Analytic

Wednesday, September 16, 2009

Run windows command line from Ubuntu

Install wmi-client package.

Download the package for Jaunty from here.

Run winexe. For example as follows:

winexe -U DOMAIN/USERNAME //HOST-OR-IP "ipconfig /all".

See the Winexe Website here.

Monday, September 14, 2009

Linux Security Checklist

Disabling Unnecessary Services

ps –ax :will list all currently running processes

ls –l /etc/rc.d/rc3.d/S* :will show all start-up scripts (if you boot into
graphics mode, replace rc3.d with rc5.d)

netstat –a :will list all open ports


Check for Security on Key Files

/etc/fstab: make sure the owner & group are set to root:root and the
permissions are set to 0644 (-rw-r--r--)
• verify that /etc/passwd, /etc/shadow & /etc/group are all owned by 'root'
• verify that permissions on /etc/passwd & /etc/group are rw-r--r-- (644)
• verify that permissions on /etc/shadow are r-------- (400)

Limit root access using SUDO

/etc/sudoers


Only allow root to access CRON


To enhance security of the cron scheduler, you can establish the cron.deny and
cron.allow files to control use of the crontab. The following commands will
establish root as the only user with permission to add cron jobs:

cd /etc/bin/rm -f cron.deny at.deny
echo root >cron.allow
echo root >at.allow
/bin/chown root:root cron.allow at.allow
/bin/chmod 400 cron.allow at.allow


Remote Access and SSH Basic Settings


Telnet is not recommended for remote access. Secure Shell (SSH) provides
encrypted telnet-like access and is considered a secure alternative to telnet.
However, older versions of SSH have vulnerabilities and should not be used.
To disable SSH version 1 and enhance the overall security of SSH, consider
making the following changes to your sshd_config file:

Protocol 2
PermitRootLogin yes
PermitEmptyPasswords no
Banner /etc/issue
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
LoginGraceTime 1m (or less – default is 2 minutes)
SyslogFacility AUTH (provides logging under syslog AUTH)
AllowUser [list of users allowed access]
DenyUser [list of system accounts and others not allowed]
MaxStartups 10 (or less – use 1/3 the total number of remote users)

Note: MaxStartups refers to the max number of simultaneous
unauthenticated connections. This setting can be helpful against a brute-
force script that performs forking.

Apache Security

Verify that your apache subdirectories are all owned by root and have a
mod of 755:

ls -l /etc/apache2



To prevent users from setting up .htaccess files that can override security
features, change the server configuration file to include:

AllowOverride None

To prevent users from accessing the entire filesystem (starting with the root
directory), add the following to your server configuration file:

Order Deny,Allow
Deny from all

To provide access into individual directories, add the following:

Order Deny,Allow
Allow from all

Apache Configuration File

In Apache, the ServerTokens directive allow the system administrator to set different type of Server HTTP response header:

ServerTokens Prod
this is the most restrictive, in our example, apache will respond Server: Apache

ServerTokens Major
responds -> Server: Apache/2

ServerTokens Minor
responds -> Server: Apache/2.0

ServerTokens Min
responds -> Server: Apache/2.0.55

ServerTokens Os
responds -> Server: Apache/2.0.55 (Ubuntu)

ServerTokens Full
responds -> Server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mymod1/X.Y mymod2/W.Z

By default, ServerTokens is set to Full. To change that value, edit /etc/apache2/apache2.conf and look for the line containing ServerTokens.

ServerSignature Off


Securing FTP

If you really have to use FTP (without wrapping it with sslwrap or inside a SSL or SSH tunnel), you should chroot ftp into the ftp users' home directory, so that the user is unable to see anything else than their own directory. Otherwise they could traverse your root file system just like if they had a shell in it. You can add the following line in your proftpd.conf in your global section to enable this chroot feature:

     DefaultRoot ~

Restart ProFTPd by /etc/init.d/proftpd restart and check whether you can escape from your homedir now.

To prevent ProFTPd DoS attacks using ../../.., add the following line in /etc/proftpd.conf: DenyFilter \*.*/

Thursday, September 10, 2009

iscsicli Examples

The original Link is here.

Users\john>sc config msiscsi start= auto

The output was:

[SC] ChangeServiceConfig SUCCESS

Then I entered:

Users\john>net start msiscsi

The output was:

The Microsoft iSCSI Initiator Service service is starting.
The Microsoft iSCSI Initiator Service service was started successfully.

