Auditing your System with lsat

Since its been a while i wrote something in here decided to post some new article.

In this Issue i will tell you how to Audit your System simply with lsat. You don’t need to be
the Super Security uber geek hacker to use this one. But it gives you a good basic overview over
the current security state of your System(s). In the examples i refer only to debian based operating
systems (dpkg) but lsat works as well on redhat (rpm). We will make an initial run of lsat so we get
an overview of the actual state of the System. And we will get an idear of wich modules have to be run
again in further checks.

Kickoff

So the first Step you might want to do on your Debian machine is to install lsat
“sudo apt-get install lsat” . Thats it lsat will be downloaded and installed to your
system and it also dont need any further configuration its ready to run out of the box.

First run

After the installation process is done you might want to make the initial run to get an idear wich modules
have to be run for your system and wich ones dont make sense (for example running rpm checks on deb plattform dont
makes sense). This is what it looks like when you run lsat the first time:

lsat
[sudo] password for dirk: 
Starting LSAT...
Getting system information...
Running modules...
 Running checkpkgs module...
 Running checkinetd module...
 Running checkinittab module...
 Running checklogging module...
 Running checkset module...
 Running checkwrite module...
 Running checkdotfiles module...
 Running checkpasswd module...
 Running checkfiles module...
 Running checkumask module...
 Running checkftpusers module...
 Running checkrc module...
 Running checkkbd module...
 Running checklimits module...
 Running checkssh module...
 Running checkopenfiles module...
 Running checkissue module...
 Running checkwww module...
 Running checkmd5 module...
 Running checkmodules module...
 Running checksecuretty module...
 Running checkrcperms module...
find: "/etc/rc.d/init.d/": Datei oder Verzeichnis nicht gefunden
 Running checknet module...
 Running checknetforward module...
 Running checknetpromisc module...
 Running checkbpass module...
 Running checkipv4 module...
 Running checkx module...
 Running checkftp module...
 Running checklistening module...
 Running checkdisk module...
Finished.
Check lsat.out for details.
Don't forget to check your umask or file perms
when modifying files on the system.

Setup

As you see lsat throws an error that claims it cant find the init.d path. And also there are running a
few modules wich we don’t want to be run each time. So when we look at the man pages it tells us that
the “-x ” Option with “filename” argument, is usefull to exclude modules from beeing run. So
we gonna create that file unter /etc . Like allready mentioned the file has to contain the names of modules
wich are excluded from beeing run. The module names must be seperated by whitespaces, kommatas or one modulename
for each line. This is what mine exclude file looks like:

cat /etc/lsat.exclude
rc perms securetty rpm inetd logging modules forward ftpusers inittab set limits issue write promisc forward 

Straight forward isn’t it? And like you allready saw i named the file simply “lsat.exclude” so next time when you run lsat
just call it with the “-x” flag linke this:

lsat -x /etc/lsat.excldue

This produces a more clean output in the lsat.out file. You could also run lsat once a Week over some crontab or such but that
is a task you should manage on your own. So thats it for this time you might also want to take a look at the project page, but
be aware that the project is a littlebit outdated. Last update on the Homepage is from 2008, so this post is also more like outdated.
And its more a “just for the fun of it” post. So i hope you enjoy it some how, anyways untill next time i am outtie!!!

Note:

Be aware of the md5sum module of lsat, there are some issues about that. If you want to have something like a HBIDS
i would suggest you something like tripwire or integrid. You might also want to visit the Authors homepage: http://usat.sourceforge.net/

My way to Lpic Level 101

My way to lpic-1 Exam was… Short XD sorry for that troll,

u know weekends n stuff…

Remembering Dennis Ritchie - Father of C

Reblogged from It's all about life:

Most people who have vastly contributed to the world have been ignored. Previously i wrote a post about R. Karunananda who was ignored by his own countrymen, until recenttimes. Here's another story about a legend who contributed with his programming skills to shape the world, Dennis MacAlistair Ritchie. Dennis MacAlistair Ritchie born in 1941, and was an American computer scientist who helped shape the digital era.

