Posts

Trying to boot to a Linux ISO?

Do you currently have a Linux CD or ISO that you wish you could boot from a USB stick instead of having to carry around a CD with you? You need to know about a piece of software called UNetbootin.  This software allows you to take a Linux iso and copy it and make your USB thumb drive bootable.
Being in the computer consulting industry I’ve used this in two real life examples that I will share with you.

  • The first one is called Back Track. This is security auditing software that I use to assess clients’ networks. It is an excellent piece of software for scanning networks.
  • The next piece of software is called Ophcrack. This software uses the Windows hash file to crack Windows XP and Windows Vista passwords.
  • My Linux Asterisk server getting hacked!

    After seeing numerous entries to hack my linux box I decided it is time to learn how to implement iptables for security.
    A copy of the log file an be found here log-file.
    The way I can tell I’m being attacked is if I open my /var/log/messages file, which you can see in its entirety below. I see what appears to be a brute force SSH attack. I can see the attackers IP is 211.151.64.106. If I do a Arin lookup on this IP I see the network is in Asia and the ISP owns 210.0.0.0 – 211.255.255.255. Lucky for me I don’t need anyone in Asia access my box so I’m going to block this entire network.

    First thing I need to do is very iptables is installed by typing:
    iptables

    The return I get is below this is good means iptables is already installed:
    Try `iptables -h’ or ‘iptables –help’ for more information.
    Next thing I need to do is list my current iptables rules:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    You can see from these rules I have absolutely none configured.
    Next I’m going to add my rules to block the IP that is attacking my machine:
    iptables -A INPUT -s 210.1.1.1/8 -j DROP
    iptables -A INPUT -s 211.1.1.1/8 -j DROP
    iptables -A INPUT -s 212.1.1.1/8 -j DROP

    These are actually entire subnets that I’m blocking because they’re registered in Asia and my server doesn’t need to communicate with this ISP anyways.
    The next thing I’m going to do is save my active iptables to my startup iptables so that these rules load when my computer reboots:
    /etc/init.d/iptables save active
    The next thing I’m going to do is reboot my server and verify these rules still exist:
    shutdown -r now
    Once the PC is back online I verify my rules:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    DROP all — 210.0.0.0/8 anywhere
    DROP all — 211.0.0.0/8 anywhere
    DROP all — 212.0.0.0/8 anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    You can see now that I have 3 active rules which will block all incoming communication from these three IP addresses.
    Now don’t get me wrong I’m no Unix expert and I’m sure there is a way to combine all of these into one but I don’t feel like trying to figure out what it is right now. So this should get the job done.
    If you want to delete any of these rules you can type the following respectively:
    iptables -D INPUT 1
    iptables -D INPUT 2
    iptables -D INPUT 3

    These three commands will effectively delete all of the entries I’ve made.
    After going through my log file and blocking out all these IP’s I noticed a trend. They are all registered to foreign countries. Luckily for me my voice server doesn’t need to communicate with these countries. So I’ve decided to block all traffic to the Asian continent. You can do the same by copying and pasting the code here:
    iptable-entry-syntax1 
    A note on this if you decide you want to start over from scratch you can delete all of your chains by typing in
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -F
    iptables -X

    My next step here is monitoring my /var/log/messages for awhile realtime to make sure I’m not getting attacked still. I can do this by typing the following:
    tail -f /var/log/messages

    What is virtualization

    There is a lot of buzz going around about Virtualization.
    What is Virtualization, and what benefits does it provide?
    In this article we will take a look at the technology to see
    how it can provide a great deal of flexibility and cost
    effectiveness for IT professionals and software developers.
    Virtualization technology allows multiple virtual machines
    to run on a single host computer. These virtual machines can
    run different operating systems, such as Windows, Linux and
    UNIX. Each virtual machine has its own set of virtual
    hardware resources (e.g., CPU, RAM, Hard Drive, etc)
    allowing the operating system to run as if it were installed
    on a physical machine.
    The benefits of Virtualization technology are far reaching.
    Many organizations have moved to the virtual machine
    solution to consolidate multiple servers, running side by
    side on a single physical machine. Server consolidation
    allows IT professionals to fully utilize server resources,
    while isolating virtual machines and allowing them to run
    different operating systems and applications. Software
    developers utilize virtual machine technology to quickly
    test applications on different operating systems, without
    the hassle of setting up multiple physical machines for
    testing or taking the risk of causing problems by testing in
    a production environment.
    You can run Virtualization software on pretty much any
    platform. Once the software is installed it is simple to
    create virtual machine instances. Virtual machines are just
    a set of files located on the host machine. You configure
    your virtual machine settings on the host computer, install
    the operating system and you are ready to go. It is a very
    common practice to use a master image of a virtual machine.
    This master image can be a fully configured machine, with
    the operating system and all required applications
    installed. You can then rapidly deploy virtual machines by
    copying the master image to multiple Virtualization hosts to
    provide zero downtime and 100% server availability.
    There are a number of Virtualization products available.
    VMWare, which is probably the most popular, recently
    announced that it will be releasing a free version of its
    GSX Server product. This will allow any organization to host
    virtual machines on either Windows or Linux hosts. Other
    Virtualization products include Microsoft’s Virtual Server and SWsoft’s Virtuozzo, just to name a few.