vi /tmp/system.cfg cfgmtd -f /tmp/system.cfg -w /usr/etc/rc.d/rc.softrestart save
lazysecurity
:: a place for my notes on networking and infosec ::
Friday 22 May 2015
Updating Ubiquiti over SSH command line
For anyone who uses Ubiquiti kit (and if you don't why not.. their kit rocks) the following 3 commands allow you to update the config over ssh:
Useful *nix commands
Carving DNS A record lookups using tcpdump, grep and awk:
tcpdump -lnv port 53 | grep -E 'A\?' | awk '{print $(NF-6),$(NF-5),$(N
F-4),$(NF-1)}'
Friday 20 February 2015
Reset Ubuntu root password
So today I forgot the root password to an Ubuntu VM I was playing with recently. Did the normal thing [1] and hit escape at the grub boot screen and dropped to a root shell followed by the command to reset the password on the account..
passwd <account name>
and was greeted with:
passwd: Authentication token manipulation error
passwd: password unchanged
So with a bit of help from google [2] it turns out the drive just needs to be mounted read/write:
mount -rw -o remount /
before running the passwd command as before.
References
[1] http://www.howtogeek.com/howto/linux/reset-your-forgotten-ubuntu-password-in-2-minutes-or-less/
[2] http://askubuntu.com/questions/91188/authentication-token-manipulation-error
passwd <account name>
and was greeted with:
passwd: Authentication token manipulation error
passwd: password unchanged
So with a bit of help from google [2] it turns out the drive just needs to be mounted read/write:
mount -rw -o remount /
before running the passwd command as before.
References
[1] http://www.howtogeek.com/howto/linux/reset-your-forgotten-ubuntu-password-in-2-minutes-or-less/
[2] http://askubuntu.com/questions/91188/authentication-token-manipulation-error
Tuesday 17 December 2013
Script to Convert List of Domains to IPs
I recently needed to do a bulk IP lookup of a set of domains. I hacked together the following bash script - it works but could be improved so feel free to send feedback.
#
#
domainfile=$1 #get domains file
echo -e "\n[+] IP lookups on the domains in "$domainfile":\n" > domain_ip.txt
for domain in $(cat $domainfile);do #take each line in domains file and loop
# grep Add gets all lines with Add
# grep -v removes #53 line in nslookup
# cut -f 2 -d ' ' = select field 2 and delimiter is space
set `nslookup $domain | grep Add | grep -v '#' | cut -f 2 -d ' '` echo $domain': '$1';' >> domain_ip.txt done cat domain_ip.txt
echo -e "\n[+] Done"
Also, need to remeber if this is done by exporting an .xls to dos text then need to remove all the ^M (CNTRL V,M) from text files exported from DOS/Win first:
sed -e "s/^M//" filename > newfilename
#!/bin/bash
#
# domainstoip.sh v1 - bulk domain to ip resolver script
#
# Inputs: nix text file of domains (1 per line)
# Outputs: domain_ip.txt
#
# Known issues: resolves only one of the addresses if multiple returned from nslookup #
# Usage: ./domainstoip.sh domains.txt
#
# Copyright (C) 2013 Lazysecurity - http://lazysecurity.blogspot.co.uk/
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see..
Sunday 17 November 2013
Network Management System - Part 2
SSH already running. Just need to setup X11VNC through the SSH tunnel.
sudo apt-get install x11vnc
Setup a password:
sudo x11vnc -storepasswd /etc/x11vnc.pass
sudo chmod 600 /etc/x11vnc.pass
sudo x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -auth /var/run/lightdm/root/:0 -rfbport 5901 -rfbauth /etc/x11vnc.pass -localhost
(put this in a script eg. startvnc.sh)
Then to change resolution (modified from http://askubuntu.com/questions/186288/how-to-detect-and-configure-an-output-with-xrandr) - needs to be done from terminal in vnc session:
sudo gtf 1920 1200 60 -x
sudo xrandr --newmode "1920x1200_60.00" 193.16 1920 2048 2256 2592 1200 1201 1204 1242 -HSync +Vsync
sudo xrandr --addmode VGA-0 1920x1200_60.00
sudo xrandr --output VGA-0 --mode 1920x1200_60.00
again add to a script (eg. vncres.sh)
note that if you're on the box not vnc - then use:
xrandr -s 1920x1200_60.00
Change desktop if required
Settings/Settings Manager/Desktop
Change SSH port
sudo nano /etc/ssh/sshd_config
#change the port
#check firewall settings
sudo ufw status verbose
#change firewall settings - open new port
sudo ufw allow <insert new port>/tcp
#restart openssh
service ssh restart
#after reconnecting with ssh client on new port change firewall to close port 22
sudo ufw delete allow 22/tcp
#recheck firewall settings
sudo ufw status verbose
then check
netstat -an | grep "LISTEN "
that will do for now - next part we will begin by installing bandwidthd
sudo apt-get install x11vnc
Setup a password:
sudo x11vnc -storepasswd /etc/x11vnc.pass
sudo chmod 600 /etc/x11vnc.pass
Then run the server (http://askubuntu.com/questions/229989/how-to-setup-x11vnc-to-access-with-graphical-login-screen):
