miércoles, 28 de enero de 2004

How to Determine if Enhanced Security Is Installed and Running

If you are not sure if the optional, enhanced-security features are
installed on your system, you can check as follows:

$ ls -l /usr/.smdb./OSFC2SEC4??.lk
-rw-r--r-- 1 root system 0 Nov 8 11:02 \
/usr/.smdb./OSFC2SEC400.lk



The presence of the lock file (OSFC2SEC400.lk) indicates that the enhanced
security subset is installed (but not necessarily running) on your system. If
the subset is not installed, you will receive a "not found" message.

To determine if the installed enhanced security is running on your system,
enter the following command:

$ /usr/sbin/rcmgr get SECURITY BASE
ENHANCED


If the string "ENHANCED" is returned, enhanced security is running. If the
string "BASE" is returned, enhanced security is not running

Desde:
http://www.cs.arizona.edu/computer.help/policy/DIGITAL_unix/AA-Q0R2D-TET1_html/sec.c23.html

martes, 27 de enero de 2004

Guia rapida de Cryptoloop + LVM

+---------------------------------------------------------------+
| Guia rapida de Cryptoloop + LVM aramosf @ unsec . net |
| 19/Ene/2004 v1.0 bladi-sec @ novasec . es |
| http://www.unsec.net |
+---------------------------------------------------------------+

Lo Necesario:
+-------------+

El proposito de esta mini guia es crear un volumen logico con LVM2
(Logical Volume Manager) y este a su vez cifrado con el algoritmo AES-128.
Usando dos discos; uno de ellos de sistema, y el otro completamente. Conside-
ramos que ya se tiene el concepto claro de que es un LVM y Cryptoloop.

Toda la documentacion y pruebas se han realizado en un Linux Fedora 1,
con kernel 2.6.1 y lvm version 2.

Partimos de la base de que utilizamos un sistema con un kernel con soporte
loop_aes; 2.6 o 2.4 parcheado, y tiene instalado los paquetes necesarios lvm2
(y su soporte en el kernel). Tambien es necesario la ultima version de mount
y util-linux: 2.12

Las opciones necesarias para LVM en el kernel son:

Device Drivers --->
Multi-device support (RAID and LVM) --->
[*] Multiple devices driver support (RAID and LVM)
...
Device mapper support

Opciones necesarias para CryptoLoop AES:

Cryptographic options --->
AES cipher algorithms


En este ejemplo suponemos que hda2 es el directorio raiz, y hdb un disco
duro adicional (ambos tienen un tamaño de 40Gbs):

hda hdb
.··---··. .··---··.
·..___..· ·..___..·
hda1 | swap | ] 256Mb | | -+
|-------| -+ | | |
| | | | hdb | | 40Gbs
hda2 | / | | 39Gb | | |
| | | | | |
·..___..· -+ ·..___..· -+


Configuracion
+-------------+

A continuacion, se presentan todos los comandos que son necesarios y su
significado:

Creamos un archivo de 35gbs para el lvm, el resto se dejara para el sistema
operativo:

# dd if=/dev/zero of=datos1 bs=1M count=35000

Con este comando se crea un fichero lleno de ceros, de un tamaño de 35000Mb
y de nombre "datos1". Para mayor seguridad se recomienda hacerlo con
/dev/urandom en vez de /dev/zero.

Asignamos a /dev/loop1 nuestro fichero:

# losetup /dev/loop1 datos1

Creamos el PV:

# lvm pvcreate /dev/loop1
No physical volume label read from /dev/loop1
Physical volume "/dev/loop1" successfully created

Ahora vamos con el segundo disco: eliminamos la tabla de particiones de
hdb:

# dd if=/dev/zero of=/dev/hdb bs=1k count=1
# blockdev --rereadpt /dev/hdb

Un metodo alternativo a este, y mas paranoico seria utilizar:

# shred -n 1 -v /dev/hdb

Creamos el PV para el disco duro hdb:

