PCAP or it didn’t happen

“PCAP or it didn’t happen” is a good network security philosophy. Theprimary idea being to capture network traffic for analysis. In anon-corporate environment where a CentOS-based Linux host has been usedas a dual homed firewall (refer to the lame ASCII art network diagrambelow), tcpdump was used for continuous traffic capture. _( )______ ________ +-----+ _( )__( Internet )---/ Router \----| F/W |----( DMZ )(____________) \________/ +-----+ (________)Firstly, we create a location to save the pcap files.

Read More →

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ[1]and polls Cisco devices to geta copy of the configuration and an inventory of the hardware and commitsthe details to a version control system such a CVS or SVN. The versioncontrol is used to maintain a history of the changes, and any changes tothe configuration are reported. There are a number of guides availablefor installing RANCID[2,4,5], but I’ve documented thesteps I took here for my reference.

Read More →

I had to do some maintenance work on a Linux based server

I had to do some maintenance work on a Linux based server. It was mainlyjust archiving some files around and updating packages andconfigurations. However, as part of the maintenance I took theopportunity to put in some simple technical security controls in placeand documented some of them here for my reference. MySQL Database There was a MySQL server runningthat was only needed for the local host, but a “netstat -ltn” indicatedthat it was not bound to any specific IP, i.

Read More →

Evernote and Nix/NeverNote on Ubuntu 10.04

Evernote is a great tool. I absolutely love it. The only con, is thatit’s nto available natively for Linux. So I have to run it under theWindows Emulator or wine. The installation is fairly simple. wgethttp://evernote.s3.amazonaws.com/win4/public/Evernote_4.5.0.5229.exe wine Evernote_4.5.0.5229.exe Obviously not running natively there is a slight performance lag. Thismay be attributed to my 5 year old laptop. Although it’s still usable,the slow synchronization soon becomes tiresome.

Read More →

Cisco console from Ubuntu 10.04

It’s pretty easy to set-up Cisco serial console connectivity on Ubuntu10.04. The usual way is to use minicom. The serial ports usuallycalled COM1-4 usually have the following address range; COM1 - 3E8 COM2 - 2F8 COM3 - 3E8 COM4 - 2E8 To complete the setup first determine the address used for COM1 (orwhichever serial port you wish to use) on your machine query the kernelbuffer ring using the dmesg command, then install and configure theminicom, modem emulation tool.

Read More →

KeePass on Ubuntu 10.04

KeePass is a very popular password management software. One of my clientuses this for their systems and I was given a copy of their database.Since I mostly use linux when I am working, I needed a way to get thisworking on Ubuntu 10.04. Instructions are widely available, but againfor my benefit, I have documented them here as step-by-step guide formyself. At the time of this blog post the 2.

Read More →