Nasser Heidari

February 23, 2009

tcpdump

Filed under: Linux — Nasser Heidari @ 6:57 am

Dump Traffic with tcpdump and write to file for using with wireshark :

tcpdump -nnn -vvvv -s 0 -w testdump.pcap -i le0 port 500 and host 4.3.2.1

February 17, 2009

Creating an encrypted password

Filed under: Linux — Nasser Heidari @ 6:50 pm

If you want to add a user to linux system , normaly you need to add user and then assign a password to user with passwd command .

you can use -p switch while adding user to assign password , but you need to pass an encrypted password .

there is a two way for creating encrypted password:

#openssl passwd -1 <MYPASS>
$1$ZZLfAZpL$mwVBijRFpr0EBBk3l7nY8.

# useradd -p ‘$1$ZZLfAZpL$mwVBijRFpr0EBBk3l7nY8.’ nasser

or

#perl -e ‘print crypt(“password”, “MYPASS”),”\n”‘
MYhWg5VCf/bwA

# useradd -p ‘MYhWg5VCf/bwA’ nasser

February 16, 2009

Linux Force Reboot and shutdown

Filed under: Linux — Nasser Heidari @ 9:42 am
Force Reboot :
#echo 1 > /proc/sys/kernel/sysrq
#echo b > /proc/sysrq-trigger
If you want to force shutdown machine try this.
#echo 1 > /proc/sys/kernel/sysrq
#echo o > /proc/sysrq-trigger

February 15, 2009

Ignore portaudit – Install FreeBSD port even though portaudit reports vulnerability

Filed under: freebsd — Nasser Heidari @ 12:49 pm

I don’t recommend u to do this , i just wanted to install mysql for testing purposes, it’s better to update your ports tree and install new version !

# cd /usr/ports/databases/mysql50-server

# make install clean && rehash

===>  mysql-server-5.0.67_1 has known vulnerabilities:
=> mysql — MyISAM table privileges security bypass vulnerability for symlinked paths.
Reference: <http://www.FreeBSD.org/ports/portaudit/738f8f9e-d661-11dd-a765-0030843d3802.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/databases/mysql50-server.

# make -DDISABLE_VULNERABILITIES install clean && rehash

Hide Apache Information

Filed under: Linux, Security Tips and Issues — Nasser Heidari @ 12:06 pm

Just set this two directive in the main config:

ServerTokens ProductOnly

ServerSignature Off

Description :

ServerTokens

This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents.

like this:

Apache/1.3.41 Ben-SSL/1.59 Server at 127.0.0.1:80 Port 80

changing lighttpd header !

Filed under: Linux — Nasser Heidari @ 10:34 am 
Just use this tag in lighttpd.conf :
server.tag = "nginx"

February 14, 2009

DHCP Snooping

Filed under: Cisco — Nasser Heidari @ 7:47 pm

It may be hard to believe, but something as innocent as DHCP can actually lead to trouble for your network. When a host sends out a DHCPDiscovery packet, it listens for DHCPOffer packets – and accepts the first Offer it gets!

Part of that DHCPOffer is the address to which the host should set its default gateway. What if a DHCP server that does not belong on our network – a rogue DHCP server – is placed on that subnet?

If that host uses the DHCPOffer from the rogue server, the host could end up using the rogue server as its default gateway or DNS server!

We can prevent this with DHCP Snooping. DHCP Snooping classifies interfaces as either trusted or untrusted.

DHCP messages received on trusted interfaces will be permitted to pass through the switch, but DHCP messages received on untrusted interface result in the interface itself being placed into err-disabled state.

DHCP Server Access

The DHCP server can be connected to the switch in one of two ways:

  • The server is directly connected to the same switch as the one connected to the DHCP clients (the hosts, or network devices, that are requesting IP addresses from the server). You must configure the port that connects the server to the switch as a trusted port.
  • The server is directly connected to a switch that is itself directly connected through a trunk port to the switch that the DHCP clients are connected to. The trunk port is configured by default as a trusted port. The switch that the DHCP server is connected to is not configured for DHCP snooping.

By default, the switch considers all ports untrusted – which means we better remember to configure the switch to trust some ports when we enable DHCP Snooping!

First, we need to enable DHCP Snooping on the entire switch:

Blackbox(config)#ip dhcp snooping

To enable DHCP Snooping for a particular VLAN, use the ip dhcp snooping command.

Blackbox(config)#ip dhcp snooping vlan 14

Ports can then be configured as trusted with the ip dhcp snooping trust command.

Blackbox(config-if)#ip dhcp snooping trust

February 11, 2009

Perl Find and Replace

Filed under: Linux — Nasser Heidari @ 8:05 am 
perl -i.bak -pe "s:Old text:New text:g" file1 file2 file3

February 10, 2009

Protecting Email Address – Captcha

Filed under: Miscellaneous — Nasser Heidari @ 12:37 pm

You can Protect Your Email Address by using reCAPTCHA Mailhide service .

here is my Email Address:
click-me … myaddr.com

February 8, 2009

Tar Over SSH

Filed under: Linux — Nasser Heidari @ 9:02 pm

1)

ssh nasser@netwox.net “cd /tmp ; tar cvf – ./* | bzip2 -9″ > tmp.tar.bz2

———————————-

2)

(cd /tmp ; tar cf – ./xyz*) | ssh nasser@netwox.net “cd /tmp ; tar xcvf -”

———————————-

3)

ssh nasser@netwox.net “cd /usr/share/games ; tar cf – ./a*” | > (cd /tmp ; tar xpvf -)
./etc
./etc/test1
./etc/test2
./etc/test3
./etc/xyz
./etc/zxcf

Next Page »

Blog at WordPress.com.