SecureCube.com

24Jun/130

Internet Services Dashboards

Amazon Service Health Dashboad
http://status.aws.amazon.com/

Apple Services
http://www.apple.com/support/systemstatus/

Google Status Dashboard
http://www.google.com/appsstatus

GoDaddy System Alerts
http://support.godaddy.com/system-alerts/

Hurrican Electric Internet Services
http://bgp.he.net/report/bogons

Internet Traffic Report
http://www.internettrafficreport.com/

OpenDNS System
https://system.opendns.com
http://208.69.38.170/

Keynote - Internet Health Report
http://internetpulse.net/

Filed under: General No Comments
7Jan/130

Setup Linux NTP daemon

Looking for a reliable NTP daemon to keep your system clock up-to-date. Look no further... OpenNTPD. The following will outline setup of OpenNTPD on Linux.

Download the latest source from OpenNTPD.

Extract and change to the install directory.

tar xzf openntpd-3.9p1.tar.gz
cd openntpd-3.9p1

Create a user and group which the ntp daemon will run and chroot'ed to directory.

groupadd _ntp
useradd -g _ntp -s /sbin/nologin -d /var/empty/ntp -c 'OpenNTP daemon' _ntp
mkdir -p /var/empty/ntp
chown 0 /var/empty/ntp
chgrp 0 /var/empty/ntp
chmod 0755 /var/empty/ntp

Perform standard install from source steps. Read the INSTALL doc for more information.

./configure
make && make install

Next we'll create a init script to start/stop the daemon.

vi /etc/init.d/ntpd
#!/bin/bash

NTPD_CONF=/usr/local/etc/ntpd.conf

if [ ! -f $NTPD_CONF ]
 then
 echo "Could not find $NTPD_CONF"
 exit 1
fi

# -s : Set the time immediately at startup if the
# local clock is off by more than 180 seconds.
PARAMS="-s"

PID=`pidof -o %PPID /usr/local/sbin/ntpd`
case "$1" in
 start)
 echo "Starting OpenNTPD"
 [ -z "$PID" ] && /usr/local/sbin/ntpd $PARAMS
 if [ $? -gt 0 ]; then
 echo "Failed"
 else
 PID=`pidof -o %PPID /usr/local/sbin/ntpd`
 echo $PID >/var/run/openntpd.pid
 echo "Done"
 fi
 ;;
 stop)
 echo "Stopping OpenNTPD"
 [ ! -z "$PID" ] && kill $PID &>/dev/null
 if [ $? -gt 0 ]; then
 echo "Failed"
 else
 echo "Done"
 fi
 ;;
 restart)
 $0 stop
 $0 start
 ;;
 *)
 echo "usage: $0 {start|stop|restart}"
esac
exit 0

Change the init script to allow for execution.

chmod a+x /etc/init.d/ntpd

Next setup the ntpd.conf file to point to servers you want to sync with. You can read the man pages first for syntax.

man ntpd.conf
vi /usr/local/etc/ntpd.conf

You can use this site to find a pool of servers close to you.

Finally we'll start the daemon.

/etc/init.d/ntpd start

You can view the progress of the sync using the following command.

cat /var/log/syslog | grep ntpd

You can see the progression of the clock...

Jan 7 12:02:53 pc-name ntpd[1355]: adjusting local clock by -1.462512s
Jan 7 12:05:36 pc-name ntpd[1355]: adjusting local clock by -1.429211s
Jan 7 12:08:27 pc-name ntpd[2064]: adjusting local clock by -1.362814s
Jan 7 12:12:14 pc-name ntpd[2064]: adjusting local clock by -1.302321s
Jan 7 12:16:37 pc-name ntpd[2064]: adjusting local clock by -1.199679s
Jan 7 12:20:53 pc-name ntpd[2064]: adjusting local clock by -1.119930s
Jan 7 12:24:01 pc-name ntpd[2064]: adjusting local clock by -1.076154s
Jan 7 12:25:53 pc-name ntpd[2064]: adjusting local clock by -1.002400s
Jan 7 12:28:47 pc-name ntpd[2064]: adjusting local clock by -0.946294s
Jan 7 12:31:13 pc-name ntpd[2064]: adjusting local clock by -0.926053s
Jan 7 12:33:22 pc-name ntpd[2064]: adjusting local clock by -0.867900s
Jan 7 12:35:44 pc-name ntpd[2064]: adjusting local clock by -0.819938s
Jan 7 12:37:18 pc-name ntpd[2064]: adjusting local clock by -0.787604s
Jan 7 12:38:56 pc-name ntpd[2064]: adjusting local clock by -0.717054s
Jan 7 12:42:42 pc-name ntpd[2064]: adjusting local clock by -0.653446s
Jan 7 12:45:32 pc-name ntpd[2064]: adjusting local clock by -0.599668s
Jan 7 12:47:44 pc-name ntpd[2064]: adjusting local clock by -0.512153s
Jan 7 12:51:51 pc-name ntpd[2064]: adjusting local clock by -0.472384s
Jan 7 12:54:44 pc-name ntpd[2064]: adjusting local clock by -0.397733s
Jan 7 12:57:25 pc-name ntpd[2064]: adjusting local clock by -0.335255s
Jan 7 13:00:39 pc-name ntpd[2064]: adjusting local clock by -0.275158s
Jan 7 13:03:15 pc-name ntpd[2064]: adjusting local clock by -0.222749s
Jan 7 13:06:49 pc-name ntpd[2064]: adjusting local clock by -0.197332s
Jan 7 13:09:53 pc-name ntpd[2064]: adjusting local clock by -0.175554s

