Scapy on Ubuntu

I won't introduce Scapy as there are lots of overview, introductions, tutorials and guides available on Scapy, so just Google for it. I though I'd blog about my install on Ubuntu just in case I need to come back to it at some stage and cannot recall exactly what and how I installed;

1. sudo apt-get update
2. sudo apt-get install tcpdump 
3. sudo apt-get install python
4. sudo apt-get install python-scapy
5. sudo apt-get install graphviz 
6. sudo apt-get install imagemagick 
7. sudo apt-get install python-gnuplot 
8. sudo apt-get install python-crypto
9. sudo apt-get install python-pyx

I may be putting up some scapy script on my webpage in the near future in case anyone is interested. I used scapy for Digital Forensics

Toshiba Recovery Wizard

In case you ever need to perform a recovery on a Toshiba, (obviously after the necessary backups, ensure running on mains power, etc)

1. Turn off laptop.
2. Press and hold "0" (zero) key.
3. Power on laptop.
4. Once the Toshiba splash screen appears, release the "0" (zero) key.
5. Follow the Toshiba Recovery Wizard prompts.

Urbanspoon - Curryville

Took a chance on Urbanspoon and headed to Cilliville for some curry as it was Friday "arvo" and Deb and I were both tired. Read some initial reviews and were a bit cautious.

The Vege Samosas were very authentic. Home made pastery and the fillings were just like right. I got the special "Indian Hot" Vege curry and they weren't kidding around. I had that with rice and then stole some garlic naan from Deb.

They did not over do the decorations either. It has just the right amount of clutter in the right places. Background music was not deafening, but the traffic noise was pissing me off a bit. Overall it was a good feed.


- Posted using BlogPress from my iPhone 3GS

Website Changes

Minor website changes to www.kush.com.fj. Replaced original splash image with new one made using new Hindi script. Also created splash image for Resume page using previous and current business cards. Let me know what you think as well as any more ideas or recommendations for improvements...

Ubuntu 9.10 does not boot up after hibernate!!!

I've been running Ubuntu 9.10 desktp on my HP nx6120 notebook with some success for a little while now. It performs well for my TeX work, occasional web-browsing, VPN, RDP and e-mails. The GUI is enhanced using Mac4Lin. I loved the hibernate feature until late this afternoon when it refused to bootup after hibernating. I would get the splash screen and then nothing... curses!!!.

I managed to find a work-around but am still not sure what the problem was:

1. Boot up the machine with a rescue CDROM
2. Confirm the root partition for the Ubuntu install (in my case it was /dev/sda8, although I only have IDE drives)
3. Boot up the machine and wait for the GRUB prompt
4. Press "e" to edit the entry
5. Replace the "root=UUID..." with "root=/dev/..." on the "linux" line entry
6. Add the entry "no_console_suspend" on the same line
7. Press the "Tab" key to complete the Emacs edit
8. Press "Ctrl+x" to continue booting

Once the machine has bootup as normal, edit the GRUB configuration

1. sudo vi /etc/default/grub 
1. Edit the file to uncomment GRUB_DISABLE_LINUX_UUID
2. Edit the file to add no_console_suspend in the GRUB_CMDLINE_LINUX
3. Save the file and exit
2. sudo /usr/sbin/update-grub

References

• http://computergyan.wordpress.com/tag/ubuntu/
• http://lovehateubuntu.blogspot.com/2009/08/ubuntus-hibernate-wont-wake-up.html

Snort sniff honk !

Snort is an open source intrusion detection system (IDS). Its highly configurable and can be run in a number of modes and architectures, There are a small number of freely available rules to use. For more information refer to the Snort home page http://www.snort.org/. Here are some instructions on getting it setup on CentOS, these were adapted from the Snort Documentation by Patrick Harper at http://assets.sourcefire.com/snort/setupguides/Snort_Base_Minimal.pdf;

