Madhav Kobal's Blog

This blog will be dedicated to Linux, Open Source and Technology news, affairs, how-tos and virtually EVERYTHING in these domains.

Posts Tagged ‘Security’

lynis – Security and System auditing tool for Linux

Posted by madhavkobal on 17/06/2010

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
– Available authentication methods
– Expired SSL certificates
– Outdated software
– User accounts without password
– Incorrect file permissions
– Firewall auditing


System requirements:
– Compatible operating system (see ‘Supported operating systems’)
– Default shell

Posted in Uncategorized | Tagged: | Leave a Comment »

Firewall With iptables for MAC Address Filtering

Posted by madhavkobal on 08/10/2009

There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables has the option to do it.

From the man page of iptables:

Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

You may want to insert this line in you firewall script.

iptables -A INPUT -m mac –mac-source 00:11:2f:8f:f8:f8 -j DROP

This way the packets comming from the network element with the MAC address 00:11:2f:8f:f8:f8 will be denied.

That is if you want to block the incoming packets to the firewall, but the blocked machine may still be able to send packets across the firewall, so to block those packets, you may want to add also this line.

iptables -A FORWARD -m mac –mac-source 00:11:2f:8f:f8:f8 -j DROP

Posted in Uncategorized | Tagged: | 2 Comments »

SSH From Your Mobile Device

Posted by madhavkobal on 07/10/2009

Modern mobile phones and PDAs have increasingly sophisticated data/internet connectivity. This is particularly great for browsing the web on the train, but it’s also good for keeping an eye on your servers while you’re out and about. (I once fixed my web server from the middle of a muddy field at the Glastonbury Festival, which I thought was quite good going.) Here’s a quick roundup of SSH applications available for various platforms.

  • G1 Android: ConnectBot (or get from Marketplace). Includes support for SSH keys, which is useful on a mobile platform where you may need to reconnect occasionally.
  • Palm/Treo devices: pSSH. SSH2 for Palm OS 5 and up; TuSSH is another alternative if you want SSH1 or Palm OS 4. It does warn that it may not be entirely secure and shouldn’t be used for security-critical applications in part because it doesn’t use device-specific random number generation. It’s got a neat on-screen keyboard, and it can support SSH key auth.
  • Blackberry: MidpSSH. There’s a useful documentation blog. This should also work on other Java-compliant devices. It supports a predictive text option, which may be useful if you have a device that doesn’t have a full keyboard. It supports public key auth, however, there is no facility for a passphrase for the key. It also has macro support to make typing long/common strings easier.

Symbian devices: The well-known free SSH client PuTTY is available for Symbian. It supports public key authentication but only for keys created using PuTTYGen in Windows. The download comes with excellent documentation, which is also available online.

Original Author : Zinoune

Posted in Uncategorized | Tagged: , | Leave a Comment »

rkhunter – Linux Security Checker

Posted by madhavkobal on 02/10/2009

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: – MD5 hash compare – Look for default files used by rootkits – Wrong file permissions for binaries – Look for suspected strings in LKM and KLD modules – Look for hidden files – Optional scan within plaintext and binary files

The futures of the last version 1.3.4

  • Added IntoXonia-NG rootkit check.
  • Added Phalanx2 rootkit check.
  • Added support for TCB shadow files.
  • The ‘–propupd’ option can now take an optional file, directory or package name after it.
  • Revised file properties inode check.
  • Tests against the SSH configuration file now accept the key/value pair.
  • Improved the O/S name detection.
  • The Linux ‘os_specific’ test has now been split into two separate tests.
  • Improved ALLOWPROCDELFILE configuration option.
  • Improved hidden files and directories check.
  • The DBDIR directory can now be read-only, after installation.
  • Improved debug file option.
  • The system startup file and directory tests have now been merged.

Download , extract


Install using the command ( see also screenshot bellow)

[root@test1 rkhunter-1.3.4]# ./installer.sh  --layout oldschool --install


Start the scan

[root@test1 rkhunter-1.3.4]# rkhunter   -c

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.

