PCAP or it didn’t happen

“PCAP or it didn’t happen” is a good network security philosophy. The primary idea being to capture network traffic for analysis. In a non-corporate environment where a CentOS-based Linux host has been used as a dual homed firewall (refer to the lame ASCII art network diagram below), tcpdump was used for continuous traffic capture. _( )______ ________ +-----+ _( )__ ( Internet )---/ Router \----| F/W |----( DMZ ) (____________) \________/ +-----+ (________) Firstly, we create a location to save the pcap files.

Read More →

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ<span style=“font-size: xx-small;“>[1] and polls Cisco devices to get a copy of the configuration and an inventory of the hardware and commits the details to a version control system such a CVS or SVN. The version control is used to maintain a history of the changes, and any changes to the configuration are reported. There are a number of guides available for installing RANCID<span

Read More →

CentOS 6.4 VirtualBox VM won’t boot up after doing an update/upgrade!!!

Often times, I employ a CentOS VirtualBox virtual machine (VM) as a development, testing and staging environment, I love the flexibility of virtual environments for testing and development work before moving my work to production environments. Recently I ran a yum update and yum upgrade on a CentOS 6.4 VM and subsequently rebooted it, only to be greeted by a blank screen following bootup. A quick search of virtual TTY terminals yielded a login

Read More →

Snort 2.9 on CentOS 6.3 (continued) with Barnyard2

This is a continuation of the post on installing Snort 2.9 on CentOS 6.4 (http://nkush.blogspot.com.au/2013/03/snort-29-on-centos-63.html). This post installs Barnyard2 on the host. Barnyard is an output system for Snort. If effectively allows better snort performance by enabling Snort to produce binary output which is then processed by Barnyard. Barnyard processes the binary Snort output files (unified2 binary) and stores the processed data into a database back-end, for example MySQL. The advantage of using Barnyard instead of the database output from

Read More →

Installing OpenVPN 2.2 on CentOS 6.3 64bit

This post is just an update of a previous post that used CentOS 5.7 and OpenVPN 2.2 (http://nkush.blogspot.com.au/2011/10/installing-openvpn-22-on-centos-57.html). The basic instructions are the same, however this post uses some newer packages which may have been relocated to new URLs. Again this blog and the posts are mostly for my own reference and not intended as step-by-step instuctions for other systems/network administrators Install RPMForge or RepoForge as it’s now known<span style=“font-size: xx-small;“>[1]

Read More →

I had to do some maintenance work on a Linux based server

I had to do some maintenance work on a Linux based server. It was mainly just archiving some files around and updating packages and configurations. However, as part of the maintenance I took the opportunity to put in some simple technical security controls in place and documented some of them here for my reference. MySQL Database There was a MySQL server running that was only needed for the local host, but a “netstat -ltn” indicated

Read More →

Installing OpenVPN 2.2 on Centos 5.7

OpenVPN is an SSL based VPN. There are other VPN solutions such as IPsec, etc. but OpenVPN provides a cost effective alternative. I like OpenVPN as it support two-way authentication, i.e. both the client and server authenticate using certificates. To install OpeVPN on CentOS we need a number of cryptographic libraries. The simplest way is to use the DAG/RPMForge repository. Set-up the RPMForge repository <span class=“Apple-style-span” style=“font-family: inherit; font-size: xx-small;“>[1], as

Read More →

Installing OSSEC on Centos 5.7

OSSEC is an open source host-based IDS that performs log analysis, and is able to correlate and analyse logs for a number of Linux (and Windows, but that is outside the scope of this blog post) servers. The software architecture of OSSEC and the use of agents, lends OSSEC to flexible deployment and management <span class=“Apple-style-span” style=“font-size: xx-small;“>[1]. Set-up the Atomic repository that already has the appropriate OSSEC packages and install them would be the easiest way.

Read More →

Installing Snort 2.9.1.2 on CentOS 5.7

CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort’s Data Acquisition Library (daq) needs a newer version of libpcap (>=1.0.0). The latter is not an issue with the CentOS 6.0. Vishesh Kumar <span class=“Apple-style-span” style=“font-size: xx-small;“>[1] provides an excellent instructions to getting Snort 2.9 to run on RHEL 5 (http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html). The purpose of this post is not to duplicate his efforts, but to extend it slightly to include instructions for a complete Snort set-up.

Read More →

Gnu Screen

Running some experiment on a VM server I rapidly ran out of patience having to wait for commands to run, and/or switching back and forth using Ctrl+Z, bg, and fg. My thoughts went back to Nick Black who had introduced me to Gnu Screen several years back, alas I has forgotten the short-cuts, Thankfully Google and the man page came to the rescue. Since the VM server was a CentOS 6.

Read More →