PCAP or it didn’t happen

“PCAP or it didn’t happen” is a good network security philosophy. The primary idea being to capture network traffic for analysis. In a non-corporate environment where a CentOS-based Linux host has been used as a dual homed firewall (refer to the lame ASCII art network diagram below), tcpdump was used for continuous traffic capture. _( )______ ________ +-----+ _( )__ ( Internet )---/ Router \----| F/W |----( DMZ ) (____________) \________/ +-----+ (________) Firstly, we create a location to save the pcap files.

Read More →

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ<span style=“font-size: xx-small;“>[1] and polls Cisco devices to get a copy of the configuration and an inventory of the hardware and commits the details to a version control system such a CVS or SVN. The version control is used to maintain a history of the changes, and any changes to the configuration are reported. There are a number of guides available for installing RANCID<span

Read More →

I had to do some maintenance work on a Linux based server

I had to do some maintenance work on a Linux based server. It was mainly just archiving some files around and updating packages and configurations. However, as part of the maintenance I took the opportunity to put in some simple technical security controls in place and documented some of them here for my reference. MySQL Database There was a MySQL server running that was only needed for the local host, but a “netstat -ltn” indicated

Read More →

Evernote and Nix/NeverNote on Ubuntu 10.04

Evernote is a great tool. I absolutely love it. The only con, is that it’s nto available natively for Linux. So I have to run it under the Windows Emulator or wine. The installation is fairly simple. wget http://evernote.s3.amazonaws.com/win4/public/Evernote_4.5.0.5229.exe wine Evernote_4.5.0.5229.exe Obviously not running natively there is a slight performance lag. This may be attributed to my 5 year old laptop. Although it’s still usable, the slow synchronization soon becomes tiresome.

Read More →

Cisco console from Ubuntu 10.04

It’s pretty easy to set-up Cisco serial console connectivity on Ubuntu 10.04. The usual way is to use minicom. The serial ports usually called COM1-4 usually have the following address range; COM1 - 3E8 COM2 - 2F8 COM3 - 3E8 COM4 - 2E8 To complete the setup first determine the address used for COM1 (or whichever serial port you wish to use) on your machine query the kernel

Read More →

KeePass on Ubuntu 10.04

KeePass is a very popular password management software. One of my client uses this for their systems and I was given a copy of their database. Since I mostly use linux when I am working, I needed a way to get this working on Ubuntu 10.04. Instructions are widely available, but again for my benefit, I have documented them here as step-by-step guide for myself. At the time of this blog post the 2.

Read More →