Install wmi-client package.
Download the package for Jaunty from here.
Run winexe. For example as follows:
winexe -U DOMAIN/USERNAME //HOST-OR-IP "ipconfig /all".
See the Winexe Website here.
Wednesday, September 16, 2009
Monday, September 14, 2009
Linux Security Checklist
Disabling Unnecessary Services
ps –ax :will list all currently running processes
ls –l /etc/rc.d/rc3.d/S* :will show all start-up scripts (if you boot into
graphics mode, replace rc3.d with rc5.d)
netstat –a :will list all open ports
Check for Security on Key Files
• /etc/fstab: make sure the owner & group are set to root:root and the
permissions are set to 0644 (-rw-r--r--)
• verify that /etc/passwd, /etc/shadow & /etc/group are all owned by 'root'
• verify that permissions on /etc/passwd & /etc/group are rw-r--r-- (644)
• verify that permissions on /etc/shadow are r-------- (400)
Limit root access using SUDO
/etc/sudoers
Only allow root to access CRON
To enhance security of the cron scheduler, you can establish the cron.deny and
cron.allow files to control use of the crontab. The following commands will
establish root as the only user with permission to add cron jobs:
cd /etc/bin/rm -f cron.deny at.deny
echo root >cron.allow
echo root >at.allow
/bin/chown root:root cron.allow at.allow
/bin/chmod 400 cron.allow at.allow
Remote Access and SSH Basic Settings
Telnet is not recommended for remote access. Secure Shell (SSH) provides
encrypted telnet-like access and is considered a secure alternative to telnet.
However, older versions of SSH have vulnerabilities and should not be used.
To disable SSH version 1 and enhance the overall security of SSH, consider
making the following changes to your sshd_config file:
Protocol 2
PermitRootLogin yes
PermitEmptyPasswords no
Banner /etc/issue
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
LoginGraceTime 1m (or less – default is 2 minutes)
SyslogFacility AUTH (provides logging under syslog AUTH)
AllowUser [list of users allowed access]
DenyUser [list of system accounts and others not allowed]
MaxStartups 10 (or less – use 1/3 the total number of remote users)
Note: MaxStartups refers to the max number of simultaneous
unauthenticated connections. This setting can be helpful against a brute-
force script that performs forking.
Apache Security
Verify that your apache subdirectories are all owned by root and have a
mod of 755:
ls -l /etc/apache2
To prevent users from setting up .htaccess files that can override security
features, change the server configuration file to include:
AllowOverride None
To prevent users from accessing the entire filesystem (starting with the root
directory), add the following to your server configuration file:
Order Deny,Allow
Deny from all
To provide access into individual directories, add the following:
Order Deny,Allow
Allow from all
this is the most restrictive, in our example, apache will respond Server: Apache
ServerTokens Major
responds -> Server: Apache/2
ServerTokens Minor
responds -> Server: Apache/2.0
ServerTokens Min
responds -> Server: Apache/2.0.55
ServerTokens Os
responds -> Server: Apache/2.0.55 (Ubuntu)
ServerTokens Full
responds -> Server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mymod1/X.Y mymod2/W.Z
ps –ax :will list all currently running processes
ls –l /etc/rc.d/rc3.d/S* :will show all start-up scripts (if you boot into
graphics mode, replace rc3.d with rc5.d)
netstat –a :will list all open ports
Check for Security on Key Files
• /etc/fstab: make sure the owner & group are set to root:root and the
permissions are set to 0644 (-rw-r--r--)
• verify that /etc/passwd, /etc/shadow & /etc/group are all owned by 'root'
• verify that permissions on /etc/passwd & /etc/group are rw-r--r-- (644)
• verify that permissions on /etc/shadow are r-------- (400)
Limit root access using SUDO
/etc/sudoers
Only allow root to access CRON
To enhance security of the cron scheduler, you can establish the cron.deny and
cron.allow files to control use of the crontab. The following commands will
establish root as the only user with permission to add cron jobs:
cd /etc/bin/rm -f cron.deny at.deny
echo root >cron.allow
echo root >at.allow
/bin/chown root:root cron.allow at.allow
/bin/chmod 400 cron.allow at.allow
Remote Access and SSH Basic Settings
Telnet is not recommended for remote access. Secure Shell (SSH) provides
encrypted telnet-like access and is considered a secure alternative to telnet.
