Fire Up Cpan on Ubuntu

8/12/2019 Fire Up Cpan on Ubuntu

1/17

Fire UP CPAN on UBUNTUTo fire up the CPAN module, just get to your command line and run this:perl -MCPAN -e shell

Once you find yourself staring at the

Cpan c>command prompt, installing a module is as easy as install MODULE::NAME- for example, toinstall the HTML::Template module you'd type:cpan> install HTML::Template

Install the SNMP service on CentOS.

yum install net-snmp

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org

vim /etc/snmp/snmpd.conf

rocommunity public 192.168.x.x

P.S. - Replace 192.168.x.x with the IP address of the server that you want to allow SNMP

lookups from:

/etc/init.d/snmpd start

chkconfig snmpd on

In firewall open UDP port 161 to your SNMP lookup server.

And Test -

snmpwalk -v 2c -c public 192.168.x.x

To configure the service to be automatically started at boot time, use the following command:

chkconfig snmpd on

This will enable the service in runlevel 2, 3, 4, and 5. Alternatively, you can use the Service

Configurationutility as described inSection 11.2.1.1, Enabling and Disablinga Service.

Debug a shell Script

Bash x PATH OF THE SCRIPT

Bashx /sbin/bash01.sh
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disablinghttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disablinghttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disablinghttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disablinghttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disablinghttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disablinghttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-services-configuring.html#s3-services-serviceconf-enabling_and_disabling


2/17

nmap -A -T4 10.10.1.12: this command allows you to do a trace route into the ip

and check the version of the OS running into the machine.

-A: OS VERSION

T4: TRACE ROUTE

Unknown timing mode (-T argument). Use either "Paranoid", "Sneaky", "Polite", "Normal",

"Aggressive", "Insane" or a number from 0 (Paranoid) to 5 (Insane)

This cmd below allows you to search in a file named.reversos.conf and find

wherever is 41.210.222.131 and replace it with 41.210.222.60 and write to a file

output_file

sed 's/41.210.222.131/41.210.222.60/g' named.reversos.conf > output_file

sed s/what to find /what to replace/g which file to search > whr to display it

Probing a device: SNMP WALKs

v2c = verso do SNMP

-C = community

Snmpwalkv2c

c

snmpwalk -v2c -c mvcsnmp-mng-rw 172.16.30.20

When you decide that you want to write an SNMP monitoring application for a given device you

need to start by understanding what is available to you. If you have a MIB you can read through

it to get a feel. If you have MIB documentation you have an even better leg up. Whether you

have a MIB or not, the best way to start out is to walk the device asking the device agent for

every value it can supply you. Given this output you can then know exactly what is being

reported where and how you want to tackle it in code. The snmpwalktool can walk the OID tree

based on a starting OID or by default with no OID, which just returns the MIB-II OIDs.

Lets walk a device (APC UPS) and look at what is output usingthe snmpwalkcommand.

$ snmpwalk -v1 -c public 10.10.1.224

I found the, or a, solution:

The key step I was missing was how to find the Hardware Wizard:

1. Click the Start menu.

2. Search for cmd".3. Right-click on cmd and select Run as Administrator


3/17

4. Enter hdwwiz.exe

From that point on it's the same approach as under Vista, i.e.:

1. In the "Welcome to the Add Hardware Wizard", click Next.2. Select "Install the hardware that I manually select from a list (Advanced)" and

click Next.

3. Scroll down and select "Network adapters" and click Next.4. Select under Manufacturer "Microsoft" and then under Network Adapter

"Microsoft Loopback Adapter" and click Next.

I've tested this and it's working for me (connecting the host to a VPC using the

loopback adapter).

http://www.youtube.com/watch?v=2wvSzbhMLSQ

http://www.cisco.com/en/US/products/sw/ ... ml#wp70999

Task 3: Configure Your Router to Support SDM

You can install and run SDM on a router that is already in use without

disrupting network traffic, but you must ensure that a few

configuration settings are present in the router configuration file.

Access the CLI using Telnet or the console connection to modify the

existing configuration before installing SDM on your router.

