Scan for SUID and SGID programs

Udgivet den juli 9, 2004 af mike 
Unfortunately, a poorly written SUID or SGID binary can be used to quickly and easily escalate a user's privileges. Also, an attacker who has already gained root access may hide SUID binaries throughout your system in order to leave a backdoor for future access. This leads us to the need for scanning systems for SUID and SGID binaries. This is a simple process and can be done with the following command:

# find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -la {} \;

One important thing to consider is whether an SUID program is in fact a shell script rather than an executable, since it's trivial for someone to change an otherwise innocuous script into a backdoor. Most operating systems will ignore any SUID or SGID bits on a shell script, but if you want to find all SUID or SGID scripts on a system, change the argument to the -exec option in the last command and add a pipe so that the command reads:

# find / \( -perm -4000 -o -perm -2000 \) \

  -type f -exec file {} \; | grep -v ELF

Now every time an SUID or SGID file is encountered, the file command will run and determine what type of file is being examined. If it's an executable, grep will filter it out; otherwise, it will be printed to the screen with some information about what kind of file it is. Most operating systems use ELF-format executables, but if you're running an operating system that doesn't (older versions of Linux used a.out, and AIX uses XCOFF), you'll need to replace the ELF in the previous grep command with the binary format used by your operating system and architecture. If you're unsure of what to look for, run the file command on any binary executable, and it will report the string you're looking for.
Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Secure mount points

Udgivet den juli 9, 2004 af mike 
A mount option is a flag that controls how the filesystem may be accessed. It is passed to the operating system kernel's code when the filesystem is brought online. Mount options can be used to prevent files from being interpreted as device nodes, to disallow  binaries from being executed, and to disallow the SUID bit from taking affect (by using the nodev, noexec, and nosuid flags). Filesystems can also be mounted read-only with the ro option.

These options are specified from the command line by running mount with the -o flag. For example, if you have a separate partition for /tmp that is on the third partition of your first IDE hard disk, you can mount with the nodev, noexec, and nosuid flags, which are enabled by running the following command:

# mount -o nodev,noexec,nosuid /dev/hda3 /tmp

An equivalent entry in your /etc/fstab would look something like this:

/dev/hda3    /tmp    ext3    defaults,nodev,noexec,nosuid    1 2
Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Using Vim Editor

Udgivet den juli 9, 2004 af Brian Lund Klint 
Coding in Vim: Vim is a great coder interface, remember cmd's can be added to ~/.vimrc
:syntax on       : enable syntax highlighting on many types og source
:set autoindent  : Autoindent 
:set cindent     : Automatic indent for c source
:set smartindent : Things should be smarter, dunno how/why or when

auto indenting code : 
Visual block code, go to top type a, press page dow to select all code and press "="


Multi Windowing: Very powerfull feature of this briliant editor.

CTRL-W s , splitter vinduet
:split /etc/passwd , editere /etc/passwd i nyt vindue
CTRL-W n , eller :new , nyt vindue
CTRL-W c , eller :cl[ose] , skjul og luk vindue
CTRL-W o , eller :on[ly] , kun vis aktuel vindue
CTRL-W j , flyt til vindue nedenunder
CTRL-W k , flyt til vindue ovenover
CTRL-W CTRL-W , eller CTRL-W w , skift vindue
CTRL-W r , byt om med nedre vindue
CTRL-W R , byt om med oevre vindue
CTRL-W = , alle vinduer lige hoeje
CTRL-W + , goer aktuel vindue stoerer
CTRL-W - , goer akutel vindue mindre

Code folding (thanks to BT)

first hilite the code you're going to fold. use 'zf' and a movement descriptor
eg: to make a folding block of 10 lines, type 'zf 9 down'

now the fold is created and is folded, to unfold go to the folded line, and type 'zo' to open it

the fold stays in memory, to refold it, type 'zc'
Udgivet i Knowledge Base, Vim | Skriv en kommentar

sparc console cable and other cables

Udgivet den juli 8, 2004 af black 
ethernet kabler:
http://www.ertyu.org/~steven_nikkel/ethernetcables.html

diverse console kabler
http://www.pitt.edu/~bdgregg/Cable_Wireing.html

sparc console kabel:
fra PC til sparc
fra lille 9 pins hun til stort 25 pins han
fra	til
1	8
2	2
3	3
4	20
5	7
6	6
7	4
8	5
9	22

Std modem kabel:
fra pc til modem
fra lille 9 pins hun til stort 25 pins han
fra	til
1	8
2	3
3	2
4	20
5	7
6	6
7	4
8	5
9	22
Udgivet i Knowledge Base, Old Base, Sparc | Skriv en kommentar

how to make hotplug on slackware not plug in pci

Udgivet den juli 6, 2004 af black 
just remove the file /etc/hotplug/pci.rc
  mv /etc/hotplug/pci.rc /etc/hotplug/pci.rc.old
(the script only looks for *.rc)

should also work with pcmcia =D
Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

bt keder sig meget

Udgivet den juli 6, 2004 af black 
eject /mnt/cdrom/ && sleep 5 && mount /mnt/cdrom/ && installpkg /mnt/cdrom/slackware/n/tcpdump-3.8.3-i486-2.tgz && eject /mnt/cdrom
Udgivet i Humor, Knowledge Base, Old Base, Shellscript | Skriv en kommentar

Set up IPSEC in openbsd

Udgivet den juli 4, 2004 af mike

Use IPsec the OpenBSD way.

