Category Archives: Security

Raspberry Pi 3 error IPTables | Raspberry pi error – iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)

Was building a RPi3 machine and got the following error after an update.

Turns out nothing to worry about, just reboot the Pi.

Setup a backup job for your LAMP sites. | Setup a backup job for your LAMP sites.

I wrote a script which takes a backup of my webserver, taking a snapshot of all the website content, database, and configuration files.

Theory is if the webserver died, we would be about to result quickly using the data backed up.

On the server, put the following script and below is the cron entry which triggers every week. You will need up change the username and password for your mysql server.

This is the cron entry which fires up every friday.

Now this script will be on a linux machine somewhere else, it will connect and copy the backup archive file generated. You must first setup the ssh key so that its passwordless connection.

Simplicity it key! It works and will get you out of trouble. Well worth the 5minute investment.

 

 

Building a useful .ssh/config file for your SSH connections | setup to configure your .ssh/config file!

Writing a good ssh config file can make your life a whole lot easier especially if your an Linux Admin.

I have written a basic config file below which should be saved in the following location “~/.ssh/config”, when attempting to ssh its the first place SSH looks for instructions by default.

After the config if will go through in detail explain what each line does.

Host: this is like an alias, it will once you attempt to ssh to it, it will resolve using the Hostname field.

Hostname: Look above

Port: The port the ssh server is running on

User: the username you have on the server

Identityfile: This is your SSH private key location

ForwardX11: This is to allow you to see an X GUI session from the remote computer.

Keepalive: the next three are to enable keepalive which will ensure your SSH session stays active even after a period of inactivity. The two subsequent options enable you to configure the frequency of the keepalive packets.

Compression: this enables compression, this is especially useful over slow links. You will need to do more research for the senario which suits your connection and security requirements.

DynamicForward: This enables you to tunnle your connection to the remote host on the specified port. Simply setup your browser on socks5 proxy and point to localhost:port.

LocalForward: This enables you to setup tunneling. Simply specify your local reserved port and your remote IP and port which you want tunneled.

Fix Apache2 SELINUX permissions problems. | selinux stopping images appearing on site

I recently had a request with an Apache2 problem.  The website didn’t display the images on the page.

After looking at the logs, the error appeared in the /var/log/audit/audit.log.

When you kick off a request with the web browser, you see 5 – 6 error appear about permissions.

So fix this, its easy, running the following command while its running refresh your browser.

This tool will find the error and create a white list and store it as “test”

To implement the fix execute the following command.

Once completed you will have access to your files.

Solaris setup a NFS client and server | making a NFS client server environment in solaris

A quick howto for setting up NFS on a Solaris server.

This is relatively easy process, sometimes can be problematic due to firewall rules and services running on the system

Lets enable and start the services.

This will create the create and share it to the world, for this exercise I didnt specify source IP’s. You can do that later once you have everything working.

To confirm the share is now active

Ok now jumping on the client side, lets mount the share.

Lets see the mount

Done! Enjoy!

The best Raspberry Pi Case Ever! | single unit raspberry pi case includes power

I have looked at a number of Raspberry Pi cases, they all have one thing in common. They have a box (the raspberry pi itself), a USB cable, and an adapter at a minimum.

I wanted to create a unit which will improve these shortcomings for three main reasons.

  1. To look cleaner, neater,  and safety.
  2. Can be installed on sites where you are completing a security audit, the unit will not come under suspicion because of it looks.
  3. Cooling, performance and the ability to expand hardware inside the unit itself.

I used FreeCAD to design the 3D printable design and a Dremel 3D20 printer to print it.

I have made around three designs which I improved on each time, landing on the one published here.

The print contains a space for a Samsung USB power plug and a section for the USB connector, it contains a grove to allow it to sit firmly in place.

The Raspberry Pi sits on four poles which hold it firmly in place, and also allows you to connect the cat5 connected and four USB ports at the bottom.

I have build three slits on the bottom of the cover and three at the top, this is a clever wait to passively cool the Raspberry Pi. The air inside will heat up and rise, then exit from this top slits. This will then create a suction from the bottom, taking in the cool air. No need for a fan! Test proved to be promising.

I am really pleased with the design and use it at home.

I have plans to make it alot smaller, as you can see from the photos the biggest problems are the size of the adapter and the plug into the Pi itself. I have ordered smaller and cheaper power plugs and some L shaped USB connectors. This will allow me to design the casing to be alot smaller, ill keep you posted.

To make this project happen you need the following

Enjoy!

Docker crash course with Ubuntu – for beginners | docker ubunter 16.04 beginners guide howto

A quick crash course on how to get a docker container up and going on a Ubuntu 16.04 server.

01. This first section will essentially install the docker repos onto the Ubuntu box.

02. This will actually install docker.

03. Check that its running.

04. This will test that docker is properly installed and able to execute docker containers.

05. This will download the ubuntu image from the repo.

06. The will need to list the images which are available to us, taking note of the image ID

07. Then we cut-n-paste the ID into the command below.

08. You will now notice your running a full blown Ubuntu OS which is actually in a container, this is tested by checking what procs are running by typing “ps waux”, there should only be a few procs running.

09. Exit out of the container, this will end the container

10. The following command will show you the available containers

11.  Determine which container you worked on, cut and paste the ID into the command below to start it in the background.

12. The container is now running, can may connect to it on the terminal by typing the following command and pasting the ID at the end.

 

All you need to know to get you going!

 

 

 

 

 

 

 

 

 

 

 

 

Blocking All IPs Outside Your Country | iptables linux centos ubuntu blocking coutries

I want to block all traffic that does not originate from my country (Australia)

Best way to do this is using IPTables, Australia alone has around 4500 IP ranges to block.

What I did was download the ranges from Maxmind in CSV format, link

So we need to covert the format of the CSV file to a format IPTABLES can import, I wrote the following script.

Change the country name to match your country,  it will work.

This will produce the whitelist required to block all other IPs, you will also need to append a deny all at the end, so this.

GeoIP – Converting IPs to Physical Locations. | locate based on IP geoip maxmind tracing

I manage a large scale SSH server. This server is open to the world via SSH port 22.

Considering I only have Australian clients I would expect only Australian IP’s connected to it, so how would I know?

You can google the IP but that is a manual time consuming process. So I have automated it!

There is a open source tool called GeoIP. Its available by default on Debian and Redhat based distros. Install it with the following method.

Debian

 

Redhat

 

Usage

 

As you can see above, it resolves IP to country. This was perfect for the work I was doing but if you want specific city and GPS coordinates you need to download a higher detailed database from Maxmind.

So to update the database perform the following.

 

Now that you have the new database, you need to advise Geoip of the new database file.

Usage

As you can see, more detail than before.