Step 1 Enable the HTTP and HTTPS servers on your router by

entering the following commands in global configuration mode:

Router# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# ip http server

Router(config)# ip http secure-server

Router(config)# ip http authentication local

Router(config)# ip http timeout-policy idle 600 life 86400 requests

10000

Testing Link Status from the Command Line

Both the mii-tool and ethtool commands command will provide reports on the link

status and duplex settings for supported NICs.
http://www.youtube.com/watch?v=2wvSzbhMLSQhttp://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html#wp70999http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html#wp70999http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html#wp70999http://www.youtube.com/watch?v=2wvSzbhMLSQ


4/17

When used without any switches, the mii-tool gives a very brief report. Use it with the -

v switch because it provides more information on the supported auto-negotiation speeds

of the NIC and this can be useful in miit-troubleshooting speed and duplex issues.

The ethtool command provides much more information than mii-tool and should be

your command of choice, especially because mii-tool will be soon deprecated in Linux.In both of the following examples the NICs are operating at 100Mbps, full duplex and

the link is ok.

Link Status Output from mii-tool

[root@bigboy tmp]# mii-tool -v

Link Status Output from ethtool

[root@bigboy tmp]# ethtool eth0

Using MTR To Detect Network Congestion

Matt's trace-route is an application you can use to do a repeated trace-route in real time;

it dynamically shows the round-trip time to reach each hop along the trace-route path.

The constant updates enable you not only to visually determine which hops are slow,

but also to determine when they appear to be slow. It is a good tool to use whenever you

suspect there is some intermittent network congestion.

You type in the word mtr followed by the target IP address to get output similar to the

following:

[root@bigboy tmp]# mtr 192.168.25.26

The following is an example of tcpdump being used to view ICMP ping packets going

through interface wlan0:

[root@bigboy tmp]# tcpdump -i wlan0 icmp

In this example:

The first column of data is a packet timestamp.

The second column of data shows the packet source and then the destination IP

address or server name of the packet.

The third column shows the packet type.

Two-way communication is occurring as each echo gets an echo reply.

The following example shows tcpdump being used to view packets on interface wlan0

to/from host 192.168.1.102 on TCP port 22 with no timestamps in the output (-t switch).


5/17

[root@bigboy tmp]# tcpdump -i wlan0 -t host 192.168.1.102and tcp port 22

Table 4-5 : Useful tshark Expressions

tshark command

expressionDescription

host host-address View packets from the IP address host-address

icmp View icmp packets

tcp port port-numberView TCP packets with packets with either a source or

destination TCP port of port-number

udp port port-numberView UDP packets with either a source or destination UDP

port of port-number

In the next example we're trying to observe an HTTP (TCP port 80) packet flowbetween server smallfry at address 192.168.1.102 and bigboy at IP address

192.168.1.100. The tshark output groups the IP addresses and TCP ports together and

then provides the TCP flags, followed by the sequence numbering. It may not be

apparent on this page, but the formatting lines up in neat columns on your screen,making analysis much easier. Also notice how the command line mimics that of

tcpdump.

[root@smallfry tmp]# tshark -i eth0 tcp port 80 and host192.168.1.100

Commonly Used NMAP Options

Argument Description

-P0 Nmap first attempts to ping a host before scanning it. If the server is being

protected from ping queries, then you can use this option to force it to

scan anyway.

-T

Defines the timing between the packets set during a port scan. Some

firewalls can detect the arrival of too many non-standard packets within a

predetermined time frame. This option can be used to send them from 60

seconds apart with a value of "5" also known as insane mode to 0.3


6/17

seconds with a value of "0" in paranoid mode.

-OThis will try to detect the operating system of the remote server based on

known responses to various types of packets.

-p Lists the TCP/IP port range to scan.

-sDefines a variety of scan methods that use either packets that comply with

the TCP/IP standard or are in violation of it.

Here is an example of us trying to do a scan using valid TCP connections (-sT) in the

extremely slow "insane" mode (-T 5) from ports 1 to 5000.

[root@bigboy tmp]# nmap -sT -T 5 -p 1-5000 192.168.1.153

NMAP

Dont ping-PNWith this option Nmap simply dont ping the target/s

sudonmap-PN192.168.1.34

CHECK THE OPERATING SYSTEM OF THE DEVICE.