Weiterlesen… 223 more words

This day belongs to Dennis Richtie. So to give him honor i post/repost all i see today about this awesome guy.

In Memory of Dennis Ritchie

Reblogged from Phil Edwards:

I was saddened to learn tonight to learn tonight of the death of Dennis Ritchie - especially since he died last October and I'm just now hearing of it. It seems unjust that someone who contributed so much was never given the recognition he deserved. As a Linux user (Linux is based on UNIX) and Computer Science major I owe so much to this man, I hope someday I get to express my gratitude to him for all he has done.

Weiterlesen… 2 more words

R.I.P Dennis Richtie we'll miss you forever...

Setting up moin2.0 Development environment

Now this is gonna be my first article in english so please don’t be mad about
that bad spelling . So today im going to tell you how to setup moin2.0
Wikiengine for development. Because i had to figure it out myself i thought
its going to be easier for other people if they don’t have to reinvent the
weel once again. Okay now lets start to set things up. First you have to clone
the moin2.0 devel repository it’s hosted on bitbucket so you might have to install
mercurial first. On Debian based machines it works most of the time simply just to
apt-get the mercurial pagacket:

 sudo apt-get install mercurial

When this is done you can go ahead and clone the devel repo (you might first want to
change to the directory where you want to clone the repo e.g /home/user/Development):

hg clone ssh://hg@bitbucket.org/thomaswaldmann/moin-2.0

Generating the html doc’s

In my case i had to build the doc’s first because i needed orientation for the Moin2.0
structure and how it works internaly. So i needed to install the sphinx package first
(MoinMoin2.0 uses sphinx documentation builder for doc generation):

sudo apt-get install python-sphinx 

in my case it worked out for me so i could go ahead and generate the html doc’s.
The documentation files in the Moin2.0 repo are usually in the “docs” directory
so you have to go into that directory and type:

make html

This builds the html doc file’s. You could also buld latex documentation and
some other’s, you can give yourself an overview just by typing:

 make help 

Output:

  dirhtml    to make HTML files named index.html in directories
  singlehtml to make a single large HTML file
  pickle     to make pickle files
  json       to make JSON files
  htmlhelp   to make HTML files and a HTML help project
  qthelp     to make HTML files and a qthelp project
  devhelp    to make HTML files and a Devhelp project
  epub       to make an epub
  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter
  latexpdf   to make LaTeX files and run them through pdflatex
  text       to make text files
  man        to make manual pages
  texinfo    to make Texinfo files
  info       to make Texinfo files and run them through makeinfo
  gettext    to make PO message catalogs
  changes    to make an overview of all changed/added/deprecated items
  linkcheck  to check all external links for integrity
  doctest    to run all doctests embedded in the documentation (if enabled)

It can take a while to build the docs so be patient. Sphinx might also complains
about missing python libary’s but don’t bother about that, they might not be
nessesary for your development works with Moin. And also the moin2.0 repo comes
with all Core documentation files for generating at least the most important parts
of the documentation.

Setting up Moin2.0 for development

Just run the quickinstall.sh Script in the root of the repository, it takes
a while to get and install all the packages. Thats also because the Script
installes a virtuel environment, so that you can allways just clone the repo
set it up and start writing code. Also all the depencys are setup in the right
way. When the Script is done you can change into the virtual environment simply
by dropping this one:

source env/bin/activate

Your prompt should now look something like this:

(env)cosmo@lazerbeam ~/Development/python/moin-2.0 $

Now you are in the virtual environment and now some commands should be dropped:

moin index-create -s -i 

for creating the initial index, otherwise the wiki won’t come up. And for some
initial content:

 moin load --file contrib/serialized/items.moin 

And finally building the index you just created:

 moin index-build 

Creating a development Setup

So now i wantet to do an development setup for moin, so i wanted to enable
debugging of course. So i created two new files in the basepath of the repo,
the first file is called “wikiconfig_local.py” and the second is called
“wikiconfig_editme.py”. The content of wikiconfig_local goes as follows:

from wikiconfig_editme import *

this simply loads the wikiconfig_editme file. The contents of the wikiconfig_editme.py
looks something like this:

from wikiconfig import *
#import wikiconfig.py

class LocalConfig(Config):
    configuration_item_1 = 'value1'

