Entradas Gnu Linux

Locate and remove duplicate files on Linux with fdupes

fdupes is available in the main software repositories of the different Linux distributions, we have chosen the popular Ubuntu to install and test it. To install it, as you all already know, just type the following command in the shell:

sudo apt install fdupes

Once installed, the way to locate and delete duplicate files is really simple. To locate duplicate files, just type the following command:

fdupes $RUTA

In our case we have typed the following command and it has returned the duplicate files:

[email protected]:~$ fdupes /home/bron


In this case we have two duplicate files, the previous order only serves to show the duplicates, we will not have the option to delete them, to be able to delete them just type the following command:

fdupes -d $RUTA

In our case we have keyboard the following command, we will have a simple wizard to be able to erase the duplicates where it will ask us which one we want to keep, it also gives us the option to keep both copies:

[email protected]:~$ fdupes -d /home/bron
[1] /home/bron/
[2] /home/bron/tiempo1

Set 1 of 2, preserve files [1 - 2, all]: 1

[+] /home/bron/
[-] /home/bron/tiempo1

[1] /home/bron/
[2] /home/bron/

Set 2 of 2, preserve files [1 - 2, all]: 1

[+] /home/bron/
[-] /home/bron/

Another very interesting order is to be able to search recursively by directories, and not only in a folder, to carry out this action simply put:

fdupes -r /directorio

We recommend visit our Linux section where you will find complete manuals of different tools.

Entradas Gnu Linux

Windows Defender detects the Kali Linux subsystem as a threat

One of the most interesting news that came to Windows 10, specifically in the Anniversary Update, was the Windows Subsystem for Linux, a virtualization tool that uses Hyper-V to allow us to run Linux on top of Windows 10 without using tools such as VMware or VirtualBox. Although Ubuntu was the first distro to appear for the WSL, we currently have a greater variety of options to choose from, such as Kali Linux, the well-known computer security distro.

Kali Linux is a distribution that is characterized by including a great variety of tools and pre-installed packages related to computer security so that users can perform all kinds of security tests and audits to verify that any computer or network is really safe .

Although many media are saying that today Kali Linux comes to the Microsoft Store to be able to run this distro thanks to the Windows 10 WSL, it is actually It has been available in the store since February 23, 2018, as we tell you. Any user can download this version from the Store and prepare their computer to run it with a couple of clicks and have all the tools that Kali offers us directly from Windows 10.

Kali Linux

Developer: Kali Linux

However, users who have been encouraged to try Kali on Windows 10 now They have encountered a problem, and it is that Windows Defender detects this hacking distro as a threat, preventing them from being able to use it normally.

Windows Defender detects Kali Linux exploits and tools as a threat

Any user can download and run Kali Linux smoothly from the Microsoft Store since this base distribution comes without any pre-installed tool, but the applications must be installed from the repositories once we have our Kali Linux image running in WSL.

However, as they tell us from Bleeping Computer, when trying to install the Kali tools, Windows Defender detects a number of dangerous exploits and hacking tools, blocking and removing all this content, making the use of Kali in Windows 10, right now, practically impossible.

The truth is that Microsoft has a difficult time solving this problem, since adding these threats to the antivirus “white list” would put users in serious danger. The only solution for users who want to use Kali on Windows 10 is to create a rule that instructs the WSL directory not to be scanned, or to disable Windows Defender when Kali is to be used.

Although it can be a nuisance, we must also see it on the good side, and that is that Windows Defender really works and is capable of protecting us from threats that can put us in danger.

Have you tried using Kali Linux on Windows 10?

Entradas Gnu Linux

Bad Taste, vulnerability that affects Linux with files for Windows

Bad taste

This vulnerability resides in gnome-exe-thumbnailer. This file manager is the default one for GNOME-based Linux distributions. Moskopp discovered that it could hide malicious VBScript within MSI file names. When the user accesses a folder on their computer where this malicious MSI file is stored, the GNOME files will automatically scan the file to extract an icon from its contents and display it in the file explorer window.

The problem is that when parsing the MSI file looking for its icon, the thumbnailer script also reads the filename and run the code found inside.

At the center of this vulnerability are thumbnailer configuration files They are located in / usr / share / thumbnailers, which Gnome uses to analyze files stored on a Linux computer to display icons or generate thumbnails.

How to protect yourself

Of course, the users themselves can protect yourself and prevent problems. To do this, Moskopp recommends that users delete all files found in / usr / share / thumbnailers or stop using GNOME files for the time being.

Moskopp has published a code test where it has demonstrated the vulnerability of Bad Tast. Your demo code only leaves a empty file named badtaste.txt on the user’s computer, but an attacker could do much more damage.

Automatic downloads

To carry out the attack, a hacker would first have to trick the victim into will download an MSI file. This, of course, requires social engineering. But Moskopp adds that “thumbnailer problems could be exploited through downloads with any web browser that doesn’t ask users if files should be saved.”

