Archive for the ‘ Lunix ’ Category

The Coolest Server Names – Server Fault

The Coolest Server Names – Server Fault.

The funniest server name story I have is from when I worked at the Kennedy Space Center. On our particular project, our main server was named snowwhite, and the 7 client workstations were named after the Seven Dwarves. The kicker is, one day one of our engineers ran into a Disney Imagineer who worked at Walt Disney World, and they started talking about server names. The Disney Imagineer said “that’s funny, we have a group of servers named columbia, challenger, atlantis, and discovery.”

Use MOUNTAINS!

Why?

  • There’s a TONNE of them.
  • You’ll never run out of names.
  • They’re easy to Type:
  • FUJI, MAYON, EVEREST, K2
  • Volcanoes are used for volatile servers
  • Long mountain names like KILIMANJARO are servers that you don’t want people to log onto
  • Different Mountain RAnges can serve as Clusters or a SAN. (The Rockies, Andes, Alps)
  • It’s always the user’s fault when they crash into a mountain
    • Mountains don’t crash
  • However, sometimes they explode (VESUVIUS)
  • You can rank them by Height and represent many of them pictorially in Network diagrams. (The Matterhorn, Mt. Fuji)
  • Mountains are great Security fortresses (Why do you think China wants to keep Tibet… it’s a plateau beside India!)
  • They are visible from outer space.
  • They can be classified in many different ways.
  • They can be Local (Intranet Servers) or in other countries/continents (WANs)
  • They are common to ALL people in all countries.
  • They can be named after people’s local hometown mountains. (When I was a kid I climbed to the peak of x mountain)

MOUNTAINS!!!

Apache-SSL

Apache-SSL.

Now I’ve got my server installed, how do I create a test certificate?

Step one – create the key and request:

  openssl req -new > server_cert.csr

Step two – remove the passphrase from the key (optional):

  openssl rsa -in privkey.pem -out server_cert.key

Step three – convert request into signed cert:

  openssl x509 -in server_cert.csr -out server_cert.cert -req -signkey server_cert.key -days 365

The Apache-SSL directives that you need to use the resulting cert are:

  SSLCertificateFile /path/to/certs/server_cert.cert
  SSLCertificateKeyFile /path/to/certs/server_cert.key

How do I create a client certificate?

Step one – create a CA certificate/key pair, as above (but only the first two steps)

  openssl req -new > client_cert.csr
  openssl rsa -in privkey.pem -out client_cert.key

Step two – sign the client request with the previous created CA key:

  openssl x509 -req -in client_cert.csr -out client_cert.cert -signkey server_cert.key -CA server_cert.cert -CAkey server_cert.key -CAcreateserial -days 365

Step three – issue the file ‘client_cert.cert’ to the requester.

The Apache-SSL directives that you need to validate against this cert are:

  SSLCACertificateFile /path/to/certs/server_cert.cert
  SSLVerifyClient 2
  SSLVerifyClient require

Create PKCS12 file for use in a webbrowser

  openssl pkcs12 -export -in client_cert.cert -inkey server_cert.key -out clientt.cert.p12

Nmap – Free Security Scanner For Network Exploration & Security Audits.

Nmap – Free Security Scanner For Network Exploration & Security Audits.

Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Zenmap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Zenmap is quite intuitive, but you can learn more about using it from the Zenmap User’s Guide or check out the Zenmap man page for some quick reference information.