Sunday, November 23, 2008

LHC VR Coolness

http://www.petermccready.com/portfolio/07041601.html

Wednesday, November 19, 2008

SSH Remote Command Execution

The following example allows you to execute a command on a remote system and return the results of the command without a shell session.

Simply include the command immediately after the normal ssh session request. Here's an easy one for a periodic secure rule integrity check on openBSD using pf.

ssh someuser@ip.add.re.ss 'pfctl -s rules | openssl sha1'

 

Monday, November 17, 2008

How to set up Apache, MySQL and PHP on FreeBSD


# cd /usr/ports/www/apache13-modssl
# make install
# echo 'apache_enable ="YES"' >> /etc/rc.conf
# echo 'apache_flags ="-DSSL"' >> /etc/rc.conf
# echo 'mysql_enable ="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/mysql-server start
# mysqladmin -u root password newpassword
# cd /usr/ports/www/mod_php4
# make install clean
# cd /usr/ports/lang/php4-extensions
# make install clean
# vi /usr/local/etc/apache/httpd.conf
AddType application/x- httpd-php . php
AddType application/x- httpd-php-source . phps
# /usr/local/etc/rc.d/apache.sh start


# whoami
root
# cd ~
# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 \
     -in /root/server.csr \
     -signkey /root/server.key \
     -out /root/server.crt
# cp ~/ ./server.key /usr/local/etc/apache/ssl.key/
# cp ~/ ./server.crt /usr/local/etc/apache/ssl.crt/

 

Friday, November 14, 2008

Migrating from VMWare ESX 3.5 to VMWare Server 2.0 with VMWare Converter 3.0.3

The following is a brief account of how I got my vm's up and running in VMWare Server 2.0 that were originally running in ESX.

Short Story: I was able to load the vm into Workstation 5.5.5, fix the problems and bring it up in VMWare Server 2.0. Read on if you want a tiny bit more detail, there's not much to it.

In many cases I have encountered, sometimes you can't convert a ESX vm straight to VMWare Server 2.0. Some post-conversion modification is necessary. A number of VMWare forum threads elude to this fact, but I have found no further information on what it specifically entails. The OS's I have had the most problems with are CentOS and OpenBSD. The test image that I initially did when I was reviewing the possibility of this migration was a Win2k3 Standard image, and I was able to convert and run it with no problems.

In the specific conversion I attempted, the conversion process of the CentOS vm appeared successful. What I mean by this is that a vmx and vmdk file were generated. However, when I was going through the wizard, I encountered the following "Warning: Cannot configure the source image.". The vmdk file size seemed reasonable and the vmx file seemed like it was missing a few lines. I transferred these files from the win2k3 VMCS server, where I ran the VMWare Converter 3.0.3 software, to their new home, a win2k3 server with VMWare Server 2.0. I "Added a Virtual Machine to Inventory" in the VMWare Server 2.0 interface and the vm was reported to have been registered Successfully, but the vm showed up as "Unknown" in the inventory list, the controls to start the vm were greyed out, and no errors appeared to be logged or displayed anywhere.

Frustrating.

So, I tried bringing the vm up on another system that had VMWare Workstation 5.5.5 on it. An error was thrown, stating that the ide reference was incorrect and it thoughtfully suggested a change, which I made and worked. Then I was able to bring the image up and successfully reconfigured it for the new network environment it would call home. I shut the image down, copied it back the target host with VMWare Server 2.0 and successfully registered and ran the image. One last thing I needed to do was answer a question from the VMWare Server 2.0 before startup would occur. It was hidden on a pop-down on the Console tab, and wanted to know whether I had "moved it" or "copied it".

Tips:
Be sure to delete any snapshots the vm had, otherwise there may be problems later. Though, I have converted images successfully ignoring this step. The other bit that might be useful to know is that I was not able to successfully migrate any vm to VMWare Server 2.0 when selecting VMWare Workstation 6.x as the destination image format using VMWare Converter 3.0.3.

Another solution would be to avoid all these gui tools and export the VMDK with vmkfstools, then transfer the vmdk and create a new VM pointing to the VMDK. :)

 

Wednesday, November 12, 2008

macosx2windows

Focus Finder
Apple+K    or    Go | Connect To Server

In the Server Address field, enter:
smb://[Domain];[user]@ip.ad.dr.ess/c$

e.g.: smb://DOMAIN;miked@192.168.1.5/myshare

 

Tuesday, November 11, 2008

Making real-time kernel adjustments in Linux

/proc/sys is an important directory in Linux, it contains many of the adjustable kernel values that can be changed while a system is running. it also provides a lot of information that can be collected and parsed by a script that might validate certain security settings. For instance, we have the file below, its contents (a zero or a one) would indicate whether or not the kernel is allowed to forward packets.

