image

Patching the OpenSuse VPN client: Out-of-the-box OpenSuse requires a patch to setup IPSec tunnels with Cisco devices using the Cisco Linux client.

…Read More…

F5 CLI Context Change

expert@ - Wednesday, 11 March 2015 04:53
tmsh -m -c 'cd /f1 ; delete net arp /f1/test'

Example:

tmsh -m -c 'cd /uuid_844a8ccf756947cf860510b2d2f26448 ; delete net arp /uuid_844a8ccf756947cf860510b2d2f26448/192.168.101.4%7'

OpenVAS v7, WPScan, Metasploit, ZAP on Ubuntu 14.04

expert@ - Thursday, 26 February 2015 09:28

Install OpenVAS7, WPScan, Metasploit, ZAP

Fix Linux VM NIC assigment after migrating to new hypervisor

expert@ - Tuesday, 20 January 2015 06:25

/etc/udev/rules.d/70-persistent-net.rule accordingly to reflect the changes. After completing you also need to change /etc/sysconfig/network-scripts/ifcfg-eth0 to change MAC and name of the eth0.

vi /etc/udev/rules.d/70-persistent-net.rule

F5 HA score view

expert@ - Tuesday, 20 January 2015 05:37
To view the HA score and other details
At the system prompt on unit 1, type:
tmsh
/sys
show ha-group  details
Repeat the commands on unit 2.
To compare the HA scores of both units
You can compare the score of the HA score on the current unit with the HA score of the peer unit. At the system prompt on either unit, type:
tmsh
/sys
show ha-status all-properties

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_high_avail.html#1026652

Self-Signed SSL CA Certs & Keys

expert@ - Tuesday, 23 December 2014 05:41

Create the CA cert to sign your new cert.

The server certificate is used to terminate SSL on your endpoint (LB, server, HAproxy).

The client cert can be issued to authenticated clients for 2-way authentication.

CA Certificate

echo "0001" > <serial_number_file>.sr1

openssl req -new -x509 -days 3650 -keyout <ca_cert_key>.key -out <ca_cert_file_name>.crt

Server Certificate

openssl req -new -newkey rsa:2048 -nodes -out <cert_request>.req -keyout <cert_key>.key

openssl x509 -CA <ca_cert_file_name>.crt -CAkey <ca_cert_key>.key -CAserial <serial_number_file>.sr1 -req -in <cert_request>.req -out <domain_name>.crt -days 3650

Client Certificate

openssl req -new -newkey rsa:2048 -nodes -out <client_cert_file_name>.req -keyout <client_cert_file_name>.key 

openssl x509 -CA <ca_cert_file_name>.crt -CAkey <ca_cert_key>.key -CAserial <serial_number_file>.sr1 -req -in <client_cert_file_name>.req -out <client_cert_file_name>.crt -days 3650

openssl pkcs12 -export -out <client_cert_file_name>.p12 -inkey <client_cert_file_name>.key -in <client_cert_file_name>.crt -certfile <ca_cert_file_name>.crt

 

More OpenVAS and Greenbone

expert@ - Friday, 5 December 2014 05:41

Step 1: Configure OBS Repository

sudo apt-get -y install python-software-properties
sudo add-apt-repository “deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v5/xUbuntu_12.04/ ./”
sudo apt-key adv –keyserver hkp://keys.gnupg.net –recv-keys BED1E87979EAFD54
sudo apt-get update

Step 2: Quick-Install OpenVAS

sudo apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 xsltproc

Step 3: Quick-Start OpenVAS
(copy and paste whole block, during first time you will be asked to set a password for user “admin”)

test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd –migrate
sudo openvasmd –rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin

Step 4: Log into OpenVAS as “admin”

Open https://localhost:9392/ or start “gsd” on a command line as a regular user (not as root!).

