Posted by jpluimers on 2015/04/20
Below some links to get me started on capturing http traffic.
Some tools mentioned in these links, with * marking the ones available on the distribution I use:
Here we go: Read the rest of this entry »
Posted in *nix, *nix-tools, Linux, Power User, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2015/01/26
Thanks Jan Wildeboer for sharing a link to https://stribika.github.io/2015/01/04/secure-secure-shell.html.
That describes how to harden your secure shell by configuring the most secure algorithms for it.
Related: [WayBack] encryption – What are ssh-keygen best practices? – Information Security Stack Exchange
–jeroen
via More secure SSH. https://stribika.github.io/2015/01/04/secure-secure-shell.html.
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2014/10/03
Had to download a bunch of stuff over the command-line from an IIS server that was using authentication. Not basic authentication, but NTLM authentication.
wget kept failing, even wget 1.10 that usually does NTLM quite OK (but up to 1.10.2 has a security vulnerability so you should not use wget 1.10 any more).
So I installed a Windows x86 cURL binary, and downloaded+copied the root certificates, then did some reading on the command-line switches.
Without any, cURL does http basic authentication. But a Windows server usually expects NTLM authentication (hardly documented, but it uses the Negotiate protocol).
When not using NTLM, both would show (wget -d, or curl -v) this in the output, indicating you should use NTLM authentication: Read the rest of this entry »
Posted in *nix, *nix-tools, cURL, Linux, Power User, SuSE Linux, wget, Windows, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2 | Leave a Comment »
Posted by jpluimers on 2014/09/25
Unpatched bash allows for remote code execution.
Patch as soon as you can and be aware that the current patches might not be complete.
Many vendors (including Debian, Red Hat, SuSE, Ubuntu) already have patches available: CERT/NIST reveal level 10 bash alert today, 24 September 2014.
This is a long article which explains the why/how/… and has an easy check to see if you are vulnerable: What is the CVE-2014-6271 bash vulnerability and, how do I fix it.
It looks like the current patches aren’t complete yet, but do plug big parts of the hole.
Watch bash CVEs in Ubuntu and CVE-2014-7169 in Ubuntu (and maybe for other nx varieties as well).
Update:
curl https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck > bashcheck.sh
less bashcheck.sh # check if there is nothing fishy
chmod +x bashcheck.sh && ./bashcheck.sh
rm bashcheck.sh
Quote from the article:
Posted in *nix, *nix-tools, bash, Development, Power User, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2014/07/21
Thanks to Using inotify-wait to check filesystem events I got pointed to How to use inotify-tools to trigger scripts on filesystem events which is now on my research list.
–jeroen
Note that Kristian later on commented this:
The solution shown in the article has race conditions and should not be used.
It is based on
while :
do
inotifywait $options && run-backup
doneand that means that while the backup runs, the directory in question is unmonitored. When the backup finishes, new changes may have been accumulating during backup run, but without being picked up by the backup.
A proper solution would do something like
inotifywait -m $options | while read line
do
do-something-that-logs-multile-changes-and-triggers-backup-once
doneThe important thing is that “inotifywait -m” does not terminate and hence no changes will be lost. It is wrong to run the backup once in full for each change, though.
Posted in *nix, *nix-tools, Linux, Monitoring, Power User, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2014/04/19
Reaver-WPS is an excellent tool to test the security of your WPA/WPA2 secured network against the WPS vulnerability.
Getting Reaver 1.4 (which contains wash to scan WiFi networks) to compile out of the box on OS X Mavericks (which is 10.9; why can’t they keep a successive version number in the product name?) didn’t work.
So I downloaded the adapted source pack from one of the comments in Issue 245 – reaver-wps – Support for Mac OS X? – Brute force attack against Wifi Protected Setup – Google Project Hosting (as the diff still not has been applied to the codebase)..
wash will detect most, but not all networks. I’ve net yet tried WireShark, wpscan and wspy yet (they re supposed to get all of them).
To speed up the checking process I tried on install aircrack-ng to associate a Mac with the target network. Compiling aircrack-ng on a Mac from source didn’t work at all. But after installing MacPorts, I could get the MacPorts version of aircrack-ng to work. The bad news: I could not get aircrack-ng to associate to the network.
So these were the commands I used: Read the rest of this entry »
Posted in *nix, *nix-tools, Apple, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, Monitoring, OS X 10.9 Mavericks, Power User | Leave a Comment »
Posted by jpluimers on 2014/04/13
A while ago, I wrote about getting rsync on ESXi: ESXi 5.1 and rsync – damiendebin.net.
Now I needed [WayBack] 7zip on ESXi to make sure I could test unpack some 7zip archives.
This turned out much easier than I thought, thanks to [WayBack] 7Zip for ESXI | Vladimir Lukianov: Заметки who pointed me to the [WayBack] P7ZIP project. P7ZIP actually created three things:
Here are the full steps to get 7zip on ESXi 5.x:
Posted in *nix, *nix-tools, ESXi4, ESXi5, ESXi5.1, ESXi5.5, Linux, Power User, SuSE Linux, VMware, VMware ESXi | Tagged: 7z, 7zip | 3 Comments »
Posted by jpluimers on 2014/04/09
A long time ago I asked this OpenSuSE/Linux question: How can a partition be full if du does not show it is? – Linux on Super User.
With help of the OpenSuSE forums, I did figure out the source of the problem and solution, but I totally forgot to blog about it.
So below it is, just in case SuperUser ever shuts down, or the StackOverflow moderators are taking over SuperUser as well.
But first the comments in the questions about where I found the source and solution:
I found it through the openSUSE forums: it uses btrfs and snapshots. So the snapshots take up a lot of space. And I need to find out a way to delete old snapshots. forums.opensuse.org/english/get-technical-help-here/…
and
I think I found it: nrtm.org/index.php/2012/03/13/…
I wasn’t alone, so here are some more useful links and links from people asking for help:
–jeroen
PS: here is my SE question on it: linux – How can a partition be full if du does not show it is? – Super User.
Posted in *nix, *nix-tools, Linux, openSuSE, Power User, SuSE Linux | Tagged: snapshots | 1 Comment »
The Wiert Corner - irregular stream of stuff 