Tony Baltazar

Free Software / Ruby / Security / Arsenal Football Club

Archive for category Security

Encrypting files in Linux with mcrypt

Sep 6

Posted by admin in Linux/Unix, Security | No Comments

By default Linux systems do not ship with the mcrypt utility. At least not CentOS or Ubuntu that is.

In Ubuntu installing mycrypt is just a matter of running the following command:
apt-get install mcrypt

In CentOS 5.5 mycrypt is not included in the distribution’s repositories because when I ran yum install mcrypt it installed the php-mcrypt packages along with the libmcrypt and libmcrypt-devel. But it didn’t actually included the actual mcrypt userland application. This meant I had to install the package from source. Installing mcrypt from source required an additional library called mhash to be installed. After that dependency was installed then it was just a matter of executing the following commands to install mcrypt:

./configure
make
make install

Once installed then, encrypting a file can be done with the following command:
mcrypt filetoencrypt

Mcrypt will prompt you for a secret keyphrase to use to decrypt the file.
Mcrypt creates the encrypted file with a .nc enxtension. To decrypt the file simply run the following command:
mcrypt -d filetoencrypt.nc

If you don’t want to specify your secret passphrase every time you encrypt/decrypt a file, you can create a user mcrypt config file on ~/.mcryptrc with the following contents in it:
key yourultrasecurepassphrasehere

http://sourceforge.net/projects/mcrypt/
Dependency:
http://mhash.sourceforge.net/

Nitko2 web server assessment

May 31

Posted by admin in Security | No Comments

I decided to run a vulnerability scan on my fully patch Cent0S 5.2 rubyninja.net Apache web server using Nitko and learned quite a bit on the vulnerabilities found.

1st vulnerability found:
My webalizer statistics were being displayed without any restriction.
Fix: Enable .htaccess password protection and limited to permit local IP access.

2nd vulnerability found:
PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. (index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000)
Fix: Set expose_php = Off within /etc/php.ini

3rd vulnerability found:
Apache default manual webpages were publicly accessable.
Fix:edit /etc/httpd/conf.d/manual.conf

4th vulnerability found:
HTTP TRACE method is active, suggesting the host is vulnerable to XST.
Fix: Out of all vulnerabilities found this one was the most interesting. Apparently the TRACE http request method can be used by malicious applications to trick a web browser into issuing a TRACE request against an arbitrary site and then send the response to the TRACE to a third party using web browser features. To fix this issue, I just had to add the following entry to httpd.conf: TraceEnable off

This article fully explained the issue. http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/

I still need to read the full Nitko documentation to check out all of its features. But I still think this is a really good tool for any Apache administrator.
http://cirt.net/nikto2

Chalie Miller is my hero

Dec 3

Posted by admin in Apple, Security | No Comments

MS rant

Apr 17

Posted by admin in Security | 1 Comment

It was sure nice hearing Steve Gibson’s rant agaisnt Windows on the latest Security Now Episode 192. The best part, and it totally made my day when he said that tools like Visual Basic .Net are designed so that monkeys could write application for Windows.
http://twit.tv/sn192

OpenSSH

Jan 20

Posted by admin in Linux/Unix, Security | No Comments

Well, instead of spending Saturday night wasting my time at the mall or at that place people call movie theaters, I got a chance to play around with OpenSSH more in depth.

I use ssh to log into my server practically every single day, but I really wasn’t aware all of its actual capabilities. After looking at the /etc/ssh/sshd_config file, I noticed there was an X11 forwarding option which was disabled by default. Given that I don’t have X-Windows installed on my server, I’ve decided to install ssh on my desktop computer so I can try it out.

Steps to enable X11 forwarding

  • Open /etc/ssh/ssh_config and comment out:
    # ForwardAgent yes
    # ForwardX11 yes
    # ForwardX11Trusted yes
  • Open /etc/sshd_config and (X11Forwarding yes) should already be commented out
  • Restart ssh server

    • sudo /etc/init.d/ssh restart

    That’s it!!!

  • Now log on into the remote machine using the -X option

    • ssh -X user@192.168.0.1

    type gnome-session
    Your X session should automatically start.

    I also logged in using OS X and it worked perfectly fine. Everything was kinda off sluggish to use, and I was doing everything completely on wireless so that probably made it even more slower. In conclusion who needs VNC when you could securely forward X11 session between *nix computers using ssh!!

    PSP running OpenBSD 4.0 according to Nmap

    Dec 24

    Posted by admin in Security | 1 Comment

    I was bored and decided to due a random network scan and I noticed that it also scanned my PSP but the details were kind of wierd.

    OpenVPN

    Aug 5

    Posted by admin in Linux/Unix, Security | No Comments

    I got a headache from tying to set up and get up and running OpenVPN. I’ve been trying to setup a local VPN server in my Linux box, but its overwhelming of all the crap I have to do to get this thing working. Creating the keys, editing multiple configuration files, and building my own certificates. Setting a VPN in Windows Server 2003 is a walk in the park compare to this.