Auditando e restringindo aplicativos no Windows

Este post mostra como auditar e restringir aplicativos no Windows para criar ambientes um pouco mais seguros.

Artigo em inglês
Updated: June 27, 2012
Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
The Audit only enforcement setting helps you determine which applications are used in an organization. When the AppLocker policy for a rule collection is set to Audit only, rules for that rule collection are not enforced. When a user runs an application that would have been affected by an AppLocker rule, information about that application is added to the AppLocker event log.
noteNote
This scenario assumes that you completed Automatically Generating Executable Rules from a Reference Computer. However, you can complete the procedures in this scenario to test any rules that you already defined on the reference computer. If you are working with a predefined AppLocker rule set, ensure that the default rules were created.
If you did not create the default rules and are prevented from performing administrative tasks, restart the computer in Safe Mode, add the default rules, delete any deny rules that are preventing access, and then restart the computer in normal mode.
This scenario includes the following steps:
Step 1: Configure the audit enforcement setting

Step 2: Start the Application Identity service

Step 3: Refresh Group Policy settings on the computer

Step 4: Review the AppLocker log in Event Viewer

Step 1: Configure the audit enforcement setting
There are three AppLocker enforcement modes. When AppLocker policies are merged, both the rules and the enforcement modes are merged. The closest GPO setting is used for the enforcement mode while all rules from linked GPOs are applied, except for the Not configured setting, which is overwritten by any other linked setting.
The following table details the enforcement modes.

Enforcement mode Description
Not configured
Default. If linked GPOs contain a different setting, that setting is used. Otherwise, if any rules are present in the corresponding rule collection, they are enforced.
Enforce rules
Rules are enforced.
Audit only
Rules are audited but not enforced.
Before turning on rule enforcement, test the rules first by using the Audit only enforcement setting.
To configure the enforcement setting for the Executable Rules collection to Audit only
To open the Local Security Policy MMC snap-in, click Start, type secpol.msc, and then press ENTER.
In the console tree, double-click Application Control Policies, and then double-click AppLocker.
In the details pane, scroll down to the Configure Rule Enforcement heading, and then click Configure rule enforcement.
In the AppLocker Properties dialog box, under Executable Rules, click Audit only, and then click OK.
After creating the default rules and enabling the auditing mode, deploy the test policy to test the GPO and determine which applications are being used.
Step 2: Start the Application Identity service
The Application Identity service performs all of the rule conversion for the AppLocker policy. For AppLocker policy to be evaluated on a computer, the Application Identity service must be started.
To start the Application Identity service
Click Start, type services.msc , and then press ENTER.
In the Services snap-in console, right-click Application Identity, and then click Properties.
On the Start type menu, click Automatic, and then click OK.
In the Services snap-in console, right-click Application Identity, and then click Start to start the service for the first time.
noteNote
Consider using Group Policy to start the service automatically on all computers where you plan to deploy AppLocker. For information about configuring Group Policies, see How to Configure Group Policies to Set Security for System Services.
Step 3: Refresh Group Policy settings on the computer
After you create new AppLocker rules, you must refresh the Group Policy settings on the computer to ensure that the AppLocker rules are applied.
To refresh Group Policy settings
At the command prompt, type gpupdate /force, and then press ENTER.
Wait for the messages confirming that the user and computer policies are updated, and then close the window.
Step 4: Review the AppLocker log in Event Viewer
The AppLocker log contains information about all of the applications that are affected by AppLocker rules. You can use the log to determine which applications are affected by a rule. Each event in the AppLocker operational log contains detailed information about:
Which file is affected and the path of that file.

Whether the file is allowed or blocked.

The rule type (path, file hash, or publisher).

The rule name.

The security identifier (SID) for the targeted user or group.

To review the AppLocker log in Event Viewer
Click Start, type eventvwr.msc, and then press ENTER.
In the Event Viewer console tree, double-click Application and Services Logs, double-click Microsoft, double-click Windows, double-click AppLocker, and then click EXE and DLL.
Review the entries in the results pane to determine if any applications are not included in the rules that you automatically generated. For instance, some line-of-business applications are installed to non-standard locations, such as the root of the active drive (C:\).
The following table describes the event levels that you may find in the log.
noteNote
New logs and new events have been added in Windows Server 2012 and Windows 8. For more information, see Using Event Viewer with AppLocker.

