What is the ‘soul’ of a computer?

At work I am mapping out our network.  Instead of visio I am using omni graffle and very happy with the asthetics and ease of use.

I am setting it up so that it is separated into both logical (firewall security zone) and physical (rack number with list of computers that are inside it).  I am running into problems doing it this way, as I have already found racks that have machines that exist it multiple security zones.

Another problem I encountered is the one that brought me to the title of tonights post: We have a number of virtual machines that don’t really (physically)  live anywhere.  The OS may consist of file systems mounted from multiple SANs in multiple racks and being run from a hypter-visor that exists in yet another rack. So, what rack does that vm belong in?

How have you guys dealt with this soft of thing?

todo.sh

I am a firm believer in David Allen’s GTD (or Getting Things Done) and have been searching for a nice and easy to use task tracking system. I am also a huge fan of all things gui-less so naturally I started coding series of scripts for the purpose and GeekTool to display todo’s on my desktop.

Initialy it was nothing more the following line added to my .bash_profile

alias todo=’echo $1 >> ~/todo.txt’

But before long I found myself wanting to write a ‘done.sh’ script to remove items. At that point I realized I had to implement a numbering system, use copious amount of awk and sed and spend far more time than I cared to on the project.

At some point I recall briefly reading about something similar on digg. A quick google search lead me to todotxt.com.

What a system this is! Combined with GeekTool I have an excellent way of staying organized.

Rather than explaining how it works I embedded an example video for you.

Now all I have to do is implement a system that uses DUE:MM/DD and a cron’ed script to alert me via growl when something is due. Ahhh, if only I had some free time. 🙂

Juniper NetScreen Policy Configuration Cheat Sheet

NetScreen Config Cheat Sheet (Thumb)I use a lot of NetScreens at work and found myself sprawling notes containing syntax of different commands for the ScreenOS CLI (Command Line Interface). Being the OCD type of person I am, I decided I needed something more zazzy… yes, more zaz. So here is the pdf and original graffle of my NetScreen policy config cheat sheet.

Coming soon: “Netscreen VPN Cheat Sheet” and “NetScreen Debug Cheat Sheet

NetScreen Config Cheat Sheet (PDF)
md5: f69855226d84eccdfc8bc4cb64d527ea

Change Log 

06-08-2007: v1.4
Updated the “set policy” line to include dst_zone.

Linux: All the Basics You Need to Know

After giving notice at my last job I found myself whipping together a lot of documentation for the person who would be taking over for me.

He really enjoyed the “Linux Basics” one I put together and said it would be a useful thing to stick on my blog… so here it is. 🙂

Note: Please forgive any odd formating, it is taken from a wiki.

File System

/ : root of the file system contains all devices and directory’s

/root : the root users home directory

/home : all other users home dirs reside in here

/boot : All the kernels and boot specific info

/tmp : temporary files are stored here, is commonly world writable so keep an eye on it

/dev : on linux even hardware devices are part of the file system, they are stored here.

/bin : executables that should be safe for normal users to run

/var : the system writes data here during its operation, commonly contains /var/lib/mysql and /var/www

/opt : optional software, 3rd parties stick stuff here

/sbin : system executables that only root should need

/proc : the OS uses this to keep track of everything on the system in real time. No need to muck around in here

/mnt or /media: this ware new file systems get mounted (cds, floppys, flash drives)

/etc : all config files

FS NOTE: when tweaking configs do ‘cp something.conf something.conf.bk’ and tweak away. If you flub something up just ‘rm -f something.conf; mv something.conf.bk something.conf; service restart something’ and your back up and running with your original config.

Basic commands

  • whoami : displays current user
  • top : displays the top cpu/memory eaters and system load.. like task manager on windows
  • ps : displays all processes running.. ps aux is the most useful way to run it
  • wall “some text” : sends a broadcast message to all logged on users
  • man program : displays the ‘man page’ or manual for a given program. Uber useful. Use space bar to page down and q to exit
  • program -h : displays the help for a given program, briefer than man
  • du -sh dirName : Displays the total size of a directory recursively
  • df -kh : displays total and available storage on all partitions for the system
  • locate filename : finds ware a program or file is located on the system
  • w : displays who is ssh’ed or logged in.
  • watch -n seconds filename : will execute a file every n seconds. Useful to watch who is online, watch -n 3 w
  • wget http://somesite.com/somefile : gets a file via ftp, rsync, http, etc from a remote host.
  • netstat : displays all listening ports and active connections
  • ifconfig : used for listing network interface info and setting it
  • clear : clears the terminal
  • md5sum filename : displays the md5 checksum of the given file

additional command operators

|
the pipe is used to send one command through another.
ps | more -- pauses ps
ps | grep ssh -- only display lines that contain ssh