/proc/sys/net/ipv4/ip_forward

 

Monday, November 10, 2008

i.e. vs. e.g.

i.e.

"i.e." means "that is". In Latin it's "id est". "i.e." means "in other words,", "it is", or "that is". The intention is to give a specific example, of which there is only one correct precise example.

e.g.

"e.g." means "for example" and is derived from the Latin expression "exempli gratia" and means "for the sake of example". "e.g." is used to provide a possible example, or list of examples, of which there could be several others, including those not listed by the author.

 

Saturday, November 8, 2008

Find cpu info in Linux

# cat /proc/cpuinfo
# cat /proc/meminfo
# dmesg
# ispci

 

Friday, November 7, 2008

Use sshfs to Securely Mount Remote File Systems

The following commands can be used on *BSD systems.

# pkg_add -r fusefs-sshfs
# kldload /usr/local/modules/fuse.ko
# sysctl vfs.usermount=1
# mkdir /mnt/docs
# sshfs user@x.x.x.x:/some/remote.dir /mnt/local.dir

 

Tuesday, November 4, 2008

Using iphone ringtones on the blackberry

I have the Blackberry 8310 and I love it. I refuse to submit to the iphone on the general rule that I avoid fanboyism at all costs, despite the fact the iPhone cant do what my blackberry does right now. Recently I have been having a marvelous time in the morning, on the quiet train, getting all the iPhone owners to expose themselves when they hear the exciting and distinctive iPhone ringtone that could be their next incoming call. :)
Its easy to put the iPhone ringtones on your Blackberry, and here's how you do it.

First, get the ringtone. There's a posting here that has the one from the commercial. You can download it, unzip it and rename the 32K .m4r file to an .mp3 file. Then, either with the data cable or with your browser, save it to the ringtones directory and go change your ringtone. done.

The other location where you'll find all the iPhone ringtones, is on an iPhone, of course. Its located in the '/Library/Ringtones' folder. Connect your iPhone to your mac and use the Terminal application to get in there through the /Volumes mount point.

The method of getting it with your blackberry internet browser involves copying the file up to a website (presumably yours) and typing in the full url to where the file has been placed in the website. the blackberry internet browser will download it and automatically suggest that you place it into your ringtones.

Monday, November 3, 2008

Increase the size of the history buffer in openBSD

Add the following lines to ./.profile

HISTSIZE=50;export HISTSIZE
HISTFILE=.ksh_history;export HISTFILE

What is the netly collective looking for?

http://www.google.com/trends/hottrends?sa=X

Finding Plagurism on the Web

This is a pretty cool tool:

http://www.copyscape.com

List of Network Security Tools I Use



aide
BASE
curl
dban
dsniff
etherApe
EventSentry
Foundstone Tools
fping
google.com
search
trends
groups
hping
nbtscan
nessus
netcat
netcraft.com
netstat
nikto
nfcapd
nfdump
nfSen
nmap
ntop
openssl
openssh
p0f
pads
pf
pftop
pgp/gpg
ps
Retina
sguil
snort
snortlog
solarwinds
splunk
sqlping
stunnel
sysinternals
tcpdump
Tor
TrueCrypt
tshark
whois
w
Wireshark/Ethereal/sniff
wget

Sunday, November 2, 2008

snort / barnyard restart script


snortpid=`cat /var/run/snort_sis0.pid`
barnyardpid=`cat /var/run/by.pid`

if [ -e /var/run/snort_sis0.pid ]; then
color red
echo 'killing snort'
kill `cat /var/run/snort_sis0.pid`
color off
fi

if [ -e /var/run/by.pid ]; then
color red
echo 'killing barnyard'
kill `cat /var/run/by.pid`
color off
fi

if [ -x /usr/local/bin/snort ]; then
color cyan
echo 'starting snort'
/usr/local/bin/snort \
-i sis0 \
-c /etc/snort/snort.conf \
-u snort \
-g snort \
-d \
-D
color off
fi

if [ -x /usr/local/bin/barnyard ]; then
color cyan
echo 'starting barnyard'
/usr/local/bin/barnyard \
-c /etc/snort/barnyard.conf \
-p /etc/snort/classification.config \
-s /etc/snort/sid-msg.map \
-g /etc/snort/gen-msg.map \
-w /etc/snort/barnyard.waldo \
-d /var/log/snort -f snort.log \
> /dev/null 2>&1
color off
sleep 3
fi

if [ -e /var/run/snort_sis0.pid ]; then
color yellow
echo "snort running and pid is $snortpid"
color off
fi

if [ -e /var/run/by.pid ]; then
color yellow
echo "barnyard running and pid is $barnyardpid"
color off
fi

 

Decent writeup on current Cybercrime

Actually this article is probably obsolete by a year or so.

http://www.securecomputing.net.au/Opinion/123664,eugene-kaspersky-on-the-cybercrime-arms-race.aspx

 

Saturday, November 1, 2008

Purge Master Logs in MySQL

If the files '/var/log/mysql/server.bin.xxx' are large, you can manage them:

log into mysql as root. this is not the systems' root user, this is a different root user that is local to mysql.

