Tag Archives: Linux

Howto make a bootable USB stick on OS X

Recently I updated my Windows PC (which I only use for gaming purpose of course) and managed to screw it. Once I did the planned restart it showed me “No operating system found”. Since I upgraded from Windows 7 to Windows 10 via the update manager I also did not had a Windows 10 image available to recover the system.

Thanks that I still have my Mac, and I am even more thankful, that it understands most of the Unix/Linux commands. So to get back to my old life, I first downloaded the Windows 10 ISO image from the Microsoft Homepage [1].

Okay so we have an ISO image – how to we get it on an USB stick – a simple copy would not make it. Therefore the following steps are required.

1.) Identify your USB stick – you would not like to replace your data storage or your OS X system.

This I usually do via the mount command:

jvr-mac:~ jvr$ mount
/dev/disk1 on / (hfs, local, journaled)
devfs on /dev (devfs, local, nobrowse)
map -hosts on /net (autofs, nosuid, automounted, nobrowse)
map auto_home on /home (autofs, automounted, nobrowse)
/dev/disk2s1 on /Volumes/Data (exfat, local, nodev, nosuid, noowners)
/dev/disk3s1 on /Volumes/ESD-USB (msdos, local, nodev, nosuid, noowners)

And here we go /dev/disk3s1 is the drive I was searching for. To be sure – double check it in the Finder App.

2.) Convert the .iso image to an .dmg image by using hdiutil

jvr-mac:~ jvr$ hdiutil convert -format UDRW -o Win10.dmg Downloads/Win10_1511_German_x64.iso
J_CCSA_X64FRE_DE-DE_DV5          (Apple_UDF : 0) lesen …
........................................................................................................
Dauer:  1m  2.901s
Geschwindigkeit: 61.0M Byte/s
Ersparnis: 0.0 %
created: /Users/jvr/Win10.dmg

The last sentence looks promising!

3.) Unmount the USB stick

jvr-mac:~ jvr$ diskutil umount /dev/disk3s1 
Volume ESD-USB on disk3s1 unmounted

4.) Write the image to your USB stick using dd command

This is the most critical part – so be sure that you write the image on the correct drive/stick. Just for your information: if stands for input file, of for output file and bs is the blocksize. The dd command basically copies block by block to the new drive.

jvr-mac:~ jvr$ sudo dd if=Win10.dmg of=/dev/disk3s1 bs=10m

5.) Unmount USB stick again

jvr-mac:~ jvr$ diskutil unmountDisk /dev/disk3s1

And by now you should have a bootable USB stick to recover your system. Lets cross the fingers that everything will work out fine with the PC 🙂

[1] Microsoft, Windows 10 ISO Image

Basic security for Linux hosts

After reading Cuckoo’s egg from Clifford Stoll [1] I got a bit unsure if my Linux server is basically set-up secure enough. Even if the story about the hacker is quite old, it is neither the less highlighting the importance for security and to be careful enough when connecting a machine to the net.

Additionally having some history and experience in Security, I decided to have a closer look on my Linux server to double-ensure security.

1.) Passwords

First of all – and the issue of many problems – passwords. So let’s create a password which has no relation to the user, the content or the server itself. Passwords should have a certain length, numbers, lower and upper-case characters – and at least a special character. If your brain is unable to generate such a password, you can use the pwgen command under Linux.

root@lvps5-35-244-75:~# pwgen -y 12

Since we now have created a secure password, we should limit our remote access to certain users. In addition we should disable remote access for the privileged root account, since to whatever reason somebody might be able to log in as root, there would be no more limitations or boundaries to change, modify or destroy our system. Therefore simply edit the following line in the /etc/ssh/sshd_config:

PermitRootLogin no

Afterwards, do a simple restart of the sshd to reload the configuration.

/etc/init.d/sshd restart

In addition, since most of our system might have several accounts – you should question yourself if all of them require ssh access.

 2.) Automatic Security Updates

To enable automatic security related updates under Ubuntu you should install the unattended-upgrades package.

apt-get install unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades

Further details in regards to the unattended upgrades and specifics can be found under [3]. Personal note: As for my installation, the unattended-upgrade was not doing the upgrades automatically, I simply added the command into my crontab to be fired up each day at 03:00.  To change your crontab use:

crontab -e

and add the following line

0 3 * * * /usr/bin/unattended-upgrade

In relation to this topic, also quite helpful I would see the apticron package, which should automatically inform you about package updates.

apt-get install apticron
vim /etc/apticron/apticron.conf

 

3.) Disable external root access

Also one of the basic security todos after a server set-up should be the disabling of the remote root ssh login. This can be easily done by changing the following parameter in /etc/ssh/sshd_config:

PermitRootLogin  no

Please note that a change onthe sshd requires a restart of the service, which can be done via:

/etc/init.d/sshd restart

4.) Take a look beyond the walls: Check for additional services

I see it as quite helpful to do an external scan of which services are available. This can be done quite easy and straightforward via nmap. So let’s install it and do a quick scan:

root@abc:~# apt-get install nmap
root@abc:~# nmap -f xyz.com
Starting Nmap 5.00 ( http://nmap.org ) at 2013-11-06 23:16 CET
 Interesting ports on jvr.at (5.35.244.75):
 Not shown: 985 closed ports
 PORT     STATE SERVICE
 21/tcp   open  ftp
 22/tcp   open  ssh
 25/tcp   open  smtp
 53/tcp   open  domain
 80/tcp   open  http
 106/tcp  open  pop3pw
 110/tcp  open  pop3
 143/tcp  open  imap
 443/tcp  open  https
 465/tcp  open  smtps
 587/tcp  open  submission
 993/tcp  open  imaps
 995/tcp  open  pop3s
 3306/tcp open  mysql
 8443/tcp open  https-alt

Of course there are a lot more of security related tipps & tricks, but I thought this might be a starting point. Another starting point, which I find quite useful is [2].

 

[1] Clifford Stoll, CUCKOO’S EGG

[2] Ravi Saive, 25 Hardening Security Tips for Linux

[3] Ubuntu Help, Automatic Security Updates