Help capture SSH Honeypot details and valid username and passwords used

Standard

Using this post, http://edgis-security.org/honeypot/kippo-01-getting-started/ , I have setup a SSH Honeypot with Kippo.
If you want, you can forward traffic from your own servers to mine and see the results of the SSH capture @ http://info.sethleedy.name/kippo/

Use this in your IPTables to forward your own port 22 traffic to mine @ IP 74.219.241.248 4.49.115.54.

Change ethernet device to match yours.

Remember to save your iptables for after reboot. iptables-save
Also, you better set this: sysctl net.ipv4.ip_forward=1 OR echo “1” > /proc/sys/net/ipv4/ip_forward

You can achive the same forwarding results by using
redir ( http://linux.die.net/man/1/redir )
or
socat ( http://linux.die.net/man/1/socat )
without making use of ip_forward, NAT and masquerading.

1,025 total views, no views today

Bash Socket Programming

Standard

From: http://hacktux.com/bash/socket


You can connect to a socket using Bash by using exec and redirecting to and from the pseudo-path /dev/tcp/<hostname>/<port> or /dev/udp/<hostname>/<port>. For instance, to connect to your localhost SSH port using TCP:

Then, use cat and echo to read or write to the socket. Here is an example read:

Notice that there is no such file as /dev/tcp or /dev/udp. Bash interprets the pseudo-path.

As another example, maybe you want to download a webpage:

Finally, let’s say you wanted to connect to an IRC server. Here is an example:

Sources

tldp.org: Advanced Bash-Scripting Guide – Chapter 29
thesmithfam.org: Bash socket programming with /dev/tcp


666 total views, no views today

How To Upgrade From Fedora 15 To Fedora 16 or 17 (Desktop & Server)

Standard

From: http://www.howtoforge.com/how-to-upgrade-from-fedora-15-to-fedora-16-desktop-and-server


How To Upgrade From Fedora 15 To Fedora 16 or 17 (Desktop & Server)

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 11/08/2011

This article describes how you can upgrade your Fedora 15 system to Fedora 16. The upgrade procedure works for both desktop and server installations.

I do not issue any guarantee that this will work for you!

1 Preliminary Note
The commands in this article must be executed with root privileges. Open a terminal (on a Fedora 15 desktop, go to Applications > System Tools > Terminal) and log in as root, or if you log in with a regular user, type

su

to become root.

Please make sure that the system that you want to upgrade has more than 600 MB of RAM – otherwise the system might hang when it tries to reboot with the following message (leaving you with an unusable system):

Trying to unpack rootfs image as initramfs…

2 Upgrading To Fedora 16 (Desktop)
First we must upgrade the rpm package:

yum update rpm

Then we install the latest updates:

yum -y update

Next we clean the yum cache:

yum clean all

If you notice that a new kernel got installed during yum -y update, you should reboot the system now:

reboot

(After the reboot, log in as root again, either directly or with the help of

su

)

Now we come to the upgrade process. We can do this with preupgrade (preupgrade will also take care of your RPMFusion packages).

Install preupgrade…

yum install preupgrade

… and call it like this:

preupgrade

The preupgrade wizard will then start on your desktop. Select Fedora 16 (Verne). Afterwards the system is being prepared for the upgrade.

At the end, click on the Reboot Now button.

During the reboot, the upgrade is being performed. This can take quite a long time, so please be patient.

Afterwards, you can log into your new Fedora 16 desktop.

3 Upgrading To Fedora 16 (Server)
First we must upgrade the rpm package:

yum update rpm

Then we install the latest updates:

yum -y update

Next we clean the yum cache:

yum clean all

If you notice that a new kernel got installed during yum -y update, you should reboot the system now:

reboot

(After the reboot, log in as root again, either directly or with the help of

su

)

Now we come to the upgrade process. We can do this with preupgrade.

Install preupgrade…

yum install preupgrade

… and call it like this:

preupgrade-cli

It will show you a list of releases that you can upgrade to. If all goes well, it should show something like Fedora 16 (Verne) in the list:

[root@server1 ~]# preupgrade-cli
Loaded plugins: blacklist, langpacks, whiteout
No plugin match for: rpm-warm-cache
No plugin match for: remove-with-leaves
No plugin match for: auto-update-debuginfo
Loaded plugins: langpacks, presto, refresh-packagekit
please give a release to try to pre-upgrade to
valid entries include:
“Fedora 16 (Verne)”
[root@server1 ~]#

To upgrade, append the release string to the preupgrade-cli command:

preupgrade-cli “Fedora 16 (Verne)”

Preupgrade will also take care of your RPMFusion packages, so all you have to do after preupgrade has finished is to reboot:

reboot

During the reboot, the upgrade is being performed. This can take quite a long time, so please be patient. Afterwards, you can log into your new Fedora 16 server.