Event ID Event level Event text Description
8000
Error
Application Identity Policy conversion failed. Status <%1>
The policy was not applied correctly to the computer. The Status message is provided for troubleshooting purposes.
8001
Informational
The AppLocker policy was applied successfully to this computer.
The AppLocker policy was applied successfully to this computer.
8002
Informational
was allowed to run.
Specifies that the .exe or .dll file is allowed by an AppLocker rule.
8003
Warning
was allowed to run but would have been prevented from running if the AppLocker policy were enforced.
Specifies that the file would have been blocked if the Enforce rules enforcement mode were enabled. You see this event level only when the enforcement mode is set to Audit only.
8004
Error
was not allowed to run.
The file cannot run. You see this event level only when the enforcement mode is set directly or indirectly through Group Policy inheritance to Enforce rules.
8005
Information
was allowed to run.
Specifies that the .msi file or script is allowed by an AppLocker rule.
See Also
Concepts
AppLocker Step-by-Step Scenarios

Link de referência: http://technet.microsoft.com/en-us/library/dd723693(v=ws.10).aspx

Como habilitar e desabilitar processos no Suse Enterprise Linux

Para gerenciar os serviços no Suse utilize o comando chkconfig. Veja o exemplo abaixo

server-tendencia:/etc/init.d # chkconfig –list
Makefile 0:off 1:off 2:off 3:off 4:off 5:off 6:off
SuSEfirewall2_init 0:off 1:off 2:off 3:off 4:off 5:off 6:off
SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off
aaeventd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off 1:off 2:on 3:on 4:off 5:on 6:off
alsasound 0:off 1:off 2:on 3:on 4:off 5:on 6:off
atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
auditd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
autofs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
autoyast 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cron 0:off 1:off 2:on 3:on 4:off 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:off 5:on 6:off
cupsrenice 0:off 1:off 2:off 3:off 4:off 5:on 6:off
dbus 0:off 1:off 2:off 3:on 4:off 5:on 6:off
earlygdm 0:off 1:off 2:off 3:off 4:off 5:on 6:off
earlykbd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
earlysyslog 0:off 1:off 2:off 3:off 4:off 5:on 6:off
esound 0:off 1:off 2:off 3:off 4:off 5:off 6:off
evms 0:off 1:off 2:off 3:off 4:off 5:off 6:off
fam 0:off 1:off 2:off 3:off 4:off 5:off 6:off
fbset 0:off 1:on 2:on 3:on 4:off 5:on 6:off
gpm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
haldaemon 0:off 1:off 2:off 3:on 4:off 5:on 6:off
idmapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ipmi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ipxmount 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irq_balancer 0:off 1:on 2:on 3:on 4:off 5:on 6:off
joystick 0:off 1:off 2:off 3:off 4:off 5:off 6:off
kbd 0:off 1:on 2:on 3:on 4:off 5:on 6:off S:on
lm_sensors 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mdadmd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
microcode 0:off 1:on 2:on 3:on 4:off 5:on 6:off S:on
multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:off 5:on 6:off
nfs 0:off 1:off 2:off 3:on 4:off 5:on 6:off
nfsboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off
nfsserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nmb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
novell-zmd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nscd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ntp 0:off 1:off 2:off 3:off 4:off 5:off 6:off
openct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
oracle 0:off 1:off 2:off 3:on 4:off 5:on 6:off
pcscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
portmap 0:off 1:off 2:off 3:on 4:off 5:on 6:off
postfix 0:off 1:off 2:off 3:on 4:off 5:on 6:off
powerd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
powersaved 0:off 1:off 2:on 3:on 4:off 5:on 6:off
pure-ftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
random 0:off 1:off 2:on 3:on 4:off 5:on 6:off
raw 0:off 1:off 2:on 3:on 4:off 5:on 6:off
resmgr 0:off 1:off 2:on 3:on 4:off 5:on 6:off
rpasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rpmconfigcheck 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyncd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
running-kernel 0:off 1:off 2:on 3:on 4:off 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
skeleton.compat 0:off 1:off 2:off 3:off 4:off 5:off 6:off
slpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
smb 0:off 1:off 2:off 3:on 4:off 5:on 6:off
smbfs 0:off 1:off 2:off 3:on 4:off 5:on 6:off
smpppd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
splash 0:off 1:on 2:on 3:on 4:off 5:on 6:off S:on
splash_early 0:off 1:off 2:on 3:on 4:off 5:on 6:off
sshd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
suseRegister 0:off 1:off 2:off 3:on 4:off 5:on 6:off
svcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
syslog 0:off 1:off 2:on 3:on 4:off 5:on 6:off
sysstat 0:off 1:off 2:off 3:off 4:off 5:off 6:off
teamviewerd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xdm 0:off 1:off 2:off 3:off 4:off 5:on 6:off
xfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xinetd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xinetd based services:
chargen: off
chargen-udp: off
cups-lpd: off
cvs: off
daytime: off
daytime-udp: off
echo: off
echo-udp: off
fam: off
netstat: off
pure-ftpd: off
rsync: off
servers: off
services: off
swat: off
systat: off
time: off
time-udp: off
vnc: off

