Posts

Git is yet another open source version control, and seems to be the tool of choice for contemporary coding mavericks. I still prefer svn and cvs, for centralised version control, but can appreciate why some projects may require distributed repositories as afforded by git.

Setting up a central git repository on a server is easy. You basically setup a user, whose home directory is used to store the repositories, and allow access to people using keys, where the user retain their private key and their public key is saved as an authorised key for the git user account.

Denyhosts is another utility similar to fail2ban. It parses log files to identify potential attacks against SSH services. A clear advantage that Denyhosts has over fail2ban is the synchronisation mechanism since version 2.0[1]. Denyhosts permits communication with a central server to exchange information about denied hosts by other Denyhosts daemons. However unlike fail2ban, it does not modify any firewall (iptables) rules, instead it relies on tcpwrapper and the hosts.deny file to block ssh access. Fail2ban also offers the advantage of monitoring other services and logs, whereas Denyhosts is specific to SSH. There are other utilities which use tcpwrapper such which can handle additional services[2].

RANCID stands for really awesome new cisco configuration differ[1] and polls Cisco devices to get a copy of the configuration and an inventory of the hardware and commits the details to a version control system such a CVS or SVN. The version control is used to maintain a history of the changes, and any changes to the configuration are reported. There are a number of guides available for installing RANCID[2,4,5], but I’ve documented the steps I took here for my reference.

CVE-2014-3566 relates to a flaw found in handling of padded bytes in SSL 3.0 when using CBC mode for the encryption[3]. The flaw may be exploited to permit a man-in-the-middle (MITM) attack. The attacker may be able to decrypt a selected byte of a cipher text in a limited number (256) of attempts, by repeatedly requesting the victim to send the same data over multiple SSLv3 connections.

Given the recent bash vulnerability disclosure[1] most linux distributions have released patches. Unfortunately Apple still expected users to compile their patches into bash. If you were using Homebrew or Macport you were in better standing and simply had to create symlinks to the patched executables. I’ve documented the steps I had to take on my Mac desktop.

Compile

I have some customers who do not volume license their Microsoft Product and need to activate their Microsoft Office products. This particular customer bought a laptop with Microsoft Office 2013 pre-loaded and purchased a separate Microsoft Office Home and Business 2013 1PC License, however when they tried to activate the license by entering in their product key they kept getting a pop-up error message;

“We’re sorry, something went wrong and we can’t do this for you right now. Please try again later. ( 0x80070005 )”.

Often times, I employ a CentOS VirtualBox virtual machine (VM) as a development, testing and staging environment, I love the flexibility of virtual environments for testing and development work before moving my work to production environments.

Recently I ran a yum update and yum upgrade on a CentOS 6.4 VM and subsequently rebooted it, only to be greeted by a blank screen following bootup. A quick search of virtual TTY terminals yielded a login prompt.

This is a continuation of the post on installing Snort 2.9 on CentOS 6.4 (http://nkush.blogspot.com.au/2013/03/snort-29-on-centos-63.html). This post installs Barnyard2 on the host.

Barnyard is an output system for Snort. If effectively allows better snort performance by enabling Snort to produce binary output which is then processed by Barnyard.

Barnyard processes the binary Snort output files (unified2 binary) and stores the processed data into a database back-end, for example MySQL. The advantage of using Barnyard instead of the database output from Snort is that Barnyard is able to “cache” the data in case the database is unavailable.

Snort is a signature based network intrusion detection system (NIDS) which has become a defacto standard for NIDS. In addition to being used as a NIDS, Snort may also be used as a simple network traffic packet sniffer or logger.

A number of Snort dynamic preprocessors are available which enables the development of rules to attack detection.

Snort is an open source product and available for most popular network operating systems. Snort rules are also available commercially from Sourcefire.

My previous posts (http://nkush.blogspot.com.au/2012/08/installing-openvpn-22-on-centos-63-64bit.html and http://nkush.blogspot.com.au/2011/10/installing-openvpn-22-on-centos-57.html) have been on installing OpenVPN on Linux.

This post is slightly different as it installs and configures OpenVPN on a Microsoft Windows Small Business Server (SBS). The SBS installation is also different from the previous write-ups since this configuration uses Ethernet bridging instead of tunneling.

Although SBS comes with Layer2 Tunneling Protocol (L2TP) and Point-to-point Tunelling Protocol (PPTP) for Virtual Private Network (VPN), some users may want to use an Secure Sockets Layer (SSL) based VPN such as OpenVPN. The default installation location, i.e. C:\Program Files\OpenVPN\ is used in the instructions below