Saturday, 14 January 2012

VNC Server

Server Side

# yum install tigervnc-server
# vncpasswd --> This is done by the user you want to access with
# vim /etc/sysconfig/vncservers --> Add the following line

VNCSERVERS="1:root"

Note:- If you want to add multiple users you can do it as follow
VNCSERVERS="1:user1 2:user2 3:user3"
OR you can do each user in one line as follow
VNCSERVERS="1:user1"
VNCSERVERS="2:user2"
VNCSERVERS="3:user3"

# /etc/init.d/vncserver start

Client Side

# yum install vncviewer
# vncviewer VNCserverIP:1 --> For user1
OR
# vncviewer VNCserverIP:2 --> For user2 ... etc

For Further Options of vncviewer Command You Can Consult Man Pages

# man vncviewer

Posted by at No comments:
Labels: , ,

Thursday, 12 January 2012

Nessus Instalaltion

 Install Nessus from www.nessus.org
# rpm -Uvh Nessus.x.x.rpm --> extract the package
# /opt/nessus//sbin/nessus-adduser --> to add a user

Note:- Follow the instructions to add the new user. In rules section consult man pages for nessus-useradd
i.e
accept 192.168.1/16
aceept 10.10.5.0/8
deny 192.168.0.0/24

# Register in www.nessus.org and registeration email will be sent to you teeling you

Linux and Solaris Users :

To activate your account, simply execute the following command :

# /opt/nessus/bin/nessus-fetch --register AAAA-AAAA-AAAA-AAAA-AAAA


Note:- If auto_update is set to 'yes' in nessusd.conf, Nessus will update the plugins by itself otherwise use this command




# /opt/nessus/sbin/nessus-update-plugins

Note:- Nessus update its plugins after registration every 12 hours

# service nessusd start --> nessusd will not start untill you fetch and registration since plugins are installed

# Nessus provide web-interface to manage it http://localhost:8834

Scheduling Plugins Updates with Cron

# crontab -e and add 28 3 * * * /opt/nessus/sbin/nessus-update-plugins
Posted by at No comments:
Labels: , ,

Tuesday, 10 January 2012

qmail installation from Source Code in Centos 5.5

# mkdir /root/qmail
# cd /root/qmail
# wget http://www.qmail.org/netqmail-1.06.tar.gz
# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz --> inetd/xinetd substitute manages various daemon that qmail shipped with.
# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz --> Provide some services such as management as well as logging though 2 interfaces service scan and supervise (svscan/supervise).

# tar -xvzf netqmail-1.06.tar.gz
# tar -xvzf ucspi-tcp-0.88.tar.gz
# mkdir /package
# mv daemontools-0.76.tar.gz /package
# mkdir /var/qmail
# cd /root/qmail/netqmail-1.06
# cp INSTALL.ids IDS --> This file used in compilation to create users and groups for qmail

 Note:- IDS file should include only the following
   groupadd nofiles                    
   useradd -g nofiles -d /var/qmail/alias alias  
   useradd -g nofiles -d /var/qmail qmaild        
   useradd -g nofiles -d /var/qmail qmaill       
   useradd -g nofiles -d /var/qmail qmailp       
   groupadd qmail                    
   useradd -g qmail -d /var/qmail qmailq        
   useradd -g qmail -d /var/qmail qmmailr        
   useradd -g qmail -d /var/qmail qmails        


# . IDS && echo $? --> To source the file in order to execute it and echo the exist status
# yum install gcc gcc-c++ make flex bison bison-devel
# make setup check --> To build source files
# ./config-fast mail.linux.org (FQDN) --> If the FQDN is not defined you can check it using hostname -f
# cd /root/qmail/ucspi-tcp-0.88
# yum install patch-2.5.4-31.el5 --> Make sure that the patch command is installed
# patch < /root/qmail/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch --> this will pactch ucspi patch to the environment
# make && make setup check
# cd /package
# tar -xvzf daemontools-0.76.tar.gz
# cd /package/admin/daemontools-0.76/src
# patch < /root/qmail/netqmail-1.06/other-patches/daemontools-0.76.errno.patch
# cd ..
# package/install
# vim /var/qmail/rc --> And add the following

#!/bin/sh

# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"

# chmod 755 /var/qmail/rc
# mkdir /var/log/qmail
# echo "./Mailbox" > /var/qmail/control/defaultdelivery

The qmailctl script

# wget http://lifewithqmail.org/qmailctl-script-dt70
# mv qmailctl-script-dt70 /var/qmail/bin/qmailctl
# chmod 755 /var/qmail/bin/qmailctl
# ln -s /var/qmail/bin/qmailctl /usr/bin