Please check the log file (/var/log/rkhunter.log)


Finally your  can add rkhunter to your cronjobs  that  can  send daily   rapport to your email

#vi /etc/cron-daily.rkhunter.sh

add

#!/bin/bash
 (/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "todayRkhunter Scan Report"Your_
 email@example.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 )

Then

chmod +x /etc/cron.daily/rkhunter.sh

Original Author  : pirat9

Posted in Uncategorized | Tagged: , | Leave a Comment »

Why Mozilla Firefox Is Safe Compared To Internet Explorer

Posted by madhavkobal on 27/08/2009

While statistics put Internet Explorer clearly ahead as the most widely used web browser, it’s clear to many people that it is not due to the excellent programming. Subject to more than one official inquiry in Europe, and numerous columns, both online and in print, the practice of ‘bundling’ the infamous browser with the every copy of the operating system represents the primary reason behind its crushing dominance.

image8

Alternative web browsers are aplenty and have a low barrier of entry even for less technically savvy computer users, but people are generally not keen to change their habits or spending time researching, downloading and installing another application – especially when the one that comes preloaded appears to be working just fine.

1. Firefox is not perfect software, but its vulnerabilities are fixed in a considerably shorter amount of time. Many new users are curious – is Mozilla Firefox safe? Updates are released immediately, not on a monthly schedule, and clock in at fewer than 10 MB. Users are notified automatically and prompted to install the update with a single click. The update process doesn’t take more than a minute on a modern computer.

is mozilla firefox safe

2. Since Firefox is open source, anyone can look at the source code, anyone can spot a problem and contribute a fix. Would you leave your car keys with a guy that says “trust me” or at a car lot with video surveillance and a logbook?

3. ActiveX applets, the way IE extends the functionality of the browser, are a known highway for malware and viruses. Firefox works with verified and signed add-ons. Even if you choose to install a malicious add-on – and the browser warns you – the damage is limited to the information in the browser whereas ActiveX exploits could be used to take over the whole computer.

is mozilla firefox safe

4. Conscious users can install NoScript, an add-on that takes care of vulnerabilities that are not yet patched, either in Firefox or other plug-ins such as Java, JavaScript and Adobe’s Flash. It achieves this goal by allowing the user to selectively enable interactive objects that the user decides to trust, automatically blocking the rest.

5.  Security through obscurity; malicious programmers will always target the browser with the largest user base, especially if that user base is less tech savvy.

6.  Firefox uses a service provided by Google that notifies the user before entering a potentially malicious web site. These websites ask for your financial data under false pretenses or contain malicious software often posing as something useful such as codecs or registry fixes.

is mozilla firefox safe

We check the radiator on the car when the temperature indicator turns red; by the time the computer starts acting up or not starting at all, and by all chances appearing to work just fine, your documents, passwords and financial data might already siphoned half a world away. Most people don’t realize this, there are no clear warnings, but using Internet Explorer is in itself a security threat.

Posted in Uncategorized | Tagged: , | Leave a Comment »

Encrypt Files with GPG

Posted by madhavkobal on 21/08/2009

Encrypting files from the command line is simple with gpg. You can use it to encrypt and decrypt files with a password.

The command gpg is part of GnuPG. GnuPG stands for GNU Privacy Guard and is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It also includes an advanced key management facility. GnuPG works on Linux and UNIX like operating systems as well as for Windows and Mac OS X.

To encrypt a single file, use the -c command line option with gpg. For example, to encrypt the file myfinancial.info, use the command:

$ gpg -c myfinancial.info
Enter passphrase: YOUR-PASSWORD
Repeat passphrase: YOUR-PASSWORD

This will create the file myfinancial.info.gpg. Note that the original file is not deleted, so once you feel safe encrypting and decrypting files, you probably want to delete your unencrypted versions of the files. Also note that depending on your system’s configuration, gpg may ask for passphrases in pop-up windows rather than at the command line.

