PCAP or it didn’t happen

“PCAP or it didn’t happen” is a good network security philosophy. Theprimary idea being to capture network traffic for analysis. In anon-corporate environment where a CentOS-based Linux host has been usedas a dual homed firewall (refer to the lame ASCII art network diagrambelow), tcpdump was used for continuous traffic capture. _( )______ ________ +-----+ _( )__( Internet )---/ Router \----| F/W |----( DMZ )(____________) \________/ +-----+ (________)Firstly, we create a location to save the pcap files.

Read More →

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ[1]and polls Cisco devices to geta copy of the configuration and an inventory of the hardware and commitsthe details to a version control system such a CVS or SVN. The versioncontrol is used to maintain a history of the changes, and any changes tothe configuration are reported. There are a number of guides availablefor installing RANCID[2,4,5], but I’ve documented thesteps I took here for my reference.

Read More →

CentOS 6.4 VirtualBox VM won’t boot up after doing an update/upgrade!!!

Often times, I employ a CentOS VirtualBox virtual machine (VM) as adevelopment, testing and staging environment, I love the flexibility ofvirtual environments for testing and development work before moving mywork to production environments. Recently I ran a yum update and yum upgrade on a CentOS 6.4 VM andsubsequently rebooted it, only to be greeted by a blank screen followingbootup. A quick search of virtual TTY terminals yielded a loginprompt.

Read More →

Snort 2.9 on CentOS 6.3 (continued) with Barnyard2

This is a continuation of the post on installing Snort 2.9 on CentOS 6.4(http://nkush.blogspot.com.au/2013/03/snort-29-on-centos-63.html). Thispost installs Barnyard2 on the host. Barnyard is an output system for Snort. If effectively allows bettersnort performance by enabling Snort to produce binary output which isthen processed by Barnyard. Barnyard processes the binary Snort output files (unified2 binary) andstores the processed data into a database back-end, for example MySQL.The advantage of using Barnyard instead of the database output fromSnort is that Barnyard is able to “cache” the data in case the databaseis unavailable.

Read More →

Installing OpenVPN 2.2 on CentOS 6.3 64bit

This post is just an update of a previous post that used CentOS 5.7 andOpenVPN 2.2(http://nkush.blogspot.com.au/2011/10/installing-openvpn-22-on-centos-57.html).The basic instructions are the same, however this post uses some newerpackages which may have been relocated to new URLs. Again this blog andthe posts are mostly for my own reference and not intended asstep-by-step instuctions for other systems/network administrators Install RPMForge or RepoForge as it’s now known[1] wgethttp://pkgs.

Read More →

I had to do some maintenance work on a Linux based server

I had to do some maintenance work on a Linux based server. It was mainlyjust archiving some files around and updating packages andconfigurations. However, as part of the maintenance I took theopportunity to put in some simple technical security controls in placeand documented some of them here for my reference. MySQL Database There was a MySQL server runningthat was only needed for the local host, but a “netstat -ltn” indicatedthat it was not bound to any specific IP, i.

Read More →

Installing OpenVPN 2.2 on Centos 5.7

OpenVPN is an SSL based VPN. There are other VPN solutions such asIPsec, etc. but OpenVPN provides a cost effective alternative. I likeOpenVPN as it support two-way authentication, i.e. both the client andserver authenticate using certificates. To install OpeVPN on CentOS weneed a number of cryptographic libraries. The simplest way is to use theDAG/RPMForge repository. Set-up the RPMForge repository [1], asthis contains the packages necessary for the installation and theinstructions are provided below.

Read More →

Installing OSSEC on Centos 5.7

OSSEC is an open source host-based IDS that performs log analysis, andis able to correlate and analyse logs for a number of Linux (andWindows, but that is outside the scope of this blog post) servers. Thesoftware architecture of OSSEC and the use of agents, lends OSSEC toflexible deployment and management [1]. Set-up the Atomic repository that already has the appropriate OSSECpackages and install them would be the easiest way.

Read More →

Installing Snort 2.9.1.2 on CentOS 5.7

CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort’s DataAcquisition Library (daq) needs a newer version of libpcap (>=1.0.0).The latter is not an issue with the CentOS 6.0. Vishesh Kumar [1]provides an excellent instructions to getting Snort 2.9 to run on RHEL 5(http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html).The purpose of this post is not to duplicate his efforts, but to extendit slightly to include instructions for a complete Snort set-up.

Read More →

Gnu Screen

Running some experiment on a VM server I rapidly ran out of patiencehaving to wait for commands to run, and/or switching back and forthusing Ctrl+Z, bg, and fg. My thoughts went back to Nick Black who hadintroduced me to Gnu Screen several years back, alas I has forgotten theshort-cuts, Thankfully Google and the man page came to the rescue. Since the VM server was a CentOS 6.

Read More →