The supervise scripts

# mkdir -p /var/qmail/supervise/qmail-send/log
# mkdir -p /var/qmail/supervise/qmail-smtpd/log
# vim /var/qmail/supervise/qmail-send/run --> Add the following

#!/bin/sh
exec /var/qmail/rc

# vim /var/qmail/supervise/qmail-send/log/run --> Add the following

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail

# vim /var/qmail/supervise/qmail-smtpd/run --> Add the following

#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/qmail-smtpd/run
    exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"
    exit 1
fi

exec /usr/local/bin/softlimit -m 2000000 \
    /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

Note: concurrencyincoming isn't a standard qmail control file. It's a feature of the above script. Also, that's -1 (dash one) on the LOCAL line and -l (dash ell) on the tcpserver line.

Note: The memory limit specified in the softlimit command may need to be raised depending upon your operating system and hardware platform. If attempts to connect to port 25 fail or remote systems are unable to send you mail, or you see a message like:

/usr/local/bin/tcpserver: error while loading shared libraries:
libc.so.6: failed to map segment from shared object: Cannot allocate memory try raising it to 3000000 or 4000000.

# echo 20 > /var/qmail/control/concurrencyincoming
# chmod 644 /var/qmail/control/concurrencyincoming
# vim /var/qmail/supervise/qmail-smtpd/log/run --> Add the following

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd

# chmod 755 /var/qmail/supervise/qmail-send/run
# chmod 755 /var/qmail/supervise/qmail-send/log/run
# chmod 755 /var/qmail/supervise/qmail-smtpd/run
# chmod 755 /var/qmail/supervise/qmail-smtpd/log/run

# mkdir -p /var/log/qmail/smtpd
# chown qmaill /var/log/qmail /var/log/qmail/smtpd
# rm -rf /usr/sbin/sendmail   
# ln -s /var/qmail/bin/sendmail /usr/sbin
# rm -rf /usr/lib/sendmail
# ln -s /var/qmail/bin/sendmail /usr/lib
# echo  root > /var/qmail/alias/.qmail-root
# echo  root > /var/qmail/alias/.qmail-postmaster
# ln -s var/qmail/alias/.qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon
# chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
# echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
# qmailctl cdb
# ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service

Posted by at No comments:
Labels: ,

Monday, 9 January 2012

Snort NIDS Mode

Note:- Make sure that you applied the tutorial in the post correctly

1. Install MySQL DB Environment

# /etc/init.d/mysqld start
# mysql -u root -P(password)
mysql> create database snort;
mysql> grant select,insert on root.* to snort@localhost;
mysql> set password for snort@localhost=password('123');
mysql> grant create,insert,select,delete,update on snort.* to snort@localhost;
mysql> grant create,insert,select,delete,update on snort.* to snort;

2. Import MySQL DB schema

# mysql -u root -p < /root/snort-install/snort-2.9.1/schemas/create_mysql  snort

Note:- create_mysql will be found under snort source code directory in schema sub-directory

3. Setup Snort NIDS /etc/snort envirmonment

# mkdir /etc/snort && cp -a /root/snort-install/snort-2.9.1/etc/* /etc/snort/

4. Download the latest Snort rules and add it in /etc/snort/rules

# cd /etc/snort/ && tar -xzvf snortrules*

5. Configure /etc/snort/snort.conf to use MySQL and rules

# vim /etc/snort/snort.conf

ipvar HOME_NET 192.168.1.0/24
var RULE_PATH /etc/snort/rules                   
output database: log, mysql , user=<root> password=<123> dbname=<snort> host=<localhost>

6. Start Snort as NIDS mode

# snort -i eth0 -c /etc/snort/snort.conf

ERROR: parser.c(5260) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.
Fatal Error, Quitting..

# mkdir /usr/local/lib/snort_dynamicrules

ERROR: log_tcpdump: Failed to open log file "/var/log/snort/snort.log.1323643665": No such file or directory
Fatal Error, Quitting..

