Evening all,
Ran into a problem a few weeks ago that I finally set down and solved after visiting a couple of forums. These steps are pieced together from many places. Special thinks to all the forums that helped me reset my database password. *Note* Every thing in blue is what you type. *Where you see "whatever password you want" means just that but keep it inside the parentheses () and quotations.
Stop the MySQL daemon : service mysqld stop
Start MySQL in safe mode with the –skip-grant-tables and -u root options in background : mysqld_safe –skip-grant-tables -u root &
Start the command line client as root : mysql -u root
Issue the MySQL command to reset the root password : UPDATE mysql.user SET Password=PASSWORD(‘whatever password you want’) WHERE User=’root’;
Issue the flush privileges command : FLUSH PRIVILEGES;
Quit the command line tool : quit
Find MySQL Process ID: ps aux | grep mysqld
Stop the MySQL process : kill process id goes here `cat /var/run/mysqld/mysqld.pid`
Restart the MySQL daemon : service mysqld start
Log in as root to make sure the new password is active : mysql -u root -p
Type the new password at the prompt
YOUR IN, DON'T FORGET IT NEXT TIME!!!!!
Thursday, April 21, 2011
Port Knocking (fwknop) for Fedora 13, 14
Greatings All,
This tutorial is and How to Guide for "Port Knocking" using "FWKNOP" on Fedora 13 and 14 , courtesy of " Ubersec"
fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports both iptables on Linux systems and ipfw on FreeBSD and Mac OS X systems) and libpcap. SPA is essentially next generation port knocking.
Please download the following packages:
#yum install -y wget
#yum install openssh-server (If the server is not installed already)
#yum -y install system-config-services
#yum install setools-gui.i686 (To install SELinux if you don't have it already)
#yum -y install policycoreutils-gui.i686 (To install SELinux Management if you don't have it already)
#yum install -y nmap (installing network mapper)
#yum -y install perl-HTML-Entities-Numbered.noarch
#yum -y install perl-HTML-Parser.i686
#yum -y install perl-SOAP-Lite.noarch
#yum -y install perl-ExtUtils-AutoInstall.noarch
Download perlmod from the following website http://sourceforge.net/projects/perlmod/
#perlmod -i IPC::Shareable
#yum install fwknop (Install the port-knocking service)
Disable SELINUX and establish successful SSH session.
Check if SELINUX is running by typing: # sestatus –v | less OR type the following to see if SELinux is disabled on your PC #/usr/sbin/getenforce
If SELinux is enabled please disable it on your system through the GUI by going to System --> Administration --> SELinux Administratoin and restart your PC.
Type the following command to start SSHD server #service sshd stop && service sshd start
TIP:
Also go through the GUI to services and assure that you enable SSH to start next startup.
Type the following command to check your ssh session #ssh localhost
Now type #nmap -p 22
open.
TIP:
It should return open. If not your sshd service is not running.
For Example:
[root@ittlabusr fwknop]# nmap -p 22 localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-08 12:23 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
rDNS record for 127.0.0.1: localhost.localdomain
PORT STATE SERVICE
22/tcp open ssh
Configure IPTABLES
#sudo iptables-save -c > /etc/iptables-save
#cat /etc/iptables-save | sudo iptables-restore –c
Type #ifconfig to find out which interface you Linux is listening on. You will need to add it to the firewall.sh script below.
Now create the following file firewall.sh and add the followings:
#!/bin/sh
IPTABLES=/sbin/iptables
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -o
$IPTABLES -A INPUT -j LOG --log-prefix "DROP "
$IPTABLES -A INPUT -j DROP
$IPTABLES -A INPUT -p tcp --syn --dport 22 -j LOG --log-prefix "SSH SYN "
$IPTABLES -A INPUT -p tcp --syn --dport 22 -j LOG --log-prefix "DROP "
$IPTABLES -A FORWARD -j LOG --log-prefix "DROP "
$IPTABLES -A FORWARD -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[+] EnGarde Secure Linux iptables policy activated"
exit
Save the file and then change the permission to execute: chmod +x firewall.sh
Now run it by typing #./firewall.sh
Now type #iptables -L to check that your iptables contain the new rules.
For Example,
It should show the followings:
[root@ittlabusr ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning prefix `DROP '
DROP all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning prefix `SSH SYN '
LOG tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning prefix `DROP '
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning prefix `DROP '
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Now type the following command to assure that you save the rules in IPTABLES #/sbin/iptables-save > /etc/sysconfig/iptables
Now restart your computer by typing #shutdown –r now
Now run nmap again to assure that IPTAB
For example,
#nmap -p 22
[root@ittlabusr fwknop]# nmap -p 22 localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-08 12:25 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up.
rDNS record for 127.0.0.1: localhost.localdomain
PORT STATE SERVICE
22/tcp filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds
Setup and configuring fwknop port-knocking application.