Then, you use the Iscsicli command-line interface to connect to an iSCSI Target and list the available targets. The command I entered was:

Users\john>iscsicli QAddTargetPortal 192.168.1.31

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000
The operation completed successfully.

Next I entered:

Users\john>iscsicli ListTargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

Targets List:
quorum
data
The operation completed successfully.

You can then connect to a target using the following code as an example:

Users\john>iscsicli qlogintarget data

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000
Session Id is 0xfffffa800626e018-0x4000013700000006
Connection Id is 0xfffffa800626e018-0x5
The operation completed successfully.

The following code checked to make sure the operation was successful:

Users\john>iscsicli reporttargetmappings

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

Total of 1 mappings returned
Session Id : fffffa800626e018-4000013700000006
Target Name : data
Initiator : Root\ISCSIPRT\0000_0
Initiator Scsi Device : \\.\Scsi4:
Initiator Bus : 0
Initiator Target Id : 0
Target Lun: 0x0 <--> OS Lun: 0x0

The operation completed successfully.

You log out by using the logouttarget switch with the session ID, as the following sample code shows:

Users\john>iscsicli logouttarget fffffa800626e018-4000013700000006

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

The operation completed successfully.

To confirm the operation was successful, I entered the following code:

Users\john>iscsicli reporttargetmappings

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

No Mappings
The operation completed successfully.

The mappings obtained through the qlogintarget command aren’t persistent and will be lost at reboot. If you want a persistent connection, use the perssitenlogintarget switch, as the following code shows:

Users\john>iscsicli persistentlogintarget 
data
T * * * * * * * * * * * * * * * 0

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

The operation completed successfully.

To confirm that the operation was successful, I entered:

Users\john>iscsicli listpersistenttargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

Total of 1 peristent targets
Target Name : data
Address and Socket : 192.168.1.31 3260
Session Type : Data
Initiator Name : Root\ISCSIPRT\0000_0
Port Number :
++Security Flags : 0x0
++Version : 0
++Information Specified: 0x20
++Login Flags : 0x8
++Username :

The operation completed successfully.

Entering T * * * * * * * * * * * * * * * 0 specifies all the required switches. To remove a persistent target, apply the information obtained from the listpersistentargets command, using the following code as an example:

Users\john>iscsicli removepersistenttarget Root\ISCSIPRT\0000_0 
data
* 192.168.1.31 3260

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

The operation completed successfully.

To confirm the success of the operation, I entered:

Users\john>iscsicli listpersistenttargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000
Total of 0 peristent targets
The operation completed successfully.

You'll notice that I passed the initiator name first, then the target name, the port number (which is *), and last of all the iSCSI target server IP address and socket.

Wednesday, September 9, 2009

Use Ubuntu ISCSI in Windows

Install the packages:

apt-get install libssl-dev
apt-get install iscsitarget

Edit /etc/default/iscsitarget and set:

ISCSITARGET_ENABLE=true

Make a new Partition or new disk, for Example /dev/sda3.

Edit /etc/ietd.conf:

change this line:
Lun 0 Path=/dev/sda3,Type=fileio

Restart the iscsitarget service:

/etc/init.d/iscsitarget restart

Use iscsi:

Windows:

Run iscsi-initiator, add the Ubuntu machine IP in Discovery tab, under Target Portals.

Connect to iscsi by pressing Log On, in Target tab. Close the iscsi-initiator.

Add iscsi Partition in Windows Partitions same as a new partition.


Linux:


run this command:

iscsiadm -m discovery -t st -p IP-FOR-ISCSI-TARGET

The informations of nodes are saving in /etc/iscsi/nodes.

Then run this:

iscsiadm -m node --targetname "UNIQUE-NAME-OF-TARGET" --portal "IP-FOR-ISCSI-TARGET:3260" --login


You can Mount the new device. See fdsik -l

Friday, September 4, 2009

Shutdown Computer Remotely

You can shut down from one Windows another Windows remotely:
in command prompt type:

c:/> shutdown -m \\COMPUTERNAME /s (/r for restart)


From Linux:
net rpc shutdown -I HOSTNAME(OR IP) -U USERNAME%PASSWORD