# lvm pvcreate /dev/hdb
No physical volume label read from /dev/hdb
Physical volume "/dev/hdb" successfully created

Creamos un volumen llamado "PN":

# lvm vgcreate PN /dev/loop1 /dev/hdb
Volume group "PN" successfully created

Comprobamos que vamos bien, y averiguamos el tamaño de nuestro futuro
volumen:

# lvm pvdisplay
--- Physical volume ---
PV Name /dev/loop1
VG Name PN
PV Size 34.17 GB / not usable 0
Allocatable yes
PE Size (KByte) 4096
Total PE 8748
Free PE 8748
Allocated PE 0
PV UUID SHMmrX-tZy5-2bKV-J2JQ-a6NU-5YOx-xJF1hr

--- Physical volume ---
PV Name /dev/hdb
VG Name PN
PV Size 55.89 GB / not usable 0
Allocatable yes
PE Size (KByte) 4096
Total PE 14308
Free PE 14308
Allocated PE 0
PV UUID dDBCGR-swNs-6oS3-Be2t-TGnf-nFxs-hRJkr6


Creamos el volumen logico de 89G (sumas de los PV SIZE 34.17+55.89)

# lvm lvcreate -n DURO PN -L89G
Logical volume "DURO" created

Configuramos con AES a 128 el loop2 con nuestro nuevo volumen:

# losetup -e aes-128 /dev/loop2 /dev/PN/DURO
Password:

NOTA: pueden usarse otros algoritmos o un tamaño mas grande (256), pero el
rendimiento se vera afectado en torno al 20%. Nos pedira una contraseña que
tendremos que introducir cada vez que montemos el volumen:

Para añadir mayor seguridad, podemos utilizar la opcion -S xxxxxxxxxx,
donde "xxxxxxxxxx", es un seed al azar tecleado por nosotros mismos, esto
ayudara a preveer ataques de diccionario.

Formateamos el volumen:

# mke2fs -j /dev/loop2
mke2fs 1.34 (25-Jul-2003)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
....


Finalizacion
+------------+

YA ESTA TERMINADO !!

Para montar:

# mount -t ext3 -oencryption=aes-128 /dev/PN/DURO /mnt
Password:

Si meteis mal la password, mostrara este error:

# mount -t ext3 -oencryption=aes-128 /dev/PN/DURO /mnt
Password:
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
or too many mounted file systems
(could this be the IDE device where you in fact use
ide-scsi so that sr0 or sda or so is needed?)


Comprobaciones
+--------------+

# df -h

/dev/mapper/PN-DURO 88G 33M 84G 1% /mnt

Cada vez que se desmonte, recuerda que hay que hacer "attach" antes de
montar:

# losetup -e aes-128 /dev/loop2 /dev/PN/DURO
# mount -t ext3 -oencryption=aes-128 /dev/PN/DURO /mnt

Y si quieres que cuando se reinicie la maquina este todo correcto:

# lvm vgchange -an
# lvm lvchange /dev/PN/DURO -ay

Si quereis comprobar la velocidad del volumen creado, lo mejor es utilizar
bonnie++,
http://www.coker.com.au/bonnie++/.


Documentacion y referencia
+--------------------------+

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Cryptoloop-HOWTO.html
http://tldp.org/HOWTO/LVM-HOWTO/
http://lists.sistina.com/pipermail/linux-lvm/2002-October/012541.html
http://vware.hypermart.net/howto_filesystem_encryption.htm

CREDITOS: idea,soporte,guru: bladi / dardhal

miércoles, 21 de enero de 2004

MTA Basic operation


Please inform any corrections.