;
used to "stack commands" or issue multiple commands on 1 line.
cd ..; ls

&
puts a command in the background.  Will let you know when the command is finished

>
write what is displayed on the screen from a given command to a text file
ls -alh /root > /root/myRoot.txt

>>
appends screen output to an existing file

File Permissions

 

Listing Permissions

ls -al will display all files in a list with their owners and permissions

-rw-r--r--   1 irq13 irq13 1006 Jan 24 10:16 .bashrc

Now to break down the above example…

-rw-r--r-- is the permissions area.  The first - would be d if the item is directory, otherwise it will be -.  The second 3 dashes indicate read/write/execute for the owner, the second is r/w/x for the group and third is r/w/x for everyone else.

The next number is the inodes associated with the file. This isn’t important for you to know the basics

Next when it says irq13 irq13 that indicates the owner of the files name group

Changing ownership of a file

chown username:groupname file

Changing permissions of a file

chmod XXX filename

chmod uses a numeric system for assigning ownership. XXX represents 3 numbers. The first is the permissions applied to the owning user, 2nd is group, 3rd is everyone else.
1: execute
2: write
3: write & execute
4: read
5: read & execute
6: read & write
7: read, write & execute

Remember that 777 is only to be used as a trouble shooting step to rule fs permissions out. NEVER leave a dir as 777. Its useful to do ‘ls -alh * > perm_capture.txt’ before messing with a file. That way you can restore its original permissions.

Attributes

Files also have attributes, similar to the ones found in the windows world.

lsattr filename : Lists the attributes of a file or directory

chattr +-=[ASacDdIijsTtu] filename

to add an attribute use + to remove use –

File Attributes

append only (a)
compressed (c)
no  dump  (d)
immutable  (i)
data journaling (j)
secure deletion (s)
no tail-merging (t)
undeletable (u)
no atime updates (A)
synchronous  directory  updates  (D)
syn-chronous updates (S)
top of directory hierarchy (T)

Use man chattr for an explanation of each attribute

launching scripts and bins

  • If an executable file is in your path you may simply type its name from anywhere on the system and it will execute.
  • To see what your path is type ‘path’
  • To execute a file in the current directory type “./filename
  • To execute a file it must have execute permissions for either your username or a group you belong to.

User Management

useradd

useradd userName

then run “passwd userName” to set the new users pw

passwd

passwd username

will ask for the new pw twice

Service/Daemon Management

restarting/stopping/starting a service

On any init.d based linux distro you can restart a service with the following…

/etc/init.d/serviceName restart

You may replace ‘restart’ with ‘stop’ or ‘start’ (and in some cases ‘status’).

Forcefully stopping a service

killall processName

Killing on instance of a service

kill pid

The pid can be gathered by either top or ps

Disabling/adding/listing services

chkconfig –list

displays all the services and if they are set to run in different runlevels
use the –del daemonName to remove a service or –add daemonName to add one

setting a program to run at startup

Add a line executing the command at the end of /etc/rc.local

File Manipulation

Editing Text Files

vi is by far the best text editor but has a learning curve to it. If you want simplicity use nano

display a text file from the command line

cat filename

or

more filename

Display the last few lines of a text file

tail filename

or you can display the last 50 lines of a file with…

tail -50 filename

or you can display lines as they are written to a file (or follow) with the following: (UBER useful for log files)

tail -f filename

copy a file

cp filename destination

move a file

mv filename destination

 

delete a file

rm -f filename : removes the file. -f makes it so it doesn’t ask you if you are sure

Displaying the differences between two files

diff file1 file2

Installing crap

On redhat derived systems (RedHat, Fedora, CentOS, Rocks, Mandrake, etc) yum is your package manager.

yum install appname : installs the application from the remote yum repository

yum search appname : does a search on the repository for a given program

yum remove appname : uninstalls an app

use ‘man yum’ for a complete list

archives

tar.gz or .tgz is the most common compression found in the linux world. that is tared (Tape ARchive) and gziped. Sometimes called “tar balls”.

tar -xzf file.tgz : will X’trackt a tar/gzip file.

tar -czf myfile.tgz someDir : will create a tar and gziped archive of the given directory

gunzip : un gzips a file

unzip : unzips a .zip file

Linux Security

Read these this SANs Checklist (www) (pdf) and install Bastille Linux.

