Linux PC Server

I was also going to do some wireless stuff with this PC so bought a Netgear MA311 PCI Wireless card. Although the system was going to be headless I put an old graphics card in case I need it.

The following hardware was installed:

  • ASUS Motherboard
  • Pentium II 233MHz CPU
  • 256Mb SDRAM RAM
  • Maxtor 13Gb Disk
  • Teac 40x CR-ROM
  • ASUS V3400 TNT 16Mb AGP graphics card
  • Netgear 10/100 Fast Ethernet PCI Card
  • Netgear MA311 Wireless PCI Card

    Hardware went smoothly. No incompatability problems despite a few ASUS products in there. Installed RedHat 8.0. Picked the custom install so as not to get lots of junk that I didn't want installed. Defintely no X.

    Building A Kernel
    Installing Wireless wlan-ng Driver
    Installing Wireless hostap Driver
    Installing Ethereal
    Installing Kismet
    Installing Fake AP
    Wardriving :-)
    Quake III

    Building a Kernel (2.4.18)

    After installing I recompiled the kernel to make sure everything worked before proceeding: 

    
make mrproper
make menuconfig
make dep
make bzImage
make modules
make modules_install
make install

    Hit the first problem on make install got the following error messages: 

    
sh -x ./install.sh 2.4.18-14custom bzImage /usr/src/linux-2.4.18-14/System.map ""
+ '[' -x /root/bin/installkernel ']'
+ '[' -x /sbin/installkernel ']'
+ exec /sbin/installkernel 2.4.18-14custom bzImage /usr/src/linux-2.4.18-14/System.map ''
grubby fatal error: unable to find a suitable template
make[1]: Leaving directory `/usr/src/linux-2.4.18-14/arch/i386/boot'

    Apparently RedHat make install does not support the lilo loader any more, and only supports grub loader, which I was not using. Solution was to update the /etc/lilo.conf file myself. 

    
prompt
timeout=50
default=Steves-linux
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
message=/boot/message
lba32

image=/boot/vmlinuz-2.4.18-14
    label=linux
    initrd=/boot/initrd-2.4.18-14.img
    read-only
    append="root=LABEL=/"

image=/boot/vmlinuz-2.4.18-14custom
	label=Steves-linux
	initrd=/boot/initrd-2.4.18-14custom.img
    read-only

    Wireless wlan-ng driver

    I downloaded and installed the latest wlan-ng driver from AbsoluteValue Systems. I tried linux-wlan-ng-0.1.15 whcih gave me some grief. Firstly it compained that it could not find ngcc or nld. There are no such programs as these - the driver package is talking rubbish. I simply symbolic linked /usr/sbin/gcc and /usr/sbin/ld. This was enough to get the compile underway. I then got the following errors when compiling: 

    
-o wland wland.o ../shared/p80211types.o ../shared/p80211meta.o ../shared/p80211metamsg.o
../shared/p80211metamib.o 
wland.o: In function `msg2command':
wland.o(.text+0x407): undefined reference to `sprintf_R1d26aa98'
wland.o(.text+0x517): undefined reference to `sprintf_R1d26aa98'
collect2: ld returned 1 exit status
make[2]: *** [wland] Error 1

    This is something to do with versions of kernels. I didn't have much time to mess around with this so went back to an earlier version that I know worked on my laptop. I used linux-wlan-ng-0.1.13

    This compile complained about SIOCSIWNAME undefined in prism2wext.c. In newer RedHat kernels this has been replaced by SIOCSIWCOMMIT. Just edit the file prism2wext.c and replace SIOCSIWNAME with SIOCSIWCOMMIT.

    Bingo. Compiled. I now have a PCI wireless driver. Time to see if it works.

  • Copy rc.wlan to /etc/rc.d/init.d and symlink it to /etc/rc.d/rc3.d/S09wlan.
  • Add alias wlan0 prism2_pci to /etc/modules.conf
  • Add ifconfig wlan0 192.168.10.10 netmask 255.255.255.0 to /etc/rc.d/rc.local
  • In /etc/wlan.conf set DesiredSSID="Wireless" and SSID="Wireless"

    To test use modprobe prism2_pci. If successful check /var/log/messages 

    
Dec 20 16:15:15 kimi kernel: init_module: prism2_pci.o: 0.1.13 Loaded
Dec 20 16:15:15 kimi kernel: init_module: dev_info is: prism2_pci
Dec 20 16:15:15 kimi kernel: PCI: Found IRQ 10 for device 00:09.0
Dec 20 16:15:15 kimi kernel: PCI: Sharing IRQ 10 with 00:04.2
Dec 20 16:15:15 kimi kernel: A Prism2.5 PCI device found, phymem:0xe2000000, irq:10
Dec 20 16:15:15 kimi kernel: , mem:0xce8d0000
Dec 20 16:15:16 kimi /etc/hotplug/net.agent: invoke ifup wlan0

    Rebooted and checked the wlan0 interface came up and bingo one Wireless network! Not that happy about this driver. It does not use the wireless tools. Also it does not support the Host AP features of my Netgear MA311 card. So I cannot use the amusing Fake AP tool.



