Tuesday 17 December 2013

Script to Convert List of Domains to IPs

I recently needed to do a bulk IP lookup of a set of domains. I hacked together the following bash script - it works but could be improved so feel free to send feedback.

Also, need to remeber if this is done by exporting an .xls to dos text then need to remove all the ^M (CNTRL V,M) from text files exported from DOS/Win first:
sed -e "s/^M//" filename > newfilename

#!/bin/bash 
# domainstoip.sh v1 - bulk domain to ip resolver script 
# Inputs: nix text file of domains (1 per line) 
# Outputs: domain_ip.txt 
# Known issues: resolves only one of the addresses if multiple returned from nslookup # 
# Usage: ./domainstoip.sh domains.txt 
# Copyright (C) 2013 Lazysecurity - http://lazysecurity.blogspot.co.uk/ 
# This program is free software: you can redistribute it and/or modify 
# it under the terms of the GNU General Public License as published by 
# the Free Software Foundation, either version 3 of the License, or at 
# your option) any later version. 
# This program is distributed in the hope that it will be useful, 
# but WITHOUT ANY WARRANTY; without even the implied warranty of 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
# GNU General Public License for more details. 
# You should have received a copy of the GNU General Public License 
# along with this program. If not, see..
domainfile=$1  #get domains file 
echo -e "\n[+] IP lookups on the domains in "$domainfile":\n" > domain_ip.txt 
for domain in $(cat $domainfile);do #take each line in domains file and loop 
# grep Add gets all lines with Add 
# grep -v removes #53 line in nslookup 
# cut -f 2 -d ' ' = select field 2 and delimiter is space 
set `nslookup $domain | grep Add | grep -v '#' | cut -f 2 -d ' '` echo $domain': '$1';' >> domain_ip.txt done cat domain_ip.txt 
echo -e "\n[+] Done"

Sunday 17 November 2013

Network Management System - Part 2

SSH already running.  Just need to setup X11VNC through the SSH tunnel.

sudo apt-get install x11vnc

Setup a password:

sudo x11vnc -storepasswd /etc/x11vnc.pass
sudo chmod 600 /etc/x11vnc.pass


sudo x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -auth /var/run/lightdm/root/:0 -rfbport 5901 -rfbauth /etc/x11vnc.pass -localhost

(put this in a script eg. startvnc.sh)

Then to change resolution (modified from http://askubuntu.com/questions/186288/how-to-detect-and-configure-an-output-with-xrandr) - needs to be done from terminal in vnc session:

sudo gtf 1920 1200 60 -x
sudo xrandr --newmode "1920x1200_60.00"  193.16  1920 2048 2256 2592  1200 1201 1204 1242  -HSync +Vsync
sudo xrandr --addmode VGA-0 1920x1200_60.00
sudo xrandr --output VGA-0 --mode 1920x1200_60.00

again add to a script (eg. vncres.sh)

note that if you're on the box not vnc - then use:

xrandr -s 1920x1200_60.00

Change desktop if required

Settings/Settings Manager/Desktop

Change SSH port

sudo nano /etc/ssh/sshd_config

#change the port

#check firewall settings
sudo ufw status verbose

#change firewall settings - open new port
sudo ufw allow <insert new port>/tcp

#restart openssh
service ssh restart

#after reconnecting with ssh client on new port change firewall to close port 22
sudo ufw delete allow 22/tcp

#recheck firewall settings
sudo ufw status verbose

then check

netstat -an | grep "LISTEN "

that will do for now - next part we will begin by installing bandwidthd



Friday 8 November 2013

Network Management System - Part 1

The aim of this system is to use open source software to build a low-cost system for managing and security monitoring of a small to medium sized remote network.

Services specifically required (list will be updated as we go along):

  • Secure remote access onto network (SSH)
  • Centralised logging (syslog)
  • Equipment monitoring and alerting (nagios or similar)
  • Bandwidth monitoring (bandwidthd, etc)
  • Alert for outbound malware c&c

I've played with security onion in the past and it does a lot of the above out-of-the-box.  I would have liked to run that as one of a number of guests on an esxi host but the hardware isn't up to it.  I'm currently running all this on an old xpc shuttle with 2 GB of RAM a 250 GB HDD and a second NIC card (you need 2 ports - one for management and one for the network capturing).

So first of all go download security onion (SO) and get it installed. Its straightforward: Here's the official guide.

It includes the following script to update which we'll need again:

sudo soup

Security Onion Setup is now complete!

 Setup log can be found here:
 /var/log/nsm/sosetup.log

 You may view IDS alerts using Sguil, Squert, Snorby, or ELSA (if enabled).

 Bro logs can be found in ELSA (if enabled) and the following location:
 /nsm/bro/

Rules downloaded by Pulledpork are stored in:
 /etc/nsm/rules/downloaded.rules

 Local rules can be added to:
 /etc/nsm/rules/local.rules

 You can have PulledPork modify the downloaded rules
 by modifying the files in:
 /etc/nsm/pulledpork/

 Rules will be updated every day at 7:01 AM UTC.
 You can manually update them by running:
 /usr/bin/rule-update

 Sensors can be tuned by modifying the files in:
 /etc/nsm/NAME-OF-SENSOR/

Once thats finished run the following to make sure everything is up to date:

sudo apt-get update && sudo apt-get dist-upgrade

Then make sure all the SO services are running ok:

sudo service nsm status

Thats all for part 1.  Next post will be setting up SSH, remote desktop and adding some of the other services.