1. yum install mysql mysql-bench mysql-server mysql-devel mysqlclient10 php-mysql httpd gcc pcre-devel php-gd gd mod_ssl glib2-devel gcc-c++ php php-pear libpcap-devel
2. vi /etc/httpd/conf/httpd.conf #Edit the httpd.conf file to suit
3. /etc/rc.d/init.d/httpd start
4. /etc/rc.d/init.d/mysqld restart
5. /usr/bin/mysql_secure_installation
6. cd /root
7. mkdir snortinstall
8. cd snortinstall
9. wget http://dl.snort.org/snort-current/snort-2.8.5.3.tar.gz
10. tar zxvf snort-2.8.5.3.tar.gz
11. cd snort-2.8.5.3
12. ./configure --with-mysql --enable-dynamicplugin # Fingers crossed it all goes well
13. make
14. make install
15. /usr/sbin/groupadd snort
16. /usr/sbin/useradd -g snort snort -s /sbin/nologin
17. mkdir -p /etc/snort/rules
18. mkdir -p /var/log/snort
19. cd /root/snortinstall/snort-2.8.5.3/etc
20. cp ./* /etc/snort/
21. cd /root/snortinstall
22. wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
23. tar zxvf emerging.rules.tar.gz
24. cd rules
25. cp ./* /etc/snort/rules/
26. vi /etc/snort/snort.conf # Edit the snort.conf file to suit
27. /etc/rc.d/init.d/mysqld start
28. mysql -u root -p mysql # Create the snort database and snort database user and set permissions
    
29. cd  /root/snortinstall/snort-2.8.5.3/schemas
30. mysql -u snort -p snort < create_mysql
31. pear install -a Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
32. cd /root/snortinstall/
33. wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=transact
34. wget http://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.4/base-1.4.4.tar.gz?use_mirror=transact
35. cd /var/www
36. tar zxvf /root/snortinstall/adodb510.tgz
37. mv adodb5/ adbodb
38. cd /var/www/html/
39. tar zxvf /root/snortinstall/base-1.4.4.tar.gz
40. mv base-1.4.4/ base
41. cd base
42. cp base_conf.php.dist base_conf.php
43. vi base_conf.php # Edit the file to suit
44. # Load http://SERVERNAME/base in a browser and click on the setup link
45. # Click on Create BASE AG button
46. # Click on the Main Page link

SQL

1. create database snort;
2. create user 'snort'@'localhost' identified by '';
3. grant create, insert, select, delete, update on snort.* to snort@localhost;
4. grant create, insert, select, delete, update on snort.* to snort;

Timing is everything...

Having the correct clock timestamp is very important for logging, maintenance, troubleshooting and even forensic analysis. Timing provides a very important frame of reference for network devices, such as hosts, routers and switches. It would be almost impossible to construct a reliable model of an environment without having a standard and accurate frame of reference, thus timing is everything...

The Hardening Cisco Routers book provides a good reference for Network Time Protocol (NTP) important, and can be found at http://oreilly.com/catalog/hardcisco/chapter/ch10.html. NTP is a very popular way to synchornise system clocks with a central trusted server. Here's a rough guide to getting NTP running on a Linux server;

1. sudo yum install ntp # Install the NTP client
2. sudo vi /etc/ntp.conf # Edit the configuration file to use the nearest server pool. Refer to www.ntp.org to get the pools.
3. sudo mv /etc/localtime /etc/localtime~ # Backup the locatime file
4. sudo ln -s /usr/share/zoneinfo// /etc/localtime # Ensure that the correct locatime file is set for your city
5. sudo ntpdate # Set the date using NTP using the pool specified*
6. sudo /etc/rc.d/init.d/ntp start # Start the NTP client daemon
7. ntpstat # Check that the system clock is synchronised
8. date # Check that the system date is set correctly
9. sudo hwclock -w # Set the hardware clock to the system date

*Note: Ensure that the host allows traffic on port 123 for the NTP protocol to work.

Linux Jump Box VPN

With the Linux Desktop out of the way, and my impending studies in Network Security coming up, I thought I'd preempt the studies with some initial ground work on my old Linux Server. Previously we had an old server at home, that was used mostly as a web proxy (Squid) and Windows (Samba) server to share files and the home printer.

Well, it was time for a change and I decided to rebuilt it into a bastion jump box, with a restructure of the home network as well. I started off by installing a second Network Interface Card (NIC) on it. Then installed a bare CentOS on it. I did a yum update on it to ensure the latest patches and stable packages we installed. Next went through the services and disabled all the unnecessary stuff.