# mysql -u root -p

mysql> purge master logs before 'xxxx-mm-dd 00:00:00';

To get today's date: `date +"%Y%m%d %H:%M:%S"`

 

Adding / Removing Routes in Linux

Add or Delete the Default Route

# route add default gw 10.10.1.1
# route del default gw 10.10.1.1

Add or Delete a Route for a Host

# route add -host x.x.x.x gw x.x.x.x
# route del -host x.x.x.x gw x.x.x.x

Add or Delete a Route for a Network

# route add -net 172.18.1.0/24 gw 10.10.1.43
# route del -net 172.18.1.0/24 gw 10.10.1.43

 

How to Concatenate a Bunch of Files in Windows

for %f in (*.log) do type "%f" >> aggregate.log

 

SSH pubkey on a NetScaler Application Switch

I like to take a backup of all my device configurations on a regular basis. Its usually pretty straight-forward, simply add a scp command to cron, but with the NetScaler there's a little gotcha.

The default location of the authorized_keys file is in '/flash/nsconfig/ssh'. After you append your public key into the file, you'll need to copy the 'authorized_keys' file to '/root/.ssh/'.

This filecopy will need to be done after every reboot of the NetScaler because the / mount point is on volatile media.

If you want to script this action, or any other post-boot commands on a NetScaler device, create or edit the file '/flash/nsconfig/rc.netscaler', set the perms on the file to 755, and start adding commands to the file.

 

How to Manually Install the Ports Collection

# cd /usr
# ftp ftp://ftp.openbsd.org/pub/OpenBSD/4.4/ports.tar.gz
# tar zxvf ./ports.tar.gz

Restart network interfaces in openBSD

sh /etc/netstart

Solaris Commands

# mrstat
# prstat
# iotop
# listusers
# du -ah
# df -k
# truss -c [app_name]
# truss [app_name]

Here are some useful links:
Basic Commands
Cool Commands
Handy Solaris Commands
Harman Research
Process Mgmt Commands
Tom's Hardware

 

Starting Gnome under FreeBSD

/usr/X11R6/sbin/gdm

 

Reset the root password on OpenBSD or FreeBSD

Start or reboot the system.
At the boot prompt:


boot> boot -s

# mount -uw / #make / writable
# mount /usr #mount /usr
# passwd #change the password

#reboot

 

How to add a permanant route in OpenBSD

add a line to /etc/hostname.[if_name]
!route add -net [network_ip/cidr] [gateway_ip]
!route add -host [host_ip] [gateway_ip]

# Add a network
!route add -net 10.10.1.0/24 172.18.1.1

#Add a host
!route add -host 10.10.1.18 172.18.1.1

 

How to use Ports

If you want to add packages to FreeBSD or OpenBSD (others?), you'll want to use the package collection called 'ports'.

# mkdir /usr/ports && cd /usr/ports
# portsnap fetch
# portsnap extract

This creates the directory heirarchy under /usr/ports and downloads the header files among other files for each package. When installing new packages, after the ports collection has been created on a given system, execute the following command to update the collection.

# portsnap fetch update

for more information, go here.

 

Making Your Own Loopbacks

Its pretty easy to make your own loopbacks. Take an icecube and a two 3" lengths of telephone wire.

Ethernet
1 <--> 3
2 <--> 6

T1
1 <--> 4
2 <--> 5

Really Cool Web 2.0 App

This thing is just cool.

How to Span a Port on a Cisco Switch

Analyzing network traffic on network segments is an interest and goal of all Network Administrators, Network Security Engineer, or System Administrators. A switch creates virtual connections between hosts connected to the switch. In order to analyze all traffic on a Vlan, you'll need to 'mirror', or in Cisco parlance, 'SPAN' a port. What this means is that the traffic of all private virtual connections made between all ports belonging to a given Vlan is mirrored or 'span'ned to a designated port on the switch. Typically, you'd connect an IDS or system with a sniffer/traffic analyzer to the 'span'ned port.

# monitor session 1 source vlan 1
# monitor session 1 destination interface gi0/44

Show spanned ports:

# show monitor

To terminate the span:

# no monitor session 1


If you're really serious about analyzing traffic, especially in large volumes, you'd want to buy a "network tap". Here is a little more detail.

Here's a tap reseller.

 

Starting X under openBSD

/usr/X11R6/bin/startx