Bulk file name changes

expert@ - Tuesday, 28 October 2014 03:05
strings
for f in *; do mv "$f" "${f/foo/bar}"; done

extensions
for i in *.ext; do mv -- "$i" "${i%.ext}.otherext"; done

prepend
echo '*** find ./zone -type f -name "*.pem" | xargs cp -t ./ ' . "\n";
echo '*** find ./zone -type f -name "*.crt" | xargs cp -t ./ ' . "\n";
echo '*** for f in *.pem; do mv "$f" "${f%.pem}.key"; done ' . "\n";
echo '*** for f in *.crt; do mv "$f" "2014-$f"; done ' . "\n";
echo '*** for f in *.key; do mv "$f" "2014-$f"; done ' . "\n";
echo '*** mv verisign_intermediate_bundle.crt /config/ssl/ssl.crt' . "\n";
echo '*** mv 2014-*' . $zone . '*.crt /config/ssl/ssl.crt' . "\n";
echo '*** mv 2014-*' . $zone . '*.key /config/ssl/ssl.key' . "\n";
echo '*** Done with cert/key manipulation' . "\n\n";

Excel Double Qoute Macro

expert@ - Sunday, 19 October 2014 10:39
Sub DoubleQuoteExport()

Dim SrcRg As Range
Dim CurrRow As Range
Dim CurrCell As Range
Dim CurrTextStr As String
Dim ListSep As String
Dim FName As Variant
FName = Application.GetSaveAsFilename("", "CSV File (*.csv), *.csv")

ListSep = Application.International(xlListSeparator)
  If Selection.Cells.Count > 1 Then
    Set SrcRg = Selection
  Else
    Set SrcRg = ActiveSheet.UsedRange
  End If
Open FName For Output As #1
For Each CurrRow In SrcRg.Rows
  CurrTextStr = ìî
For Each CurrCell In CurrRow.Cells
  CurrTextStr = CurrTextStr & """" & CurrCell.Value & """" & ListSep
Next
While Right(CurrTextStr, 1) = ListSep
  CurrTextStr = Left(CurrTextStr, Len(CurrTextStr) - 1)
Wend
Print #1, CurrTextStr
Next
Close #1
End Sub

Bounce ESXi mgmt services via the CLI

expert@ - Thursday, 9 October 2014 02:13

From the Local Console or SSH:

Log in to SSH or Local console as root.
Run these commands:

/etc/init.d/hostd restart
/etc/init.d/vpxa restart

Note: In ESXi 4.x, run this command to restart the vpxa agent:

service vmware-vpxa restart

Alternatively:

To reset the management network on a specific VMkernel interface, by default vmk0, run the command:

esxcli network ip interface set -e false -i vmk0; esxcli network ip interface set -e true -i vmk0

Note: Using a semicolon (;) between the two commands ensures the VMkernel interface is disabled and then re-enabled in succession. If the management interface is not running on vmk0, change the above command according to the VMkernel interface used.

To restart all management agents on the host, run the command:

services.sh restart

Changing the management IP on a Sourcefire DC1500

expert@ - Thursday, 28 August 2014 09:43
Changing the management IP on a Sourcefire DC1500
/usr/local/sf/bin/configure-network

Even though the DC1500 runs on a Linux kernel, it is quite proprietary and simply modifying the IP address with ifconfig or manually editing the /etc/network files will cause unintended consequences.

Sourcefire vs Palo Alto UTM Appliances

Unified threat from Sourcefire and Palo Alto Solutions

palo-alto

Version 4.10 from Sourcefire was a stable, robust, competent piece of software. The detection engines performed their duties as expected and IPS/IDS functionality worked as expected.

(more…)

Fixing the Android Root Certificate Trust

Android glitch

droid-eye

Some Android clients, even as recent as Froyo, will not connect to an SSL site without an error. The Droid will complain about trusting the root certificate. The Droid will not have a problem with the certificate or any of the details, and the connection will encrypt.

(more…)

Vendor Sites

Juniper Networks
Cisco
Sourcefire
F5 Networks
Arista Networks
NetApp

Punk Innovation

Legacy Archives