Auditing your System with lsat

Since its been a while i wrote something in here decided to post some new article.

In this Issue i will tell you how to Audit your System simply with lsat. You don’t need to be
the Super Security uber geek hacker to use this one. But it gives you a good basic overview over
the current security state of your System(s). In the examples i refer only to debian based operating
systems (dpkg) but lsat works as well on redhat (rpm). We will make an initial run of lsat so we get
an overview of the actual state of the System. And we will get an idear of wich modules have to be run
again in further checks.

Kickoff

So the first Step you might want to do on your Debian machine is to install lsat
“sudo apt-get install lsat” . Thats it lsat will be downloaded and installed to your
system and it also dont need any further configuration its ready to run out of the box.

First run

After the installation process is done you might want to make the initial run to get an idear wich modules
have to be run for your system and wich ones dont make sense (for example running rpm checks on deb plattform dont
makes sense). This is what it looks like when you run lsat the first time:

lsat
[sudo] password for dirk: 
Starting LSAT...
Getting system information...
Running modules...
 Running checkpkgs module...
 Running checkinetd module...
 Running checkinittab module...
 Running checklogging module...
 Running checkset module...
 Running checkwrite module...
 Running checkdotfiles module...
 Running checkpasswd module...
 Running checkfiles module...
 Running checkumask module...
 Running checkftpusers module...
 Running checkrc module...
 Running checkkbd module...
 Running checklimits module...
 Running checkssh module...
 Running checkopenfiles module...
 Running checkissue module...
 Running checkwww module...
 Running checkmd5 module...
 Running checkmodules module...
 Running checksecuretty module...
 Running checkrcperms module...
find: "/etc/rc.d/init.d/": Datei oder Verzeichnis nicht gefunden
 Running checknet module...
 Running checknetforward module...
 Running checknetpromisc module...
 Running checkbpass module...
 Running checkipv4 module...
 Running checkx module...
 Running checkftp module...
 Running checklistening module...
 Running checkdisk module...
Finished.
Check lsat.out for details.
Don't forget to check your umask or file perms
when modifying files on the system.

Setup

As you see lsat throws an error that claims it cant find the init.d path. And also there are running a
few modules wich we don’t want to be run each time. So when we look at the man pages it tells us that
the “-x ” Option with “filename” argument, is usefull to exclude modules from beeing run. So
we gonna create that file unter /etc . Like allready mentioned the file has to contain the names of modules
wich are excluded from beeing run. The module names must be seperated by whitespaces, kommatas or one modulename
for each line. This is what mine exclude file looks like:

cat /etc/lsat.exclude
rc perms securetty rpm inetd logging modules forward ftpusers inittab set limits issue write promisc forward 

Straight forward isn’t it? And like you allready saw i named the file simply “lsat.exclude” so next time when you run lsat
just call it with the “-x” flag linke this:

lsat -x /etc/lsat.excldue

This produces a more clean output in the lsat.out file. You could also run lsat once a Week over some crontab or such but that
is a task you should manage on your own. So thats it for this time you might also want to take a look at the project page, but
be aware that the project is a littlebit outdated. Last update on the Homepage is from 2008, so this post is also more like outdated.
And its more a “just for the fun of it” post. So i hope you enjoy it some how, anyways untill next time i am outtie!!!

Note:

Be aware of the md5sum module of lsat, there are some issues about that. If you want to have something like a HBIDS
i would suggest you something like tripwire or integrid. You might also want to visit the Authors homepage: http://usat.sourceforge.net/

Getaggt mit , , , , , ,

My way to Lpic Level 101

My way to lpic-1 Exam was… Short XD sorry for that troll,

u know weekends n stuff… :P

Dirk.L:

This day belongs to Dennis Richtie. So to give him honor i post/repost all i see today about this awesome guy.

Ursprünglich veröffentlicht auf It's all about life:

Dennis Ritchie

Dennis Ritchie

 

Most people who have vastly contributed to the world have been ignored. Previously i wrote a post about R. Karunananda who was ignored by his own countrymen, until recenttimes. Here’s another story about a legend who contributed with his programming skills to shape the world, Dennis MacAlistair Ritchie. Dennis MacAlistair Ritchie born in 1941, and was an American computer scientist who helped shape the digital era.

He died 7 days after Steve Jobs and received less attention from media and geeks around the world. Both of these men died in the same month of the same year. Steve was largely considered a hero, while Dennis was largely ignored by the world. Only a handful of developers who knows the real value of Dennis Ritchie’s work even know of his death. Without Steve jobs there is no iPhone, iPad or Machintosh. Without Dennis there is no C, without C…

Original ansehen noch 140 Wörter

In Memory of Dennis Ritchie

Dirk.L:

R.I.P Dennis Richtie we’ll miss you forever…

Ursprünglich veröffentlicht auf Phil Edwards:

The accomplishments of Steve Jobs vs. those of Dennis Ritchie

I was saddened to learn tonight to learn tonight of the death of Dennis Ritchie – especially since he died last October and I’m just now hearing of it.  It seems unjust that someone who contributed so much was never given the recognition he deserved.  As a Linux user (Linux is based on UNIX) and Computer Science major I owe so much to this man, I hope someday I get to express my gratitude to him for all he has done.