Depending on how far your clock is off you man want to perform a manual update.

rdate -nv tick.usno.navy.mil

Check how far off you clock currently is.

rdate -nv tick.usno.navy.mil

Following are some troubleshooting steps...

Check for ntp connections to ntp sources

netstat -upn

Check your hardware clock isn't jumping around

hwclock --show; hwclock --show; hwclock --show; hwclock --show; hwclock --show

Other things to note is you may not be able to set your clock if your on a VPS server. You'll have to talk to your VPS provider to fix. Also don't use ntpdate in a cron job as this will just force your clock to jump all around where as an ntp daemon will progressivly adjust the clock into accurate time.

Filed under: Linux No Comments
21Nov/120

Linux ntpd Sync with Windows 2008

Debian squeeze comes with ntpĀ 4.2.6p2 which doesn't work with Windows 2008 R2 servers as seen in this bug. To fix this update to a newer version such as 4.2.7p326. Tried running version 4.2.6p5 but was receiving segfaults while running debian 6.0.4 squeeze with kernel 2.6.32-5-amd64.

sudo apt-get remove ntp ntpdate
wget http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.2.7p326.tar.gz
tar xzvf ntp-dev-4.2.7p326.tar.gz
cd ntp-dev-4.2.7p326/
./configure --enable-clockctl
sudo make && make install

You then just need to setup your init script to start ntpd.

26Aug/110

Apache LDAP Authentication

Quick Setup of using LDAP for authentication in Apache with .htaccess

1. Enable ldap module
a2enmod authnz_ldap

2. Enable .htaccess files to be read

vi /etc/apache2/sites-enabled/000-default

Set AllowOverride from 'none' to 'All' for your web directory.

3. Create a .htaccess file within the directory your trying to set passwords on and enter the following into the file.

AuthType Basic
AuthBasicProvider ldap
AuthName "My LDAP Auth"

AuthLDAPURL "ldap://<serverIP>/o=<root>?cn"
Require ldap-group cn=<group_name>, o=<root>

Following is a real world example with secondary LDAP server:

AuthType Basic
AuthBasicProvider ldap
AuthName "My LDAP Auth"

AuthLDAPURL "ldap://192.168.1.10 192.168.1.11/ou=People, o=Facility?cn"
Require ldap-group cn=Administrators, ou=People, o=Facility

That's it. Documentation can be found on the Apache site.

14Jul/110

Replicate using rsync

To replicate local directories

The following will replicate all files and folders in the '/home' folder to '/mnt/backup/' folder recursively.

rsync -avh --delete /home/ /mnt/backup/
To replicate to remote directories

The following will replicate all files and folders in the '/home' folder to the remote server myhost under the username bob to directory '/backup/'. The use of the progress argument will show you the status of the transfer.

rsync --progress -avhe ssh --delete /home/ bob@myhost:/backup/

You can of course automate the running of these through crontab.

Tagged as: No Comments
25Jun/110

Firefox and wrong ELF class error

If you running a system that newer than say 8 years your probably running a 64-bit processor. Now weather you're running a 64-bit OS is another story. Well if you're like me, you probably are running a 64-bit OS, linux of course!

Recently I had a little bit of time and wanted to make sure all my systems were up-to-date, starting with their browsers. Currently I am running Debian squeeze which comes with GNU browser Iceweasel and found out there is no recent update. However you can get the latest through Iceweasel's new name... IceCat. Well I didn't feel like using that so I decided to change to Firefox......

23Apr/110

Printing to PDF from Adobe

To print a PDF from Adobe Reader (acroread) you will need to install the following:


sudo apt-get install cups-pdf

Along with:


sudo apt-get install cups-bsd

Without the 'cups-bsd' you will receive the following error while trying to print:

The print process returned error. Please check whether the printer is connected to the machine

After you have the above installed you should see a new printer named 'PDF'. You can now print to PDF from within Adobe Reader.

12Feb/110

Colorize output

With some regex magic and perl we can colorize the output in console:

tail -f filename | perl -pe 's/keyword/\e[1;31;43m$&\e[0m/g'
9Jan/110

Resize Images

The ability to resize images is an essential tool when working with the web. Here are some tools for Linux and Microsoft OS's.

Image Resizer from Microsoft PowerToys is your best bet when looking to resize images in a Windows environment.