#gedit or nano /etc/fwknop/fwknop.conf
Change the line #ALERTING_METHODS ALL; (TO) --> ALERTING_METHODS noemail;
Change the line #shCmd /bin/sh; (TO) --> shCmd /bin/bash;
Change the line PCAP_INTF eth1; to assure that you are set to the correct interface!!!!!
TIP
Type ifconfig /all in another terminal to check your current interface.
Change the line #ENABLE_SPA_PACKET_AGING Y; (TO) --> ENABLE_SPA_PACKET_AGING N;
#gedit or nano /etc/fwknop/access.conf
Change the line #KEY: __CHANGEME__; to KEY: whatever you want; (The key must be 8 characters long at the least)
Add the line DATA_COLLECT_MODE: PCAP;
Unmark or add the line FW_ACCESS_TIMEOUT: 30; (time is in sec)
Stop and start fwknop service
#service fwknop stop
#service fwknop start
#netstat -anlp | grep fwknop (to check if fwknop is listening)
unix 2 [ ACC ] STREAM LISTENING 42445 7317/perl /var/run/fwknop/knoptm_ip_timeout.sock
OR
#service fwknop status
knoptm (pid 7317) is running...
fwknopd (pid 7314) is running...
knopwatchd (pid 7319) is running...
On the server side type the following to see logs coming in:
#tail -f /var/log/messages
On the other Linux client side type:
#fwknop -A
For example,
#fwknop -A tcp/22 -a 127.0.0.1 -D 10.75.3.232
OR
Download fwknop for Windows from
http://www.cipherdyne.org/fwknop/download/ and run fwknop for windows
Friday, March 25, 2011
College Graduation
The date is set!!!!!!!!!!!!!! Graduation for ITT Tech. Apr. 5, 7:00 pm (est), Chesapeake Conference center!!!! goto my twitter page for details " http://twitter.com/itt_tech "
Thursday, February 3, 2011
Drupal6.16 Notes
Quick notes for those trying to install and setup Drupal on an Debian machine:
For those trying to install #drupal6 in #debain-lenny use synaptic and do a packet force to get #drupal6.16 from backports
**Note in #debain-lenny the default files are not in /var/www/ there in /usr/share/drupal6/
Once installed from #synaptic restart apache then goto (from web browser) localhost/drupal6/install.php
For those trying to install #drupal6 in #debain-lenny use synaptic and do a packet force to get #drupal6.16 from backports
**Note in #debain-lenny the default files are not in /var/www/ there in /usr/share/drupal6/
Once installed from #synaptic restart apache then goto (from web browser) localhost/drupal6/install.php
Tuesday, January 18, 2011
My Crossroads
Long time,
Well a lot has changed for me since my last post, where do I began........I've switched 9-5's yet again (job markets' ruff) currently I'm unloading trucks from 4-1am (7.65/hr). My business has slowed due to time constraints. I don't have the time to really advertise anymore. I'm in my last sem. for my AAS degree @ ITT-Tech (March Grad). And I'm at a crossroads on my career path. At this time one thing is for certain I want to have a career in Linux/Unix. Ive spent the last 12 months learning Asterisk from the ground up. I'm no guru yet but not to far from it. Ive also been reading off and on O'Reily's "LPI cert in a nutshell". This book is good for studying if you already have some what a back round working with Linux (1yr or better). I didn't set the usual new years resolution. I just set short term goals to accomplish. I'm not getting any younger and its time to choose a path for my life and run for it. My first goal is to grad from school. Second to build my brand. Third to take a cert and Pass it. Fourth learn a programming language. Fifth to work in the IT field full time. I know I've said this in the past but my blogs will become more frequent and more techie. My goal is to write every time i learn something new. I want to do this not only to keep track of new items but to also help those seeking answers to some of the problems that may or may not be so common to some geeks. In closing happy new years to all and until next time "RTFO" (rock the f...on)
Well a lot has changed for me since my last post, where do I began........I've switched 9-5's yet again (job markets' ruff) currently I'm unloading trucks from 4-1am (7.65/hr). My business has slowed due to time constraints. I don't have the time to really advertise anymore. I'm in my last sem. for my AAS degree @ ITT-Tech (March Grad). And I'm at a crossroads on my career path. At this time one thing is for certain I want to have a career in Linux/Unix. Ive spent the last 12 months learning Asterisk from the ground up. I'm no guru yet but not to far from it. Ive also been reading off and on O'Reily's "LPI cert in a nutshell". This book is good for studying if you already have some what a back round working with Linux (1yr or better). I didn't set the usual new years resolution. I just set short term goals to accomplish. I'm not getting any younger and its time to choose a path for my life and run for it. My first goal is to grad from school. Second to build my brand. Third to take a cert and Pass it. Fourth learn a programming language. Fifth to work in the IT field full time. I know I've said this in the past but my blogs will become more frequent and more techie. My goal is to write every time i learn something new. I want to do this not only to keep track of new items but to also help those seeking answers to some of the problems that may or may not be so common to some geeks. In closing happy new years to all and until next time "RTFO" (rock the f...on)
Subscribe to:
Posts (Atom)