Thursday, February 8, 2018

How to install Raspbian Stretch to SD Card for Raspberry-pi using Windows (bonus how to unlock SD Card using Windows)

You need to download Raspbian Stretch from https://www.raspberrypi.org/downloads/
File 2017-11-29-raspbian-stretch.zip size: 1.64 GB (1,764,972,666 bytes)

Extract it.
File 2017-11-29-raspbian-stretch.img size: 4.58 GB (4,919,918,592 bytes)

Download and install Win32 Disk Imager from https://sourceforge.net/projects/win32diskimager/. 

Step to write your Raspbian Stretch image into SD Card:

  1. Put your SD Card into slot and run Win 32 Disk Imager.
  2. Select image files and point device to your SD Card.
  3. Click Write and wait until it finish. It will take some times, the image size is big :).

It takes 5-10 minues on my PC.

In case your SD Card state Write Protect or something like that, and you are sure that your SD Card switch is Unlock please follow these to unlock your SD Card (bonus): 
Caution: Use with your own risk! These instructions below may destroy your existing system/data on your hard drive if not careful.
A. Remove SD Card protection policy by running regedit

  1. Open Computer -> HKEY_LOCAL_MACHINE -> System -> Current Control Set -> Control
  2. Create (if not exist) or edit Storage Device Policies to DWORD (32 bit) Value to 0
  3. Restart your windows 

B. Unlock and remove any partition on SD Card

  1. Run diskpart
    Microsoft DiskPart version 10.0.16299.15
    Copyright (C) Microsoft Corporation.
    On computer: DEDET2013
  2. List your disk (CAUTION: Please read/select your disk carefully otherwise you may remove partition on your hard drive)
    DISKPART> list disk
      Disk ###  Status         Size     Free     Dyn  Gpt
      --------  -------------  -------  -------  ---  ---
      Disk 0    Online          465 GB   451 MB        *
      Disk 1    Online         7580 MB  3072 KB
  3. Choose/select your sd card
    DISKPART> select disk 1
    Disk 1 is now the selected disk.
    DISKPART> list disk
      Disk ###  Status         Size     Free     Dyn  Gpt
      --------  -------------  -------  -------  ---  ---
      Disk 0    Online          465 GB   451 MB        *
    * Disk 1    Online         7580 MB  3072 KB
  4. It will mark * for selected disk, now you can unlock and remove any partition on selected disk.
    DISKPART> clean
    DiskPart succeeded in cleaning the disk.
  5. Exit diskpart by type exit command
    DISKPART> exit

Running Raspberry Stretch for first time:
  1. Default user is pi with password raspberry, to change default password for pi user:
    $ passwd 
  2. Set password for root:
    $ sudo passwd root
References: 

  • https://www.raspberrypi.org/documentation/installation/installing-images/ 
  • https://www.raspberrypi.org/documentation/installation/installing-images/windows.md 
  • https://www.easeus.com/storage-media-recovery/remove-write-protection-in-windows-10-8-7.html 


Sunday, January 21, 2018

Detecting DNS flood using dns-flood-detector

You need to install dns-flood-detector
# apt-get install dns-flood-detector

dns-flood-detector will give you warning in dmesg something like:
[1309426.142779] TCP: request_sock_TCP: Possible SYN flooding on port 53. Sending cookies.  Check SNMP counters.

To show where it is come from
# /etc/init<dot>d/dns-flood-detector status
* dns-flood-detector<dot>service - LSB: start and stop the dns-flood-detector daemon
   Loaded: loaded (/etc/init<dot>d/dns-flood-detector; generated; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-05 14:25:46 WIB; 2 weeks 1 days ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 2 (limit: 4915)
   CGroup: /system<dot>slice/dns-flood-detector<dot>service
           `-475 /usr/bin/dns-flood-detector -d -v -v -t5 -w3
Jan 20 18:09:20 mars dns_flood_detector[475]: source [66<dot>220<dot>156<dot>144] - 3 tc…AA]
Jan 20 18:09:23 mars dns_flood_detector[475]: source [173<dot>252<dot>90<dot>118] - 3 tc…AA]
Warning: Journal has been rotated since unit was started<dot> Log output is incomplete or unavailable<dot>
Hint: Some lines were ellipsized, use -l to show in full<dot>

or
# service dns-flood-detector status
* dns-flood-detector<dot>service - LSB: start and stop the dns-flood-dete
ctor daemon
   Loaded: loaded (/etc/init<dot>d/dns-flood-detector; generated; vendor preset: ena
bled)
   Active: active (running) since Fri 2018-01-05 14:25:46 WIB; 2 week
s 1 days ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 2 (limit: 4915)
   CGroup: /system<dot>slice/dns-flood-detector<dot>service
           `-475 /usr/bin/dns-flood-detector -d -v -v -t5 -w3
Jan 20 18:09:20 mars dns_flood_detector[475]: source [66<dot>220<dot>156<dot>144] -
3 tcp qps : 3 udp qps [1 qps A] [5 qps AAAA]
Jan 20 18:09:23 mars dns_flood_detector[475]: source [173<dot>252<dot>90<dot>118] -
3 tcp qps : 3 udp qps [1 qps A] [5 qps AAAA]
Warning: Journal has been rotated since unit was started<dot> Log output is incomple
te or unavailable<dot>