NmapAT4P0 41.210.222.130

Only Ping scan-sPThis is used to perform simple ping scan of the specified host

sudonmap-sP192.168.1.34

This scan is useful when you want to do a quick search of the target network to see

which hosts are online without actually scanning the targets for open ports

ARP Ping scan

The PRoption instructs nmap to perform an ARP (Address Resolution Protocol) ping

scan on the desired target ip.sudonmapPR 192.168.1.3

You can scan a range of IP address too:

nmap 192.168.1.1-20


7/17

nmap 192.168.1.*

#6: Find out if a host/network is protected by a firewall

nmap -sA 192.168.1.254

nmap -sA server1.cyberciti.biz

#7: Scan a host when protected by the firewall

nmap -PN 192.168.1.1 nmap -PN server1.cyberciti.biz

Performing Fast scan:

The Foption instructs nmap to perform a scan of only the 100 most commonly used

ports

sudonmapF 192.168.1.34

Scan only specific portsThe-poption is used to instruct nmap to scan the specifiedport(s)

To check if the telnet port is open:

sudonmapp23 192.168.1.34

$ sudonmapp 22,25,53 ,80-200 192.168.1.34

Operating system and service detection

The -Oparameter enables Nmaps O.S Detection feature in the scan

nmap-O192.168.1.34

Service version detection

The-sVparameter is used to detect version of services

$ nmap -sV192.168.1.34

The maximum size of the connection-tracking table can be increased. The maximum

size value is stored in the router's proc file system in the file

/proc/sys/net/ipv4/ip_conntrack_max. Increasing the maximum size of the connection

tracking table to a value larger than the total number fo connections will eliminate theerror message and prevent the router from dropping connections due to a lack of space


8/17

in the connection tracking table.

Each connection uses approximately 350 bytes of memory, so 16384 connections

would allocate 5.7 MB of RAM. In most cases, the default value is sufficient, but

ImageStream recommends that operators encountering the "table full" message

increase the value to either 16384 or 32768 entries. The default firewall configurationfile (/etc/rc.d/rc.firewall, available from the router's Firewall/QoS menu) contains the

command to increase this value:################################################################################ If you have NAT rules and get a "ip_conntrack: table full, droppingpacket."## message in your kernel message log (dmesg), increase the maximumnumber of ## connections that can be tracked by uncommenting the line below## Each connection uses ~ 350 bytes of memory. 16384 = 5.7 MB

#################################################################################echo 16384 > /proc/sys/net/ipv4/ip_conntrack_max

find files with the world write

find / -type f -perm -2 -print

finding files with world read access

find / -type f - perm -4 -print

nc

Hiding tracks

Once inside a network, an attacker will:

Kill the history file

**** ln -sf /dev/null .bash_history

check for the crontab

******* crontab -l

Establish Rouge accounts

******* passwd uucp

hide files mkdir /tmp/...


9/17

Establish backdoors

nc -l -p 6666

clean logs

******** wtmp/utmp/messages/secure/xferlog/var/log/httpd

conduct password cracking attacks

How Do I Create a New ext3 File SystemFirst, create the partition using the fdisk command line utility. To start fdisk, type the

following command at a shell prompt. You need a device name refers to the entire hard

disk.

# fdisk /dev/device-name

# fdisk /dev/sdb

Type n then p, to create a new (n) primary (p) partition

After the fdisk command session (which makes changes to partition table) just type the

following command:

# partprobe

OR

# partprobe /dev/sdX

Format hard disk

To format the partition with the ext3 file system use mke2fs command

# mke2fs -j /path/to/partition

# mke2fs -j /dev/sdb1

Update /etc/fstabCreate a mount point:

# mkdir /disk2

Edit the /etc/fstab to include the new partition

# vi /etc/fstab

Append the new line as follows:

/dev/sdb1 /disk2 ext3 defaults 1 2


10/17

To mount, enter: 936 85-70-57

# mount a

# df H

HOW TO DISABLE REMOTE ROOT ACESS INTO LINUX MACHINE

Why would you do this? Well everyone knows that 'root' (the username) is the admin ofyour box, so by denying 'root' remote access to ssh into your box you are making it just awee bit harder for the hackers to get into your box since now they will have to guess ausername on your box.

1. As root,

Vi /etc/ssh/sshd_config

2. In there find (or create) a line that reads

Quote# Authentication:

#LoginGraceTime 120PermitRootLogin no#StrictModes yes

The line PermitRootLogin nois the important one. Note there is no # in front of it.

3. Once you have made those changes, save the file (esc then: wq).

4. Restart sshd (service sshd restart).

With this line root cannot ssh into the box. To become root, ssh in as a normal user thenuse su -to become root once logged in.

HOSTS.ALLOW LINUX CONFIGURATION FILE

ALL: 192.168.24.

