Monthly Archives: May 2015

Home »  2015 »  May

admin
Comments Off on Proxy web traffic through your linux server?

sshuttle is a fun little application that basically acts as a quick and easy VPN over ssh. As an ethical hacker you can also use this to proxy your traffic over this connection….think of the possibilities. This is an easy one to setup, first on the server side just make sure you have python installed. Then on the client side you need to have sshuttle installed and on the client side you will need root level access since you are changing routing and firewall rules. Now to actually start routing traffic over ssh: sshuttle -r username@sshserver 0.0.0.0/0 -vv to route dns traffic sshuttle –dns -vvr username@sshserver 0/0

admin
Comments Off on Setup OSSEC agent on a CentOS7 system with Alienvault server

Time to get some OSSEC on and connect an agent to Alienvault…  There is a bunch of people out there that are compiling, and not many using the RPM, or they forget to install both RPMs… wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh yum install ossec-hids ossec-hids-client add agent config to Alienvault extract key # /var/ossec/bin/manage_client (I – to import the key from Alienvault) modify /var/ossec/etc/ossec-agent.conf (change server ip address) service ossec-hids start chkconfig ossec-hids on On the Alienvault server – restart the ossec server in Environment-Detection-HIDS-Ossec Control

admin
Comments Off on Too many Tickets and Alarms in your Alienvault system?

Working on an Alienvault IDS system, the company that was setting it up made some mistakes and had over 50k alarms and over 50k tickets that they wanted removed.  Time to do some database changes to clear those out. ssh into the alienvault database server or all-in-one server, and jailbreak to the command line. use the ossim-db command: #  ossim-db use the alienvault database: > use alienvault First lets look at the tables involved with tickets – or incidents: > show tables like ‘incident%’; Now mark all the incidents as closed: > select * from incident where not status = “Closed” limit 5; Now look at the alarm tables: > show tables like ‘alarm%’; Now mark all alarms as closed: > update alarm set status = “closed”; Note: notice the incidents use a capitol on Closed, and the alarms use a lower case on closed.

admin
Comments Off on So you play with wordpress and you want to see it but you want others to see an underconstruction page?

Here is a fun little modification you can make to the wordpress index.php so that only you can see the wordpress instance and everyone else will see an underconstruction image.  Keep in mind, this requires you to be connecting to your website from a static IP, or just update the file every time your IP changes….that works too. <?php /** * Front to the WordPress application. This file doesn’t do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */ /** * Tells WordPress to load the WordPress theme and output it. * * @var bool */ $ip=$_SERVER[‘REMOTE_ADDR’]; if ($ip == ‘222.222.222.222’ || $ip == ‘111.111.111.111) { /* Just replace 222.222.222.222 and 111.111.111.111 with your own ip addresses and anyone connecting to your wordpress instance from those IP addresses would see the wordpress site, everyone else would see a basic html […]

admin
Comments Off on Adding a new server to a Mongo replica set

Ok, so you have a new mongo server setup and you want to add it to an existing replica set.  Lets just make this easy, we will talk authentication another time.  Assume this time you have your mongo server installed, you have the firewall setup to allow remote connections. edit the mongod.conf file – usually in /etc/mongod.conf make sure it is configured to listen on all interfaces, or the one you want… Make sure you add the same replica set name so that it can join the group. Login to your current primary mongo server execute this command to add it rs.add({“_id” : 3, “host” : “servername:27017”, “tags” : {“dc”: “dcname”}}) you can also add priority and such, but just keeping things simple here. Now the new server will sync the data and then it will be ready to go!

admin
Comments Off on O Coraid, Coraid, wherefor art thou Coraid?

Well, it is sad that coraid has gone… Sadder still that their support is gone. I was working on a coraid for a friend and they had two disks fail at the same time, good old raid 5 doesn’t like that too much.  The new one’s are raid 6, but how to recover data off these raid5 ones?  Old notes to the rescue! First your remove the lun: remove 1 Now you need to recreate the raid but make sure to keep one drive as missing so that it will not initialize the whole array.  (in this case we are leaving dirve 6 as missing and drive 0 as an optional spare – if we want to risk an attempt at a rebuild) make -r 1 raid5 2.1-5 missing 2.7-15 Now you need to online the lun in order to see it on the servers online 1 Now you can […]

admin
Comments Off on Installing Fusion-io/Sandisk ioDrive2 drivers on CentOS7 with LUKS encryption

I was working on a Mongo database server that was going to be running a Fusion-io/Sandisk ioDrive2 card for wicked speed, and also needed to do on disk encryption…fun task.  I am using CentOS7 and ioDrive2 drivers version 3.2.10.  I wanted auto mounting of the space, so I can have the services start on reboot (after putting in the LUKS password). 1. download drivers from https://link.sandisk.com/Home/SoftwareDownload (may need to make account first) (in this case v 3.2.10) 2. # tar xvf fusionio-files-*.tar 3. # uname -r (now check the binary available does it match your kernel? – mine did not) 4. # cd fusionio-files-*/ioDrive2/Linux_centos-7/3.2.10/Software\ Source 5. # rpmbuild –rebuild iomemory-vsl-3.2.10.1509-1.0.el7.centos.src.rpm 6. # cd ~/rpmbuild/RPMS/x86_64/ 7. # yum install iomemory-vsl-3.10.0*.rpm iomemory-vsl-config-3.10.0-*.rpm iomemory-vsl-source-3.2.10*.rpm 8. # cd ~/fusionio-files-*/ioDrive2/Linux_centos-7/3.2.10/Utilities/ 9. # yum install fio*.rpm 10. # yum install lib*.rpm 11. # mkdir /var/lib/mongo 12. # modprobe iomemory-vsl 13. # dmesg (to vierify that the […]