    Wireless hostap driver

    Decided to abandon using the wlan-ng wireless driver and try the hostap driver instead. I used the latest hostap-2002-10-12 version.

    This version compiled and installed first time with no problems: 

    
make hostap
make pci
make install_pci

  • Add the line alias wlan0 hostao_pci to /etc/modules.conf

  • Configure /etc/wlan.conf. Mainy WAN_DEVICES and SSID 
    
WLAN_DEVICES="wlan0"

wlandevice_config()
{
case "$1" in
*)
        #=======ENABLE========================================
        # Do we want to enable the card at all?  Set to 'n' if you don't
        # want the card initialized for normal operation.  Helpful for
        # (re)loading flash or for test purposes.
        WLAN_ENABLE=y

        #=======USER MIB SETTINGS=============================
        # You can add the assignments for various MIB items
        #  of your choosing to this variable, separated by 
        #  whitespace.  The wlan-ng script will then set each one.
        # Just uncomment the variable and set the assignments 
        #  the way you want them.

        #USER_MIBS="p2CnfRoamingMode=1"

        #=======WEP===========================================
        # [Dis/En]able WEP.  Settings only matter if PrivacyInvoked is true
        dot11PrivacyInvoked=false       # true|false
        dot11WEPDefaultKeyID=0          # 0|1|2|3
        dot11ExcludeUnencrypted=true    # true|false, in AP this means WEP 
                                        #  is required for all STAs

        # If PRIV_GENSTR is not empty, use PRIV_GENTSTR to generate 
        #  keys (just a convenience)
        PRIV_GENERATOR=/sbin/nwepgen    # nwepgen, Neesus compatible
        PRIV_KEY128=false               # keylength to generate
        PRIV_GENSTR=""

        # or set them explicitly.  Set genstr or keys, not both.
        dot11WEPDefaultKey0=            # format: xx:xx:xx:xx:xx   or
        dot11WEPDefaultKey1=            #         xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx
        dot11WEPDefaultKey2=            #  e.g.   01:20:03:40:05   or
        dot11WEPDefaultKey3=            #         01:02:03:04:05:06:07:08:09:0a:
0b:0c:0d

        #=======SELECT STATION MODE===================
        IS_ADHOC=n                      # y|n, y - adhoc, n - infrastructure

        #=======INFRASTRUCTURE STATION START===================
        # SSID is all we have for now
        AuthType="opensystem"           # opensystem | sharedkey (requires WEP)
        DesiredSSID="Wireless"

        #=======ADHOC STATION START============================
        SSID="Wireless"                 # SSID
        BCNINT=100                      # Beacon interval (in Kus)
        CHANNEL=6                       # DS channel for BSS (1-14, depends 
                                        #   on regulatory domain)
        BASICRATES="2 4"                # Rates for mgmt&ctl frames (in 500Kb/s)
        OPRATES="2 4 11 22"             # Supported rates in BSS (in 500Kb/s)
    ;;
esac
}


  • Create a file /etc/rc.d/hostap and symbolic linked it to /etc/rc.d/rc3.d/S09hostap
    modprobe hostap_pci
iwconfig wlan0 essid Wireless
iwconfig wlan0 channel 6
iwconfig wlan0 mode Managed


  • Add ifconfig wlan0 192.168.10.10 netmask 255.255.255.0 to /etc/rc.d/rc.local

    To test use modprobe hostap_pci. If successful check /var/log/messages: 

    
Dec 26 14:17:40 kimi kernel: hostap_pci: hostap_pci.c 0.0.0 2002-10-12 (SSH Communications 
Security Corp, Jouni Malinen)
Dec 26 14:17:40 kimi kernel: hostap_pci: (c) Jouni Malinen 
Dec 26 14:17:40 kimi kernel: PCI: Found IRQ 12 for device 00:09.0
Dec 26 14:17:40 kimi kernel: PCI: Sharing IRQ 12 with 00:04.2
Dec 26 14:17:40 kimi kernel: hostap_pci: Registered netdevice wlan0
Dec 26 14:17:40 kimi kernel: wlan0: NIC: id=0x8013 v1.0.0
Dec 26 14:17:40 kimi kernel: wlan0: PRI: id=0x15 v1.0.7
Dec 26 14:17:40 kimi kernel: wlan0: STA: id=0x1f v1.3.6
Dec 26 14:17:40 kimi kernel: wlan0: Intersil Prism2.5 PCI: mem=0xe2000000, irq=12

    Rebooted and wlan0 came up and attached to my Wireless network. Working wireless network with a more recent driver and using the wireless tools. Time to add some more advanced network tools.

    Ethereal Network Sniffer

    Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

    I downloaded ethereal-0.9.8 and compiled this. Used ./configure --disable-ethereal because this system has no graphics.

    Kismet Wireless Sniffer

    Kismet is a 802.11b wireless network sniffer - it is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area. Kismet works with any wireless card which is capable of reporting raw packets (rfmon support), which include any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards, and Orinoco based cards.