The idea is to separate the internal network from the De-militarized Zone (DMZ). The purpose of the jump box is to sit on the DMZ between the access and choke routers. The jump box will provide Virtual Private Network (VPN) access into the network, as well as providing proxy services such as web proxy, syslog, ssh  and other services.

In the network, both the access and choke router perform Network Address Translation (NAT), Quality of Serverice (QoS), as well as stateful packet inspection (SPI) firewall functions. In addition to SPI, the choke also performs some port forwards to the jump box and the sip phone. All other traffic is dropped.

So to get home from university, I need to VPN in, then use SCP to transfer my files (assignments, reports, etc) and get out again.

To install OpenVPN, perform the following tasks;

1. sudo wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
2. sudo yum --enablerepo=kbs-CentOS-Testing install openvpn
3. sudo find / -name "easy-rsa" # returns something like "/usr/share/openvpn/easy-rsa/"
4. sudo cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/
5. sudo cd /etc/openvpn/easy-rsa/2.0/
6. sudo mkdir keys
7. sudo vi ./vars
8. Change the following variables
1. export KEY_SIZE=2048
2. export KEY_COUNTRY=""
3. export KEY_PROVINCE=""
4. export KEY_CITY=""
5. export KEY_ORG=""
6. export KEY_EMAIL=""
9. sudo bash
10. source ./vars
11. ./clean-all
12. ./build-ca
13. ./build-key-server server #server is the unique name to identify the server
14. ./build-key client #client is the unique name to identify the client (repeat for each client)
15. ./build-dh
16. find / -name "server.conf" # returns something like "/usr/share/doc/openvpn-2.1/sample-config-files/server.conf"
17. cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn
18. Edit the file to suit
19. Copy the Diffie-Hellman pem file (dh2048.pen), the server key file (server.key), and the CA certificate file (ca.crt) to the working directory and start the OpenVPN server (/etc/rc.d/init.d/openvpn start).

Linux for the Desktop

I have mostly been a Linux from the command line kind of person. I would rarely come across X Windows. Recently I decided to experiment with Linux for the desktop. Needless to say have heard people raving about Ubuntu. Furthermore I have mostly been a Redhat user, and had only used the Debian distribution briefly in the past.

I got the Ubuntu 9.10 Netbook Remix off the Australian PC Authority magazine to have a bit of a play with. It was good because it actually let me resize the existing partitions on my notebook. I had a play, and was moderately impressed by it. The interface was reasonably fluid and the performance was ok. However it was not too my liking. I felt that it lacked a lot of features and flexibility, would would be ideal for the average desktop user, just looking for netbook features.

Needing more features and a complete set of Linux utilities and applications, I downloaded the Ubuntu 9.10 Desktop ISO image and installed off the CD. The first step was to update all the package, for some reason the Austrlian servers were not reachable and the connection timed out. I changed the "Update Manager" "Settings" to "Download from:" the "Main Server". This worked well.

Next step was to make is look like an Apple Mac :) using the Mac4Lin installation. Before running the installation program I had to execute "sudo apt-get install emerald" to make things a bit easier. I previous Google suggested creating the following folders "~/.themes" and "~/.icons". This was done and I ran the install script. So far so good.


Now to get the AWN (Avant Window Navigation) dock working.  "sudo apt-get install avant-window-navigation". 10 seconds and a couple of automatic dependency installs later the "Awn Manager" was available under "Preferences", and after adding the Max4Lin theme in AWN, and setting it to auto start, I launched the AWN and there was much coolness to be observed...

To get the complete look you need to go through all the steps in the PDF manual available from Mac4Lin but the end result is quite satisfying in a cheezy sort of way. For people like me who cannot afford to pay for a proper Apple mac, this poor man's mac combines the GUI of (similar to) an Apple and the flexibility of a stable Linux distribution.

CCNA - Frame Relay

It appears I did get it working, but for some reason I cannot ping the local interface on the routers. If anyone is after the config and the network file for dynamips just drop me an e-mail or something, but there are heaps of them on the net already, and there is nothing special about the one I have.

Basically the idea of the lab was to setup static routes to the loopback interfaces on the remote routers. The important concept learnt were;

• Understand the importance of a route back from the remote router.
• Configure a static route with using a router interface
• Configure a static default route with a next hop router