Skip to content

Security - 2. page

How To Install OpenVAS 8 On Ubuntu 14.04 To Run Vulnerability Scans & Pen Tests

OpenVAS is one of the most amazing Open Source packages in existence. It is an Open Source fork on the Nessus Vulnerability Scanner, on steroids. If you aren’t familiar with it, let me give you a brief introduction. OpenVAS is short for Open Source Vulnerability Assessment System. it is by far the number one free network and security scanner in existence. I has a database of nearly half a MILLION exploits for nearly every operating system, web app, and device in existence, and that database is constantly being expanded and updated. Installation isn’t too bad, if you have a good guide to help you. Once installed, it’s extremely easy to use. It has a web interface that can be as easy as typing in a host name or IP address and clicking scan. Of course, you can also customize the scans and there is also a handful of pre-configured scans, some thorough, and some less thorough. Reports are generated after a scan completes, which is viewable via the web interface, or you can even generate a PDF report that is useful for a network administrator, as well as upper management, if needed. There are software packages in existence that cost tens of thousands of dollars and fall short of OpenVAS’s feature set. Now that you have a brief introduction to OpenVAS, let’s get started on installing it.

How to install OpenVAS 8 on Ubuntu 14.04

OpenVAS has packages for CentOS and RedHat, which makes it very easy to install on those platforms. It only requires a few yum commands. Unfortunately, they do not have packages for Ubuntu. However, it’s not that hard to install. I’m assuming you have done a minimal installations of Ubuntu 14.04 Server, with only the OpenSSH Server packages installed.

First, we need to get some dependencies installed.

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev \
 libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
 libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
 libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
 doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev \
 libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev \
libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32

For the sake of making this as easy as possible, lets go ahead and become root for the installation.

sudo su

OpenVAS default installation settings requires a quick fix for redis-server.

Click Here To Read The Entire Tutorial!

How To Install & Configure Fail2Ban On Ubuntu 14.04 LTS To Block Brute Force Attacks Against SSH and Apache Web Server

As you’ve probably heard me say before, if you have a public facing Linux server, meaning one or more open or forwarded ports, Fail2Ban absolutely must be installed. Fail2Ban monitors log files for excessive login attempts, also called Brute Force attacks. They are extremely common place on the internet. I have never had a public facing server that has gone more than a few days without some hacker trying to brute force it. These attacks go like this. Someone writes a script, or uses a program, that reads a bunch of possible usernames from a text file that has nothing but millions of usernames. There is also a text file with millions of passwords. The script will attempt to go through all username and password combinations until it finds one that can login successfully. Obviously, if you get a hundred or more login attempts from one IP address, nothing good will ever come from that IP so it pretty safe to assume it should be blocked, at least for some period of time.

Fail2Ban does precisely this. It constantly watches any log file you tell it to watch, and when a certain number of login attempts are logged from an IP address, Fail2Ban will automatically create an iptables rule to block all traffic from that IP address for a given period of time. Because brute force attacks take a long, long time, blocking one early on pretty much eliminates the possibility of a successful attack. SSH is the most common service / port for brute force attacks, from my experience. With FTP and POP3 (email) coming in second and third. It’s a no-brainer to set up Fail2Ban to automatically block attacks. It gives you much needed protection and security for your servers. So, here we go.

How to Install Fail2Ban on Ubuntu 14.04 LTS (Trusty)

First and foremost, let’s make sure apt is updated.

#  sudo apt-get update

Now we can install Fail2Ban. Since there is an aptitude package already, we will use that to install.

#  sudo apt-get install fail2ban

Surprisingly, that’s all you need to do to install it. You do, however, need to edit the main configuration file for Fail2Ban, which is jail.conf. Lets go ahead and open it up with nano and take a look.

#  sudo nano /etc/fail2ban/jail.conf

Click Here To Read The Entire Tutorial

How To Disable Firewalld and Get Old School IPTables Back In CentOS 7 and RHEL 7

When CentOS 7 was released, it was quickly obvious that CentOS and Red Hat had switched over to firewalld for its firewall control. Although its syntax is a bit easier to work with than iptables, some software out there has issues with it, such as Docker. Some just prefer to stick with the standard iptables syntax because it is what they know and what they are comfortable with. So, if you have CentOS 7 or RHEL 7 installed and want the old iptables back, this guide is for you.

First thing’s first, disable firewalld

#  systemctl mask firewalld

Now, lets stop firewalld

#  systemctl stop firewalld

It would be a good idea to go ahead and make sure that firewalld is masked and inactive, so lets do just that.

#  systemctl status firewalld

firewalld.service
   Loaded: masked (/dev/null)
   Active: inactive (dead)

Click Here to Read The Entire Tutorial!

How to open up all ports on VMware ESXi 5, 5.1 & 5.5 to specific IP addresses or subnet

It a lab environment, and very limited production scenarios, it’s often very useful to open all ports, TCP and UDP, but only to certain IP addresses, subnets, or IP address ranges. I have found very little info on this specifically, so I thought I would whip up this guide so you know an easy way to open up all ports for specific addresses. This will work on VMware ESXi 5, 5.1 and 5.5 for sure, but it will most likely work for most versions of ESXi, although I have not tested it. Please let me know if the comments if you have luck on non 5.x versions, specifically 4.x and 6.x.