Setting up IPsec in OpenBSD is fairly easy since it’s compiled into the kernel that ships with each release and is enabled by default. All that is left to do is to create the appropriate /etc/isakmpd/isakmpd.conf and /etc/isakmpd/isakmpd.policy files and start isakmpd (the IPsec key-management daemon). This may sound daunting, but OpenBSD’s outstanding documentation and example configuration files make it easier.

First of all, you’ll need to put something similar to this in your /etc/isakmpd/isakmpd.policy:

KeyNote-Version: 2

Authorizer: “POLICY”

Licensees: “passphrase:mypassword”

Conditions: app_domain == “IPsec policy” &&

esp_present == “yes” &&

esp_enc_alg == “aes” &&

esp_auth_alg == “hmac-sha” -> “true”;

This sets a password to use for the IPsec connection.

Now you’ll need to edit your /etc/isakmpd/isakmpd.conf to contain the following:

[General]

Listen-on= 192.168.1.1

Shared-SADB= Defined

[Phase 1]

Default= ISAKMP-peer-remote

#Default= ISAKMP-peer-remote-aggressive

[Phase 2]

Passive-Connections=IPsec-local-remote

[ISAKMP-peer-remote]

Phase= 1

Transport= udp

Local-address= 192.168.1.1

Configuration= Default-main-mode

Authentication= mypassword

[ISAKMP-peer-remote-aggressive]

Phase= 1

Transport= udp

Local-address= 192.168.1.1

Configuration= Default-aggressive-mode

Authentication= mypassword

[IPsec-local-remote]

Phase= 2

ISAKMP-peer= ISAKMP-peer-remote

Configuration= Default-quick-mode

Local-ID= Net-local

Remote-ID= Net-remote

[Net-remote]

ID-type= IPV4_ADDR

Address= 0.0.0.0

[Net-local]

ID-type= IPV4_ADDR

Address= 0.0.0.0

[Default-main-mode]

DOI= IPSEC

EXCHANGE_TYPE= ID_PROT

Transforms= 3DES-SHA

[Default-aggressive-mode]

DOI= IPSEC

EXCHANGE_TYPE= AGGRESSIVE

Transforms= 3DES-SHA-RSA

[Default-quick-mode]

DOI= IPSEC

EXCHANGE_TYPE= QUICK_MODE

Suites= QM-ESP-AES-SHA-PFS-SUITE

This configuration will allow anyone to connect with the password mypassword.

After you’ve edited the configuration files, you can start isakmpd by running this command:

# /sbin/isakmpd

To have isakmpd start up with each system boot, you should edit your /etc/rc.conf.local (or create one if it doesn’t exist) and put the following line in it:

isakmpd_flags=””

That should do it. As usual, check your system logs if your tunnel has trouble connecting.

Udgivet i Knowledge Base, Networking, Old Base, OpenBSD | Skriv en kommentar

Mod rewrite for begyndere

Udgivet den juni 30, 2004 af Brian Lund Klint 
content negotiation:

Apache sender selv filer der ender på et lands landekode efter hvad browseren helst vil have:

index.php.da til dansk
index.php.en til engelsk

brugeren skal så bare åbne index.php
Udgivet i Knowledge Base | Skriv en kommentar

Tip til gentoo install

Udgivet den juni 30, 2004 af ino 
Hvis du skal forsætte en Gentoo installision midt i det hele
efter at din box har været slukket....

boot op på gentoo cd'en

# mount /dev/$ROOT /mnt/gentoo

mount så alle de ander filsystemer

# chroot /mnt/gentoo /bin/bash
# mount -t proc none /mnt/gentoo/proc
# source /etc/profile
# env-update

Forsæt

-------------------------------------------------------------

Der står i manualen hvordan du bruger mirrorselect
Men den måde der bliver vist søger efter de bæste mirrors
det pleger ikke at gå så godt. Så slår den om på nogene
standart mirrors og det har resulteret at nogene pakker
ikke kunne downloades (typisk zip 5.5.0 eller noget)

For at selv at vælge mirrors kan man bruge:

# mirrorselect -i -o >> /mnt/gentoo/etc/make.config

og for valg af Rsync

# mirrorselect -i -r -o >> /mnt/gentoo/etc/make.config

-------------------------------------------------------------

Hvis man vil ha en X mens man installer kan man boote op fra
en Knoppix cd.... Så skal du bare huske at du skal chroot inden
du laver mirrorselect. Det kræver at du installer mirrorselect på
det nye system: emerge mirrorselect.

------------------------------------------------------------

Med DistCC kan du compile fra flere computer
http://www.gentoo.org/doc/da/handbook/handbook-x86.xml?part=2&chap=3#doc_chap1
Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Krypteret loop back fil system i Linux

Udgivet den juni 29, 2004 af ino 
Kernel skal patches men jeg har ikke kunne finde den path...
util-linux skal også patches.

--------GENTOO------------
I Gentoo kan man bare bruge Gentoo-sources og util-linux

root# emerge gentoo-sources
root# USE="crypt" emerge util-linux

I /etc/make.conf kan man tilføje crypt til USE
---------------------------

Klar til det sjove

root# dd if=/dev/urandom of=/krypteret.fil bs=1024 count=100k
root# losetup -e AES256 -E 18 /dev/loop0 /krypteret.fil
root# mkfs.ext2 /dev/loop0
root# losetup -d /dev/loop0

/etc/fstab
/krypteret /home/bruger/krypteret.fil ext2 
defaults,noauto,loop,encryption=AES256,user 0 0

root# mount -o loop /krypteret

I http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html står der at man skal losetup -e AES256 /dev/loop0 ~bruger/.krypteret med det hjalp at sætte -p 18 ind
Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar