linuxlogo

linuxlogo.man.txt

there is a binary program that generates nice ASCII linux logos:

apt-get install linuxlogo; # install it in debian
yum install linux_logo; # install it in redhat/centos
linuxlogo -L list; # list all available logos
linuxlogo -L debian_banner_2; # output debian banner (if not run as root RAM might be wrong)

in centos standard configuration – centos outputs this logo:

the difference in bogomips comes from debian being asigned 4 virtual cpus…

while the colorful logos play out well in /etc/issue they come out crap in /etc/issuen.net 😀 (or maybe that is just because of the windows ssh client)

proper usage of linux_logo

actually i have no idea how to use this tool properly… because it needs root previliges to generate correct RAM and other values.

putting this line into /etc/profile is a stupid idea – because of incorrect RAM values generated for non-root users:

echo 'if [ -f /usr/bin/linux_logo ]; then linux_logo; fi' >> /etc/profile;

what you could do is do a script and a root-cron job to renew the /etc/issue.net every minute if you don’t mind the extra ressource usage.

config files

For all users that physically login to your machine – you can put your own ascii-based-welcome message into:

/etc/issue

… this will be displayed even before login.

for all users that login via telnet/ssh/network:

/etc/issue.net
/etc/motd

… will be displayed after login – no useage of \b special chars allowed.

under Debian the usage of /etc/issue.net via ssh is not enabled per default.

make shure to uncomment the #Banner line in:

vim /etc/ssh/sshd_config

Banner /etc/issue.net

and restart ssh service:

/etc/init.d/ssh restart; # and restart ssh service

relogin and test.

exit; # logoff

you could put a cool ascii generated logo like:

____________________________________________________
8888b.  Yb        dP    db    Yb    dP 888888 .dP"Y8
 8I  Yb  Yb  db  dP    dPYb    Yb  dP  88__   `Ybo."
 8I  dY   YbdPYbdP    dP__Yb    YbdP   88""   o.`Y8b
8888Y"     YP  YP    dP""""Yb    YP    888888 8bodP'

please do not missuse this server! rather unite mankind!

special chars

in debian special chars that translate into real-time information can only be used in /etc/issue but not /etc/issue.net?

under centos/redhat/suse it seems they work for both config files.

\n = hostname

\o = domainname

\b = baudrate

\s = systemname

\m = i386 or 64

\r = release of kernel

\v = os version

\d = date

\t = current time

\u or \U = logged in users

so if you want to put an ascii logo with \ into /etc/issue you need to escape it \\

(not in /etc/issue.net or /etc/motd)

so this:

                     _ _                        _      _     _             ___
   __ _ _ __  _   _  | (_)_ __  _   ___  __   __| | ___| |__ (_) __ _ _ __ / _ \\
  / _` | '_ \\| | | | | | | '_ \\| | | \\ \\/ /  / _` |/ _ \\ '_ \\| |/ _` | '_ \\ (_) |
 | (_| | | | | |_| | | | | | | | |_| |>  <  | (_| |  __/ |_) | | (_| | | | \\__, |
  \\__, |_| |_|\\__,_| |_|_|_| |_|\\__,_/_/\\_\\  \\__,_|\\___|_.__/|_|\\__,_|_| |_| /_/
  |___/

Holla die Waldfee \n \p \b \l \s \m \r \v \d \t \u \U

turns out like that:

ssh security

for security reasons, you probably do not want to disclose what version of SSH and distro you are running…

# it seems like hiding the ssh version number is not possible
# but you can hide your distro-version

telnet dwaves.de 22
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

echo "DebianBanner no" >> /etc/ssh/sshd_config;
service sshd restart

Escape character is '^]'.
SSH-2.0-OpenSSH_6.7p1

hiding ssh version info

I don’t like this it’s announcing the protocol and specific software package and version to the world, so the nasty hackers will know just what attacks to try. Can I turn this off?


Only partially, and it may not be worth the trouble. The version announcement is part of the SSH protocol. Each side sends a string of the form:

SSH-<protocol version>-<comment>

The protocol version is mandatory; it is necessary to allow different versions to interoperate. The comment field is optional, and you can remove it (though you will have to edit the source and recompile, or patch the image; none of the common servers have options to alter the comment).

However, if you do this, you may cause yourself some grief. Many SSH clients use the comment string to recognize particular servers and work around bugs and incompatibilities, so you may find other problems cropping up as a result.

src: http://web.archive.org/web/20160401181126/http://www.snailbook.com/faq/version-string.auto.html

knock, knock – who’s there?

simple technique to hide anything that is running on your server. (except from someone that can monitor all your TRAFFIC – and might just record the order of ports knocked.)

Here is a good implementation: http://www.zeroflux.org/projects/knock

„knockd is a port-knock server. It listens to all traffic on an ethernet (or PPP) interface, looking for special „knock“ sequences of port-hits.

A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.

This port need not be open — since knockd listens at the link-layer level, it sees all traffic even if it’s destined for a closed port.

When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file.

This can be used to open up holes in a firewall for quick access.“

src: https://serverfault.com/questions/216801/prevent-ssh-from-advertising-its-version-number

admin