MOINCFG = LocalConfig
DEBUG = True

(Taken from the original wikiconfig.py file). So now we have our development setup
ready we can try to start the local moin development server (usually runs on 127.0.0.1:8080)
Wich is quite easy just run the “moin” command and the server should come up. Alternatively
you also can pass the moin command the help key word so some help should come up:

$ moin help
  account_create              This command allows you to create a user account
  account_disable             This command allows you to disable user accounts.
  account_password            This command allows you to set a user password.
  import19                    Import data from a moin 1.9 wiki.
  index-build                 Build the indexes.
  index-create                Create empty indexes.
  index-destroy               Destroy the indexes.
  index-dump                  Dump the indexes in readable form to stdout.
  index-move                  Move the indexes from the temporary to the normal location.
  index-optimize              Optimize the indexes.
  index-update                Update the indexes.
  item-get                    Get an item revision from the wiki.
  item-put                    Put an item revision into the wiki.
  ... 
 

When you want to start development actively a good starting point in the docs is:

docs/_build/html/devel/development.html

Wich holds all the neccesary information for upcoming devlopers.

Weblinks

MoinMoin Homepage
Moin2.0 Dev repository: http://hg.moinmo.in/moin/2.0
Online docs’: http://readthedocs.org/docs/moin-20/en/latest/
Issue tracker: http://bitbucket.org/thomaswaldmann/moin-2.0/issues
And for code reviews use http://codereview.appspot.com/

Das Zitat: Wilhelm Heitmeyer, Soziologe

Reblogged from Valeat:

Klassenkampf von oben

Es gibt eine elitäre Parallelgesellschaft, in der ein eisiger Jargon der Verachtung herrscht und kaum Interesse an gesellschaftlichen Integrationsproblemen. Es gibt also keine Auseinandersetzung mit dem, was in unserer Gesellschaft geschieht. Es geht den Reichen bei ihrer Abschottung um die Sicherung ihres Status. Insofern gibt es sozusagen einen Klassenkampf von oben.

Wilhelm Heitmeyer in einem Interview mit der ZEIT, 22.

Weiterlesen… 8 more words

leider nicht geil aber leider wahr imho

Scripting Post-Exploitation

Reblogged from 0x0e.org | pentesting perspective:

A common question that comes up with post-exploitation is the need to run multiple things when a meterpreter session is initiated.

You can easily run a single command using the 'AutoRunScript' option. For example:

msf (psexec) > set AutoRunScript killav

However, if you need multiple things to run, there're a couple multi-runner scripts that you should know about: multiscript, …

Weiterlesen… 170 more words

simple but brilliant thanks jcran :)

Cyberkrieg: Angriff auf den Alltag

Reblogged from Valeat:

Wer kann verhindern, dass ein Deutscher auf einer Dienstreise im Libanon einen USB-Stick mit einem Virus bekommt - und dann die Bilder von der Reise am Samstag beim Grillabend zeigt?
Unwahrscheinlich? Gewiss. Aber es genügt ja schon, wenn dieses Szenario ein einziges mal passiert. Und schon kann sich das Schadprogramm exponentiell um den Globus ausbreiten und jeden treffen, auch das Land, von dem der Angriff ausging.

Weiterlesen… 51 more words

In meinen Augen mal wieder weiter pro Argumente für Freie und Offene Software

Metasploit payload encoding

Okay gehört jetzt nicht zu meiner Metasploit Serie direkt, aber ich finde
das Video ganz gut. Da es ein Gefühl vermittelt wie man in Metasploit Payload’s
(bsp. reverse_tcp shell) codiert und sich so möglicherweise an Vierenscannern
vorbei schmuggeln kann. Das Video ist nicht von mir ich bin nur im Netz drüber
gestolpert. Ich übernehme keine Verantwortung für das funktionieren
der gezeigten Techniken.

"Armut macht krank"

Reblogged from Valeat:

Weiterlesen… 13 more words