exim-2.053



+----------------------------------------------------------------------+
| Daemon start | exim -bd -q1h |
|-------------------------+--------------------------------------------|
| Daemon termination | kill -TERM `cat /var/run/exim.pid` |
|-------------------------+--------------------------------------------|
| Daemon is for | receive, queue management |
|-------------------------+--------------------------------------------|
| Concurrency control | remote_max_parallel = in |
| | /usr/local/etc/exim/configure |
|-------------------------+--------------------------------------------|
| Message submission | exim -f SDR RCPT |
|-------------------------+--------------------------------------------|
| Logging | /var/log/exim_mainlog |
|-------------------------+--------------------------------------------|
| Outgoing queue | /var/spool/exim/input/* |
|-------------------------+--------------------------------------------|
| Listing of queued | exim -bp |
| messages | |
|-------------------------+--------------------------------------------|
| Force queue processing | exim -q |
|-------------------------+--------------------------------------------|
| Location of aliases | /etc/aliases |
|-------------------------+--------------------------------------------|
| Reconstruction of alias | not required |
| db | |
+----------------------------------------------------------------------+

postfix beta-19990122-pl01




+----------------------------------------------------------------------+
| Daemon start | /usr/local/postfix/bin/postfix start |
|-------------------------+--------------------------------------------|
| Daemon termination | /usr/local/postfix/bin/postfix stop |
|-------------------------+--------------------------------------------|
| Daemon is for | receive, send, queue management |
|-------------------------+--------------------------------------------|
| Concurrency control | 'smtp' line in /etc/postfix/master.cf |
|-------------------------+--------------------------------------------|
| Message submission | /usr/local/postfix/bin/sendmail -f SDR |
| | RCPT |
|-------------------------+--------------------------------------------|
| Logging | /var/log/maillog (syslog) |
|-------------------------+--------------------------------------------|
| Outgoing queue | /var/spool/postfix/deferred/* |
|-------------------------+--------------------------------------------|
| Listing of queued | /usr/local/postfix/bin/sendmail -bp |
| messages | |
|-------------------------+--------------------------------------------|
| Force queue processing | /usr/local/postfix/bin/sendmail -q |
|-------------------------+--------------------------------------------|
| Location of aliases | /etc/aliases (see /etc/postfix/main.cf) |
|-------------------------+--------------------------------------------|
| Reconstruction of alias | /usr/local/postfix/bin/postalias |
| db | |
+----------------------------------------------------------------------+

Configurations can be seen with /usr/local/postfix/bin/postconf

qmail-1.03



+----------------------------------------------------------------------+
| Daemon start | /var/qmail/boot/home |
|---------------------+------------------------------------------------|
| Daemon termination | kill -TERM 'PID of qmail-send' |
|---------------------+------------------------------------------------|
| Daemon is for | receive, send, queue management (qmail-smtpd |
| | required for receiving) |
|---------------------+------------------------------------------------|
| Concurrency control | just numerics in |
| | /var/qmail/control/concurrencyremote |
|---------------------+------------------------------------------------|
| Message submission | /var/qmail/bin/qmail-inject -fSND RCPT |
|---------------------+------------------------------------------------|
| Logging | /var/log/maillog (via syslog) |
|---------------------+------------------------------------------------|
| Outgoing queue | /var/qmail/queue/remote/* |
|---------------------+------------------------------------------------|
| Listing of queued | /var/qmail/bin/sendmail -bp ; |
| messages | /var/qmail/bin/qmail-qstat |
|---------------------+------------------------------------------------|
| Force queue | kill -ALRM 'PID of qmail-send' |
| processing | |
|---------------------+------------------------------------------------|
| Location of aliases | var/qmail/alias/.qmail-* |
|---------------------+------------------------------------------------|
| Reconstruction of | not required (without fastforward) |
| alias db | |
+----------------------------------------------------------------------+