Lets we find out who they are
# whois 66<dot>220<dot>156<dot>144
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=66<dot>220<dot>156<dot>144?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange:       66<dot>220<dot>144<dot>0 - 66<dot>220<dot>159<dot>255
CIDR:           66<dot>220<dot>144<dot>0/20
NetName:        TFBNET3
NetHandle:      NET-66-220-144-0-1
Parent:         NET66 (NET-66-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS32934
Organization:   Facebook, Inc<dot> (THEFA-3)
RegDate:        2009-02-13
Updated:        2012-02-24
Ref:            https://whois<dot>arin<dot>net/rest/net/NET-66-220-144-0-1
...

and
# whois 173<dot>252<dot>90<dot>118
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=173<dot>252<dot>90<dot>118?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange:       173<dot>252<dot>64<dot>0 - 173<dot>252<dot>127<dot>255
CIDR:           173<dot>252<dot>64<dot>0/18
NetName:        FACEBOOK-INC
NetHandle:      NET-173-252-64-0-1
Parent:         NET173 (NET-173-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS32934
Organization:   Facebook, Inc<dot> (THEFA-3)
RegDate:        2011-02-28
Updated:        2012-02-24
Ref:            https://whois<dot>arin<dot>net/rest/net/NET-173-252-64-0-1

Ops they are Facebook.inc :D

Lets we block it
# ipset add mynetrules 66<dot>220<dot>156<dot>144
# ipset add mynetrules 173<dot>252<dot>90<dot>118
# iptables -L | grep mynetrules
DROP       all  --  anywhere             anywhere             match-set mynetrules src

These are how to block class C
Jan 21 10:11:31 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>119] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>125] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>126] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>123] - 3 t…AA]

Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>124] - 3 t…AA]

Just check one of them
# whois 173<dot>252<dot>124<dot>124
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=173<dot>252<dot>124<dot>124?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange:       173<dot>252<dot>64<dot>0 - 173<dot>252<dot>127<dot>255
CIDR:           173<dot>252<dot>64<dot>0/18
NetName:        FACEBOOK-INC
NetHandle:      NET-173-252-64-0-1
Parent:         NET173 (NET-173-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS32934
Organization:   Facebook, Inc<dot> (THEFA-3)
RegDate:        2011-02-28
Updated:        2012-02-24
Ref:            https://whois<dot>arin<dot>net/rest/net/NET-173-252-64-0-1

Lets we block it
# ipset add mynetrules 173<dot>252<dot>124<dot>0/24



Friday, January 12, 2018

Using incron to monitor/watch a directory/folder

Requirement:
  • kernel 2.6.13 or later
Note:
  • "Note: It is important to know that incron is not recursive, so you need to manually add all sub-directories you want it to watch"
  • "There are two categories of tables: system tables (with root privileges) and user tables (with user privileges)."
  • "Each user has their own table, and commands in any given incrontab will be executed as the user who owns the incrontab. System users (such as apache, postfix, nobody etc.) may have their own incrontab."
  • "Please remember that the same path may occur only once per table (otherwise only the first occurrence takes effect and an error message is emitted to the system log)."
Installation
# apt-get install incron

General use
<path> <mask> <command>

<mask>
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
Special Events
IN_ALL_EVENTS Combines all of the above events
IN_DONT_FOLLOW Don't dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Wildcard Event
IN_NO_LOOP Disable monitoring of events until the current event is handled completely (until its child process exits – avoids infinite loops)

Wildcards
$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)

Add/edit user
# vi /etc/incron.allow
myuser

Status incron
# service incron status
* incron.service - file system events scheduler
   Loaded: loaded (/lib/systemd/system/incron.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-12 07:44:06 WIB; 33min ago
  Process: 7935 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
 Main PID: 7936 (incrond)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/incron.service
           `-7936 /usr/sbin/incrond

Test using user myuser

Create folder testincron under directory /home/myuser
$ mkdir testincron
$ ls /home/myuser/testincron

Create script to log change in testincron directory
$ vi testincron.sh
#!/bin/bash
echo "wildcard test: $1 $2 $3 $4 $5" >> /home/myuser/myincron.log

