just those that we want to override.

Now open up jail.local:
sudo nano /etc/fail2ban/jail.local

3.2)

Here are my settings. You can paste these directly in to the empty jail.local file in if you want and use them as a template.

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
bantime = 600
banaction = iptables-allports
maxretry = 3
ignoreip = 127.0.0.1/8 192.168.1.0/24

What they mean: 
  • 'enabled' is set to true so that fail2ban operates for ssh. 
  • 'port' is what port to monitor, the default will be ssh (port 22). You may want to change this if you are running ssh on a different port than 22, but most users will use 22 however.
  • 'logpath' is the default log file used by fail2ban to track login attempts.
  • 'bantime' is measured in seconds and is the amount of time an offender will have to wait until attempting to connect again. The default is 600 seconds (10 minutes). To add permanent bans set this to -1 or bellow. 
  • 'maxretry' is the amount of login attempts until the offender will be locked out.
  • 'ignoreip' can be set to define ip addresses or subnets which the rules do not apply to. In the example i have added the loopback address and the private address space for my LAN. Change appropriately to suite your private addressing on your LAN.
In nano: ctrl+o saves, and ctrl+x exists.


Step 4) Restart fail2ban to take effect

Once the configurations are added to jail.local and saved, you can restart the fail2ban service for changes to take effect..
sudo service fail2ban restart



View banned ip addresses

sudo iptables -L INPUT -v -n | less

Note: keep in mind, whenever fail2ban is restarted, all the previous bans will be removed.

Sunday, 10 July 2016

Legal wargames


Fun war games in working though which are for beginners to advances users. I have been playing over the wire this week and its really fun.

http://overthewire.org/

See the following link for a list of plenty:
https://hackerlists.com/hacking-sites/

Tuesday, 5 April 2016

Blocking spotify ads with Spotify-AdKiller (LINUX)



 This is the latest and greatest spotify ad stopping script available at the moment. Been trailing it out and its good. It doest remove the ads per-say, however plays a track of your choice over the ads. This is for testing purposes and the developers suggest buying premium. Try it out yourself.

We all love Spotify, but sometimes people (like us) want to throw a party without having to listen to interrupting ads before having bought Spotify Premium. Well, with this killer project, now you can!

View project on github