When looking for a utility in Linux there are a slew of options. Ones I have found are from within ImageMagick:

sudo apt-get install imagemagick

Once you have this you can use one of many tools, but I find I use mogrify more often:

mogrify -resize 640 *.png

This will resize and overwrite all png images in the current directory to a scaled with of 640px. If you don't want the images to be overwritten you can use the equivalent command convert.

Filed under: Linux, Microsoft No Comments
1Jan/110

Firewall Stopped Logging

Your Checkpoint firewall may stop logging to the management server for any number of reasons, to restart use the following commands:

Stop fwd:

cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"

Start fwd:

cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd"

If successful you should see an information message in the management tracker similar to stating "sys_message: started logging".

You may also want to verify masters is pointing to a valid DNS/IP of your log server:

cat $FWDIR/conf/masters
Tagged as: , , No Comments
17Oct/100

List Samba Users

Using pdb we can read the SAM database of samba users. Use the following command to list the users:

$ pdbedit -w -L
Filed under: Linux No Comments
19Sep/100

Browser Display Statistics

Screen Resolution

Today, most computers are using a screen resolution of 1024x768 pixels or higher:

Date Higher 1024x768 800x600 640x480 Unknown
January 2010 76% 20% 1% 0% 3%
January 2009 57% 36% 4% 0% 3%
January 2008 38% 48% 8% 0% 6%
January 2007 26% 54% 14% 0% 6%
January 2006 17% 57% 20% 0% 6%
January 2005 12% 53% 30% 0% 5%
January 2004 10% 47% 37% 1% 5%
January 2003 6% 40% 47% 2% 5%
January 2002 6% 34% 52% 3% 5%
January 2001 5% 29% 55% 6% 5%
January 2000 4% 25% 56% 11% 4%

Filed under: Web Apps Continue reading
3May/100

How To Fix Offending key in ~/.ssh/known_hosts file

While trying to ssh into a box you may run in to the following error:
Offending key in ~/.ssh/known_hosts:6

This could mean a handful of things. Amongst some of those is a man-in-the-middle attack or, as in my case, the RSA key has changed, such as a new box taking the place of old IP address. To resolve this use the error message to help you in finding the offending line number, which is shown at the end. In this case it's line 6. To remove this line you can use `sed` with the following parameters:

$ sed -i '6d' ~/.ssh/known_hosts
Filed under: Linux No Comments
13Apr/100

Cisco SLA snmp OID

The following OID value will let you know if your SLA is within the threshold value:

1 = True
2 = False

$ snmpwalk -cpublic -v2c 1.3.6.1.4.1.9.9.42.1.2.9.1.7.<sla_number>

Cisco SNMP Object Navigator

Filed under: General No Comments
2Mar/100

ZIP File Corruption using Apache’s example for mod_deflate

Upon using the example show here I ran into an issue with ZIP files being downloaded showing up as corrupt, specifically from IE.


<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Don't compress images
SetEnvIfNoCase Request_URI (?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

Line 17 specifically says to use compression however there is no exclusion for ZIP files. We don't want to compress the already compressed file so we need to add this line below line 20:


# Don't compress zip files
SetEnvIfNoCase Request_URI (?:zip)$ no-gzip dont-vary

This will then exclude ZIP file from compression.

Filed under: Linux No Comments
30Jun/090

Change Java version on Debian

Type the following commands to change the default:

sudo update-alternatives --config java

You can also add a new java version if you would like by using the following commands:

sudo update-alternatives --install "/usr/bin/java" "java" "<java_binary_file_path>" 1
sudo update-alternatives --set java <java_binary_file_path>
Filed under: Linux No Comments
23Jun/090

Setup Oracle for PHP on IIS

1.) Use the ZIP version of PHP as it has the "ext" folder with all extensions

2.) Download Oracle Instant Client

3.) Unzip the the Oracle Instant Client to "c:\instantclient_11_1"

4.) Append "c:\instantclient_11_1" to the system PATH environment variable

5.) Set and/or uncomment the following in your php.ini file:

extension_dir="c:\<php_folder>\ext"
extension=php_oci8.dll

6.) Restart IIS

net stop iisadmin
net start w3svc
net start smtp
Filed under: php No Comments
24Apr/090

Scan your network for conficker

You can now scan your network for conficker with nmap using version 4.85 BETA 6 or newer.

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns 192.168.1.*
Filed under: General No Comments
20Feb/090

login failed for user null

This mssql error can be a real pain in the you know what. To fix this create the following registry file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo]
"STRATDBS1"="DBNETLIB,SERVERNAME,1433"
"DSQUERY"="DBNETLIB"
Filed under: Microsoft No Comments
20Feb/090

Replace Password in FileZilla sitemanager.xml with VBscript

Because FileZilla, without recompiling, doesn't allow for the use of registry settings I made this script to aid in mass deployment to workstations without affecting other sites that may have been created. This is also very useful to rotate passwords without users having to change them.