Habilitando serviço
Para habilitar um determinado daemon use

chkconfig smb on

Desabilitando serviço
Para desabilitar um serviço

chkconfig smb off

Para conhecer mais sobre o chkconfig acesse:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-services-chkconfig.html

Trabalhando com datas no Python

Artigo em Inglês

Here is an example of how to get the current date and time using the datetime module in Python:

import datetime

now = datetime.datetime.now()

print
print “Current date and time using str method of datetime object:”
print str(now)

print
print “Current date and time using instance attributes:”
print “Current year: %d” % now.year
print “Current month: %d” % now.month
print “Current day: %d” % now.day
print “Current hour: %d” % now.hour
print “Current minute: %d” % now.minute
print “Current second: %d” % now.second
print “Current microsecond: %d” % now.microsecond

print
print “Current date and time using strftime:”
print now.strftime(“%Y-%m-%d %H:%M”)

Results:
Current date and time using str method of datetime object:
2008-06-26 11:33:15.309236

Current date and time using instance attributes:
Current year: 2008
Current month: 6
Current day: 26
Current hour: 11
Current minute: 33
Current second: 15
Current microsecond: 309236

Current date and time using strftime:
2008-06-26 11:33

Directly from the time module documentation, here are more options to use with strftime:
Directive Meaning Notes
%a Locale’s abbreviated weekday name.
%A Locale’s full weekday name.
%b Locale’s abbreviated month name.
%B Locale’s full month name.
%c Locale’s appropriate date and time representation.
%d Day of the month as a decimal number [01,31].
%H Hour (24-hour clock) as a decimal number [00,23].
%I Hour (12-hour clock) as a decimal number [01,12].
%j Day of the year as a decimal number [001,366].
%m Month as a decimal number [01,12].
%M Minute as a decimal number [00,59].
%p Locale’s equivalent of either AM or PM. (1)
%S Second as a decimal number [00,61]. (2)
%U Week number of the year (Sunday as the first day of the week) as a decimal number [00,53]. All days in a new year preceding the first Sunday are considered to be in week 0. (3)
%w Weekday as a decimal number [0(Sunday),6].
%W Week number of the year (Monday as the first day of the week) as a decimal number [00,53]. All days in a new year preceding the first Monday are considered to be in week 0. (3)
%x Locale’s appropriate date representation.
%X Locale’s appropriate time representation.
%y Year without century as a decimal number [00,99].
%Y Year with century as a decimal number.
%Z Time zone name (no characters if no time zone exists).
%% A literal “%” character.

Abrindo aplicativos remotamente via SSH

O OpenSSH é um protocolo de comunicação seguro no qual possibilita que seja aberto remotamente ambientes com servidor gráfico em ambiente seguro.

Para possibilitar isto é necessário que as configurações do seu /etc/ssh/sshd_config esteja configurada corretamente. Veja o exemplo de configuração necessária:

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

Caso seu sshd_config esteja configurado corretamente pule esta parte.

Abra um terminal no computador no qual está usando e entre com o seguinte comando

ssh -X user@machine xterm

Caso não funcione entre na máquina de destino e adicione e execute o seguinte comando

xhost + machine

( geralmente o endereço de ip da máquina que se deseja acessar )

Pronto feito isto você conseguirá abrir qualquer aplicativo remotamente

Lixeira Global no Samba 3

Veja em um exemplo rápido e prático como utilizar uma lixeira em um servidor Samba

Adicione no global do samba as linhas abaixo:

vim /etc/samba/smb.conf

## Config da Lixeira no Global do Samba

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = /var/samba/lixeira/%U
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp, cache

Agora criar o diretório /var/samba/lixeira onde será armazenado o lixo.

mkdir -p /var/samba/lixeira
chmod 777 /var/samba/lixeira

Criar na seção de compartilhamento a lixeira

## Configuração a Lixeira como um Compartilhamento

[lixeira]
path = /var/samba/lixeira

browseable = yes
writable = yes
public = yes

depois e so reiniciar o samba..