An example is that of Chrome, one of the most used worldwide. This browser allows users to configure downloads to take place automatically and not ask whether or not we want to save a file.

In any case, the severity of the attack will depend on the attacker’s ability to attach malicious code in the MSI file and whatever name you give the file itself. This is because the code in the MSI file runs under the acceptance of the victim (you have to give it permissions).

We are therefore facing a new vulnerability, Bad Taste, which attacks Linux users. This time those who use the GNOME environment and that they use files that were originally designed to attack Windows users.

As always, we have seen that we can take some preventive measures to protect ourselves from this vulnerability and keep our computer safe from threats.

Entradas Gnu Linux

You can now download the new Arch Linux 2017.11.01

Arch Linux It is a Linux distribution, as we have said, aimed at a public with advanced knowledge of Linux and composed mostly of free and open source software. If something characterizes this distribution, it is its minimalist and simple nature, where it is the user himself who must make the effort to adapt the distribution to his needs.

The Arch Linux development model is Rolling Release, that is, regular and continuous update so that by installing the latest packages we can always have the latest version of the entire distribution on our system, not having to install a new version every 6 months like it happens with Ubuntu or Windows 10.

Despite having a development model Rolling ReleaseFor users who install the distribution from scratch, those responsible usually release maintenance versions so that they do not have to download a huge number of patches when updating, but when installing the latest ISO they can have the system more or less up to date.

The new Arch Linux 2017.11.01 is the latest maintenance version of this Linux distribution, which allows us to install this system from scratch to have it updated as of November 1, 2017, having to install only the updates that have been released since then.

Arch Linux 2017.11.01 comes with the Linux kernel 4.13.9 installed by default, and with the latest versions of all its packages to date.

How to download or upgrade to Arch Linux 2017.11.01

The latest version of this distribution can now be downloaded without any from the main web page of the project. If we install it from this new ISO image, which occupies around 525 MBWe will be able to keep the Arch Linux system up to date, with the latest stable version of the Kernel to date and all the packages updated to their latest versions, a distribution ready to start using.

Arch image we can burn it to a CD or DVD Thanks to its small size (we remember that others, like Ubuntu, no longer fit on a CD) or we can also burn it to a USB memory to install from it.

If we already have Arch Linux installed, it is not necessary to download and install this new ISO, but we can update our system to the latest version, as it is distributed in this new ISO image, by executing the command:

Once you finish downloading and installing the packages, our Arch Linux distro will be fully up to date, and the Rolling Release distributions are the best thing to install and only have to format when something goes wrong or we need to do a cleaning that, if we do it manually, it would be very complicated.

Are you an Arch Linux user? What do you like the most and what do you like least about this distribution?

Entradas Gnu Linux

How to install Ubuntu Touch on a Nexus device

Along with the Ubuntu 13.10 release, Canonical released what it considers to be the stable version of its mobile operating system, Ubuntu for Phones, also known as Ubuntu Touch. This new mobile operating system comes to stand up to current ones like Android or iOS, but with several drawbacks, for example, the limitation only to Nexus devices or the lack of clients. In this article we are going to show you how we can install Ubuntu Touch on our Nexus.

The first thing we need is to be Ubuntu users, with quite advanced knowledge, since most of the progress is made through the terminal.

System preparation.

We must install the following packages in our Ubuntu to start developing with our Nexus.

  • sudo add-apt-repository ppa: phablet-team / tools
  • sudo apt-get update
  • sudo apt-get install phablet-tools android-tools-adb android-tools-fastboot

Preparing our Nexus.

On our Nexus, we must make sure we have the USB debugging option enabled. To do this we go to Settings> Phone information and click 7 times on “build number” to unlock the development options.

Once these options are enabled, we access Settings> Development options and activate the “USB debugging” option.

We must also have the unlocked bootloader on our smartphone to perform this process correctly.

Create backup of our Android.

Before continuing we are going to create a backup of our device. To do this we will connect this through USB to our Ubuntu and we will type the following parameter in the console:

  • adb backup -apk -shared -all

In this way we will create a file with all our programs, configurations and our OS that we can restore later if we do not like the new operating system by typing:

In this way our nexus will be as if we had not done anything with it.

Install Ubuntu Touch on our Nexus

To complete the installation we must type the following parameter:

  • sudo phablet-flash ubuntu-system –no-backup

The process will take a while. We must wait without disconnecting the device from the PC or interrupting the progress until it finishes and we can see Ubuntu Touch running on our Nexus.

From here, we can start using Canonical’s new operating system. If we want to go back to Android, we will restore the backup we created before and our smartphone will be back to the same way it was when the copy was created.

For more information we can consult the Ubuntu website.