ALL: 192.168.23.

ALL: 192.168.4.40


11/17

ALL: 10.10.1.100

ALL: 41.210.255.49

ALL: 41.210.254.

ALL: 41.210.222.

ALL: 41.210.252.69/29

ALL: 10.8.11.29

ALL: 197.241.128.0/18

ALL: 10.80.0.0/16

ALL: 10.119.252.0/22

ALL: 10.72.0.0/16

ALL: 10.10.2.103

sendmail: 127.0.0.1

vsftpd: 41.210.192.0/255.255.192.0

vsftpd: 127.0.0.1

vsftpd: ALL

HOSTS.DENY LINUX CONFIGURATION FILE

# the new secure portmap uses hosts.deny and hosts.allow. In particular

# you should know that NFS uses portmap!

ALL: ALL

AAA NOTAS

Passos para reiniciar o servio:

1Para o navis radius.


12/17

2parar o ldap

3- Se for necessrio reiniciar o servidor quando levantar ambos servios

estaro ativos.

4

se no iniciar o ldap

5- iniciar o navis radius

6- verificar se os clientes esto a conectar-se; nos logs do radius.

7- fim

OBS: In a Worst-case scenario, in case we restart the server and if neither the service

(nr) nor the database (Ldap) does come up we first start the database than we start

the server.

To check whether the clients are able to authenticate to the triple A, we go under the

folder: /radius/log and execute the command tailffollowed by the name of the file

that needs to be executed.

Authentication of the dongle: A12 and PPP

The Navis Radius service can be found in the directory below.

To check whether the service is running or not you type the list command.

/opt/Lucent/NavisRadius/bin/nr list

IPTABLES

iptables -I INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 2 -j REJECT

this rule is applied to limit the number of tcp connections via ssh. This will allow onlytwo connection into server.

NOTE: Before we do that we need to load modprobe xt_connlimit from a cmd line and

add this entry into the rc.localfile to allow to load this module every time the system

restart.

This option is the /etc/rc.local script. This file runs after all other init level scripts have

run, so its safe to put various commands that you want to have issued upon startup


13/17

For instance, once I had a machine that, for some reason, samba seemed to not want

to start. Even afer checking to make sure the Samba daemon was setup to initialize at

boot up. So instead of spending all of my time up front with this I simply placed the

line:

/etc/init.d/samba start

How do you restart all services instead of doing it one by one?

EG: /etc/init.d/httpd restart

How do I restart everything in /etc/init.d ?

Init 2 on ubuntu

Init 5 on red hat

The following line makes the user program test.plostensibly aPerlscript

run every two hours, at midnight, 2am, 4am, 6am, 8am, and so on:

0 */2 *** /home/username/test.pl

cron permissions[edit source|editbeta]

The following two files play an important role:

/etc/cron.allow- If this file exists, it must contain your username for you to use

cron jobs.less 8

/etc/cron.deny- If the cron.allow file does not exist but the /etc/cron.deny file does

exist then, to use cron jobs, you must not be listed in the /etc/cron.deny file.

Note that if neither of these files exist then, depending on site-dependentconfiguration parameters, either only the super user can use cron jobs, or allusers can use cron jobs.

Field Description Allowed Value

MIN Minute field 0 to 59HOUR Hour field 0 to 23
http://en.wikipedia.org/wiki/Perlhttp://en.wikipedia.org/wiki/Perlhttp://en.wikipedia.org/wiki/Perlhttp://en.wikipedia.org/w/index.php?title=Cron&action=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&action=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&action=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&veaction=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&veaction=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&veaction=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&veaction=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&veaction=edit&section=4http://en.wikipedia.org/w/index.php?title=Cron&action=edit&section=4http://en.wikipedia.org/wiki/Perl


14/17

DOM Day of Month 1-31

MON Month field 1-12

DOW Day Of Week 0-6

CMD Command Any command to be executed

How to turn a regular user to have root access into account

Open a file /etc/sudoers, and make sure this line is configured as the line below

## Allows people in group wheel to run all commands

%adm ALL=(ALL) ALL

after this change the user group to usermodg 4 felix where felix is the name of theuser.

SECURING YOUR WINDOWS WEB SERVERS

Disable NetBIOS and SMB

Disable all unnecessary protocols, including NetBIOS and SMB. Web servers do not

require NetBIOS or SMB on their Internet-facing network interface cards (NICs).Disable these protocols to counter the threat of host enumeration.