TippingPoint UnityOne Super User (root) Password Reset

Last night after doing about 20 google searches for every possible combination of words I was unable to locate the procedure on how to reset the root password on a tipping point IPS.

I was also unable to locate any sort of online manual.

I am making this post in hopes that google indexes it and it helps others that are attempting to do the same thing I was trying.

1. Attach a serial cable to the management port on the front of the unit. (set it to 153,000 bps)

2. Reboot the IPS. Obviously this will kill all traffic that would normally flow through the unit, so schedule it!

3. After it displays the “Tipping Point” ascii logo it will say “Loading”. Within 3 seconds of that type “mkey” and hit enter.

4. You will prompted for a default security level, username and new password.

Enjoy.

Microsoft’s .ANI Fix Timeline

Microsoft announced today that it will issue an urgent, out of cycle patch for the ‘recent’ animated cursor vulnerability (CVE-2007-0038)… a whole week ahead of its precious and ill-conceived patch tuesday.

Some would claim that this an example of Microsoft doing the right thing, getting urgent issues resolved quickly and cutting through their own patching release cycle. Upon closer examination you will find this to be false.

This vulnerability affects all version of MS Internet Explorer and Windows. All an attacker would have to do is embed a malicious animated cursor into a web page and anyone who visits the page is ‘auto-attacked’. Its important to keep in mind that sites like myspace allow anyone to modify their own pages and embed anything they like. Its also important to remember that hackers take over legitimate, commercial sites and embed their nastys. They get more bang for their buck that way.

To support my belief that MS is still only talking big and not following through, I present to you the time-line.

December 2006 – Determina discovers .ANI 0-day vulnerability and reports its findings to Microsoft
March 23 2007 – Microsoft releases MSIE patch MS05-020 to fix vulnerabilities related to this. This patch was shoddy and still allowed exploitation of this specific vulnerability
March 26 2007 – Security researchers start to see exploits for this vulnerability in the wild
March 27 2007 Determina releases their own ‘3rd party’ patch to mitigate this vulnerability
March 30 2007 eEye follows suite and releases their own patch
April 3 2007Microsoft releases MS07-017 ‘out of cycle’ to patch this bug

Exposure Times
System exposure since discovery: 93 days*
System exposure since active exploits discovered: 8 days

*This is a conservative estimate. The article states “In December 2006”. For fairness sake this figure assumes 12/31/06 but the figure could in fact be as large as 123 days, if it was discovered 12/01/06

sources:
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0038

Pretexting

I have seen “pretexting” in the news far too much without commenting on it.

What is pretexting? According to wikipedia it is “the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone”.

So in other words its a specific type of social engineering. Or as I like to call it: fraud.

Lets not beat around the bush on this one. If you contact a company and pretend to be me in order to get information about me, or acquire a service or funds that you are not entitled to, you are committing fraud (and I will beat you down).

Having been the victim of both identity and credit theft, I take privacy very seriously. But yet even a thorough understanding of privacy and paranoia is still not enough.

The first time it happened someone forged my signature (convincingly too) to have all of my mail forwarded to Texas. The motivation on this one is still unclear, but it took the post office months to straighten my mail out.

The second time I was a victim of credit card “double-swipe”. While at a gas station in Ontario, CA someone swiped my debit card through a modified card reader. This reader recorded the information stored on the strip on the back of my card. They also recorded my CVV (the 3 digit code on the back of the card) and used the information to print a new magnetic strip and clone my debit card. It was used for ‘card in hand’ transactions in Toronto.

Neither of these events could have been prevented… by me. However with proper legislation our government could force private industry to implement effective safe guards against these sorts of attacks. Unfortunately until these safe guards are mandated or they become cost effective, they will never happen, and we as consumers will continue to suffer.

A prime example of this country moving in the wrong direction is the recent HP verdict. The top levels of the company condoned (nay, encouraged) pretexting and got off with no jail time.

And now we are seeing pretexting causing issues with xbox live.

We have to be clear with law makers that we will no longer sit by and let our personal data be stolen and sold.

Until we can convince law makers that this sort thing will not be tolerated all we can do is learn how to protect yourself and support organizations that are trying make things right.

Electronic Privacy Information Center (EPIC)
Identity Theft Resource Center
Privacy Rights Clearinghouse
Privacy Laws by State (source: Epic.org)