However, older versions of SSH have vulnerabilities and should not be used.
To disable SSH version 1 and enhance the overall security of SSH, consider
making the following changes to your sshd_config file:
Protocol 2
PermitRootLogin yes
PermitEmptyPasswords no
Banner /etc/issue
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
LoginGraceTime 1m (or less – default is 2 minutes)
SyslogFacility AUTH (provides logging under syslog AUTH)
AllowUser [list of users allowed access]
DenyUser [list of system accounts and others not allowed]
MaxStartups 10 (or less – use 1/3 the total number of remote users)
Note: MaxStartups refers to the max number of simultaneous
unauthenticated connections. This setting can be helpful against a brute-
force script that performs forking.
Apache Security
Verify that your apache subdirectories are all owned by root and have a
mod of 755:
ls -l /etc/apache2
To prevent users from setting up .htaccess files that can override security
features, change the server configuration file to include:
AllowOverride None
To prevent users from accessing the entire filesystem (starting with the root
directory), add the following to your server configuration file:
Order Deny,Allow
Deny from all
To provide access into individual directories, add the following:
Order Deny,Allow
Allow from all
Apache Configuration File
In Apache, the ServerTokens directive allow the system administrator to set different type of Server HTTP response header:
ServerTokens Prodthis is the most restrictive, in our example, apache will respond Server: Apache
ServerTokens Major
responds -> Server: Apache/2
ServerTokens Minor
responds -> Server: Apache/2.0
ServerTokens Min
responds -> Server: Apache/2.0.55
ServerTokens Os
responds -> Server: Apache/2.0.55 (Ubuntu)
ServerTokens Full
responds -> Server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mymod1/X.Y mymod2/W.Z
By default, ServerTokens is set to Full. To change that value, edit /etc/apache2/apache2.conf and look for the line containing ServerTokens.
ServerSignature Off
Securing FTP
If you really have to use FTP (without wrapping it with sslwrap or inside a SSL or SSH tunnel), you should chroot ftp into the ftp users' home directory, so that the user is unable to see anything else than their own directory. Otherwise they could traverse your root file system just like if they had a shell in it. You can add the following line in your proftpd.conf in your global section to enable this chroot feature:
DefaultRoot ~
Restart ProFTPd by /etc/init.d/proftpd restart and check whether you can escape from your homedir now.
To prevent ProFTPd DoS attacks using ../../.., add the following line in /etc/proftpd.conf: DenyFilter \*.*/
Thursday, September 10, 2009
iscsicli Examples
The original Link is here.
Users\john>sc config msiscsi start= auto
The output was:
[SC] ChangeServiceConfig SUCCESS
Then I entered:
Users\john>net start msiscsi The output was:
The Microsoft iSCSI Initiator Service service is starting.
The Microsoft iSCSI Initiator Service service was started successfully.
Then, you use the Iscsicli command-line interface to connect to an iSCSI Target and list the available targets. The command I entered was:
Users\john>iscsicli QAddTargetPortal 192.168.1.31 The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000
The operation completed successfully.
Next I entered:
Users\john>iscsicli ListTargets The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000Targets List:
quorum
data
The operation completed successfully.
You can then connect to a target using the following code as an example:
Users\john>iscsicli qlogintarget data The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000
Session Id is 0xfffffa800626e018-0x4000013700000006
Connection Id is 0xfffffa800626e018-0x5
The operation completed successfully.
The following code checked to make sure the operation was successful:
Users\john>iscsicli reporttargetmappings The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000Total of 1 mappings returned
Session Id : fffffa800626e018-4000013700000006
Target Name : data
Initiator : Root\ISCSIPRT\0000_0
Initiator Scsi Device : \\.\Scsi4:
Initiator Bus : 0
Initiator Target Id : 0
Target Lun: 0x0 <--> OS Lun: 0x0The operation completed successfully.
You log out by using the logouttarget switch with the session ID, as the following sample code shows:
Users\john>iscsicli logouttarget fffffa800626e018-4000013700000006 The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000The operation completed successfully.
To confirm the operation was successful, I entered the following code:
Users\john>iscsicli reporttargetmappings The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000No Mappings
The operation completed successfully.
