To get the Samsung Galaxy S working with the Android SDK in Ubuntu, some setup is needed, else you'll be getting errors like this:

? adb devices
List of devices attached
????????????	no permissions

I did these on a Ubuntu Lucid Lynx, but this should work for other versions/distro of Linux too I think.

1)
Change to root

? sudo -

2)
Create the needed file. 04e8 refers to the Vendor ID for the Samsung manufacturer.

# echo 'SUBSYSTEM=="usb", SYSFS{idVendor}=="04e8", MODE="0666"' >> /etc/udev/rules.d/51-android.rules

3)
Restart the udev service

# /etc/init.d/udev restart

4)
Plug in the phone (make sure debugging mode is already enabled), and run adb as needed

? adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
[device-id]    device

Hope this helps whoever needs this.

You need to install the geoip-bin package in Ubuntu/Debian's APT system:

sudo apt-get install geoip-bin

Then after which, lookups can be done as simply as:

$ geoiplookup 8.8.8.8
GeoIP Country Edition: US, United States

Note that the lookups are based on the GeoLite Country database.  For more detailed geoip lookups you will need to buy the better databases.

Taking a search through Ubuntu's APT system, to see whether any IDN related tools are available...

$ apt-cache search punycode

libidn11 - GNU Libidn library, implementation of IETF IDN specifications
libidn11-dev - Development files for GNU Libidn, an IDN library
idn - Command line and Emacs interface to GNU Libidn
libidn11-java - Java port of the GNU Libidn library, an IDN implementation
libidna-punycode-perl - encodes Unicode string in Punycode

There's the idn package!  Which allows encoding of IDNs in punycode in the command line...

Doing an install...

$ sudo apt-get install idn -y

And trying it out!

$ idn правительство.рф

libidn 1.15
Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Simon Josefsson.
GNU Libidn comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of GNU Libidn under the terms of
the GNU Lesser General Public License.  For more information
about these matters, see the file named COPYING.LIB.
xn--80aealotwbjpid2k.xn--p1ai

And resolving the domain...

$ nslookup xn--80aealotwbjpid2k.xn--p1ai

Non-authoritative answer:
Name:	xn--80aealotwbjpid2k.xn--p1ai
Address: 95.173.135.62

Note that resolving the domain directly results in rubbish!

$ nslookup правительство.рф

Non-authoritative answer:
Name:	\208\191\209\128\208\176\208\178\208\184\209\130\208\181\208\187\209\140\209\129\209\130\208\178\208\190.\209\128\209\132
Address: 67.215.65.132

So, basically from this we understand that applications will need to use the punycode encoded version of the IDN, NOT the original IDN, when resolving.  And there're tools out there already can do that for us.

Since Ubuntu has these packages, Debian would also have the corresponding packages available too.

Some (or probably most/all) of your searches might involve public IP addresses, and more often than not we would want to have additional info along with the IP address to work with.

Three of the things that we could do in Splunk automatically would be to get IP-location info, or to reverse lookup an IP to a domain, or to lookup a domain to an IP.

1. Geolocation

There're two ways to do geolocating of IPs: using the iplocation command, or to use the MAXMIND app.

1a. iplocation

The command iplocation is described as:

Finds ips in _raw and looks up the IP location using the hostip.info database. IPs are extracted as ip1, ip2, etc. Cities and Countries are likewise extracted.

What we only need to do is to pipe the search to iplocation and let it do the rest!  The lookups are done from the server on the fly, so make sure that the server is able to do whois/ns lookups on the network.

index=myindex | iplocation

1b. MAXMIND app

Like previously mentioned before: install the MAXMIND app, then pipe the field containing IPs to the lookup (the field name must be clientip, if not this will not work duh)

This can work with the server not having any internet connectivity, but the accuracy is entirely dependant on the cached MAXMIND database.

index=myindex | lookup geoip clientip

or

index=myindex2 | lookup geoip clientip as fieldwithip

2, 3. IP-hostname or hostname-IP

These two items are pretty similar.  Spunk 4 comes with a lookup script called external_lookup.py, and the config is already in the default transforms.conf.  So we only need to use it!

Resolving IPs to hostnames:

index=myindex | lookup dnslookup clientip

Resolving hostnames to IPs:

index=myindex | lookup dnslookup clienthost

(no screenshot, sorry )

Leave a comment if this helped, or if you want to ask anything!