Note The SMB protocol can return rich information about a computer to

unauthenticated users over a Null session. You can block null sessions by setting the

RestrictAnonymousregistry key as described in "Step 9. Registry."

Note Test your changes before implementing them in production. Disabling sharing or

NetBIOS can negatively impact manageability for your scenario. For example, IIS uses

the NetUserChangePasswordAPI which depends on NetBIOS. If you permit users to

change passwords through IIS, this will no longer work.

Disabling NetBIOS

NetBIOS uses the following ports:

TCP and User Datagram Protocol (UDP) port 137 (NetBIOS name service)

TCP and UDP port 138 (NetBIOS datagram service)


15/17

TCP and UDP port 139 (NetBIOS session service)

Disabling NetBIOS is not sufficient to prevent SMB communication because if a

standard NetBIOS port is unavailable, SMB uses TCP port 445. (This port is referred to

as the SMB Direct Host.) As a result, you must take steps to disable NetBIOS and SMB

separately.

To disable NetBIOS over TCP/IP

Note This procedure disables the Nbt.sys driver and requires that you restart the

system.

Right-click MyComputeron the desktop, and click Manage.

Expand System Tools, and select DeviceManager.

Right-click DeviceManager, point to View, and click Show hidden devices.

Expand Non-Plug and Play Drivers.

Right-click NetBios over Tcpip, and click Disable.

This disables the NetBIOS direct host listener on TCP 445 and UDP 445.

Disabling SMB

SMB uses the following ports:

TCP port 139

TCP port 445

To disable SMB, use the TCP/IP properties dialog box in your Local Area Connection

properties to unbind SMB from the Internet-facing port.

To unbind SMB from the Internet-facing port

1. Click the Start menu, point to Settings, and click Network and Dial-upConnections.

2. Right-click your Internet-facing connection, and click Properties.

3. Clear the Client for Microsoft Networksbox.

4. Clear the File and Printer Sharing for Microsoft Networksbox.

Note The WINStab of the Advanced TCP/IP Settingsdialog box contains a Disable

NetBIOS over TCP/IPradio button. Selecting this option disables the NetBIOS session

service that uses TCP port 139. It does not disable SMB completely. To do so, use the

procedure above.


16/17

Step 5. Accounts

You should remove accounts that are not used because an attacker might discover anduse them. Require strong passwords. Weak passwords increase the likelihood of a

successful brute force or dictionary attack. Use least privilege. An attacker can use

accounts with too much privilege to gain access to unauthorized resources.

During this step, you:

Delete or disable unused accounts.

Disable the Guest account.

Rename the Administrator account.

Disable the IUSR Account.

Create a custom anonymous Web account.

Enforce strong password policies.

Restrict remote logons.

Disable Null sessions (anonymous logons).

Disable the IUSR Account

Disable the default anonymous Internet user account, IUSR_MACHINE. This is created

during IIS installation. MACHINE is the NetBIOS name of your server at IIS installation

time.

Create a Custom Anonymous Web Account

If your applications support anonymous access (for example, because they use a

custom authentication mechanism such as Forms authentication), create a custom

least privileged anonymous account. If you run IISLockdown, add your custom user to

the Web Anonymous Users group that is created. IISLockdowndenies access to system

utilities and the ability to write to Web content directories for the Web Anonymous

Users group

If your Web server hosts multiple Web applications, you may want to use multipleanonymous accounts, one per application, so that you can secure and audit the

operations of each application independently

Restrict Remote Logons

Remove the Access this computer from the networkprivilege from the Everyone

group to restrict who can log on to the server remotely.


17/17

Disable Null Sessions (Anonymous Logons)

Restrict Null sessions by setting RestrictAnonymous to 1 in the registry at the following

subkey:

HKLM\System\CurrentControlSet\Control\LSA\RestrictAnonymous=1

The Restrict Anonymous SSA check determines whether the RestrictAnonymous

registry setting is used to restrict anonymous connections on the scanned computer.

The registry setting is at the following location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous

For more information, see Microsoft Knowledge Base article 246261, "How To: Use theRestrictAnonymous Registry Value in Windows 2000."

For more information on using RestrictAnonymousin Windows Server 2003, see

RestrictAnonymouse.

Fire Up Cpan on Ubuntu

Documents

Transcript of Fire Up Cpan on Ubuntu