Original ansehen

Setting up moin2.0 Development environment

Now this is gonna be my first article in english so please don’t be mad about
that bad spelling ;). So today im going to tell you how to setup moin2.0
Wikiengine for development. Because i had to figure it out myself i thought
its going to be easier for other people if they don’t have to reinvent the
weel once again. Okay now lets start to set things up. First you have to clone
the moin2.0 devel repository it’s hosted on bitbucket so you might have to install
mercurial first. On Debian based machines it works most of the time simply just to
apt-get the mercurial pagacket:

 sudo apt-get install mercurial

When this is done you can go ahead and clone the devel repo (you might first want to
change to the directory where you want to clone the repo e.g /home/user/Development):

hg clone ssh://hg@bitbucket.org/thomaswaldmann/moin-2.0

Generating the html doc’s

In my case i had to build the doc’s first because i needed orientation for the Moin2.0
structure and how it works internaly. So i needed to install the sphinx package first
(MoinMoin2.0 uses sphinx documentation builder for doc generation):

sudo apt-get install python-sphinx 

in my case it worked out for me so i could go ahead and generate the html doc’s.
The documentation files in the Moin2.0 repo are usually in the “docs” directory
so you have to go into that directory and type:

make html

This builds the html doc file’s. You could also buld latex documentation and
some other’s, you can give yourself an overview just by typing:

 make help 

Output:

  dirhtml    to make HTML files named index.html in directories
  singlehtml to make a single large HTML file
  pickle     to make pickle files
  json       to make JSON files
  htmlhelp   to make HTML files and a HTML help project
  qthelp     to make HTML files and a qthelp project
  devhelp    to make HTML files and a Devhelp project
  epub       to make an epub
  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter
  latexpdf   to make LaTeX files and run them through pdflatex
  text       to make text files
  man        to make manual pages
  texinfo    to make Texinfo files
  info       to make Texinfo files and run them through makeinfo
  gettext    to make PO message catalogs
  changes    to make an overview of all changed/added/deprecated items
  linkcheck  to check all external links for integrity
  doctest    to run all doctests embedded in the documentation (if enabled)

It can take a while to build the docs so be patient. Sphinx might also complains
about missing python libary’s but don’t bother about that, they might not be
nessesary for your development works with Moin. And also the moin2.0 repo comes
with all Core documentation files for generating at least the most important parts
of the documentation.

Setting up Moin2.0 for development

Just run the quickinstall.sh Script in the root of the repository, it takes
a while to get and install all the packages. Thats also because the Script
installes a virtuel environment, so that you can allways just clone the repo
set it up and start writing code. Also all the depencys are setup in the right
way. When the Script is done you can change into the virtual environment simply
by dropping this one:

source env/bin/activate

Your prompt should now look something like this:

(env)cosmo@lazerbeam ~/Development/python/moin-2.0 $

Now you are in the virtual environment and now some commands should be dropped:

moin index-create -s -i 

for creating the initial index, otherwise the wiki won’t come up. And for some
initial content:

 moin load --file contrib/serialized/items.moin 

And finally building the index you just created:

 moin index-build 

Creating a development Setup

So now i wantet to do an development setup for moin, so i wanted to enable
debugging of course. So i created two new files in the basepath of the repo,
the first file is called “wikiconfig_local.py” and the second is called
“wikiconfig_editme.py”. The content of wikiconfig_local goes as follows:


from wikiconfig_editme import *

this simply loads the wikiconfig_editme file. The contents of the wikiconfig_editme.py
looks something like this:

from wikiconfig import *
#import wikiconfig.py

class LocalConfig(Config):
    configuration_item_1 = 'value1'

MOINCFG = LocalConfig
DEBUG = True

(Taken from the original wikiconfig.py file). So now we have our development setup
ready we can try to start the local moin development server (usually runs on 127.0.0.1:8080)
Wich is quite easy just run the “moin” command and the server should come up. Alternatively
you also can pass the moin command the help key word so some help should come up:


$ moin help
  account_create              This command allows you to create a user account
  account_disable             This command allows you to disable user accounts.
  account_password            This command allows you to set a user password.
  import19                    Import data from a moin 1.9 wiki.
  index-build                 Build the indexes.
  index-create                Create empty indexes.
  index-destroy               Destroy the indexes.
  index-dump                  Dump the indexes in readable form to stdout.
  index-move                  Move the indexes from the temporary to the normal location.
  index-optimize              Optimize the indexes.
  index-update                Update the indexes.
  item-get                    Get an item revision from the wiki.
  item-put                    Put an item revision into the wiki.
  ... 
 

When you want to start development actively a good starting point in the docs is:

docs/_build/html/devel/development.html

Wich holds all the neccesary information for upcoming devlopers.

