# cd /etc
# vi profile
Add the lines below:
function history_to_syslog
{
declare command
command=$(fc -ln -0)
if [ "$command" != "$old_command" ]; then
logger -p local1.notice -t bash -i -- $USER : "$command"
fi
old_command=$command
}
trap history_to_syslog DEBUG
# vi rsyslog.conf
Add the lines below:
# Logging users BASH commands to syslog
local1.notice /var/log/cmd.log
By Renato
Sunday, 25 May 2014
Thursday, 22 May 2014
Juniper SRX web-management not loading or working (Security)
Today I was trying to do some work on one of our Juniper Firewalls and I tried and tried to access the web interface and no luck.
I could access the firewall over SSH but I wanted to visually check the configuration using HTTP.
I tried resetting logs
I tried removing old traceoptions
I did not want to reboot the firewall and I did not! Happy days
In the end what did the trick was easy option, to restart the web-management
admin@firewall> edit
admin@firewall# run restart web-management
Web management gatekeeper process started, pid 75995
{primary:node0}[edit]
admin@ccpsrx240-01#
I could access the firewall over SSH but I wanted to visually check the configuration using HTTP.
I tried resetting logs
I tried removing old traceoptions
I did not want to reboot the firewall and I did not! Happy days
In the end what did the trick was easy option, to restart the web-management
admin@firewall> edit
admin@firewall# run restart web-management
Web management gatekeeper process started, pid 75995
{primary:node0}[edit]
admin@ccpsrx240-01#
And that is it!
If you come across this problem next time.
by Renato de Oliveira
Tuesday, 6 May 2014
Give root privileges without giving root shell (Security)
Give root privileges without giving root shell
If you have a team of Linux Sysadmins, and would like the team to have root privileges, but would not want to give a shell to them, this is what you need to do.
You will need to familiarise yourself with a package called sudo. Let's say you have a sysadmin named admin1.
All you need to do is:
Create an account for admin1 then edit the sudo configuration file called sudoers.
Create new user
# adduser admin1
Set the new users password
# passwd admin1
Change to etc folder
# cd /etc
Edit sudo config file
# vi sudoers
Add the lines below to sudoers
## Shell and SU
Cmnd_Alias NSHELLS = /bin/sh,/bin/bash
Cmnd_Alias NSU = /bin/su
admin1 ALL=(ALL) ALL
It is that simple. Does not take too long and now you can keep the root password separate and do not need to disclose it to other sys admins.
by Renato de Oliveira
If you have a team of Linux Sysadmins, and would like the team to have root privileges, but would not want to give a shell to them, this is what you need to do.
You will need to familiarise yourself with a package called sudo. Let's say you have a sysadmin named admin1.
All you need to do is:
Create an account for admin1 then edit the sudo configuration file called sudoers.
Create new user
# adduser admin1
Set the new users password
# passwd admin1
Change to etc folder
# cd /etc
Edit sudo config file
# vi sudoers
Add the lines below to sudoers
## Shell and SU
Cmnd_Alias NSHELLS = /bin/sh,/bin/bash
Cmnd_Alias NSU = /bin/su
admin1 ALL=(ALL) ALL
It is that simple. Does not take too long and now you can keep the root password separate and do not need to disclose it to other sys admins.
by Renato de Oliveira
Monday, 5 May 2014
Rushing Around by Renato de Oliveira
Rushing around
Trying to do everything
There is a feeling
Something I am missing
So many hours in a day
How many things can I do?
Even if I don't sleep
I can't do much too
Rushing around
This is how I am feeling
Never enough time
For what I need
From one thing to another
Jumping from here to there
Why should I even bother
Or even really care
Frustration builds up
Never finishing what I started
goal post is a moving target
Rushing around
is the new world we live in
There is never enough time
for you or for me
I like writing and I am exercising my writing in English. If you like this lyric and would like to make a song just get in touch.
My Days Are Counted
My Days Are Counted by Renato de Oliveira
I have this feeling
What’s the meaning of all of that
Is it really worth it
I go home, what do I have
My days are counted
How many I don’t know
My days are counted
I just have to go
I just have this feeling
And it won’t go away
It is so unfulfilling
I just can’t stay
My days are counted
1, 2 , 3 I really don’t know
My days are counted
I just have to go
It is not that easy
To live this way
A life without meaning
Dragging day by day.
Counting my days
How far can I go?
Counting my days
It is sad though
My days are counted…..
