There is a new bagle worm that uses an exploit in IE. It does not need to have the user open an attachment, they just need to read an email with HTML in it. !!! There is a test to see if you are vulnerable here: http://secunia.com/MS03-032 More detailed info here: href=http://secunia.com/advisories/9580/ Bagle Q info […]
New Worm that Doesn’t Need Attachment
Verifying File Integrity with MD5 Checksums
We use MD5deep, because it has a recursive option which we discuss in this article. For now, though, we are just going to cover how to verify the MD5 checksum on a file. Grab the MD5 checksum from a site authoritative for your software package, and grab the software from a mirror site. Of course, […]
Using MD5deep To Verify Tree Integrity
We talked a little about MD5deep in this article. One nice thing about MD5deep is that it can do recursion. This allows you to create a set of MD5 sums for an entire directory. /etc is a good one to use as an example. Let’s create the set of MD5 sums: root@srv-1 etc # md5deep […]
Compiling PGP 2.6.2
This is certainly an old topic, but I always forget how to compile PGP 2.6.2 on GNU/Linux. Grab the source from MIT, probably, is what you want. You may also want to consider gpg. Much has changed since 1994! PGP 2.6.2 is particularly interesting for keeping password files using conventional encryption. It is possible to […]
Linux Kernel Exploit
There is a local user privilege exploit for the Linux kernel. Details are here: http://isec.pl/vulnerabilities/isec-0021-uselib.txt One thing to remember is that a local user does not mean that the user has to have access to the physical machine. It means that any user that can run code on the machine can gain root access.
Automating Secure FTP Downloads With Kermit
If you need to automate FTP downloads, and want lots of flexibility, an oldie but goodie is Kermit. I know what you’re thinking: “Hey, isn’t Kermit an old DOS comms program?”. Yes, it is a very old program. The cool thing about this, though, is that if you need to automate file transfers, it has […]
Configuring the Red Hat Enterprise Firewall
First off, let’s test ssh access: host user $ ssh x.y.z.w ssh: connect to host x.y.z.w port 22: Connection timed out host user $ Let’s add ssh access. Go to Applications->System Settings->Security Level: If you are not root, you will get a prompt to enter the root password: Be default nothing is enabled as trusted. […]
Running a Quick Ping Scan using NMAP
Nmap can make quick of work of doing a ping sweep of your network: [usr-1@srv-1 ~]$ nmap -sP 10.50.100.1-255 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-06-13 15:50 PDT Host 10.50.100.1 appears to be up. Host 10.50.100.2 appears to be up. Host 10.50.100.22 appears to be up. Host mondo (10.50.100.72) appears to be up. Host […]
Securing PHP
The first step to secure PHP is from the system perspective. Only provide what you have to. Of course, the code needs to be secure as well by using proper input validation, encryption, etc., but as systems administrators, we can head off some problems. First off, you can view a complete rundown of your current […]
Setting Up a Windows Server 2003 Host Based Firewall
There is a false sense of security when you envision your network as inside and outside, with a firewall protecting you from hostile users on the outside. One particularly nasty problem is when users bring their laptops home, surf, read email, and then plug it right back in to the corporate LAN on Monday morning. […]
Spike in Port 12345 Traffic
We have noticed a surge in traffic on port 12345. This could be NetBus, or a variant. We suspect that some trojan backdoor is in the wild tacked on to a new worm. The worm is looking for other friendly hosts listening on port 12345. To see a historical chart of activity on this port, […]
Using the AFICK File Integrity Checker
One important component of securing a system is to use a file integrity checker.There are multiple tools out there that can do this, including AIDE, and Tripwire. One project that does what we need, has few installation requirements, is fairly easy to install, and is multi platform is AFICK. In this article we will install […]
Customizing the AFICK File Integrity Checker
In this article, we set up AFICK. Let’s adapt AFICK to use a particular directory tree and a different database. This way, we can fingerprint the OS on one run, and fingerprint more dynamic content with a different job. Here is our configuration file: [root@ids afick]# cat /etc/afickweb.conf database:=/var/lib/afickweb/afick history := /var/lib/afickweb/history archive := /var/lib/afickweb/archive […]
WinSCP Freeware SFTP and SCP client for Windows
WinSCP is a full featured GUI SCP client. This means that communication between the server and the client is encrypted well, unlike FTP or Explorer. WinSCP also includes synchronization options that will help minimize the amount of traffic needed to mirror filesystems. We installed all of the options: Here you can see the array of […]
Running KeePass Password Management on GNU/Linux with Wine
Managing all of the passwords one needs to know for both personal and job-related security is quite a challenge. KeePass is a password management program for Windows. It is open-source and released under the GPL, which means it is highly likely that this project will stay around in some form. It also appears to use […]
GNUCash 1.6.3/LFS
I posted some earlier stories in the NetAdminTools Desktop area about struggling with GNUCash. I did eventually build up an LFS system, which I’m writing and posting this article from. There is some good information on the LFS site about getting various combinations of software running on LFS in the hints area. In particular, the […]
Using the MMC to disable Windows Messenger
We have not found a way to easily disable the Windows Messenger service on XP via the application. You can use the MMC (Microsoft Management Console) to do this, though. Select start–>run, enter mmc, and click OK. Select Add/Remove Snap-in, Add, Group Policy, Add, Local Computer, Finish. Here is a graphic of the appropriate part […]
XP Pro ACPI, XP task scheduler issues, and a C twist
There are a variety of issues surrounding ACPI on XP workstations. XP is tied very tightly in to ACPI. The immediate result is, by default, Microsoft’s support for ACPI saves the world a lot of electricity. That is, the information economy kills a lot less wildlife and puts less toxins in the air that we […]
Dynamically updating desktop background with text
Ever wish you could dynamically update the background image of your desktop? Here is a perl script that takes an existing background, finds out the current stock/index prices, and adds the prices to the image. Just put it in your crontab. You could just as easily put ping response times for various servers on your […]
What to do when your user’s hard drive dies
One of the most likely parts to fail on a typical workstation is the hard drive. The user powers on in the morning, and the BIOS screams “Unable to Boot!”. Now, much work can often be done via the web, or at least, the user won’t freak as much if they can at least access […]