#
service smb restart

Ninja Tel:: Imagine um celular usando uma rede de telefonia móvel alternativa

Já imaginou você comprar um celular livre de Vivo, TIM, Claro, Oi etc ?? A ideia de um grupo de hackers no USA foi criar uma rede “Pirata” onde é possível acessar a internet, falar e enviar SMS sem estar conectado com uma operadora própriamente.

Conheça o Ninja Tel rs, assista ao vídeo feito na Defcon e entenda como funciona

Configurando o MediaTomb no Ubuntu Server 12.04


O MediaTomb é um ótimo servidor de media UPNP. Ele é compatível com diversos dispositivos e é um ótimo servidor de mídia caso queira usar em conjunto com sua Smart TV ou PS3.

Veja abaixo como configurar o MediaTomb no Ubuntu Server 12.04

Conteúdo em inglês
MediaTomb UPnP Media Server
Introduction
“MediaTomb is an open source (GPL) UPnP MediaServer with a nice web user interface, it allows you to stream your digital media through your home network and listen to/watch it on a variety of UPnP compatible devices.”

Website: http://mediatomb.cc/

Installation Instructions
If you are using Ubuntu 8.04 (Hardy Heron) or later, install the ”mediatomb” package from the Universe repository using the previous link or your preferred package manager (e.g. Synaptic Package Manager, apt-get, etc.). If you are using an earlier version of Ubuntu, you should follow the instructions on the MediaTomb website to add the MediaTomb repository to your software sources.

Setup
Depending on the UPnP client you will be using to play media from your MediaTomb UPnP server, you may need to edit the MediaTomb configuration file. The following terminal command will open the configuration file for editing on Ubuntu, Kubuntu, or Xubuntu.

sudo nano /etc/mediatomb/config.xml
Alternatively, you can use a GUI text editor.

Ubuntu (gedit)
gksudo gedit /etc/mediatomb/config.xml
Kubuntu (kate)
kdesudo kate /etc/mediatomb/config.xml
Xubuntu (mousepad)
gksudo mousepad /etc/mediatomb/config.xml
To uncomment XML code, remove the “” from before and after the commented text. The following code is shown as it would appear after the necessary edits.

Enabling Web Interface
MediaTomb provides a web interface to help with configuration. To enable:
With any changes to the configuration file, the MediaTomb service will need to be restarted for them to take effect.

Allowing Accounts
As of version 0.12.1 to be able to ‘Login’, it appears like having accounts enabled now is mandatory. To do this change:
to yes. Here you can change the password too. However since MediaTomb only runs on a local network you may want to consider whether privacy is an issue. Default login/password is: mediatomb/mediatomb.

Playstation 3 (PS3) Compatibility

 

 

D-Link Media Player Compatibility

 

redsonic.com
105

 

ZyXEL DMA-1000 Compatibility

 

Getting Started With MediaTomb Running MediaTomb as a Service MediaTomb will by default run as a service at boot. You can start and stop the service manually from the terminal using the following commands:

Stop the MediaTomb service

sudo service mediatomb stop
Start the MediaTomb service

sudo service mediatomb start
Restart the MediaTomb service

sudo service mediatomb restart
Running MediaTomb Manually
You may run MediaTomb manually, but you must first remove the service using the following terminal commands.

sudo mv /etc/init.d/mediatomb /etc/init.d/mediatomb.backup
sudo update-rc.d mediatomb remove
Once the service is removed, you may run MediaTomb using the following command in the terminal.

mediatomb
Defining MediaTomb Shared Media
MediaTomb uses a web-based interface for setting your shared media directories. By default MediaTomb will select a free port starting with 49152, however you can specify a port of your choice in the configuration file. You may access the interface by directing your web browser to the URL “http://localhost:49152” (or the port currently in use by MediaTomb if you have changed the port in the configuration file, or 49152 was already in use by another application). Installing MediaTomb through the Ubuntu repositories will add a launcher in the Applications menu that will open the MediaTomb web interface in your browser.

Sharing Media

To share media files, first open the MediaTomb web interface. In the left column, select “Filesystem”, and navigate to the directory containing the media you want to share. Your media files will be shown on the right. Click the plus sign (“+”) to the right of the media file or directory to share the directory using the default settings, or the plus sign surrounded by the circular arrows to set advanced sharing options.

Editing or Removing Shared Media

You can view your shared media by selecting “Database” in the left column.

To edit or remove media, select “PC Directory” and navigate to the directory containing the media files you want to edit or remove. Click the X to the right of the file or directory to remove it from MediaTomb’s media database. Click the edit icon to the right of a media file to edit the description or mime type used when sharing the media. Click the plus sign surrounded by circular arrows to the right of a directory to change the advanced sharing options.