# mkdir /var/log/snort/

7. Setup BASE web analysis application

download adodb*.tgz and extract it in /var/www/html --> It provide connectivity for BASE and MySQL
# mv adodb5 adodb
download base form http://base.secureideas.net and extract it in /var/www/html/
# mv /var/www/html/base* /var/www/html/base && cd /var/www/html/base
# mv base_conf.php.dist base_conf.php
# vim base_conf.php
$BASE_urlpath = '/base';
$DBlib_path = '/var/www/html/adodb';
$DBtype = 'mysql';
$alert_dbname   = 'snort';
$alert_host     = 'localhost';
$alert_port     = '';
$alert_user     = 'snort';
$alert_password = '123';
# chown -R apache /var/www/html/base

OR
# mv /var/www/html/base/base_conf.php /var/www/html/base/base_conf.php.bak
Open your favorite web browser and go to: http://www.example.com/base/setup and follow the instructions


Note:- in /etc/php.ini modify the following variable
error_reporting = 'E_ALL & ~E_NOTICE'

This is a list of php packages I installed rpm -qa | grep php

php53-common-5.3.3-1.el5_7.3
php53-5.3.3-1.el5_7.3
php53-mysql-5.3.3-1.el5_7.3
php53-gd-5.3.3-1.el5_7.3
php53-cli-5.3.3-1.el5_7.3
php53-pdo-5.3.3-1.el5_7.3
php53-devel-5.3.3-1.el5_7.3

To make the Graph's from BASE work you will also need to install Image_Color, Image_Canvas and Image_Graph.
To do this do:


Note:- To install pear command for php53
# wget http://pear.php.net/go-pear.phar 
# php go-pear.phar and press enter      

pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha


To start SNORT and make BASE show you the Snort's logged info, you will need to run:

/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D

Note:- Make sure that php and php-mysql are installed otherwise BASE will not be able to connect to MySQL
Posted by at No comments:
Labels:

Sunday, 8 January 2012

Snort Installation on Centos 5.5

The pre-requisites are:

    libtool(.x86_64)
    mysql-server
    gcc
    gcc-c++
    mysql-devel

The requisites are:

    libpcap >= 1.0
    daq-0.5
    libdnet-1.12
    pcre-8.12

I recomend using the DAG repository:
# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm --> For 64bits
# rpm -Uvh http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.i386.rpm --> For 32bits

Then append the following in /etc/yum.repos.d/CentOS-Base.repo

[dag]
name=CentOS-$releasever – Contrib
mirrorlist=http://apt.sw.be/redhat/el4/en/$ARCH/dag
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=0
enabled=0

Then update:
# yum update

First off, you should take notice that the version of libpcap required by Snort,
The one in CentOS repositories is outdated they are only up to version 0.9.4.

Remove the current libpcap:
# yum remove libpcap libpcap-devel

Install some basic requisites:
# yum install gcc mysql-devel mysql-server libtool(.x86_64)
# yum -y install gcc-c++ make flex bison
# yum -y install libdnet(.x86_64) libdnet-devel(.x86_64)

Create a directory and put all needed packages here:
# mkdir snort-install && cd snort-install

Download the files:
snort-2.9.1.tar.gz
# wget http://www.snort.org/downloads/1107
daq-0.5.tar.gz
# wget http://www.snort.org/downloads/860
libpcap-1.1.1
# wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz
pcre-8.12
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.13.tar.gz

LIBPCAP:

# tar -zxvf libpcap-1.1.1.tar.gz
# cd libpcap-1.1.1
# ./configure --prefix=/usr
# make all &&  make install
# ldconfig
# ldconfig -p | grep libpcap

DAQ:

# tar -zxvf daq-0.5.tar.gz
# cd daq-0.5
# ./configure --with-libpcap-libraries=/usr/lib/

PCRE:

# tar -zxvf pcre-8.12.tar.gz
# cd pcre-8.12
# ./configure --enable-utf8
# make all && make install

SNORT:

# tar -zxvf snort-2.9.0.5.tar.gz
# cd snort-2.9.0.5
# ./configure --with-mysql --enable-dynamicplugin --with-libpcap-libraries=/usr/lib --with-daq-libraries=/usr/local/lib/daq --enable-zlib --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling
#  make &&  make install
# ln -s /usr/lib/libdnet.so.1.0.1 /usr/lib/libdnet.1

Consider Other Snort build options:
OPTIONS : –enable-ipv6 –enable-gre –enable-mpls –enable-targetbased –enable-decoder-preprocessor-rules –enable-ppm –enable-perfprofiling –enable-zlib

To make it work, you still need to download the rules package from the snort website, and copy to each correct folder
then setup the snort.conf file.


Problems You May Face


snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
# ln -s /usr/lib/libdnet.so.1.0.1 /usr/lib/libdnet.1

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)