If you find this lyric interesting or good and are interested in making a song of it, just get in touch and I have some ideas.
by Renato de Oliveira
Saturday, 5 October 2013
Crete Partitions larger than 2TB
Crete Partitions larger than 2TB
Create a partition on Linux using parted and labelling
it with gpt
1.dmesage |grep sd
2.parted /dev/sdb3.(parted) mklabel gpt
4.(parted) unit TB
5.(parted) mkpart primary 0.00 4.95TB
6.(parted) print
7.(parted) quit
8.mkfs.ext4 /dev/sdb1
9.vi /etc/fstab (add)
/dev/sdb1 /local ext4 defaults 1 2
Add New Volume
1. Added physical disks
2. Created RAID 1 Volume3. umount /local/
5. # vgdisplay
6. dmesg | grep sd
sd 0:0:0:2: [sdb]
1172058032 512-byte logical blocks: (600 GB/558 GiB)
7. # pvcreate /dev/sdb8. # pvdisplay – check if it has been created
"/dev/sdb" is a new physical volume of "558.88 GiB"
--- NEW Physical volume ---
PV Name /dev/sdb
VG Name
PV Size 558.88 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID SX1ekz-o4Aj-5yXO-QbIF-AdPw-L3Iq-kewNFQ
9. find out the existing name for the existing volume
group:
# vg_local
# vgdisplay
11. check if group
has been created:
#
vgdisplay | grep 60012. lvcreate -L 550G -n lv0_local600 vg_local600
13. Find the File
system type:
# cat /etc/fstab | grep ext = ext4
15. # mount new file system
mount /dev/vg_local600/lv0_local600 /localMonday, 30 September 2013
Penetration Test results (interpreting results) Open-Filtered Ports
Penetration Test
results (interpreting results) Open-Filtered Ports
Recently we had a penetration test
done. I am not going to mention company names here, I’ll write just about the
results.
I asked them to check out Public IPs
and all services which face the Internet, I also asked them to check our WIFI
and finally our internal office Windows domain.
I knew there were many problems and
potentially many holes. I have inherited this network and I don’t think things
were set with security in mind. But something also important to note is; if the
any company is not willing to participate and embrace security there is very
little which can be done, directories and all managers at the top need to
accept security as an important step. Security is not for preventing anyone
from working, but to give companies a degree of digital/online stability.
Knowing where the holes are surely is better than not knowing; at least you won’t
be caught by surprises.
The test took around three days and literally
the only information I provided was the public IP addresses.
Port
445 Open-Filtered
One thing in specific I want to talk
about is; our office firewall has been diagnosed with port 445 (SMB)
Open-Filtered.
I asked the security team which did
the pen test and they said; “if the port is filtered, it does mean it is open.
Maybe nothing is listening but the port is definitively opened”.
This is a serious discovery and it
needs a full investigation. My boss and Operations pushed me to dig this out
and get it sorted.
Action
Plan
Review the firewall configuration
thoroughly and check any references to port 445.
Disabled all unnecessary rules and
checked open ports once again with nmap. Once again, this time I could verify
myself, the result was Port 445 Open-Filtered. I could not believe it.
I could not find anywhere in the
firewall a rule which explicitly opened, forward, or NATTED port 445.
I downloaded a program called Nipper
see: https://www.titania-security.com/,
exported the configuration from the firewall, parsed the config and I did not
find any indication port 445 was actually opened.
Block
Port 445
I decided to explicitly create a rule
to block port 445. Rule in place, once again I used nmap to check for open
ports and, once again for my surprise, nmap showed port 445 Open-Filtered.
There is no way port 445 was open! I
decided to Google and I vaguely remember this, something to do with ISPs
filtering port 445.
In 2004 there was an outbreak of a
virus which propagated itself through exploiting port 445 (SMB). This is how
Microsoft Windows for communicate with each other on a network and access
shares.
Because of this outbreak Firewall
vendors decided it was a good approach to just filter this port, instead of
blocking it. This is because by blocking it the firewall has to use more CPU
and memory.
So finally I got to the bottom and I
understand the real result. Port 445 was actually being filtered at a higher
level by our ISP, which is good.
So if you come across ports being Open-filtered,
I would recommend the following:
1.
Review
your firewall configuration
2.
Check
with your ISP
3.
Get
in touch with your Firewall vendor and ask them to clarify it for you
Some links for you to research
By Renato Oliveira
Subscribe to:
Posts (Atom)