Weblinks

MoinMoin Homepage
Moin2.0 Dev repository: http://hg.moinmo.in/moin/2.0
Online docs’: http://readthedocs.org/docs/moin-20/en/latest/
Issue tracker: http://bitbucket.org/thomaswaldmann/moin-2.0/issues
And for code reviews use http://codereview.appspot.com/

Getaggt mit , , , , ,

Dirk.L:

leider nicht geil aber leider wahr imho

Ursprünglich veröffentlicht auf Valeat:

Klassenkampf von oben

    Es gibt eine elitäre Parallelgesellschaft, in der ein eisiger Jargon der Verachtung herrscht und kaum Interesse an gesellschaftlichen Integrationsproblemen. Es gibt also keine Auseinandersetzung mit dem, was in unserer Gesellschaft geschieht. Es geht den Reichen bei ihrer Abschottung um die Sicherung ihres Status. Insofern gibt es sozusagen einen Klassenkampf von oben.

Wilhelm Heitmeyer in einem Interview mit der ZEIT, 22. Dezember 2011

Mehr dazu in ZEIT online vom 12. Dezember 2011

Original ansehen

Dirk.L:

simple but brilliant thanks jcran :)

Ursprünglich veröffentlicht auf 0x0e.org | pentesting perspective:

A common question that comes up with post-exploitation is the need to run multiple things when a meterpreter session is initiated.

You can easily run a single command using the ‘AutoRunScript’ option. For example:

msf (psexec) > set AutoRunScript killav

However, if you need multiple things to run, there’re a couple multi-runner scripts that you should know about: multiscript, multicommand, and multi_console_command. They can take either a -c or a -rc option, which will provide the list of items to run. These scripts were provided by dark0perator.

Sidenote: If you’re using the multi* scripts, it’s better to use the -rc option. The parsing for the multi-command scripts doesn’t handle spaces well.

msf (psexec) > set AutoRunScript multi_console_command -c ‘command, command, command’ ## Don’t do this

It’s much better to use an external rc file where commands.rc is just a list of commands one-per-line like:

help
run…

Original ansehen noch 68 Wörter

Dirk.L:

In meinen Augen mal wieder weiter pro Argumente für Freie und Offene Software

Ursprünglich veröffentlicht auf Valeat:

Wer kann verhindern, dass ein Deutscher auf einer Dienstreise im Libanon einen USB-Stick mit einem Virus bekommt – und dann die Bilder von der Reise am Samstag beim Grillabend zeigt?
Unwahrscheinlich? Gewiss. Aber es genügt ja schon, wenn dieses Szenario ein einziges mal passiert. Und schon kann sich das Schadprogramm exponentiell um den Globus ausbreiten und jeden treffen, auch das Land, von dem der Angriff ausging. Jeden, das heißt: private Computernutzer, Firmen, Regierungen und ganze Länder. Denn angegriffen werden homogene Infrastrukturen, Betriebssysteme und Software, die wir täglich benutzen. Es ist der Angriff auf den Alltag.

Eugene Kaspersky (Jahrgang 1965), weltweit größter Anbieter von Sicherheitssoftware, in einem Gastbeitrag für die Süddeutsche Zeitung vom 12.09.2012, Seite 2

Original ansehen

Metasploit payload encoding

Okay gehört jetzt nicht zu meiner Metasploit Serie direkt, aber ich finde
das Video ganz gut. Da es ein Gefühl vermittelt wie man in Metasploit Payload’s
(bsp. reverse_tcp shell) codiert und sich so möglicherweise an Vierenscannern
vorbei schmuggeln kann. Das Video ist nicht von mir ich bin nur im Netz drüber
gestolpert. Ich übernehme keine Verantwortung für das funktionieren
der gezeigten Techniken.

Getaggt mit , , , ,

Ursprünglich veröffentlicht auf Valeat:

“Armut macht krank”: Banner der Caritas an einem Fußballplatz. Koblenz, 2012. Foto: Valeat

Original ansehen

tolaran

This WordPress.com site is the bee's knees

Valeat

Und tu nicht mehr in Worten kramen. Goethe, Faust 1

Leadership Freak

Empowering Leaders 300 Words at a Time

Elias Bachaalany's Blog

Programming, reversing engineering and what not...

Breaking Code

When a meth lab's not an option, get into infosec instead.

cyberladythink

Gedanken und andere Experimente

Reverse Engineering the World

Reverse Engineering stuff

Deep Thoughts by Raymond Hettinger

Ruminations on Computers, Programming and Life

Betabeat

The Lowdown on High Tech

All About Ruby

Ruby newbie view on the web development using Ruby on Rails

WebstersProdigy

Colored Hat Stuff. New post about once a month

0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

REP RET

Reversing, Exploiting and Nt adventure.

Dan Kaminsky's Blog

(Or: The Blog Formerly Known As DoxPara Research)

Follow

Erhalte jeden neuen Beitrag in deinen Posteingang.

Schließe dich 149 Followern an