Make script to run
$ chmod u+x testincron.sh

Ereate/edit incrontab
$ incrontab -e
/home/myuser/testincron IN_ALL_EVENTS /home/myuser/testincron.sh $$ $@ $# $% $&

Create and delete example.txt in directory /home/myuser/testincron and see the log file
$ touch /home/myuser/testincron/example.txt
$ rm /home/myuser/testincron/example.txt
$ cat /home/myuser/myincron.log
   wildcard test: $ /home/myuser/testincron example.txt IN_CREATE 256
   wildcard test: $ /home/myuser/testincron example.txt IN_OPEN 32
   wildcard test: $ /home/myuser/testincron example.txt IN_ATTRIB 4
   wildcard test: $ /home/myuser/testincron example.txt IN_CLOSE_WRITE 8
   wildcard test: $ /home/myuser/testincron  IN_OPEN,IN_ISDIR 1073741856
   wildcard test: $ /home/myuser/testincron  IN_ACCESS,IN_ISDIR 1073741825
   wildcard test: $ /home/myuser/testincron  IN_CLOSE_NOWRITE,IN_ISDIR 1073741840
   wildcard test: $ /home/myuser/testincron example.txt IN_DELETE 512

To display date in yyyymmdd hh:mm:ss edit testincron.sh:
$ vi testincron.sh
#!/bin/bash
echo "$(date +%Y%m%d' '%H:%M:%S): $1 $2 $3 $4 $5" >> /home/myuser/myincron.log

References:
  • http://www.linux-magazine.com/Issues/2014/158/Monitoring-with-incron
  • https://linux.die.net/man/5/incrontab
  • https://www.linux.com/learn/how-use-incron-monitor-important-files-and-folders
  • https://www.garron.me/en/linux/use-incron-rsync-dropbox-backup.html

Friday, January 5, 2018

Debian Stretch: Install Genymotion

Requirement: VirtualBox 5.0.28

To install Genymotion:
  1. Download genymotion from https://www.genymotion.com/ (you need account to access download page).
    $ ./Downloads/genymotion-2.11.0-linux_x64.bin
    Installing for current user only. To install for all users, restart this installer as root.

    Installing to folder [/home/username/genymotion]. Are you sure [y/n] ? y


    - Trying to find VirtualBox toolset .................... OK (Valid version of VirtualBox found: 4.3.36_Debianr105129)
    - Extracting files .....................................
    OK (Extract into: [/home/username/genymotion])
    - Installing launcher icon ............................. OK

    Installation done successfully.

    You can now use these tools from [/home/username/genymotion]:
     - genymotion
     - genymotion-shell
     - gmtool

  2. To run genymotion
    $ ./genymotion/genymotion
    Logging activities to file: /home/dedetok/.Genymobile/genymotion.log

Note: You don't need root access to run genymotion.

References:
  • https://www.genymotion.com/

Debian Stretch: install virtual box from virtualbox.org repository

These are steps to install virtualbox from virtualbox.org repository:
  1. Add virtualbox.org repository into system:
    # echo 'deb http://download.virtualbox.org/virtualbox/debian stretch contrib' > /etc/apt/sources.list.d/virtualbox.list
  2. Download and install virtualbox.org key
    # wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
    # apt-key add oracle_vbox_2016.asc
  3. Update your system
    # apt-get update
  4. Install latest virtualbox (currently version 5.2)
    # apt-get install virtualbox-5.2



References:
  • https://wiki.debian.org/VirtualBox

Windows 10: entering windows repair mode

On my pc, windows 10 update often cause my PC to unstable (application error and system not responded after update).

This note, as my personal guide to enter windows repair mode.

To enter windows repair mode, do these steps:
  1. At window 10 login screen, hold shift button and click Power -> Restart.
  2. Next screen choose Troubleshoot and Advanced Options.
  3. There are some option to choose depend on what we want to repair:
    1. Command prompt (my favorite)
    2. Startup Setting
    3. Startup repair 
    4. others
  4. Then restart your windows, it will start your windows in repair mode.

For common troubleshooting do these sequence:
  1. sfc /scannow
  2. chkdsk c: /f
You may need to have handy windows update troubleshooter from micro soft site https://support.microsoft.com/en-ca/help/4027322/windows-update-troubleshooter

Thursday, December 28, 2017

Eclipse Oxygen: install Google Web Toolkit (GWT Eclipse Plugin)

To Install Google Web Toolkit (GWT Eclipse Plugin)
  1. Go to Help -> Eclipse Marketplace ...
  2. In Find type gwt (All Markets and All Categories) click Go
  3. Choose GWT Eclipse Plugin 3.0.0 (at time this note write) to install
  4. Choose all GWT plugin and accept all terms and conditions, click Finish
  5. Done

Reference:
  • http://marketplace.eclipse.org/content/gwt-eclipse-plugin