Ubuntu 12.04 sudoers – shutdown and rebooting with normal user

Here’s if you want to boot your Ubuntu 12.04 machine without typing a password :

1. Put your command on /etc/sudoers.d/shutdown

sudo visudo -f /etc/sudoers.d/shutdown

 

2. Type this :

# Cmnd alias specification
 Cmnd_Alias SHUTDOWN_CMDS = /sbin/shutdown, /sbin/halt, /sbin/reboot
# User privilege specification
 rumy ALL = (ALL) NOPASSWD: SHUTDOWN_CMDS

3. Save it

4. Execute it like this :

rumy@cbug-lair:~$ sudo /sbin/reboot

Weird day with Windows’s Trojan/Malware and DNS Poisoning >.<

While assisting someone from the web forum who was infected by Trojan/Malware (it’s Windows machine FYI), I deliberately browsed on suspected IP address knowing that Windows Trojan and/or Malware won’t harm my Ubuntu Linux Machine. Won’t it?
Well … my machine got infected! Immediately after I browse that IP address, my outbound internet connection suddenly full with strange connection to some local (Indonesian) IP Address and some other IP from outside Indonesia.

netstat -a reveal nothing when no browser open, but suddenly full of establish ongoing connection to port 443 (ssl) and other port when I open Chrome of Firefox on my Ubuntu Machine, some connection were legit (namely the infamous Google’s sin01*-site) but many are just rouge connection, and it steal(!) my bandwidth.

I’ve installed avg antivirus for linux (the deb version for debian/ubuntu) and clamav which I never thought I’d have on my Linux Machine but all the scan revealed nothing, rkhunter and chkrootkit says nada – no infection whatsoever, but the weird establish outbound connection is still there.

So I retraced my step to the IP address I browsed before I got the problem: and compared it to some of the IP list on my netstat output: It seemed that all the connection to the suspected IP always forwarded to a248.e.akamai.net and some other rouge site.

Further research revealed that the culprit was my dns cache, it seemed that the rouge site manipulate my dns cache so it can control my outbound connection, that was why I can’t find any infected file on my system ;) … and worse, dnsmasq was ran by default on my Ubuntu 12.04 because it’s build in NetworkManager (with all the DNS Poisoning threat lately I guess Canonical should disable it in 12.10).

Here’s what I do to fix my problem :

1. Clear all my browser cache

2. Edit NetworkManager.conf

sudo pico /etc/NetworkManager/NetworkManager.conf

3. Disable dnsmasq.

#dns=dnsmasq

4. Restart Network Manager

sudo restart network-manager

5. Clear the dns cache

sudo /etc/init.d/dns-clean start

and just to be sure I installed nscd too

sudo apt-get install nscd

sudo /etc/init.d/nscd start

6. Done!

New toy ;)

Got a new toy : it’s Axioo PicoPad 5 GEA with Android ICS 4.0.3

Form Factor
Candybar

Network
2G: GSM 850/900/1800/1900 Mhz
3G: WCDMA 850/2100 Mhz

Display
5.0-inches
480 x 800 pixels (WVGA)
187 ppi pixel density
Capacitive multi-touch touchscreen (5 points)

Processor
MTK6575 1 GHz

RAM & Storage
512 MB RAM
4 GB ROM
microSD up to 32 GB

Operating System
Android 4.0.3 (Ice Cream Sandwich)

Camera
5 MP rear camera
0.3 MP (VGA) front-facing camera

Data/Connectivity
GPRS Class 12, EGDE Class 12, WCDMA 7.2 Mbps
Wi-Fi 802.11b/g/n
Bluetooth
micro USB 2.0

Battery
Lithium-Ion 1800 mAh
Stand-by Time: up to 48 hours
Work Time: up to 360 minutes

Dimensions and Weight
146 mm x 82 mm x 11.3 mm
223 gram

Colors
Black, white

Features
Browser: HTML, Flash
Supported Audio Formats: AAC, AAC+, eAAC+, MP3, MIDI, WMA, PCM
Supported Video Formats: AVC, H.263, H.264, MPEG-4 SP
3.5mm audio jack
Radio
GPS with A-GPS

The bad news for ROM enthusiast like me is it was pack with Android system recovery <3e> which so far made me unable to install CWM Recovery >.< let alone rooting it, so am still working on it ;)