sendmail-8.9.3


+----------------------------------------------------------------------+
| Daemon start | /usr/sbin/sendmail -bd -q1h |
|----------------------------+-----------------------------------------|
| Daemon termination | kill -TERM `head -1 |
| | /var/run/sendmail.pid` |
|----------------------------+-----------------------------------------|
| Daemon is for | receive, queue management (not for |
| | send) |
|----------------------------+-----------------------------------------|
| Concurrency control | ----------------------------------- |
|----------------------------+-----------------------------------------|
| Message submission | /usr/sbin/sendmail -fSDR RCPT |
|----------------------------+-----------------------------------------|
| Logging | /var/log/maillog (syslog) |
|----------------------------+-----------------------------------------|
| Outgoing queue | /var/spool/mqueue/ |
|----------------------------+-----------------------------------------|
| Listing of queued messages | /usr/sbin/sendmail -bp ; mailq |
|----------------------------+-----------------------------------------|
| Force queue processing | /usr/sbin/sendmail -q |
|----------------------------+-----------------------------------------|
| Location of aliases | /etc/aliases (see /etc/sendmail.cf) |
|----------------------------+-----------------------------------------|
| Reconstruction of alias db | /usr/sbin/sendmail -bi ; newaliases |
+----------------------------------------------------------------------+

zmailer-2.99.50s11



+----------------------------------------------------------------------+
| Daemon start | zmailer |
|---------------------+------------------------------------------------|
| Daemon termination | zmailer stop |
|---------------------+------------------------------------------------|
| Daemon is for | receive, send, queue management |
|---------------------+------------------------------------------------|
| Concurrency control | maxchannel of smtp/* in |
| | /usr/local/zmailer/scheduler.conf |
|---------------------+------------------------------------------------|
| Message submission | /usr/local/zmailer/bin/sendmail -f SDR RCPT |
|---------------------+------------------------------------------------|
| Logging | /var/log/mail/smtp |
|---------------------+------------------------------------------------|
| Outgoing queue | /var/spool/postoffice/queue/* |
|---------------------+------------------------------------------------|
| Listing of queued | /usr/local/zmailer/bin/mailq |
| messages | |
| Message submission | /usr/sbin/sendmail -fSDR RCPT |
|----------------------------+-----------------------------------------|
| Logging | /var/log/maillog (syslog) |
|----------------------------+-----------------------------------------|
| Outgoing queue | /var/spool/mqueue/ |
|----------------------------+-----------------------------------------|
| Listing of queued messages | /usr/sbin/sendmail -bp ; mailq |
|----------------------------+-----------------------------------------|
| Force queue processing | /usr/sbin/sendmail -q |
|----------------------------+-----------------------------------------|
| Location of aliases | /etc/aliases (see /etc/sendmail.cf) |
|----------------------------+-----------------------------------------|
| Reconstruction of alias db | /usr/sbin/sendmail -bi ; newaliases |
+----------------------------------------------------------------------+

zmailer-2.99.50s11



+----------------------------------------------------------------------+
| Daemon start | zmailer |
|---------------------+------------------------------------------------|
| Daemon termination | zmailer stop |
|---------------------+------------------------------------------------|
| Daemon is for | receive, send, queue management |
|---------------------+------------------------------------------------|
| Concurrency control | maxchannel of smtp/* in |
| | /usr/local/zmailer/scheduler.conf |
|---------------------+------------------------------------------------|
| Message submission | /usr/local/zmailer/bin/sendmail -f SDR RCPT |
|---------------------+------------------------------------------------|
| Logging | /var/log/mail/smtp |
|---------------------+------------------------------------------------|
| Outgoing queue | /var/spool/postoffice/queue/* |
|---------------------+------------------------------------------------|
| Listing of queued | /usr/local/zmailer/bin/mailq |
| messages | |
|---------------------+------------------------------------------------|
| Force queue | zmailer resubmit |
| processing | |
|---------------------+------------------------------------------------|
| Location of aliases | /usr/local/zmailer/db/aliases (:include: must |
| | be quoted with "") |
|---------------------+------------------------------------------------|
| Reconstruction of | /usr/local/zmailer/bin/newaliases |
| alias db | |
+----------------------------------------------------------------------+

----------------------------------------------------------------------

Copyright by Kyoto Motonori (motonori@wide.ad.jp)

martes, 20 de enero de 2004

SHAPER (en portuges)

Ola,

tenho visto muita gente na lista pesquisando por
Controle de Trafego baseado em endereco IP!