The -c option tells gpg to encrypt with a symmetric cipher. Caution: don’t forget your passphrase (password), there is no way to recover data with out the passphrase.

To decrypt the file, use the command:

$ gpg myfinancial.info.gpg
gpg: CAST5 encrypted data
Enter passphrase: YOUR-PASSWORD

If you want to write the output to a different file, use the -o command line option:

$ gpg –o myfin.info.txt myfinancial.info.gpg

If you’d rather have a “text” file, rather than a binary file, use the -a option to gpg:

$ gpg -c -a myfinancial.info
Enter passphrase: YOUR-PASSWORD
Repeat passphrase: YOUR-PASSWORD

This will create the file myfinancial.info.asc rather than myfinancial.info.gpg.

Posted in Uncategorized | Tagged: , | Leave a Comment »

Five ways to help secure Apache on Linux

Posted by madhavkobal on 20/08/2009

Apache is one of the most popular server available. And most Apache installations are running on Linux servers. Anyone running Linux will tell you that the operating system (be it on a server or desktop) enjoys a level of security operating systems do not enjoy. But does that mean you can just install Apache and assume it 100% safe? No. There are always ways to improve your security on just about every level.

In this article I will show you five simple ways to make your Linux Apache installation more secure. And of course you should always know that even with five new means of making your install more secure, that doesn’t mean it is perfectly safe from attack. Even after securing your installation, you should always keep watch over your server by checking log files and using standard security tools.

With that said, let’s get our Apache security on!

1. Update, update, update! One of the biggest no nos Linux administrators make is to “set it and forget it”. This should not be your standard policy. There are always updates that close new holes and patch security flaws. This holds true for Apache as much as it does any other system or . Keep watch, using your normal means of update, for any security update for Apache or any constituent component you have installed. By doing this you will ensure your web server is safe from any new known issues.

2. Disable modules you do not use. If you check the Apache configuration file. Most often this file is called httpd.conf and its location will depend upon what distribution you are running (For example CentOS has this file in /etc/httpd/conf/ whereas Ubuntu locates it in /etc/apache2). If you examine that file you will see quite a few modules listed. These modules will look like:

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so

You might have to look up what some of these modules do to know if you need them or not. But there is no reason to load a module if you are not going to use it. To keep a module from loading place a comment in front of the line. You will have to restart Apache for this change to take effect.

3. Limit the request sizes allowed. Denial of Service attacks remain one of the most popular attacks on web sites because they are the easiest to pull off. One way to protect your site from DoS attacks is to use the following directives wisely: LimitRequestBody, LimitRequestFields, LimitRequestFieldSize, LimitRequestLine, and LimitXMLRequestBody within a Directory tag (the document root is probably the best place for this). By default Apache sets these directives to unlimited which means any size of request can be made. You will want to investigate these directives and configure them to suit your web sites needs. Unless it is absolutely necessary, do not set them to unlimited.

4. Use mod_security. This is the most important module you can use. This one module handles such tasks as: Simple filtering, regular expression filtering, server identity masking, and URL encoding validation. It is likely you will have to install mod_security, because the default Apache install does not include this module. Once installed you will want to make sure you at least add the “unique_id” and “security2″ directives in your Apache module section and then restart Apache. I will deal with this module in its own tutorial coming up very soon.

Figure 1Figure 1

5. Restrict browsing to your document root. The last thing you want is to allow browser to peek outside of the Apache document root (Such as /var/www/html or /var/www/). To do this you will want to configure your document root directory entry as shown in Figure 1. This will

Of course if you want to add options to any directory inside of the document root you will have to give that directory its own Directory entry.

Final thoughts

There are plenty more ways to secure your Apache installation, but these will get you started. Can you think of other ways to secure an Apache installation? If so, share them with your fellow ghacks readers.

Posted in Apache, Security, Server, Web | Tagged: , , , | Leave a Comment »