(put this in a script eg. startvnc.sh)
Then to change resolution (modified from http://askubuntu.com/questions/186288/how-to-detect-and-configure-an-output-with-xrandr) - needs to be done from terminal in vnc session:
sudo gtf 1920 1200 60 -x
sudo xrandr --newmode "1920x1200_60.00" 193.16 1920 2048 2256 2592 1200 1201 1204 1242 -HSync +Vsync
sudo xrandr --addmode VGA-0 1920x1200_60.00
sudo xrandr --output VGA-0 --mode 1920x1200_60.00
again add to a script (eg. vncres.sh)
note that if you're on the box not vnc - then use:
xrandr -s 1920x1200_60.00
Change desktop if required
Settings/Settings Manager/Desktop
Change SSH port
sudo nano /etc/ssh/sshd_config
#change the port
#check firewall settings
sudo ufw status verbose
#change firewall settings - open new port
sudo ufw allow <insert new port>/tcp
#restart openssh
service ssh restart
#after reconnecting with ssh client on new port change firewall to close port 22
sudo ufw delete allow 22/tcp
#recheck firewall settings
sudo ufw status verbose
then check
netstat -an | grep "LISTEN "
that will do for now - next part we will begin by installing bandwidthd
Friday 8 November 2013
Network Management System - Part 1
The aim of this system is to use open source software to build a low-cost system for managing and security monitoring of a small to medium sized remote network.
Services specifically required (list will be updated as we go along):
I've played with security onion in the past and it does a lot of the above out-of-the-box. I would have liked to run that as one of a number of guests on an esxi host but the hardware isn't up to it. I'm currently running all this on an old xpc shuttle with 2 GB of RAM a 250 GB HDD and a second NIC card (you need 2 ports - one for management and one for the network capturing).
So first of all go download security onion (SO) and get it installed. Its straightforward: Here's the official guide.
It includes the following script to update which we'll need again:
sudo soup
Security Onion Setup is now complete!
Setup log can be found here:
/var/log/nsm/sosetup.log
You may view IDS alerts using Sguil, Squert, Snorby, or ELSA (if enabled).
Bro logs can be found in ELSA (if enabled) and the following location:
/nsm/bro/
Rules downloaded by Pulledpork are stored in:
/etc/nsm/rules/downloaded.rules
Local rules can be added to:
/etc/nsm/rules/local.rules
You can have PulledPork modify the downloaded rules
by modifying the files in:
/etc/nsm/pulledpork/
Rules will be updated every day at 7:01 AM UTC.
You can manually update them by running:
/usr/bin/rule-update
Sensors can be tuned by modifying the files in:
/etc/nsm/NAME-OF-SENSOR/
Once thats finished run the following to make sure everything is up to date:
sudo apt-get update && sudo apt-get dist-upgrade
Then make sure all the SO services are running ok:
sudo service nsm status
Thats all for part 1. Next post will be setting up SSH, remote desktop and adding some of the other services.
Services specifically required (list will be updated as we go along):
- Secure remote access onto network (SSH)
- Centralised logging (syslog)
- Equipment monitoring and alerting (nagios or similar)
- Bandwidth monitoring (bandwidthd, etc)
- Alert for outbound malware c&c
I've played with security onion in the past and it does a lot of the above out-of-the-box. I would have liked to run that as one of a number of guests on an esxi host but the hardware isn't up to it. I'm currently running all this on an old xpc shuttle with 2 GB of RAM a 250 GB HDD and a second NIC card (you need 2 ports - one for management and one for the network capturing).
So first of all go download security onion (SO) and get it installed. Its straightforward: Here's the official guide.
It includes the following script to update which we'll need again:
sudo soup
Security Onion Setup is now complete!
Setup log can be found here:
/var/log/nsm/sosetup.log
You may view IDS alerts using Sguil, Squert, Snorby, or ELSA (if enabled).
Bro logs can be found in ELSA (if enabled) and the following location:
/nsm/bro/
Rules downloaded by Pulledpork are stored in:
/etc/nsm/rules/downloaded.rules
Local rules can be added to:
/etc/nsm/rules/local.rules
You can have PulledPork modify the downloaded rules
by modifying the files in:
/etc/nsm/pulledpork/
Rules will be updated every day at 7:01 AM UTC.
You can manually update them by running:
/usr/bin/rule-update
Sensors can be tuned by modifying the files in:
/etc/nsm/NAME-OF-SENSOR/
Once thats finished run the following to make sure everything is up to date:
sudo apt-get update && sudo apt-get dist-upgrade
Then make sure all the SO services are running ok:
sudo service nsm status
Thats all for part 1. Next post will be setting up SSH, remote desktop and adding some of the other services.
Subscribe to:
Posts (Atom)