Dah para se conseguir isto com o Traffic Shaper do Linux.
Basta criar varios shapers e adiocar uma rota estatica
de um IP para o shaper.

Vejam um pequeno exemplo:

1) crie varios shapers, faca quantos voce precisar,
cada shaper ira realiza um controle!

$ cd /lib/modules/versao_kernel/net
$ cp shaper.o shaper0.o
$ cp shaper.o shaper1.o
$ cp shaper.o shaper2.o
...

2) Atualize as dependencias parar os novos modulos:

$ depmod -a

3) Carregue os modulos necessarios:

$ insmod shaper0
$ insmod shaper1
...

Obs.: para cada modulo carregado, o kernel disponibiliza
uma interface shaperX, que sera a interface de rota para
o IP onde se quer limitar o trafeo.

4) Atache e configure a velocidade para cada shaper deveice:

$ shapecfg attach shaper0 eth1
$ shapecfg attach shaper1 eth1
$ shapecfg attach shaper2 eth1
...
$ shapecfg speed shaper0 64000
$ shapecfg speed shaper1 256000
$ shapecfg speed shaper2 64000
...

Obs: a partir das versoes 2.2.x do kernel (se nao me engano), ao
configurar uma interface, o kernel automaticamente adiciona uma rota
parao endereco de rede pela interface. Por isso deve-se remover
esta rota logo apos configurar a interface
(queremos fazer shape somente para um IP, certo?).

6) Adicione rotas para os shapers:

$ roude add -host 192.168.1.2 dev shaper0
$ route add -host 192.168.1.3 dev shaper1
$ route add -host 192.168.1.4 dev shaper1
$ route add -host 192.168.1.5 dev shaper1
$ route add -host 192.168.1.6 dev shaper2

a saida do comando route deve ser algo como:

Destino Roteador Mascara Opcoes Metrica Ref Uso Iface
200.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.2 0.0.0.0 255.255.255.255 UG 0 0 0 shaper0
192.168.1.3 0.0.0.0 255.255.255.255 UG 0 0 0 shaper1
192.168.1.4 0.0.0.0 255.255.255.255 UG 0 0 0 shaper1
192.168.1.5 0.0.0.0 255.255.255.255 UG 0 0 0 shaper1
192.168.1.6 0.0.0.0 255.255.255.255 UG 0 0 0 shaper2
0.0.0.0 200.1.1.1 0.0.0.0 UH 1 0 0 eth0

7) Pronto!

##############

Eso esta como un poco mal.. no hace falta copiar el modulo como 7 veces para tener 7 shapers xD
DDD

modprobe shaper shapers=7

xD

--
Pablo Ruiz Garcia (Pci)


sábado, 3 de enero de 2004

Compilar el thc-hydra con soporte SAP (sin CD de SAP)

Que utlizaremos para bruteforce de sap R/3

Hace falta tener las librerias RFCSDK de SAP:

Explican algo en el modulo de perl de SAP-RFC:



http://www.cpan.org/modules/by-module/Apache/SAP-Rfc-1.31.readme


Thanks to Achim Grolms who supplied the following information :-

- where to get the required SAP files for the RFCSDK:


Archive program needed to exratct the archives


Dynamic libraries and headers

-This is how to extract
(Like ./SAPCAR -xvf librfc_mt_so_dbg.CAR)

-and where to put them
(libs to $RFCSDKHOME/lib and headers to $RFCSDKHOME/include)

where RFCSDK should be /usr/sap/rfcsdk as a standard

----


Aunque yo he tenido que bajar RFC_OPT_46C.SAR del mismo ftp y
descomprimirlo tambien con SAPCAR. Cambiar el tema del $RFCSDKHOME por /usr
por que si no el configure del hydra no se entera.


En el mismo SAR vienen utilidades de interes, como sapinfo