PCAP or it didn't happen

“PCAP or it didn’t happen” is a good network security philosophy. The primary idea being to capture network traffic for analysis. In a non-corporate environment where a CentOS-based Linux host has been used as a dual homed firewall (refer to the lame ASCII art network diagram below), tcpdump was used for continuous traffic capture.

  _( )______     ________     +-----+     _( )__
 ( Internet )---/ Router \----| F/W |----( DMZ  )
(____________)  \________/    +-----+   (________)

Firstly, we create a location to save the pcap files. Next, since contemporary version of tcpdump are baked with the -Z switch which causes tcpdump to drop into a less privileges account (tcpdump in the case of this particular version of CentOS) we change ownership and permissions to the location, and change permissions to allow the tcpdump user and group to have full read and write permission.

[Read More]

Configuring RANCID on CentOS 6.5

RANCID stands for really awesome new cisco configuration differ[1] and polls Cisco devices to get a copy of the configuration and an inventory of the hardware and commits the details to a version control system such a CVS or SVN. The version control is used to maintain a history of the changes, and any changes to the configuration are reported. There are a number of guides available for installing RANCID[2,4,5], but I’ve documented the steps I took here for my reference.

[Read More]

I had to do some maintenance work on a Linux based server

I had to do some maintenance work on a Linux based server. It was mainly just archiving some files around and updating packages and configurations. However, as part of the maintenance I took the opportunity to put in some simple technical security controls in place and documented some of them here for my reference.

MySQL Database There was a MySQL server running that was only needed for the local host, but a “netstat -ltn” indicated that it was not bound to any specific IP, i.e. listening on 0.0.0.0, so I bound it to the localhost IP of 127.0.0.1 by editing the /etc/my.cnf file using the entry bind-address=127.0.0.1

[Read More]

Evernote and Nix/NeverNote on Ubuntu 10.04

Evernote is a great tool. I absolutely love it. The only con, is that it’s nto available natively for Linux. So I have to run it under the Windows Emulator or wine. The installation is fairly simple.

  1. wget http://evernote.s3.amazonaws.com/win4/public/Evernote_4.5.0.5229.exe
  2. wine Evernote_4.5.0.5229.exe

Obviously not running natively there is a slight performance lag. This may be attributed to my 5 year old laptop. Although it’s still usable, the slow synchronization soon becomes tiresome. Fortunately there is a Linux native client called NeverNote[2].

[Read More]

Cisco console from Ubuntu 10.04

It’s pretty easy to set-up Cisco serial console connectivity on Ubuntu 10.04. The usual way is to use minicom. The serial ports usually called COM1-4 usually have the following address range;

  1. COM1 - 3E8
  2. COM2 - 2F8
  3. COM3 - 3E8
  4. COM4 - 2E8

To complete the setup first determine the address used for COM1 (or whichever serial port you wish to use) on your machineĀ  query the kernel buffer ring using the dmesg command, then install and configure the minicom, modem emulation tool.

[Read More]

KeePass on Ubuntu 10.04

KeePass is a very popular password management software. One of my client uses this for their systems and I was given a copy of their database. Since I mostly use linux when I am working, I needed a way to get this working on Ubuntu 10.04. Instructions are widely available, but again for my benefit, I have documented them here as step-by-step guide for myself. At the time of this blog post the 2.x version of KeePass was 2.16

[Read More]