450 total views, no views today

Setting up the HekaFS on Fedora

Standard

 

[important]
Install:

Use the following command to install all server nodes:
yum -y install glusterfs glusterfs-server glusterfs-fuse hekafs

On the client, user the following command to install:
yum -y install glusterfs glusterfs-fuse hekafs

Start the glusterd and hekafsd daemons on each server node with the following commands:
service glusterd start
service hekafsd start

[/important]

 

[important]

Before setup:

You should get another storage drive other than the OS. Allows you to maintain speed if heavily accessed and in case a drive does wear out, you can just pop another in.
If that cannot be done, create a loop mount file using dd command(dd if=/dev/zero of=hekafs_loop1.iso bs=1024M count=32  Creates a nice 32GB empty file) and add loop mount entry in fstab(/mnt/hekafs_loop_file/hekafs_loop1.iso /mnt/heka_brick1 xfs,iso9660 loop 0 0). Then the HekaFS should be able to use it. However, it needs formatting with a filesystem for use(mkfs.xfs /mnt/hekafs_loop_file/hekafs_loop1.iso). I recommend XFS. Then mount it.

/etc/ssh/sshd_config file needs to allow root ssh access for the Hekafs to work.
Adjust “PermitRootLogin” to “yes”.
Also we need KEYs to work: “PubkeyAuthentication yes”
At least one of the storage bricks(call it the Main access machine) needs password-less access to  ALL other storage bricks via SSH keys on root user. This is why storage bricks are normally a standalone group and clients are another. I use one machine with a key that is in the authorized_keys file on all the other bricks. I only use this machine to setup the system. A better setup, but harder(time consuming, until scripted), is where EVERY machine can access any other.
After all that, you must make a one time connection from the main machine to all the other bricks so that SSH is confirmed on the yes/no prompt.

[/important]

 

Setup:

The HekaFS can be configured some through the web console. Accessed on port 8080 of the machine with Heka installed.

Under the Manage Servers link, you can type in the other servers holding storage “bricks” that you want to combine into the storage cluster.

Under the Manage Volumes link, you can A: checkmark the found mounts or B: specify the mounts under the “Add Directories” header. Check the ones you want and specify the Volume Type.
Types:
Plain, Replicated, Striped, SSL
As of right now, this interface does not allow a combined Replicated+Striped type. Should in the future.
Choose Replicated.

In the next box, type in how many replications. Type 2 for minimal.
This means on the cluster, two copies shall exist on different machines in case one machine fails.

Give a name to the new Volume in the Volume ID.
“General_Use”, “Office Docs”, “IT Programs”, “Backups”, ???

Click Provision

Your volume is created. Now onto WHO can use it.

Tenants are logins to the storage cluster. Each Tenant can have different permissions to access different Volumes.
Name and passwords are easy.
The UID and GIDs are up to you. Recommend starting at 10000 to 10500 for each.

Once the Tenants are setup, you must click the Volumes link next to each one and tell the HekaFS which volumes can be accessed via this Tenant.

Client usage of the newly setup volumes:

Pop this in a script or on a start-up file: “sudo hfs_mount heka1 General_Use ph ph /mnt/heka_client_storage/”
It reads as follows:
mount command | filesystem | Volume | UserName | Password | mount point on client system

Expand Volume:

To expand add in this config 2 new bricks and install as described. Stop at end of “Add bricks in cluster” section. Open Terminal of one brick you configured. Now we add the 2 new bricks to our volume volumeTest.

Check bricks and volume with

After expanding or shrinking a volume (using the add-brick and remove-brick commands respectively), you need to rebalance the data among the servers.

Now we have an Distributed-Replicate volume.

gluster volume info   Volume Name: volumeTest Type: Distributed-Replicate Status: Created Number of Bricks: 2 x 2 = 4 Transport-type: tcp Bricks: Brick1: 10.0.0.1:/hekafs-exports Brick2: 10.0.0.2:/hekafs-exports Brick3: 10.0.0.3:/hekafs-exports Brick4: 10.0.0.4:/hekafs-exports

516 total views, no views today

How to mount a remote directory using SSH via SSHFS

Standard

From: http://www.linuxnix.com/2011/03/mount-directory-locally-linux-sshfs.html

Step1:Installing Package

On Ubuntu/Debain

On Redhat/CentOS/Fedora

Step2:Once the package is installed we have to create a mount point and mount our  server data using sshfs command, for which we require  user-name/password. Here are my details for this task.

Now create the mount point and mount SSH account data.

Step3:Testing our set-up

Check if you are able to see the SSH data

#cd /mnt/ssh

#ls

Sample output

What about df -hs command output?

Sample output

Step4:So what about mounting it permanently?. We can do it by editing fstab file in /etc folder

go to last line and type below line

Save the file and exit. Now run mount -a to update the fstab file state to kernel.

Let me explain what entry in fstab indicates. We are mentioning mount user root data which is located on 10.233.10.212 server on to /mnt/ssh using fuse file system with default settings.

Step5:What about unmounting this drive?

Enjoy new learning of mounting a folder using SSH protocol.

742 total views, no views today