Archive for the ‘ Lunix ’ Category

Apache-SSL

Apache-SSL.

Now I’ve got my server installed, how do I create a test certificate?

Step one – create the key and request:

  openssl req -new > server_cert.csr

Step two – remove the passphrase from the key (optional):

  openssl rsa -in privkey.pem -out server_cert.key

Step three – convert request into signed cert:

  openssl x509 -in server_cert.csr -out server_cert.cert -req -signkey server_cert.key -days 365

The Apache-SSL directives that you need to use the resulting cert are:

  SSLCertificateFile /path/to/certs/server_cert.cert
  SSLCertificateKeyFile /path/to/certs/server_cert.key

How do I create a client certificate?

Step one – create a CA certificate/key pair, as above (but only the first two steps)

  openssl req -new > client_cert.csr
  openssl rsa -in privkey.pem -out client_cert.key

Step two – sign the client request with the previous created CA key:

  openssl x509 -req -in client_cert.csr -out client_cert.cert -signkey server_cert.key -CA server_cert.cert -CAkey server_cert.key -CAcreateserial -days 365

Step three – issue the file ‘client_cert.cert’ to the requester.

The Apache-SSL directives that you need to validate against this cert are:

  SSLCACertificateFile /path/to/certs/server_cert.cert
  SSLVerifyClient 2
  SSLVerifyClient require

Create PKCS12 file for use in a webbrowser

  openssl pkcs12 -export -in client_cert.cert -inkey server_cert.key -out clientt.cert.p12

Nmap – Free Security Scanner For Network Exploration & Security Audits.

Nmap – Free Security Scanner For Network Exploration & Security Audits.

Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Zenmap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Zenmap is quite intuitive, but you can learn more about using it from the Zenmap User’s Guide or check out the Zenmap man page for some quick reference information.

Installation et Configuration de Snoge – System-Linux

Installation et Configuration de Snoge – System-Linux.

Snoge est un logiciel opensource qui permet de représenter dans un Google Earth en “quasi temps réel” d’où proviennent les IP attaquantes relevées par Snort : SnoGe = Snort + Google Earth.

snoge2 jpg

Comme on peut le voir sur l’image, un histogramme bleu représente le nombre d’attaque provenant d’un même FAI. Un histogramme Vert représente le nombre d’alerte par pays. Les lignes montrent les dernières attaques détectées. Plus le lien est foncé, plus l’attaque est récente.

Principe de fonctionnement :

Lorsque qu’une attaque est détectée, Snort écrit l’alerte dans un fichier de log (au format unifié)

Le daemon Snoge :

Examine périodiquement les fichiers de logs de Snort

Relève les dernières alertes

Effectue une géo localisation des IP source

Met à jour un fichier kml (Fichier Google Earth, proche du xml).

Votre Google Earth interroge périodiquement votre serveur Web, afin de récupérer ce fichier kml, et affiche les attaques sur carte mondiale.