Have you tried Ubuntu Touch? What do you think of Canonical’s new operating system?

Entradas Gnu Linux

Chromixium OS, an Ubuntu-based distribution with Chrome OS appearance

Linux is an open operating system, that is, the appearance and final characteristics of the system depend directly on the users and the developers. Thanks to this we can find distributions of all kinds, either optimized for low-resource systems (ToriOS, for example) or that perfectly imitate the appearance of other operating systems such as Mac OS X or Chrome OS.

Chromixium OS is a new distribution still in development that seeks to bring users the simple and fluid appearance of Chrome OS, Google’s desktop operating system, to all users who do not have a Chromebook in their hands and who want to provide this system with greater software compatibility beyond the Chrome ecosystem.

Chromixium OS is based on the 32-bit version of Ubuntu 14.04 with an LXDE desktop modified to look like the Chrome OS interface. Unlike the original version of the Google operating system, Chromixium OS allows you to run all kinds of applications compatible with Ubuntu, so the possibilities of this system are much higher than those of Chrome OS.

The minimum requirements for Chromixium OS are:

  • 512 MB of RAM.
  • 1 GHz processor with PAE support.
  • 8GB hard drive.

The applications available for this operating system are developed in GTK + 3 to offer users a modern and fluid appearance that is also compatible with other systems. By default there are several pre-installed applications to start working with this operating system, among others:

  • Chromium + PepperFlash
  • OpenBox
  • Nautilus
  • LXPanel

This operating system is still in an Alpha phase of its development. We can download the latest published compilation for free from your main web page. Although at the moment it is not recommended to use it in a production team, this distribution works perfectly in a virtual machine and allows us to get an idea of ​​the result that it will have in its final stable version, available in early 2015.

What do you think of this new Linux distribution based on Ubuntu and Chrome OS?

Entradas Gnu Linux

This trick will make Firefox faster on Ubuntu

In other words, it offers the possibility of improving the loading of website content, speeding up this process in a more than obvious way. Taking into account that many websites have been adapted to a design responsive, the loading speed is not the best. Obviously, this trick does not affect the speed of loading content through the Internet connection, but it does allow the Mozilla Foundation web browser to make better use of resources.

Enable hardware acceleration in Firefox

Believe it or not, the web browser is installed with this aspect disabled by default. This only occurs in Linux distributions, and the truth is, although we have tried to find out why, we have not found the reasons that the foundation has to configure this parameter. Or at least so far. What we mean is that the latest version (57 to be more exact) does have this function activated by default, something that is not the case in version 53, however.

Security experts believe that by default the foundation does not opt ​​for its activation because WebGL could hide some kind of vulnerability.

For all those who want to activate this acceleration and improve the performance of the web browser, it can be done in the following way.

  1. Type in the address bar about: config
  2. Using the search box, enter layers.acceleration.force-enabled
  3. 4 columns will appear, one of them indicating the flag that is going to be modified and another that is value, which should appear with value false.
  4. It is set to true and we must close the web browser completely for the change to take effect.

In what aspects should I notice improvement?

It is not entirely clear where an improvement should be appreciated. The experts indicate that when it comes to displaying content with animations, the loading should be much more fluid. There should also be some improvement in handling a number of tabs greater than 5. Above all, some improvement should be noticed when playing HD videos through web pages.

What do I do if the operation is not adequate?

It may be the case that the loading of the web pages is not correct (elements are missing at the end of the loading of the site), that the use of CPU or blockages of the web browser and other applications is disproportionately increased. To solve this, you just have to repeat the steps described above and restore the default state. That is, change the flag of true to false.

Entradas Gnu Linux

a new spyware hidden in Linux to spy on you

EvilGnome is a new spyware detected for Linux operating systems that hides itself as an extension for the desktop GNOME (the most used desktop among users of this operating system) and that, when it infects a computer, it can do almost anything with it, from taking screenshots to stealing individual files, recording audio and video, and even downloading modules for more functionalities.

EvilGnome: a complex spyware for Linux that is also not detected by an antivirus

East spyware it is distributed over the Internet as a supposed extension for GNOME in the form of a self-extracting file that, when run, generates all the data necessary for the infection to take place. The package generates a file, setup-sh, which contains all the instructions necessary for spyware to work.

The different modules that this spyware executes are:

  • ShooterSound: makes use of PulseAudio to capture the user’s microphone and upload the recordings to the control server.
  • ShooterImage: using the Cairo library it takes screenshots and uploads them to the remote control server.
  • ShooterFile: periodically scans hard drives to detect newly created files and sends them to the control server.
  • ShooterPing: This module allows hackers to control spyware remotely, as well as download and run new files or modules to take the attack to a new level.
  • ShooterKey: a module that implements a keylogger, although it does not work since its development was not completed.