Basically, we are going to create 4 firewall rules, each does the following:

  • Open all UDP ports inbound (ports 1-60,000).
  • Open all UDP ports outbound (ports 1-60,000).
  • Open all TCP ports inbound (ports 1-60,000).
  • Open all TCP ports outbound (ports 1-60,000).

Once that’s done we’ll lock access down to a specific address(s) via the vSphere Client. First, go ahead and SSH into your ESXi host. Once you are at a command prompt you will need to edit /etc/vmware/firewall/service.xml. I prefer nano, but that’s not available on ESXi, so we have to use VI. First, lets make a backup of the file and change permissions so we can edit the file.

# cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
# chmod 644 /etc/vmware/firewall/service.xml
# chmod +t /etc/vmware/firewall/service.xml

Now we have a backup of the service.xml file, called service.xml.bak. We have also allowed writes to service.xml and toggled the sticky bit. Lets go ahead and open service.xml with vi.

# vi /etc/vmware/firewall/service.xml

The service.xml file is the main template for firewall rules, specifically pertaining to ports. It is what populates all of the available information on the Security Profile > Firewall tab in the vSphere Client. It is here we are going to add our four rules. If you are unfamiliar with vi, it can be a big confusing. Here are some pointers for you:

  • When you first enter vi, you cannot manipulate any text. to do so, hit the “i” key. This puts you in “insert” mode.
  • Once selecting “i” you can move about freely and add/edit at will.
  • After making all needed changes, press the “ESC” key, the “:” – This puts you in vi command mode.
  • At the “:” prompt, enter “w” (for write) and q (for quit) and then press enter. So it should look like this :wq
  • You have just saved and exited. That’s it. So, lets continue.

Click here to continue reading this tutorial

MailCleaner Spam Filter – How To Open a Port & Add IPTables Firewall Rules

MailCleaner is a nice Open Source Linux distribution that creates a spam filter appliance. It is designed to sit in between an email server and the internet and filter spam out of email using advanced rules, DNS RBL (realtime black list), and many other techniques. It also scans email for viruses. Although I no longer use MailCleaner (I have replaced it with ScrollOut F1), I remember coming across a big issue in the past that took me some time to figure out, so I thought I would share it.

Because MailCleaner is more or less an appliance, most aspects of the operating system are controlled by MailCleaner. A majority of the settings you need to change are easily available on the web interface, however firewall rules are not. MailCleaner is designed so that it manages all IPTables rules. If you manually add an IPTables rule from the command line, once it’s reloaded or the system is reboot, the rule is gone. That is because MailCleaner wipes out and reloads IPTables rules from data stored in its MySQL database. So, in order to open any additional ports, you must modify the database. I encountered this dilemma when I installed a remote monitoring client (the Nagios based Check_MK to be exact), and needed to open a port to allow the monitoring server to connect.

Lets assume I need to open up SSH (port 22) and RSYNC (port 873) and I only want my mail server’s IP, 1.2.3.4, to connect. Normally we would enter the following iptables commands:

sudo iptables -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 873 -j ACCEPT
sudo iptables -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 22 -j ACCEPT

But in this case, we cannot. The good news is the MailCleaner will do it for you if you add the correct info into the MySQL database. Here’s how you do that (from a command prompt on the MailCleaner server):

Click Here To Read The Entire Tutorial!

Tons and tons of awesome links

I always come across pages, links, and things that I don’t want to forget about, and I want to share with the world. So, I decided to create a post with nothing but links. From time to time I will update this post with new links. I’ve tried to categorize everything as much as possible. Be sure to hit the break below to get the full list. Enjoy!

Web Development – Coding, Design, Templates, Etc.

HTML5 Boilerplate – HTML5 Front-End Template  –  http://html5boilerplate.com/

Initializr – HTML5 Template Generator (Based on Biolerplate)  –  http://www.initializr.com/

Smashing Magazine Freebie Icons  –  http://www.smashingmagazine.com/tag/icons/

1001 Free Fonts  –  http://www.1001freefonts.com/

 

Web Hosting – Control Panels, Web Servers, Modules, Etc.

Kloxo – Fully featured hosting control panel (like directadmin/cpanel)  –  http://lxcenter.org/software/kloxo/

ZPanelCP – Fully featured hosting control panel that supports linux as well as Windows (LAMP)  –  http://www.zpanelcp.com/about/

Click here to keep reading this post

Problems enabling server side encryption on ownCloud 8

When enabling encryption on an ownCloud 8 installation and the user already has files in account, those files will be encrypted on the first login.  A message will display saying “Initial encryption started.  This can take a while…. Please wait.”  If, for some reason the account gets stuck in this mode, it is because the migration_status value for the users account has been set to -1, instead of 1.  When all the files have been encrypted, this value is set to 1.  When set to 0, the initial encryption runs.  To update this value, log into mysql and perform the following steps:

#mysql -u root -p

use owncloud

SELECT * FROM oc_preferences WHERE configkey="migration_status";

(the command just entered will show the migration_status value for all accounts)

Click here to keep reading this post