The mappings obtained through the qlogintarget command aren’t persistent and will be lost at reboot. If you want a persistent connection, use the perssitenlogintarget switch, as the following code shows:
Users\john>iscsicli persistentlogintarget
data T * * * * * * * * * * * * * * * 0
The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000The operation completed successfully.
To confirm that the operation was successful, I entered:
Users\john>iscsicli listpersistenttargets The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000Total of 1 peristent targets
Target Name : data
Address and Socket : 192.168.1.31 3260
Session Type : Data
Initiator Name : Root\ISCSIPRT\0000_0
Port Number :
++Security Flags : 0x0
++Version : 0
++Information Specified: 0x20
++Login Flags : 0x8
++Username :The operation completed successfully.
Entering T * * * * * * * * * * * * * * * 0 specifies all the required switches. To remove a persistent target, apply the information obtained from the listpersistentargets command, using the following code as an example:
Users\john>iscsicli removepersistenttarget Root\ISCSIPRT\0000_0
data * 192.168.1.31 3260 The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000The operation completed successfully.
To confirm the success of the operation, I entered:
Users\john>iscsicli listpersistenttargets The output was:
Microsoft iSCSI Initiator Version 6.0 Build 6000
Total of 0 peristent targets
The operation completed successfully.
You'll notice that I passed the initiator name first, then the target name, the port number (which is *), and last of all the iSCSI target server IP address and socket.
Wednesday, September 9, 2009
Use Ubuntu ISCSI in Windows
Install the packages:
apt-get install libssl-dev
apt-get install iscsitarget
Edit /etc/default/iscsitarget and set:
ISCSITARGET_ENABLE=true
Make a new Partition or new disk, for Example /dev/sda3.
Edit /etc/ietd.conf:
change this line:
Lun 0 Path=/dev/sda3,Type=fileio
Restart the iscsitarget service:
/etc/init.d/iscsitarget restart
Use iscsi:
Windows:
Run iscsi-initiator, add the Ubuntu machine IP in Discovery tab, under Target Portals.
Connect to iscsi by pressing Log On, in Target tab. Close the iscsi-initiator.
Add iscsi Partition in Windows Partitions same as a new partition.
Linux:
run this command:
iscsiadm -m discovery -t st -p IP-FOR-ISCSI-TARGET
The informations of nodes are saving in /etc/iscsi/nodes.
Then run this:
iscsiadm -m node --targetname "UNIQUE-NAME-OF-TARGET" --portal "IP-FOR-ISCSI-TARGET:3260" --login
You can Mount the new device. See fdsik -l
apt-get install libssl-dev
apt-get install iscsitarget
Edit /etc/default/iscsitarget and set:
ISCSITARGET_ENABLE=true
Make a new Partition or new disk, for Example /dev/sda3.
Edit /etc/ietd.conf:
change this line:
Lun 0 Path=/dev/sda3,Type=fileio
Restart the iscsitarget service:
/etc/init.d/iscsitarget restart
Use iscsi:
Windows:
Run iscsi-initiator, add the Ubuntu machine IP in Discovery tab, under Target Portals.
Connect to iscsi by pressing Log On, in Target tab. Close the iscsi-initiator.
Add iscsi Partition in Windows Partitions same as a new partition.
Linux:
run this command:
iscsiadm -m discovery -t st -p IP-FOR-ISCSI-TARGET
The informations of nodes are saving in /etc/iscsi/nodes.
Then run this:
iscsiadm -m node --targetname "UNIQUE-NAME-OF-TARGET" --portal "IP-FOR-ISCSI-TARGET:3260" --login
You can Mount the new device. See fdsik -l
Friday, September 4, 2009
Shutdown Computer Remotely
You can shut down from one Windows another Windows remotely:
in command prompt type:
c:/> shutdown -m \\COMPUTERNAME /s (/r for restart)
From Linux:
net rpc shutdown -I HOSTNAME(OR IP) -U USERNAME%PASSWORD
in command prompt type:
c:/> shutdown -m \\COMPUTERNAME /s (/r for restart)
From Linux:
net rpc shutdown -I HOSTNAME(OR IP) -U USERNAME%PASSWORD
Subscribe to:
Posts (Atom)