The files of EvilGnome they hide within the path /.cache/gnome-software/gnome-shell-extensions/ so that victims do not suspect it by thinking that it is an extension for this desktop. In addition, when the computer is infected, a scheduled task is created in cronjob that executes the script every minute, script that checks if spyware is running and, if not, relaunches it.

Along with the spyware modules is a file, rtp.dat, which contains all the information to connect to the C2 remote control server controlled by the hackers. The connection to this server is always made securely using an RC5 key.

How to know if my Linux computer or server has been infected by EvilGnome

As we have already explained, this spyware hides itself on the victim’s computer as a GNOME extension to try not to arouse suspicion. Therefore, one of the easiest ways to know if we are infected or not is to check if the executable exists «gnome-shell-ext“Inside the path” ~ / .cache / gnome-software / gnome-shell-extensions “.

As antivirus for Linux are useless Faced with this threat, in case of being infected, what we must do is eliminate all traces of this malware in the aforementioned route. In addition, it is also recommended block port 3436 used by spyware to connect to the remote server and block the IPs that we can find in the rtp.dat file.

SSH EvilGnome

This malware is believed to be related to Gamaredon, a group of hackers operating from Russia, although their connection has not yet been proven. What is clear is that this spyware is not finished, but for some reason it has been leaked at an early stage of development.

It is possible that, in a while, EvilGnome will return to the network much more complex and dangerous than now, so we must take extreme precautions.

Entradas Gnu Linux

NotepadQQ, a text editor similar to Notepad ++ for Linux

Most Windows users are familiar with Notepad ++, a free alternative to Windows Notepad with an infinity of new options and additional features that not only facilitate its use but also provide the application with additional functionalities that allow it to cover a greater market share, for example, within the scope of programmers by having the syntax of different programming languages.

NotepadQQ looks for something similar to what Notepad ++ offers but within an operating system Linux. This free text editor has support for more than 100 different programming languages, with their corresponding syntax highlighting and coloring. Likewise, some of its strengths are the multiple selection and editing of text, the ability to work with macros and additional editing options, for example, the ability to convert text to uppercase or lowercase automatically.

Regarding visual and customization themes, with this application we will have a large number of themes and styles so that users can easily adapt it to their systems and needs.

As the main drawback we can highlight lack of autocompletion beyond PHP and HTML, understandable aspect due to the complexity of adding autocomplete options to the more than 100 programming languages. This program is still in development since 2010, so little by little we will see new functions that will win users over to alternatives such as Sublime Text or Kate.

NotepadQQ is not available in the official repositories, so to install it we must type:

  • sudo add-apt-repository ppa: notepadqq-team / notepadqq
  • sudo apt update
  • sudo apt install notepadqq

Finally we must remember that NotepadQQ is an open source application, an excellent feature to continue with the Linux philosophy. We can get more information about this project from your main web page.

How about NotepadQQ? Do you know of other similar text editors for Linux?

Source: FromLinux

Entradas Gnu Linux

Password Safe, a password manager compatible with KeePass

If you are a user who has just landed on Linux and you don’t know which password manager you can choose, you should consider using this password manager.

It is an application with a graphical interface whose functionalities come to the fore in their entirety with GNOME HIG.

Before continuing, it is time to make a small point. The app that does not occupy is not the same one that has the same open source name and that can be used in Windows. To be clear, Password Safe is only compatible with Linux devices.

And as a last point that we must bear in mind, the app is compatible with KeePass. That is, we could say that it is a client.

How to make users use different passwords

The appearance of this type of application is neither more nor less than a stimulation for many users. We are talking about the not recommended habit of using the same password in different services, just to remember it easily. With these types of applications, there is no excuse for not using strong and different passwords in the services.

These types of tools not only allow storage, they can also generate passwords, as long as the user deems it appropriate.

Password Safe app details

We leave the prolegomena behind, and we move on to talk about Password Safe. It is an application that could be considered quite complete.

From among all the existing functions, we are going to highlight, first of all, the possibility of creating and importing passwords previously managed with KeePass. With this aspect, indicate that version 4 is required, although it is true that users have tried previous versions and it seems that the process is carried out correctly.

As we have indicated previously, Password Safe also has a password generator, allowing the user to choose the desired complexity.

Like other alternatives, or KeePass itself, groups can be created under which stored credentials will be grouped. Once created, you can edit their properties without any problem and carry out the deletion of these.

Do you want to locate a credential? Do not worry. The tool has a search section that will use the name of the groups, the URL or name of the website and the user used.

Strong passwords, encrypted passwords

The advantage of this type of application is that, in addition to storing user credentials, it allows encryption to be applied to all stored information. The result is a database of credentials that are only accessible when the user enters the key with which they have been encrypted. The algorithm used is AES 256-bit, and it is also compatible with AES-KDF, used by KeePass

If you want more information, you can visit the Password Safe GitLab page.