Transcoding
MediaTomb supports on-the-fly transcoding using external encoders such as ffmpeg and mencoder. Complete documentation on transcoding with MediaTomb can be found at the MediaTomb website.

Modelo de arquivo de configuração config.xml

<?xml version=”1.0″ encoding=”UTF-8″?>
<config version=”2″ xmlns=”http://mediatomb.cc/config/2″ xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:schemaLocation=”http://mediatomb.cc/config/2 http://mediatomb.cc/config/2.xsd”>
  <server>
<interface>eth0</interface>
<port>50000</port>
<ui enabled=”yes” show-tooltips=”yes”>
<accounts enabled=”no” session-timeout=”30″>
<account user=”mediatomb” password=”mediatomb”/>
</accounts>
</ui>
<name>MediaTomb</name>
<udn>uuid:05fb1733-b4bb-449f-9995-xxxx220dxxxx</udn>
<home>/etc/mediatomb</home>
<webroot>/usr/share/mediatomb/web</webroot>
<storage caching=”yes”>
<sqlite3 enabled=”yes”>
<database-file>mediatomb.db</database-file>
</sqlite3>
<mysql enabled=”no”>
<host>localhost</host>
<username>mediatomb</username>
<database>mediatomb</database>
</mysql>
</storage>
<protocolInfo extend=”yes”/>
<extended-runtime-options>
<ffmpegthumbnailer enabled=”no”>
<thumbnail-size>128</thumbnail-size>
<seek-percentage>5</seek-percentage>
<filmstrip-overlay>yes</filmstrip-overlay>
<workaround-bugs>no</workaround-bugs>
</ffmpegthumbnailer>
<mark-played-items enabled=”no” suppress-cds-updates=”yes”>
<string mode=”prepend”>*</string>
</mark-played-items>
</extended-runtime-options>
</server>
<import hidden-files=”no”>
<filesystem-charset>UTF-8</filesystem-charset>
<metadata-charset>ISO-8859-15</metadata-charset>
<scripting script-charset=”UTF-8″>
<common-script>/usr/share/mediatomb/js/common.js</common-script>
<playlist-script>/usr/share/mediatomb/js/playlists.js</playlist-script>
<virtual-layout type=”builtin”>
<import-script>/usr/share/mediatomb/js/import.js</import-script>
<dvd-script>/usr/share/mediatomb/js/import-dvd.js</dvd-script>
</virtual-layout>
</scripting>
<mappings>
<extension-mimetype ignore-unknown=”no”>
<map from=”mp3″ to=”audio/mpeg”/>
<map from=”wmv” to=”video/transcode”/>
<map from=”flv” to=”video/transcode”/>
<map from=”mkv” to=”video/transcode”/>
<map from=”rm”  to=”video/transcode”/>
<map from=”iso” to=”video/transcode”/>
<map from=”ogm” to=”video/transcode”/>
<map from=”mp4″ to=”video/transcode”/>
<map from=”avi” to=”video/transcode”/>
</extension-mimetype>
<mimetype-upnpclass>
<map from=”audio/*” to=”object.item.audioItem.musicTrack”/>
<map from=”video/*” to=”object.item.videoItem”/>
<map from=”image/*” to=”object.item.imageItem”/>
</mimetype-upnpclass>
<mimetype-contenttype>
<treat mimetype=”audio/mpeg” as=”mp3″/>
<treat mimetype=”video/transcode” as=”mpg”/>
</mimetype-contenttype>
</mappings>
<online-content>
<YouTube enabled=”yes” format=”mp4″ hd=”no” refresh=”28800″ update-at-start=”yes” purge-after=”604800″ racy-content=”exclude”>
<uploads user=”MuppetsStudio”/>
<favorites user=”MyOwnYTUser”/>
</YouTube>
</online-content>
</import>
<transcoding enabled=”yes”>
<mimetype-profile-mappings>
<transcode mimetype=”video/transcode” using=”multifunctional”/>
</mimetype-profile-mappings>
<profiles>
<profile name=”multifunctional” enabled=”yes” type=”external”>
<mimetype>video/mpeg</mimetype>
<first-resource>yes</first-resource>
<agent command=”/usr/local/bin/mediatomb-multifunctional.sh” arguments=”%in %out”/>
<buffer size=”102400″ chunk-size=”51200″ fill-size=”20480″/>
</profile>
</profiles>
</transcoding>
</config>

Mais informações a respeito do MediaTomb
https://help.ubuntu.com/community/MediaTomb

https://vanalboom.org/node/14