I wanted to run the victim machines in VirtualBox instead of VMware Player, and after some experimentation and Googling around with the crashing issue, here're the instructions on how to get things up and running.

Host OS: Ubuntu 9.10
VirtualBox 3.1.2
Guest OS: Ubuntu 7.04 Server

Steps:

1. Get only the server ISO, not the virtual machine. http://old-releases.ubuntu.com/releases/feisty/ubuntu-7.04-server-i386.iso

2. Add it into the list of CD/DVD images within the Virtual Media Manager in VirtualBox.

3. Create a new virtual machine with the following settings:
Name: (up to you)
Operation System: Linux
Version: Ubuntu
Base Memory Size: (up to you, the defaults of 384MB was ok for me)
Boot Hard Disk: (up to you, create new or select pre-existing one)

4. Select the new virtual machine, then click on Settings to edit the settings for this virtual machine (duh).

5. Goto System > Processor. Check the box labelled "Enable PAE/NX". This is needed for this to work.

6. Goto the Storage section, select the "Empty" CD/DVD item, then select the 7.04 ISO you added earlier in step 1. This will be needed for your install...

7. Goto the Network section. Adapter 1 should be enabled for you already, change "Attached to" from "NAT" to "Host-only Adapter". I do this since we want a vulnerable server and not get the latest updates. If you have different needs set this option accordingly.

8. Edit any other hardware options as you wish and then press "Ok".

9. Start the virtual machine, it should boot up to the CD ISO. Follow the steps for installing the ISO into the virtual disk. If you're using "Host-only Adapter" as shown in step 7, it will prompt a bit with regards to empty route, no nameservers and no proxy. This is normal, leave as blank and continue.

10. There! I (hopefully) can haz vulnerable server!

Do leave a comment if this has helped, or if you have any other questions which I'll answer if I can, heh.

--------------------------------

References:

1. Offensive Security's walkthrough on Metasploit: Metasploit Unleashed > 02 Required Materials > Ubuntu 7.04

2. Ubuntu 7.04 Server Crashes when booting: ... do a default install of Ububtu 7.04 Server. When install is complete, immediately after booting Ubuntu crashes: Int 14: CR2 c1000000 err 00000002 EIP c03f3c3e CS 00000060 flags 00000006 Stack: 373c0046 00000000 ffffffff c0490000 00001400 00000080 00400000 ffffff80

The code that I used was based from this forum post. This one presumes that your MTA has been setup properly. The original code was for protecting your root account (i.e. when anyone logs into your server's root account, you get the notification).

(Note: it is usually not advisable to login as root. Create a user account and give it sudoer rights instead. I'd say that's advisable even for servers where there is only one person expected to login, which is you.)

 

Protect only the root account

If you want to protect only the root account, edit the file /root/.bash_profile or /root/.profile (the bash profile file takes precedence)

Add this line at the end:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Login from `who | awk '{print $6}'`" youremailaddresshere
 

Protect all accounts

If you want to protect ALL accounts, which is better for high security requirements, or for paranoid people like me, you edit the /etc/profile file instead. (you will need root priviledges for this)

For me, I used this instead of the previous command:
echo 'ALERT - Shell Access:' `date` `who` | mail -s "Alert: Shell Access from `who | cut -d"(" -f2 | cut -d")" -f1`" youremailaddresshere

With this, you'll get a notification whenever anyone logs in. The downside to this is that you may get too many emails on a server that has plenty of people logging in.

I referred to Ryan's and Mohanjith's blog posts that detail this, and after some tweaks to get it up working with the most recent version of WordPress on PHP5, I've decided to write some instructions that are a little more recent

1. Install WordPress and memcached. (duh)

Google for instructions on how to do that for your relevant distros, but I won't be covering that here.  I assume that your memcached server is listening on 127.0.0.1:11211.

2. Copy object-cache.php into wp-content folder.

I've mirrored Mohanjith's modified version here.  Do remember to rename it to object-cache.php, and make it readable by the PHP user account.

3. Edit your wp-config.php file.

Add these lines in:

global $memcached_servers;
$memcached_servers = array('default' => array('127.0.0.1:11211'));
global $blog_id;
$blog_id = 'some_unique_identifier';

If you have different WordPress blogs using the same memcached cache, $blog_id MUST be unique across different blogs.  Else you can just leave it as it is

4. Enjoy the speedup.

There you're done!  You can verify that WordPress is using the memcached cache by issuing the "stats" command to memcached, which I probably will write how to in another post.