    I downloaded kismet-2.6.2 and compiled this. It did give me some grief about the ethereal wiretap not being found: 

    
checking for usable wiretap in /usr/src/ethereal-0.9.6/wiretap... no
configure: WARNING: *** No useable wiretap found in /usr/src/ethereal-0.9.6.  
Make sure this directory is correct and that you have configured and compiled 
Ethereal in this directory.  While Kismet will function without wiretap, 
it will limit the log reading and writing abilities. ***

    Hmmm ethereal is there and compiled. Don't really need wiretap at the moment, which is really used for replaying log files. The normal dump variety should do for the time being.

    The kismet_monitor program has the wrong command to put the wireless card into monitor mode. Edit the file and replace the iwpriv with iwconfig as shown below: 

    
    "prism2_hostap")
        echo "Enabling monitor mode for a hostap prism2 card on $DEVICE channel $CHANNEL"
        # iwpriv $DEVICE monitor 3
        iwconfig $DEVICE mode monitor

    Fake AP

    Fake AP generates thousands of counterfeit 802.11b access points and therefore confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables.

    The concept of this was so funny that I just had to download and try this little utility. To start with the program was a little disappointing but the README does point out:

    Wardriving tools like Kismet or NetStumbler will see thousands of APs pop up on their screens. While more knowledgeable individuals will spot these fake APs for what they are, those with less clue will be generally befuddled and great comedy will ensue. Fake AP can be used on its own, as part of a wireless honeypot, or form a component of an 802.11b security architecture. What ever you do, realize this is beta code at best and a simple proof of concept. Fake AP was written in 2 hours at DEFCON X and tested on the chaos that was the DCX wireless network.

    The biggest problem is that it is dead easy to spot the fake APs. They constantly fade out, change MAC address and do not transfer any data. Spotting a static genuine WAP in this is fairly trivial.

    The code is a straight forward PERL script so I tried making some modifications. Firstly I wanted the ESSIDs to retain the same MAC address. This way Kismet does not generate thousands of fake APs everytime the ESSID is cycled with a new MAC. Added a seed MAC address which I just add the index of the ESSID selected from the file. ESSIDs now keep the MAC addresses like genuine ones.

    Okay this does not mean you get thousands of fake APs appearing and it will currently break if you have more than 255 ESSIDs in yout file. Will fix this but just a dirty hack to test it out.

    Even with static MACs the real APs can be spotted. Mainly because they are the obnly ones transferring data. Changed the code to give the fake AP an IP address and kick some broadcasts out on it. Starting to look good.

    Another thing I was not happy about was how the Fake APs fade in and out on Kismet. Real APs don't do that. To get round this you can give a number of fake APs the same ESSID as your real AP. Rather than randomise which ESSID is used I just processed them in a loop. As long as the number of ESSIDs is small enough and the program cycles round quick enough programs like kismet will show them active all the time. Using 32 ESSIDs my PII 233Mhz kept them all active using 35% CPU.

    Obviously now all the Fake APs were putting out a roughly the same amount of data. Randomised the number of broadcasts and IP address associated with Fake IP. All looks a lot better now for these minor improvements. Still don't think it would fool anyone who knew what they were doing. If anything the Fake APs now look more interesting than the real AP. But still amusing for the drive by Wardriver with laptop.

    Wardriving :-)

    Grabbed my laptop which also has wireless tools on, filled the wheels up with petrol and heading off out into Reading for a spot of Wardiving. Bucket seats are not designed for laptops :-) Suprising how many wireless networks are out there. About 40% didn't have any WEP enabled. This includes a few companies, which require further investigation...


    Quake3

    Okay so I have a Linux server at the end of an ADSL line. As well as putting lots of wireless tools on, how about Quake3. It's quite easy:

  • Buy a copy of Quake Gold (cannot buy Quake III by itself now)
  • Read the Linux Qiake III Howto

    Quite straight forward really. Things only start to get complicated if you want to mess around with the parameters. Documentation for Quake III parameters is not that comprehensive. Here's my startup string and paramter file: 

    
/home/swatts/quake3/q3ded +set dedicated 1 +set ttycon 0 +set fs_homepath /home/swatts/quake3 
+set fs_basepath /home/swatts/quake3 +exec rc.cfg

  • The baseq3/rc.fg file: 
    
set sv_hostname "Quake III - Just bring It"
set sv_maxclients 10
set g_motd "Welcome to Hell..."
set g_forcerespawn 15
set g_gametype 0
set fraglimit 10
set timelimit 20
set sv_pure 0
set sv_allowdownload 1
cg_forceModel 1 
set m1 "map q3dm2; set nextmap vstr m2"
set m2 "map q3dm1; set nextmap vstr m3"
set m3 "map q3dm3; set nextmap vstr m4"
set m4 "map q3dm4; set nextmap vstr m5"
set m5 "map q3dm5; set nextmap vstr m6"
set m6 "map q3dm6; set nextmap vstr m1"
vstr m1

    Try as I might I cannot get quake3 to start up under rc.local on boot. It must be missing some environment variables or something.

    Other fun things to do are get models from Planet Quake and install them in your baseq3 directory.



    Back to Steve's computer pages